From a97f1426db3f521d2fcf699fa106a2ca4eddb801 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Mon, 2 Nov 2020 21:09:10 +0000
Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master

---
 CHANGELOG.md                                  |  45 +++++
 GITLAB_WORKHORSE_VERSION                      |   2 +-
 .../javascripts/jobs/components/job_app.vue   |   8 +-
 .../components/pipelines_list/time_ago.vue    |  20 +-
 .../releases/components/issuable_stats.vue    |   4 +-
 .../release_block_milestone_info.vue          |  76 ++++++--
 .../settings/access_tokens_controller.rb      |   2 +-
 app/models/packages/package.rb                |   1 +
 app/policies/ci/pipeline_schedule_policy.rb   |   1 +
 app/serializers/build_details_entity.rb       |   2 +-
 .../update_package_from_metadata_service.rb   |   2 +
 app/services/projects/transfer_service.rb     |  12 +-
 .../resource_access_tokens/create_service.rb  |  15 +-
 .../terraform/remote_state_handler.rb         |   2 +
 app/uploaders/gitlab_uploader.rb              |  26 +++
 app/uploaders/job_artifact_uploader.rb        |   5 +-
 .../packages/package_file_uploader.rb         |   2 +
 app/views/admin/runners/_runner.html.haml     |   4 +-
 app/views/shared/_label_row.html.haml         |   6 +-
 ...mprove-project-labels-page-consistency.yml |   5 +
 ...-not-show-in-active-project-access-tok.yml |   5 +
 changelogs/unreleased/mk-workhorse-8-53-0.yml |   5 +
 config/routes/admin.rb                        |   4 +-
 danger/product_analytics/Dangerfile           |   2 +-
 doc/administration/auth/okta.md               |   4 +-
 doc/administration/reply_by_email.md          |   2 +-
 doc/api/epic_issues.md                        |   2 +-
 doc/api/epics.md                              |   2 +-
 .../merge_trains/index.md                     |  24 ++-
 doc/development/README.md                     |   2 +-
 doc/development/api_graphql_styleguide.md     |  56 ++++++
 doc/development/changelog.md                  |   4 +-
 doc/development/database_review.md            |   2 +-
 doc/development/experiment_guide/index.md     |   2 +-
 doc/development/graphql_guide/pagination.md   |  17 ++
 .../img/telemetry_system_overview.png         | Bin 103618 -> 0 bytes
 .../product_analytics/event_dictionary.md     |  31 +--
 doc/development/product_analytics/index.md    | 181 +-----------------
 doc/development/product_analytics/snowplow.md |   2 +-
 .../product_analytics/usage_ping.md           |   4 +-
 doc/topics/autodevops/index.md                |  24 ++-
 doc/user/group/epics/index.md                 |   2 +-
 doc/user/group/epics/manage_epics.md          |   2 +-
 doc/user/group/roadmap/index.md               |   2 +-
 doc/user/project/requirements/index.md        |   2 +-
 doc/user/project/service_desk.md              |   2 +-
 lib/api/ci/pipeline_schedules.rb              |   2 +-
 .../entities/ci/pipeline_schedule_details.rb  |   4 +-
 lib/api/internal/kubernetes.rb                |   2 +-
 lib/api/terraform/state.rb                    |   9 +-
 lib/gitlab/middleware/multipart.rb            |  16 ++
 lib/gitlab/regex.rb                           |   6 +-
 .../issue_activity_unique_counter.rb          |   2 +
 .../usage_data_counters/known_events.yml      |   4 +
 lib/gitlab/utils.rb                           |  30 +++
 locale/gitlab.pot                             |   3 +
 .../multipart_invalid_uploads_spec.rb         |  52 +++++
 .../__snapshots__/issuable_stats_spec.js.snap |   2 +-
 .../release_block_milestone_info_spec.js      |  32 +++-
 .../gitlab/exclusive_lease_helpers_spec.rb    |   8 +-
 .../import_export/attributes_finder_spec.rb   |   2 +-
 .../group/legacy_tree_saver_spec.rb           |   2 +-
 .../lib/gitlab/import_export/importer_spec.rb |   2 +-
 .../gitlab/import_export/lfs_restorer_spec.rb |   2 +-
 ...tipart_with_handler_for_jwt_params_spec.rb |  41 +++-
 .../middleware/multipart_with_handler_spec.rb |  52 +++++
 spec/lib/gitlab/regex_spec.rb                 |  28 ++-
 .../issue_activity_unique_counter_spec.rb     |  90 +++------
 spec/lib/gitlab/utils_spec.rb                 |  31 +++
 spec/models/packages/package_spec.rb          |  15 ++
 spec/policies/project_policy_spec.rb          |   2 +-
 .../api/ci/pipeline_schedules_spec.rb         | 108 +++++++++--
 spec/requests/api/internal/kubernetes_spec.rb |  12 +-
 spec/requests/api/project_export_spec.rb      |   2 +-
 spec/requests/api/terraform/state_spec.rb     |   7 +-
 ...date_package_from_metadata_service_spec.rb |  36 ++--
 .../create_service_spec.rb                    |  56 ++++--
 .../terraform/remote_state_handler_spec.rb    |  18 +-
 spec/support/import_export/common_util.rb     |   2 +-
 .../patches/rspec_mocks_prepended_methods.rb  |  55 ++++++
 ...ccess_tokens_controller_shared_examples.rb |  18 +-
 .../issue_activity_shared_examples.rb         |  35 ++++
 .../gitlab_uploader_shared_examples.rb        |  12 ++
 spec/uploaders/import_export_uploader_spec.rb |  11 +-
 .../packages/nuget/extraction_worker_spec.rb  |  82 ++++----
 85 files changed, 1047 insertions(+), 471 deletions(-)
 create mode 100644 changelogs/unreleased/241990-improve-project-labels-page-consistency.yml
 create mode 100644 changelogs/unreleased/271635-new-project-access-tokens-do-not-show-in-active-project-access-tok.yml
 create mode 100644 changelogs/unreleased/mk-workhorse-8-53-0.yml
 delete mode 100644 doc/development/img/telemetry_system_overview.png
 create mode 100644 spec/features/file_uploads/multipart_invalid_uploads_spec.rb
 create mode 100644 spec/support/patches/rspec_mocks_prepended_methods.rb
 create mode 100644 spec/support/shared_examples/lib/gitlab/usage_data_counters/issue_activity_shared_examples.rb

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1615c30108d..fc7b8b76344 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,21 @@
 documentation](doc/development/changelog.md) for instructions on adding your own
 entry.
 
+## 13.5.2 (2020-11-02)
+
+### Security (9 changes)
+
+- Add CSRF protection to runner pause and resume. !1021
+- Do not expose Terraform state record in API.
+- Path traversal to RCE via LFS upload.
+- Update container_repository_name_regex to prevent catastrophic backtracking.
+- Validate nuget package names.
+- Prevent private repo from being accessed via internal Kubernetes API.
+- Validate each upload param key in multipart.rb.
+- Fix XSS vulnerability for job build dependencies.
+- Fix unauthorized user is able to access schedule pipeline variables and values.
+
+
 ## 13.5.1 (2020-10-22)
 
 ### Other (1 change)
@@ -583,6 +598,21 @@ entry.
 - Bump cluster applications CI template. !45472
 
 
+## 13.4.5 (2020-11-02)
+
+### Security (9 changes)
+
+- Add CSRF protection to runner pause and resume. !1021
+- Do not expose Terraform state record in API.
+- Path traversal to RCE via LFS upload.
+- Update container_repository_name_regex to prevent catastrophic backtracking.
+- Validate nuget package names.
+- Prevent private repo from being accessed via internal Kubernetes API.
+- Validate each upload param key in multipart.rb.
+- Fix XSS vulnerability for job build dependencies.
+- Fix unauthorized user is able to access schedule pipeline variables and values.
+
+
 ## 13.4.4 (2020-10-15)
 
 ### Fixed (2 changes)
@@ -1241,6 +1271,21 @@ entry.
 - Expand the visible highlight for collapsed diffs (re: !41393). !42343
 
 
+## 13.3.9 (2020-11-02)
+
+### Security (9 changes)
+
+- Add CSRF protection to runner pause and resume. !1021
+- Do not expose Terraform state record in API.
+- Path traversal to RCE via LFS upload.
+- Update container_repository_name_regex to prevent catastrophic backtracking.
+- Validate nuget package names.
+- Prevent private repo from being accessed via internal Kubernetes API.
+- Validate each upload param key in multipart.rb.
+- Fix XSS vulnerability for job build dependencies.
+- Fix unauthorized user is able to access schedule pipeline variables and values.
+
+
 ## 13.3.8 (2020-10-21)
 
 ### Fixed (2 changes)
diff --git a/GITLAB_WORKHORSE_VERSION b/GITLAB_WORKHORSE_VERSION
index 89a8ef8d8fc..d9b7ec5a2f7 100644
--- a/GITLAB_WORKHORSE_VERSION
+++ b/GITLAB_WORKHORSE_VERSION
@@ -1 +1 @@
-8.52.0
+8.53.0
diff --git a/app/assets/javascripts/jobs/components/job_app.vue b/app/assets/javascripts/jobs/components/job_app.vue
index 00ff3fb939d..c6adf2f231f 100644
--- a/app/assets/javascripts/jobs/components/job_app.vue
+++ b/app/assets/javascripts/jobs/components/job_app.vue
@@ -1,8 +1,7 @@
 <script>
-/* eslint-disable vue/no-v-html */
 import { throttle, isEmpty } from 'lodash';
 import { mapGetters, mapState, mapActions } from 'vuex';
-import { GlLoadingIcon, GlIcon } from '@gitlab/ui';
+import { GlLoadingIcon, GlIcon, GlSafeHtmlDirective as SafeHtml } from '@gitlab/ui';
 import { GlBreakpointInstance as bp } from '@gitlab/ui/dist/utils';
 import { isScrolledToBottom } from '~/lib/utils/scroll_utils';
 import { polyfillSticky } from '~/lib/utils/sticky';
@@ -36,6 +35,9 @@ export default {
     GlLoadingIcon,
     SharedRunner: () => import('ee_component/jobs/components/shared_runner_limit_block.vue'),
   },
+  directives: {
+    SafeHtml,
+  },
   mixins: [delayedJobMixin],
   props: {
     artifactHelpUrl: {
@@ -223,7 +225,7 @@ export default {
           </div>
 
           <callout v-if="shouldRenderHeaderCallout">
-            <div v-html="job.callout_message"></div>
+            <div v-safe-html="job.callout_message"></div>
           </callout>
         </header>
         <!-- EO Header Section -->
diff --git a/app/assets/javascripts/pipelines/components/pipelines_list/time_ago.vue b/app/assets/javascripts/pipelines/components/pipelines_list/time_ago.vue
index 7fe495aa342..1d117cfe34a 100644
--- a/app/assets/javascripts/pipelines/components/pipelines_list/time_ago.vue
+++ b/app/assets/javascripts/pipelines/components/pipelines_list/time_ago.vue
@@ -1,7 +1,6 @@
 <script>
 import { GlIcon, GlTooltipDirective } from '@gitlab/ui';
 import timeagoMixin from '~/vue_shared/mixins/timeago';
-import { formatTime } from '~/lib/utils/datetime_utility';
 
 export default {
   directives: {
@@ -27,7 +26,24 @@ export default {
       return this.finishedTime !== '';
     },
     durationFormatted() {
-      return formatTime(this.duration);
+      const date = new Date(this.duration * 1000);
+
+      let hh = date.getUTCHours();
+      let mm = date.getUTCMinutes();
+      let ss = date.getSeconds();
+
+      // left pad
+      if (hh < 10) {
+        hh = `0${hh}`;
+      }
+      if (mm < 10) {
+        mm = `0${mm}`;
+      }
+      if (ss < 10) {
+        ss = `0${ss}`;
+      }
+
+      return `${hh}:${mm}:${ss}`;
     },
   },
 };
diff --git a/app/assets/javascripts/releases/components/issuable_stats.vue b/app/assets/javascripts/releases/components/issuable_stats.vue
index 5f28331c543..0ae0e5c6d6a 100644
--- a/app/assets/javascripts/releases/components/issuable_stats.vue
+++ b/app/assets/javascripts/releases/components/issuable_stats.vue
@@ -54,9 +54,7 @@ export default {
 </script>
 
 <template>
-  <div
-    class="gl-display-flex gl-flex-direction-column gl-flex-shrink-0 gl-mr-6 gl-mb-5 js-issues-container"
-  >
+  <div class="gl-display-flex gl-flex-direction-column gl-flex-shrink-0 gl-mr-6 gl-mb-5">
     <span class="gl-mb-2">
       {{ label }}
       <gl-badge variant="muted" size="sm">{{ total }}</gl-badge>
diff --git a/app/assets/javascripts/releases/components/release_block_milestone_info.vue b/app/assets/javascripts/releases/components/release_block_milestone_info.vue
index 30598a5eec1..152f400f624 100644
--- a/app/assets/javascripts/releases/components/release_block_milestone_info.vue
+++ b/app/assets/javascripts/releases/components/release_block_milestone_info.vue
@@ -1,6 +1,5 @@
 <script>
 import { GlProgressBar, GlLink, GlButton, GlTooltipDirective } from '@gitlab/ui';
-import { sum } from 'lodash';
 import { __, n__, sprintf } from '~/locale';
 import { MAX_MILESTONES_TO_DISPLAY } from '../constants';
 import IssuableStats from './issuable_stats.vue';
@@ -31,6 +30,21 @@ export default {
       required: false,
       default: '',
     },
+    openMergeRequestsPath: {
+      type: String,
+      required: false,
+      default: '',
+    },
+    mergedMergeRequestsPath: {
+      type: String,
+      required: false,
+      default: '',
+    },
+    closedMergeRequestsPath: {
+      type: String,
+      required: false,
+      default: '',
+    },
   },
   data() {
     return {
@@ -45,17 +59,45 @@ export default {
       });
     },
     percentComplete() {
-      const percent = Math.round((this.closedIssuesCount / this.totalIssuesCount) * 100);
+      const percent = Math.round((this.issueCounts.closed / this.issueCounts.total) * 100);
       return Number.isNaN(percent) ? 0 : percent;
     },
-    allIssueStats() {
-      return this.milestones.map(m => m.issueStats || {});
+    issueCounts() {
+      return this.milestones
+        .map(m => m.issueStats || {})
+        .reduce(
+          (acc, current) => {
+            acc.total += current.total || 0;
+            acc.closed += current.closed || 0;
+
+            return acc;
+          },
+          {
+            total: 0,
+            closed: 0,
+          },
+        );
     },
-    totalIssuesCount() {
-      return sum(this.allIssueStats.map(stats => stats.total || 0));
+    showMergeRequestStats() {
+      return this.milestones.some(m => m.mrStats);
     },
-    closedIssuesCount() {
-      return sum(this.allIssueStats.map(stats => stats.closed || 0));
+    mergeRequestCounts() {
+      return this.milestones
+        .map(m => m.mrStats || {})
+        .reduce(
+          (acc, current) => {
+            acc.total += current.total || 0;
+            acc.merged += current.merged || 0;
+            acc.closed += current.closed || 0;
+
+            return acc;
+          },
+          {
+            total: 0,
+            merged: 0,
+            closed: 0,
+          },
+        );
     },
     milestoneLabelText() {
       return n__('Milestone', 'Milestones', this.milestones.length);
@@ -98,7 +140,7 @@ export default {
     >
       <span class="gl-mb-3">{{ percentCompleteText }}</span>
       <span class="gl-w-full">
-        <gl-progress-bar :value="closedIssuesCount" :max="totalIssuesCount" variant="success" />
+        <gl-progress-bar :value="issueCounts.closed" :max="issueCounts.total" variant="success" />
       </span>
     </div>
     <div
@@ -129,10 +171,22 @@ export default {
     </div>
     <issuable-stats
       :label="__('Issues')"
-      :total="totalIssuesCount"
-      :closed="closedIssuesCount"
+      :total="issueCounts.total"
+      :closed="issueCounts.closed"
       :open-path="openIssuesPath"
       :closed-path="closedIssuesPath"
+      data-testid="issue-stats"
+    />
+    <issuable-stats
+      v-if="showMergeRequestStats"
+      :label="__('Merge Requests')"
+      :total="mergeRequestCounts.total"
+      :merged="mergeRequestCounts.merged"
+      :closed="mergeRequestCounts.closed"
+      :open-path="openMergeRequestsPath"
+      :merged-path="mergedMergeRequestsPath"
+      :closed-path="closedMergeRequestsPath"
+      data-testid="merge-request-stats"
     />
   </div>
 </template>
diff --git a/app/controllers/projects/settings/access_tokens_controller.rb b/app/controllers/projects/settings/access_tokens_controller.rb
index cbd6716fdf7..74350147825 100644
--- a/app/controllers/projects/settings/access_tokens_controller.rb
+++ b/app/controllers/projects/settings/access_tokens_controller.rb
@@ -23,7 +23,7 @@ module Projects
 
           redirect_to namespace_project_settings_access_tokens_path, notice: _("Your new project access token has been created.")
         else
-          render :index
+          redirect_to namespace_project_settings_access_tokens_path, alert: _("Failed to create new project access token: %{token_response_message}") % { token_response_message: token_response.message }
         end
       end
 
diff --git a/app/models/packages/package.rb b/app/models/packages/package.rb
index 42d5b99b39a..de8ce9fcf40 100644
--- a/app/models/packages/package.rb
+++ b/app/models/packages/package.rb
@@ -37,6 +37,7 @@ class Packages::Package < ApplicationRecord
   validate :package_already_taken, if: :npm?
   validates :name, format: { with: Gitlab::Regex.conan_recipe_component_regex }, if: :conan?
   validates :name, format: { with: Gitlab::Regex.generic_package_name_regex }, if: :generic?
+  validates :name, format: { with: Gitlab::Regex.nuget_package_name_regex }, if: :nuget?
   validates :version, format: { with: Gitlab::Regex.nuget_version_regex }, if: :nuget?
   validates :version, format: { with: Gitlab::Regex.conan_recipe_component_regex }, if: :conan?
   validates :version, format: { with: Gitlab::Regex.maven_version_regex }, if: -> { version? && maven? }
diff --git a/app/policies/ci/pipeline_schedule_policy.rb b/app/policies/ci/pipeline_schedule_policy.rb
index cf3f784f851..2ef5ffd6a5a 100644
--- a/app/policies/ci/pipeline_schedule_policy.rb
+++ b/app/policies/ci/pipeline_schedule_policy.rb
@@ -17,6 +17,7 @@ module Ci
     rule { can?(:admin_pipeline) | (can?(:update_build) & owner_of_schedule) }.policy do
       enable :update_pipeline_schedule
       enable :admin_pipeline_schedule
+      enable :read_pipeline_schedule_variables
     end
 
     rule { can?(:admin_pipeline_schedule) & ~owner_of_schedule }.policy do
diff --git a/app/serializers/build_details_entity.rb b/app/serializers/build_details_entity.rb
index 109213ab729..917c416ce33 100644
--- a/app/serializers/build_details_entity.rb
+++ b/app/serializers/build_details_entity.rb
@@ -136,7 +136,7 @@ class BuildDetailsEntity < JobEntity
     docs_url = "https://docs.gitlab.com/ee/ci/yaml/README.html#dependencies"
 
     [
-      failure_message.html_safe,
+      failure_message,
       help_message(docs_url).html_safe
     ].join("<br />")
   end
diff --git a/app/services/packages/nuget/update_package_from_metadata_service.rb b/app/services/packages/nuget/update_package_from_metadata_service.rb
index f72b1386985..0109ee23c49 100644
--- a/app/services/packages/nuget/update_package_from_metadata_service.rb
+++ b/app/services/packages/nuget/update_package_from_metadata_service.rb
@@ -32,6 +32,8 @@ module Packages
             )
           end
         end
+      rescue ActiveRecord::RecordInvalid => e
+        raise InvalidMetadataError.new(e.message)
       end
 
       private
diff --git a/app/services/projects/transfer_service.rb b/app/services/projects/transfer_service.rb
index 013861631a1..5743efab81b 100644
--- a/app/services/projects/transfer_service.rb
+++ b/app/services/projects/transfer_service.rb
@@ -79,11 +79,7 @@ module Projects
         # Directories on disk
         move_project_folders(project)
 
-        # Move missing group labels to project
-        Labels::TransferService.new(current_user, @old_group, project).execute
-
-        # Move missing group milestones
-        Milestones::TransferService.new(current_user, @old_group, project).execute
+        transfer_missing_group_resources(@old_group)
 
         # Move uploads
         move_project_uploads(project)
@@ -107,6 +103,12 @@ module Projects
       refresh_permissions
     end
 
+    def transfer_missing_group_resources(group)
+      Labels::TransferService.new(current_user, group, project).execute
+
+      Milestones::TransferService.new(current_user, group, project).execute
+    end
+
     def allowed_transfer?(current_user, project)
       @new_namespace &&
         can?(current_user, :change_namespace, project) &&
diff --git a/app/services/resource_access_tokens/create_service.rb b/app/services/resource_access_tokens/create_service.rb
index cdeb57627a8..c2b4773a505 100644
--- a/app/services/resource_access_tokens/create_service.rb
+++ b/app/services/resource_access_tokens/create_service.rb
@@ -15,13 +15,20 @@ module ResourceAccessTokens
       user = create_user
 
       return error(user.errors.full_messages.to_sentence) unless user.persisted?
-      return error("Failed to provide maintainer access") unless provision_access(resource, user)
+
+      member = create_membership(resource, user)
+
+      unless member.persisted?
+        delete_failed_user(user)
+        return error("Could not provision maintainer access to project access token")
+      end
 
       token_response = create_personal_access_token(user)
 
       if token_response.success?
         success(token_response.payload[:personal_access_token])
       else
+        delete_failed_user(user)
         error(token_response.message)
       end
     end
@@ -43,6 +50,10 @@ module ResourceAccessTokens
       Users::CreateService.new(current_user, default_user_params).execute(skip_authorization: true)
     end
 
+    def delete_failed_user(user)
+      DeleteUserWorker.perform_async(current_user.id, user.id, hard_delete: true, skip_authorization: true)
+    end
+
     def default_user_params
       {
         name: params[:name] || "#{resource.name.to_s.humanize} bot",
@@ -88,7 +99,7 @@ module ResourceAccessTokens
       Gitlab::Auth.resource_bot_scopes
     end
 
-    def provision_access(resource, user)
+    def create_membership(resource, user)
       resource.add_user(user, :maintainer, expires_at: params[:expires_at])
     end
 
diff --git a/app/services/terraform/remote_state_handler.rb b/app/services/terraform/remote_state_handler.rb
index d2c44d4a265..7e79cb9e007 100644
--- a/app/services/terraform/remote_state_handler.rb
+++ b/app/services/terraform/remote_state_handler.rb
@@ -23,6 +23,8 @@ module Terraform
 
         state.save! unless state.destroyed?
       end
+
+      nil
     end
 
     def lock!
diff --git a/app/uploaders/gitlab_uploader.rb b/app/uploaders/gitlab_uploader.rb
index 654bb15378c..411d8b2614f 100644
--- a/app/uploaders/gitlab_uploader.rb
+++ b/app/uploaders/gitlab_uploader.rb
@@ -5,6 +5,10 @@ class GitlabUploader < CarrierWave::Uploader::Base
 
   class_attribute :options
 
+  PROTECTED_METHODS = %i(filename cache_dir work_dir store_dir).freeze
+
+  ObjectNotReadyError = Class.new(StandardError)
+
   class << self
     # DSL setter
     def storage_options(options)
@@ -33,6 +37,8 @@ class GitlabUploader < CarrierWave::Uploader::Base
 
   delegate :base_dir, :file_storage?, to: :class
 
+  before :cache, :protect_from_path_traversal!
+
   def initialize(model, mounted_as = nil, **uploader_context)
     super(model, mounted_as)
   end
@@ -121,6 +127,9 @@ class GitlabUploader < CarrierWave::Uploader::Base
   # For example, `FileUploader` builds the storage path based on the associated
   # project model's `path_with_namespace` value, which can change when the
   # project or its containing namespace is moved or renamed.
+  #
+  # When implementing this method, raise `ObjectNotReadyError` if the model
+  # does not yet exist, as it will be tested in `#protect_from_path_traversal!`
   def dynamic_segment
     raise(NotImplementedError)
   end
@@ -138,4 +147,21 @@ class GitlabUploader < CarrierWave::Uploader::Base
   def pathname
     @pathname ||= Pathname.new(path)
   end
+
+  # Protect against path traversal attacks
+  # This takes a list of methods to test for path traversal, e.g. ../../
+  # and checks each of them. This uses `.send` so that any potential errors
+  # don't block the entire set from being tested.
+  #
+  # @param [CarrierWave::SanitizedFile]
+  # @return [Nil]
+  # @raise [Gitlab::Utils::PathTraversalAttackError]
+  def protect_from_path_traversal!(file)
+    PROTECTED_METHODS.each do |method|
+      Gitlab::Utils.check_path_traversal!(self.send(method)) # rubocop: disable GitlabSecurity/PublicSend
+
+    rescue ObjectNotReadyError
+      # Do nothing. This test was attempted before the file was ready for that method
+    end
+  end
 end
diff --git a/app/uploaders/job_artifact_uploader.rb b/app/uploaders/job_artifact_uploader.rb
index 47976c909e8..83dc1030606 100644
--- a/app/uploaders/job_artifact_uploader.rb
+++ b/app/uploaders/job_artifact_uploader.rb
@@ -4,7 +4,6 @@ class JobArtifactUploader < GitlabUploader
   extend Workhorse::UploadPath
   include ObjectStorage::Concern
 
-  ObjectNotReadyError = Class.new(StandardError)
   UnknownFileLocationError = Class.new(StandardError)
 
   storage_options Gitlab.config.artifacts
@@ -24,7 +23,9 @@ class JobArtifactUploader < GitlabUploader
   private
 
   def dynamic_segment
-    raise ObjectNotReadyError, 'JobArtifact is not ready' unless model.id
+    # This now tests model.created_at because it can for some reason be nil in the test suite,
+    # and it's not clear if this is intentional or not
+    raise ObjectNotReadyError, 'JobArtifact is not ready' unless model.id && model.created_at
 
     if model.hashed_path?
       hashed_path
diff --git a/app/uploaders/packages/package_file_uploader.rb b/app/uploaders/packages/package_file_uploader.rb
index 28545b9fcdf..61fbe2b4c49 100644
--- a/app/uploaders/packages/package_file_uploader.rb
+++ b/app/uploaders/packages/package_file_uploader.rb
@@ -20,6 +20,8 @@ class Packages::PackageFileUploader < GitlabUploader
   private
 
   def dynamic_segment
+    raise ObjectNotReadyError, "Package model not ready" unless model.id
+
     Gitlab::HashedPath.new('packages', model.package.id, 'files', model.id, root_hash: model.package.project_id)
   end
 end
diff --git a/app/views/admin/runners/_runner.html.haml b/app/views/admin/runners/_runner.html.haml
index cc8ac6b0642..0d819dc5b47 100644
--- a/app/views/admin/runners/_runner.html.haml
+++ b/app/views/admin/runners/_runner.html.haml
@@ -69,10 +69,10 @@
           = sprite_icon('pencil')
       .btn-group
         - if runner.active?
-          = link_to [:pause, :admin, runner], method: :get, class: 'gl-button btn btn-default btn-svg has-tooltip', title: _('Pause'), ref: 'tooltip', aria: { label: _('Pause') }, data: { placement: 'top', container: 'body', confirm: _('Are you sure?') } do
+          = link_to [:pause, :admin, runner], method: :post, class: 'gl-button btn btn-default btn-svg has-tooltip', title: _('Pause'), ref: 'tooltip', aria: { label: _('Pause') }, data: { placement: 'top', container: 'body', confirm: _('Are you sure?') } do
             = sprite_icon('pause')
         - else
-          = link_to [:resume, :admin, runner], method: :get, class: 'gl-button btn btn-default btn-svg has-tooltip gl-px-3', title: _('Resume'), ref: 'tooltip', aria: { label: _('Resume') }, data: { placement: 'top', container: 'body'} do
+          = link_to [:resume, :admin, runner], method: :post, class: 'gl-button btn btn-default btn-svg has-tooltip gl-px-3', title: _('Resume'), ref: 'tooltip', aria: { label: _('Resume') }, data: { placement: 'top', container: 'body'} do
             = sprite_icon('play')
       .btn-group
         = link_to [:admin, runner], method: :delete, class: 'gl-button btn btn-danger has-tooltip', title: _('Remove'), ref: 'tooltip', aria: { label: _('Remove') }, data: { placement: 'top', container: 'body', confirm: _('Are you sure?') } do
diff --git a/app/views/shared/_label_row.html.haml b/app/views/shared/_label_row.html.haml
index 9c9ac5f7b2c..252f9c26f06 100644
--- a/app/views/shared/_label_row.html.haml
+++ b/app/views/shared/_label_row.html.haml
@@ -5,9 +5,9 @@
 
 .label-name.gl-flex-shrink-0.gl-mt-2.gl-mr-3
   = render_label(label, tooltip: false)
-.label-description.gl-flex-grow-1.gl-overflow-hidden
-  .gl-display-flex.gl-align-items-center.gl-flex-wrap.gl-mt-2
-    .description-text.gl-flex-grow-1.gl-overflow-hidden
+.label-description.gl-overflow-hidden.gl-w-full
+  .gl-display-flex.gl-align-items-stretch.gl-flex-wrap.gl-mt-2
+    .gl-flex-basis-half.gl-flex-grow-1.gl-overflow-hidden.gl-mr-2
       - if label.description.present?
         = markdown_field(label, :description)
       - elsif show_labels_full_path?(@project, @group)
diff --git a/changelogs/unreleased/241990-improve-project-labels-page-consistency.yml b/changelogs/unreleased/241990-improve-project-labels-page-consistency.yml
new file mode 100644
index 00000000000..ca87bab003c
--- /dev/null
+++ b/changelogs/unreleased/241990-improve-project-labels-page-consistency.yml
@@ -0,0 +1,5 @@
+---
+title: Improve project labels page card layout consistency
+merge_request: 45311
+author:
+type: fixed
diff --git a/changelogs/unreleased/271635-new-project-access-tokens-do-not-show-in-active-project-access-tok.yml b/changelogs/unreleased/271635-new-project-access-tokens-do-not-show-in-active-project-access-tok.yml
new file mode 100644
index 00000000000..d84fe3e5df0
--- /dev/null
+++ b/changelogs/unreleased/271635-new-project-access-tokens-do-not-show-in-active-project-access-tok.yml
@@ -0,0 +1,5 @@
+---
+title: Skip GMA and SSO validation when creating project access tokens for project bots
+merge_request: 46257
+author:
+type: fixed
diff --git a/changelogs/unreleased/mk-workhorse-8-53-0.yml b/changelogs/unreleased/mk-workhorse-8-53-0.yml
new file mode 100644
index 00000000000..8b5611bb133
--- /dev/null
+++ b/changelogs/unreleased/mk-workhorse-8-53-0.yml
@@ -0,0 +1,5 @@
+---
+title: Bump workhorse to 8.53.0
+merge_request: 46666
+author:
+type: other
diff --git a/config/routes/admin.rb b/config/routes/admin.rb
index 84b9829dacf..2db2caafcd8 100644
--- a/config/routes/admin.rb
+++ b/config/routes/admin.rb
@@ -148,8 +148,8 @@ namespace :admin do
 
   resources :runners, only: [:index, :show, :update, :destroy] do
     member do
-      get :resume
-      get :pause
+      post :resume
+      post :pause
     end
 
     collection do
diff --git a/danger/product_analytics/Dangerfile b/danger/product_analytics/Dangerfile
index ac102ca2404..b2144e7f034 100644
--- a/danger/product_analytics/Dangerfile
+++ b/danger/product_analytics/Dangerfile
@@ -10,7 +10,7 @@ Please check the ~"product analytics" [guide](https://docs.gitlab.com/ee/develop
 MSG
 
 UPDATE_METRICS_DEFINITIONS_MESSAGE = <<~MSG
-  When adding, changing, or updating metrics, please update the [Event dictionary Usage Ping table](https://docs.gitlab.com/ee/development/product_analytics/event_dictionary.html#usage-ping).
+  When adding, changing, or updating metrics, please update the [Event dictionary Usage Ping table](https://about.gitlab.com/handbook/product/product-analytics-guide#event-dictionary).
 
 MSG
 
diff --git a/doc/administration/auth/okta.md b/doc/administration/auth/okta.md
index 7a55e127733..06b50be2647 100644
--- a/doc/administration/auth/okta.md
+++ b/doc/administration/auth/okta.md
@@ -14,7 +14,9 @@ The following documentation enables Okta as a SAML provider.
 
 ## Configure the Okta application
 
-1. On Okta go to the admin section and choose to **Add an App**.
+The following guidance is based on this Okta article, on adding a [SAML Application with an Okta Developer account](https://support.okta.com/help/s/article/Why-can-t-I-add-a-SAML-Application-with-an-Okta-Developer-account?language=en_US):
+
+1. On Okta admin section, make sure to select Classic UI view in the top left corner. From there, choose to **Add an App**.
 1. When the app screen comes up you see another button to **Create an App** and
    choose SAML 2.0 on the next screen.
 1. Now, very important, add a logo
diff --git a/doc/administration/reply_by_email.md b/doc/administration/reply_by_email.md
index 62645ad17a1..2b57e9f3e88 100644
--- a/doc/administration/reply_by_email.md
+++ b/doc/administration/reply_by_email.md
@@ -1,6 +1,6 @@
 ---
 stage: Plan
-group: Certify
+group: Product Planning
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
 ---
 
diff --git a/doc/api/epic_issues.md b/doc/api/epic_issues.md
index 4ab505f3627..21ba75d37a5 100644
--- a/doc/api/epic_issues.md
+++ b/doc/api/epic_issues.md
@@ -1,6 +1,6 @@
 ---
 stage: Plan
-group: Portfolio Management
+group: Product Planning
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
 ---
 
diff --git a/doc/api/epics.md b/doc/api/epics.md
index 134b9a99c5b..cb2cf334f9a 100644
--- a/doc/api/epics.md
+++ b/doc/api/epics.md
@@ -1,6 +1,6 @@
 ---
 stage: Plan
-group: Portfolio Management
+group: Product Planning
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
 ---
 
diff --git a/doc/ci/merge_request_pipelines/pipelines_for_merged_results/merge_trains/index.md b/doc/ci/merge_request_pipelines/pipelines_for_merged_results/merge_trains/index.md
index 86c66b5ea2d..c5d99011645 100644
--- a/doc/ci/merge_request_pipelines/pipelines_for_merged_results/merge_trains/index.md
+++ b/doc/ci/merge_request_pipelines/pipelines_for_merged_results/merge_trains/index.md
@@ -200,17 +200,23 @@ for more information.
 
 ### Merge Trains feature flag **(PREMIUM ONLY)**
 
-To enable and disable the Merge Trains feature, use the `:disable_merge_trains` feature flag.
+Merge trains are automatically enabled when [pipelines for merged results](../index.md#pipelines-for-merged-results)
+are enabled. To use pipelines for merged results without using merge trains, you must
+enable a [feature flag](../../../../user/feature_flags.md) that blocks the merge trains
+feature.
 
-To check if the feature flag is enabled on your GitLab instance,
-ask an administrator to execute the following commands:
+[GitLab administrators with access to the GitLab Rails console](../../../../administration/feature_flags.md)
+can enable the feature flag to disable merge trains:
 
-```shell
-> sudo gitlab-rails console                         # Login to Rails console of GitLab instance.
-> Feature.enabled?(:disable_merge_trains)           # Check if it's disabled or not.
-> Feature.enable(:disable_merge_trains)             # Enable Merge Trains.
-> Feature.disable(:disable_merge_trains)            # Disable Merge Trains.
+```ruby
+Feature.enable(:disable_merge_trains)
 ```
 
-When you disable this feature, all existing merge trains are cancelled and
+After you enable this feature flag, all existing merge trains are cancelled and
 the **Start/Add to Merge Train** button no longer appears in merge requests.
+
+To disable the feature flag, and enable merge trains again:
+
+```ruby
+Feature.disable(:disable_merge_trains)
+```
diff --git a/doc/development/README.md b/doc/development/README.md
index 830cc4a99a5..58c35e0c8e6 100644
--- a/doc/development/README.md
+++ b/doc/development/README.md
@@ -183,7 +183,7 @@ See [database guidelines](database/index.md).
 
 ## Product Analytics guides
 
-- [Product Analytics guide](product_analytics/index.md)
+- [Product Analytics guide](https://about.gitlab.com/handbook/product/product-analytics-guide/)
 - [Usage Ping guide](product_analytics/usage_ping.md)
 - [Snowplow guide](product_analytics/snowplow.md)
 
diff --git a/doc/development/api_graphql_styleguide.md b/doc/development/api_graphql_styleguide.md
index 987a4e9c629..04d7135bb9c 100644
--- a/doc/development/api_graphql_styleguide.md
+++ b/doc/development/api_graphql_styleguide.md
@@ -1392,6 +1392,62 @@ it 'returns a successful response' do
 end
 ```
 
+### Testing tips and tricks
+
+- Avoid false positives:
+
+  Authenticating a user with the `current_user:` argument for `post_graphql`
+  generates more queries on the first request than on subsequent requests on that
+  same user. If you are testing for N+1 queries using
+  [QueryRecorder](query_recorder.md), use a **different** user for each request.
+
+  The below example shows how a test for avoiding N+1 queries should look:
+
+  ```ruby
+  RSpec.describe 'Query.project(fullPath).pipelines' do
+    include GraphqlHelpers
+
+    let(:project) { create(:project) }
+
+    let(:query) do
+      %(
+        {
+          project(fullPath: "#{project.full_path}") {
+            pipelines {
+              nodes {
+                id
+              }
+            }
+          }
+        }
+      )
+    end
+
+    it 'avoids N+1 queries' do
+      first_user = create(:user)
+      second_user = create(:user)
+      create(:ci_pipeline, project: project)
+
+      control_count = ActiveRecord::QueryRecorder.new do
+        post_graphql(query, current_user: first_user)
+      end
+
+      create(:ci_pipeline, project: project)
+
+      expect do
+        post_graphql(query, current_user: second_user)  # use a different user to avoid a false positive from authentication queries
+      end.not_to exceed_query_limit(control_count)
+    end
+  end
+  ```
+
+- Mimic the folder structure of `app/graphql/types`:
+
+  For example, tests for fields on `Types::Ci::PipelineType`
+  in `app/graphql/types/ci/pipeline_type.rb` should live in
+  `spec/requests/api/graphql/ci/pipeline_spec.rb` regardless of the query being
+  used to fetch the pipeline data.
+
 ## Notes about Query flow and GraphQL infrastructure
 
 GitLab's GraphQL infrastructure can be found in `lib/gitlab/graphql`.
diff --git a/doc/development/changelog.md b/doc/development/changelog.md
index 14d67791ecb..50cddf8b0cd 100644
--- a/doc/development/changelog.md
+++ b/doc/development/changelog.md
@@ -47,7 +47,7 @@ the `author` field. GitLab team members **should not**.
 - Any user-facing change **must** have a changelog entry. This includes both visual changes (regardless of how minor), and changes to the rendered DOM which impact how a screen reader may announce the content.
 - Any client-facing change to our REST and GraphQL APIs **must** have a changelog entry.
 - Performance improvements **should** have a changelog entry.
-- Changes that need to be documented in the Product Analytics [Event Dictionary](product_analytics/event_dictionary.md)
+- Changes that need to be documented in the Product Analytics [Event Dictionary](https://about.gitlab.com/handbook/product/product-analytics-guide#event-dictionary)
   also require a changelog entry.
 - _Any_ contribution from a community member, no matter how small, **may** have
   a changelog entry regardless of these guidelines if the contributor wants one.
@@ -55,7 +55,7 @@ the `author` field. GitLab team members **should not**.
 - Any docs-only changes **should not** have a changelog entry.
 - Any change behind a disabled feature flag **should not** have a changelog entry.
 - Any change behind an enabled feature flag **should** have a changelog entry.
-- Any change that adds new usage data metrics and changes that needs to be documented in Product Analytics [Event Dictionary](telemetry/event_dictionary.md) **should** have a changelog entry.
+- Any change that adds new usage data metrics and changes that needs to be documented in Product Analytics [Event Dictionary](https://about.gitlab.com/handbook/product/product-analytics-guide#event-dictionary) **should** have a changelog entry.
 - A change that [removes a feature flag](feature_flags/development.md) **should** have a changelog entry -
   only if the feature flag did not default to true already.
 - A fix for a regression introduced and then fixed in the same release (i.e.,
diff --git a/doc/development/database_review.md b/doc/development/database_review.md
index 3f5f36b0b6e..3da961ce35c 100644
--- a/doc/development/database_review.md
+++ b/doc/development/database_review.md
@@ -27,7 +27,7 @@ A database review is required for:
   database review.
 - Changes in usage data metrics that use `count` and `distinct_count`.
   These metrics could have complex queries over large tables.
-  See the [Product Analytics Guide](product_analytics/usage_ping.md#implementing-usage-ping)
+  See the [Product Analytics Guide](https://about.gitlab.com/handbook/product/product-analytics-guide/)
   for implementation details.
 
 A database reviewer is expected to look out for obviously complex
diff --git a/doc/development/experiment_guide/index.md b/doc/development/experiment_guide/index.md
index 039f3d2e72d..a9334d2a79f 100644
--- a/doc/development/experiment_guide/index.md
+++ b/doc/development/experiment_guide/index.md
@@ -115,7 +115,7 @@ addressed.
 
 To determine whether the experiment is a success or not, we must implement tracking events
 to acquire data for analyzing. We can send events to Snowplow via either the backend or frontend.
-Read the [product analytics guide](../product_analytics/index.md) for more details.
+Read the [product analytics guide](https://about.gitlab.com/handbook/product/product-analytics-guide/) for more details.
 
 #### Track backend events
 
diff --git a/doc/development/graphql_guide/pagination.md b/doc/development/graphql_guide/pagination.md
index 6ca4084bffe..6ac8ab19148 100644
--- a/doc/development/graphql_guide/pagination.md
+++ b/doc/development/graphql_guide/pagination.md
@@ -234,6 +234,23 @@ instead of an `ActiveRecord::Relation`:
 
 <!-- ### External pagination -->
 
+### External pagination
+
+There may be times where you need to return data through the GitLab API that is stored in
+another system. In these cases you may have to paginate a third-party's API.
+
+An example of this is with our [Error Tracking](../../operations/error_tracking.md) implementation,
+where we proxy [Sentry errors](../../operations/error_tracking.md#sentry-error-tracking) through
+the GitLab API. We do this by calling the Sentry API which enforces its own pagination rules.
+This means we cannot access the collection within GitLab to perform our own custom pagination.
+
+For consistency, we manually set the pagination cursors based on values returned by the external API, using `Gitlab::Graphql::ExternallyPaginatedArray.new(previous_cursor, next_cursor, *items)`.
+
+You can see an example implementation in the following files:
+
+- [`types/error__tracking/sentry_error_collection_type.rb`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/graphql/types/error_tracking/sentry_error_collection_type.rb) which adds an extension to  `field :errors`.
+- [`resolvers/error_tracking/sentry_errors_resolver.rb`](https://gitlab.com/gitlab-org/gitlab/blob/master/app/graphql/resolvers/error_tracking/sentry_errors_resolver.rb) which returns the data from the resolver.
+
 ## Testing
 
 Any GraphQL field that supports pagination and sorting should be tested
diff --git a/doc/development/img/telemetry_system_overview.png b/doc/development/img/telemetry_system_overview.png
deleted file mode 100644
index f2e6b300e948f8337252a95bf5de58868f8bbe2d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 103618
zcmbTc2|SeR`!KH4Ij2sWI@Qri`yOM)n2~S{W|(2d>`S2;voZT(R!f~0m84xIX_rdc
zWDtr{NGhQiL`B3XVv_Cu40V3r-{*aQ|Nr}c=QGRm+|PAi_jO(OwcoQR5Q~~RY2G9&
zE32t~zTN~YtH}l{t4XUSjt54DYUkXuvikFZ(ubxLX}DoRj@5FA*Vxr^Fo-WvD3?RL
zmxIAfsnnhw#^lMFB89z}qXdS4=OPI^j2p&bkHLUJV9<Jy(|Rz71cEMyctTx(FGpv4
zCkT`=2G8Vi#6J*1?Lh#7RRPS<FtJji;4g<DfO|i&k|P9ufnneqM+ClTz{e33;s_0a
ztOhPUrBWe>%3)!`02+``2+SVh3=FTr_>uzrmxH~4Yhjpx1N@*kp#q6ziWgrl5dkAe
zILIDk4{?FR>>ZsUzyl(a%an)x2O0}c93_)C#t)p&5lCTt0XiT+E+ROg;8dz^j1Lt@
zt_YKe$G{xH_Ad60PGe7$S}A92m?x3&gutrc<q#i0ray!SED-iXT>jo<5SJ<dGt>}_
zcNoSI@2K<~Ln3AZ<c^9x5Rlk<$1x-@ilZ_Vs&GcCoE$|KDIthHbT3VS$`>sX!XiM9
zkO1Jrf=RjTaBn}XJk*DS_Z36AFlP){>w_oqs0bcW5T;X+P<}o>fnpg);*1NIz;O(&
zilzpn;3WiO0jv=!O#qiK!n5E|U7!mvAkdNg5fF)sj|&wp_fvrwD7Mg97pArV)70cZ
z1dZz{*71}Gnp}eAqBUfHfg0__#`4Ho2#AOv@co^^<OmuvKrEBd{K-PPilai&I7p_N
z0TJ_6G$KSD04z`AxcIa1cpQ`k-0<oC6cO8r&I<%?0(lCFO2-qCfGtNv5Tz6h0T{($
zaVomNAJ7pbi{lH`Dnc1bba<#z3}_6XOUQ5xnB$M2^R+?}QA!7hMRI{p1PRCW2ZV<N
zfH(vY3Al0*0oP$L;0o^KsP^WNA_7_Ra4Z)B=o2CWC-4`5kO4|5Do_Dtd5UN-sL~Tk
z<odHUDvnO!1Hd?fsd5I+7ld|3;Dj`+T0`~WLLxw+T(1CtHwcyJB7<t#G(3aP@u7I(
z1umfkEisHlQHz*l4KN?6z##oFE?Q@2CWtF1%B5-_nLJd5r*XX1!Y~2?CH2Pm5}+Ef
zCljOvJ3DzfVzd~Bql*|&M<ksm!%I1#JdQ{~LWs2l42{c@u;~J=6Wdb+_r*yuXs#L!
zQgcEPG5{RpqtYsXH91T*-V5&sj6g$mfbt@^-YPEyUrMIQ1u8m-;YAX{Bv2-jZ4s0c
z8~Bn^0AQ^=9LyJKk#Y_PCgRHF47`%U!SXeTQCXoRXbzt*B{?cYAgOZ%8Sn3ii=e{c
zAP7E`qY=spN@uc8>qEk;!y#y}m?%?(GqDjejgkt&OF)i3A|?%sCjvW)pn(JNZ~>Fx
zqIDE_g3w$oNKTc>Fi1~Fe*_*aqA;k=OeqP=kWi6C7#Qh<VNe~Nu|g*WlIhFzp$hN{
zW*7p;qgt%nNfstoAe~Wie=5MAqgu{Tg`o&araFSH5OOG9a$ki;fkDY6L?sH3W>~ZV
zi6de0AaDSPEArM^loJfn37{GbUd@4#U?Pd5w@49yQt<+@LM#mnBY8oHY7P-b3qW!i
z5SW6erl7o>xk5Qpg;#_jR4^}^0`N=-i3;ouLjmYqJb8W+gxW_#RC@;?17#o;AY6o8
z%usrH0mjPr)`}e?bdDS;4;Ys5$MhBH#}xxk6UoG)@mwL`^^hzsnIw|%l`uIP=E?C@
z_;CSWjZ|nM&Yn^s7|B4P5JG|%nis&QlHq_4MvzEEkvCrM7v`;2;sH>u*jI{?T1*Id
z!$~qK9IaFYNJ#-|f*K`~&_RJDG?I_g;?>Tf_y}4kmCh8f)hMt=jq<_ke0f|iKPX5Y
zN(xX0csp?jlt3n)Ko(-@Vg!`Uf`zdI7<_G@l)xd;k#HW<moCR?k=}451`mNn_<Q-O
zUBqCrmqrCFP7d=2ctuJ@P(&CJj{^}vfeI;+$nhgZ5S`^j1&Bfw2g+G8m8Tr-2q-WT
z1?O12JyPNYg9XAF;hew#j+bYsuM-Tc_4S7P_)E}2nn>iUz$yh|8pb<-OLOw)bICd(
z6ho$K!oq2+2&!iUF-(LP62UqY#!m<WA+aDSK1?eCMCGl~h`l6E5Ea?QOTt%#c?V+n
z2%>@~(|AW9Bls3tVGwUP$~O$ArK#9~Vn>J&PvL_6A|y19ECP;o5yAYNku*9;DWik^
zXlx_~1ofr^^T^>UlrxP62NR^85p*frlYj^i1bCC>QXfYIT0(QeAW<+8N$tY&BJdb8
zJ_am=agc1dCo0e%F9OsDA@RZBg*3L5h~s-xc|1>wG=M?%BIra^0o?~lM1tTtH4=fA
z$}O%?M^dtV{1_Cx0JxFjAT-Z#6%OS@@?opJKp+<#76m6t5Melf5y4B2AY*B0rmw}Z
z5a|er3q%MJ;i+0DF%K+a(p~6qNEm@Bk?<uTU#y5mqOb{U3JeIF2tHZ|11tw=2^bdd
z47_2!!azF77l8qW!WpOtk=joNM*I3WYk>i8k}5#LLec{L{h<s$IuM3nE(|`_qKYD>
zLd>G^l>QVRgr!l*J;_)G!B-vb6(Cb`ydW?RTIeXjx=;a7H3{U06FK4nSw7*TG|T;!
z1V@p82qQA#Y(E-}het@&f#C#>j1D8HL$Oqx5b3OwK$UztkLd}c23VX8U~URH1P2O7
zLYV#(g$feN!~z?I0L%_SVR5`L2)+v$1NTB;{qYbe3t$n+p!nd)@-PU+Q|kheIXZ&a
z5VXLDClV+%P6{qC&nq0qN7KR`@hF<wiGl!y5iOC7%VG*~6dX~)PzZRTp;EY?Jc7Vd
zFkP@>RRGlD1IPq`4}=zw8It2mv4mwP@R0&z09GW)D_rXA?Sh7~36^*Tym8(HM7Y|S
zqTpevP!}qP2<L%aRGtJd$up3^k)tqBH7A0BKsuo)TAW1YqYc-FLlhAT{{T8)OtC~S
zCxtvbOm0zm6+A%cMWg!!($!)BHHt~2%R?bdFrY<9AVeT>7=&7l2J_HxxEF-$h;)K0
znRE#ntEGWNR2Iz7UjRm8S-4Si#z{Tlz7_(Jc!nPnB|-QyT|9v&2sMz|A;}oIM5T5D
z93>cRF=lR{g3nMeLsbDTVVZEbuN3C*iGwrLIxS1$FY?C)xG23DDsUhT6(Hf`7($WK
zON_vwsZ4*2G*GAj@QCHYP_`i4F9NR?5kxFssDD_1$lDQ)lXCna98rK4>dk_=z*#~y
z3PL5QWaI$4Rwa>RrC^TKk>m}M=qO|bQ-^@5<Omqjk4MLA!l6zm0wUCf!=SRg$P6zn
zRI7p`VI&0|>V=kt1&}0cUor<pCXgJld_N`L5eoN{a!LF!uu6-8dWyXLeeg6%Ac;?v
zvz(k*3W!+cN9M^GARU@QA(N>vrH;pzWBqV!42$jS65;F3jX<y>v>JgN#PTFSu|%S$
z5G}`sLCH7)mgvawRiZt885p$^#SBxE9q~-905AfC49(GznSl1<7#bG}p5Uz(3D80(
znIz0t#P<&rAy^s-E>J=tduv1Cfg%+S#|q$uvfyG8jDm$~uoRMp#U};o0^uZ>vsR??
z2_QLXEP;lI5TocUCB#LG478+PG9`u@zzvW@u&_inPsQ+)c}rkYGDCnDIy1ewSSKHF
zm@hxT*Oy3@;yjryd=TKv5eycdhi8F_7``7!>+1u->9hhCPYYFnu`-4q4$gPR`H{go
zJ|_b2tztkB-ricQKLHPRapCGH6ubtoWh7I?pwhu~M>a>M<FZ^xbOs&e2_!EF2q=uH
z6u^ZPmKqAC@nk9u3I^h-Xbct!=7+(c19jd?n#d7~SNH|^gRx2lpDsZ-GNdFNnn9OB
zB$l+rOD5Cs{RwgzRSK6W&=eP`THy`&G^7iLh4Vx+DGZ%IT%i&P{Ndix05ppX%wbbp
z{88cnq_<p77g&6rryQ6dQxXUS9ojpB1qLysTqjG04EG6@2w`4aAb_&TI6Mym!0~(n
z$sDCT0=QI&#WFNms1Yh4YQ9V((gYHbC@+GapH8i&E5q3YK9IE`FiwFGI#Ej#g|aQV
zfHPhI6(}7kK4KD_9TBQRha!~}7o?M#tKva?@m!D^1l9RTX-Xsr?dMFC!~KwaqJXJX
zqMW?ILY0^zRj^!OEIO2h=7W4#FfN#;WHCStDnlbCvb0_}DnW#yx-cW?0+fy|qesv~
zEk0XHQdnF(SjUABMKDAFD_rG|K=?c3y$N8DTmY58;Vdnf!iR?|v}ma}9-&23WE{CD
z+#BjbQfLBLGz{9`%aaM<U^#k+f|y*aGY<*YN)c?X5bo?xAgTzMP{1c4<seT4)P*OM
z;)NVGOc%i=1v+X_7SBlc7E&pAF*XqD;whte5lK1$l^r0)a>)b*7mYx&$c`9txERSL
za}->E1eQhOBLsd7XCQ+e^<iX?RLT+3EI!H$E7kgeE#90b#)m0|E&(8anUn~jqM0m<
z3zxCHgjj*l5g}kHxgrcj0~Hc<q;MLR>+R`Cl0tN1lqI7U1TY~|l$s$Y(+OarKNE-6
zYAIf1h!~A!I0{*0k|&$vXemF!v4LJhQ8*1u)cHq*`t#txm_@26m_))<_){R^3W!RB
zfT*x!7dQ<qL;8CnIS2?0>jNX8yoef=fI?NM{NauS5ERM-N6=s#M>awX4tHiER3xen
z&jw2)c!3Nlg=k5PI20N~5#R#DgK5xke;x*;wA31ia6S_cY;=H+94v7J27LKACJRkO
z1u|Tmw9HTqLd*m#l*w`mqy*xfe7VlrFg{(T^=8xIWPd0dkMYq`Eg^}(@C6GcA}<0M
z&}vv9Nh))+R0&8YCkQ^m2c*)-I7$?n3F5*0R2m;&KaM|=1`Pz#W+6~Q$&q9=gQ5bl
z*iH;K1cRlsFy1(&BTcJ-pg=GNLaIVBK~x_m7s?|tB6MKDWwUiab&SyQ92F2L3#VWr
zIbl3DEKKXor+EwfQ3$prjs&vhK9;TZ6ses3143Cm9tljL(D*bqoP&1}Q6$1pmPCZn
zV4zNT2pTU#fbl9PZ%cF)`g5gJ7>O(rh584uK;%FwpH0P4pcFXMmmA<K=BO-+0)c}N
zL>y7$i1JjjTtY<=fi$9k?M09Q){pRWqB|3u!_jOy#~<U#;rcnlsWe5XBf*)e6M@5g
z!YuOlb_O}ayg7WF(AjcJ)G|P%P+%XBcoY*Ifmg_-T1&mb54Xg3CJrf92_WHsHzi;R
z5(I|o1Z9gzfqrUn1ebv#hepUSI;3NG1PP|qz%6XxEJOmo7Tw~i9CaM73QJQ#LB1Bl
z4S<TNVja>?8yYAQ0d)#d3Ibbv5IQ`98Ri@TX1WM`xI~I06wpbH5`_{nX<$NFsMwqA
z=K@u$i2*`C77vPI)A($iC>)E1$yhQ074WJcv5H9&aKK<W6d}e-xEM#Ii$)u$A&-{F
z5Elv(@Uut+K@LSm2pLFcfj5!u>!h-jokEHZ<&2|4By<5>=ZO<)a5@G6>qr5f`G>>&
zEEeYJY3YVo-WI+7*-05~s{r>ux>XRL8zD=kT3P+_HPD~rGt%<(`LpJ6<Hp6r#EguL
ze0%m3=yuh99IX2Is=K?}KnfJ@FW9<uYfX~XKexGGzI-u|@o!oOhCh^13DMnOzKpb#
z6%-UqnLL@#lg*wzdw6(Qr_-%mwX&q7gwN-7b#=}9^H0(Kf}0O+%$q-dXlUr;$BzfM
zE45nf(q+r`?%lh5<?{CSc2OvO?Yg!04xogDgsD@f`uHH5o0~noJl)*f?G`OszQ}gp
zzI`8SYC3bW3d4C{%SxU<f4*bK4mjM!5e%-bu12HL>FMeB?%n(H`SZ=2H=Ur)@87?d
z$z;XF#h;%P7Znwyq@?tfmjz%0z-v}zWo4Z_dGgq?V|0u!gR$w#l`Dn9un6Xsit;8?
z@k2eAL!;47ZjElt&Z@q3qp`8EqoV_l$CJpUqO)gSzkWT>=C8a{NkPHEmo8nxdm~^D
z>re0a=hm%THxD0LvSdkqetvm*Im&gz^Yp957tilkMYOcE9MWn&6+PG`5o7*#tGj#0
zXf(3fYz~RIZQC}5Qc-&O(ncq6c6N45c-W=Ad)6&q_BY(Ava)jVg89cH^|iINS&7F~
zDwRMWIDGhUVq#(l9((@$`KM2xq60{0FJ&G$aA0qQ^udD%{r&yW4bZH@%3Zs5eY~Il
z;>C-zXU`JIo3Ezli^XC=gy8e*``M-0+jkszQv0|$H)qQhX2=$xwxgbl-F5chw&NEQ
z@7%ewdvD^YQ>UV$qW0|BbK~yghtHcEOK#_8m+80dD|nuNB|A+VvGv@!a}NuvUNn4h
z{~Nhg!QG#<KjYwm-Me=urCdLH^k|_d?CQxqN=5Xurt-@Cw8+Rv@g_#>;azG$NM323
ztDEbU_<bt<E+Dm+%jM|@_M-w&M~)mhbSkZ-ATNlsIb5XPcQ8f0O;u9Ub~fXTEI8=p
zhZkj8=RQ<qX*8PZ_ur!TL=|Qvg$hI8=jHxBVS>4_IP2n}(kFFgF_D|sta|e>ogYjr
zsw$#}P<x6V96Ne}FXwku<$ZjS^UwZ&s?VK?|J$wlq?L-n-)&{J$jZ;#lccHbsIS1x
z*V^6x^2qn^>AJ}ux3_G$Knlyu{JgnVl%C7Dx!e6tYU=^<>N~L)KV3{k+kNDCZnk64
z=FxI)WSvH5)#SN7Zf#B<x!;qpv5Fnd2A{_UG+)l3G9UCmU6$thDvQ~jEcx9`+BN>@
z11z95mo7az^^0_W<n570f=eL!&Er?V>&|ha)s9@d!<NT|3$2>O;lOK+aolv%e;Z+J
zO~a-CGEwcZA^>>d9=zK0#j3DA!H)>Mnx<`)!l1xww#jOudTiwW+-YX?>I1q)cgua{
zxqzLn_xq=)t*~>OrY*8y2OzC>xLOr1{M#^I>ReQxXSTwg-|kU4>Hgd)>aI6dR$HYL
ztSk@~Kq~;q3V<CO0Ong+HBGa!O0_rE>#eP<u%3p2zy6PA6fWHAetF6Sqj?^HF_3mq
ze&&7Bxc`No|F?nr+9_&t!+3c7nu}Xw^2R;$Gw3UR|1Y}!B^2P$>R&=FEWjh0ObvP~
zE9s=d`YgcHSy;0G{LeE06kk0#@VEIj0P9-|*Bl+cym1P^I3O8d(ioAJEwc=~UAIdg
z6*Vw4cyv!%eN}n#2W08A%(G{Uhf_|DthG#^`G+|^j`+d3$8JOIP}a6>EghBPtiQhN
zJ(k^GQ*g30ybN*ry!~&uytZrO0Lpk^<0o@j@``Ffr+(^$!-*3%zVg>Z4t)x#@c8HP
z@e&2;TcW0A3=(9VU-v<&==CZb(&mLR4C5!Nw<_#RdHLqxh^$j>RS%j@6G{sgo=GE2
zGAP#EclpC?TfkF@u55N^WKXupB~6-<aK!p61=!;Idt&wP>bB?RZ6pA?WF>vsG+b~O
z9ix;q6?Z2WWCm^Q@wPzy5j${Ib8bYv>h&OT@cW7R531Xa9t*Q*MAQ^>?T5=1DfRoO
zuE;=c|I+bpCm`mpi;XqsHl{Gbao=-aT&}$>m251?yLaQ}EBHEN?A`WFHv1Qv;%&N$
zS6F{r&;8zq{_y1hWSZ61!kq(~T_Cp|p6)uIS$*kd;`&hidbd8G8;?60Z07eDM&0S=
zDaQ2!&h%hCruV5dMC;`G{N67k4+5`CC6TAYYV{n9dgaNYN98HR{XyTqd3}1cFH%2(
zEee}p_4l^Ip@3JNpB5H<4BK9D?rs!3B2O{y<YaAOR41kR<0re=mxV)*Sdn{@CICYl
zzI|_gyVIi?m#JMZWB0NK1lqf%ctCdDyYyYAJey;hesp>$d~Q0latPqfj}Eke&qIth
z+&VK|6d7Qk+RVg7WOUwtfA~n*_}dxDS}Uvflg$loUwc8Mkz{bx?dP|udZm(UmmKC5
z9Gqf~QFVYDpV*n|6br3;qB;zzX&Id2G=S*E0MD``6)D9^2V+c`p|0{(;1VNoV~L$<
zHTS%LX<~PDKgb5)W)wzAmkVEIFYRp1l*Yi5sw#2T*5-~g&t{rFgls>5>{js89iITz
zU*&CxnKnNnx1cFM`9x(8YNGkzS@DhmvGi3{QJpPd*I;ApVTrQ!4|8lr{zSViU2!ca
zUc#TI7kZ=FCYbao!}<JL+RMTymRP)Gxc70!ALczt*1?VO8SKi^k)y9KWhX-3-P}Z|
zmv@h|3fv(bx%kfOtV>~3V@>_mHm#v7Bz?WzOqYe$=Kc?P>&vLt*6rI1hX^7`*+;vD
zc01zThd10B@y<+oVV{*8Wo0#Mk+JCcddZ`^rl-s6yW|Fk9VtEwMWVEw6M`_i1{^Y5
z?BmTZ?y9qkhPoci^hvmNqky?ucY8!8NWnE-YW#uWJnZJm&`qvXT1uzfP@%kLn3FE)
zSu(>Emnlt28*h`b5oC0T75EM>5DOa0+QM496ArsL3{9}w+OTVY)vfDt->Dx8#@v|5
zc~=1_+@5Iz(${+rylKjx**PmXr14(S%lad|i(@9<4T|UkSl%j45M!L`Yorphw7=#x
z4>_~R{m;6ae>s~;4bp_5Yth+mM#*xC^}wT~r1g!i16xA@-?%1!u2ta>&33swyRj*{
zv#1=E_2<>gD+{9_L%l6i%`c8LQi8LFrd}JGs0>;?Xme@QfhH`EBA;;IIq+K39-r`M
zQ@*VSd!_N}K?mczuDYz)fxzb5S1eAbd8b~<=}(T19jIG77v_fEp&#7&$ldolD8vx*
zY>JtWKjFxm2ROD>d_&g-`xJ1)fYfg2h&Jn`w;?OYCg(3x<`D;@gtKd)^Ydam*Gj<k
z{q0#aB>D#7!0u*N^V9m)89fpc=9wn9HASD@)RccP=ZG8N9MAYR*#^B0iare<zDaG0
zUixL%a62{%w$#}5C?U?2!T3ZmNIu-tuCsuSG`VZs2G4>|fukC)N)t@48K-OWZ^vZ3
zx+aY|@f{*n-PqJ*TQ4kOi7e1Jnufu;nt|N?%sgt1fqH&I@Z{>SQ%@$E2fmCiN+=I*
zV;E3b!ua$MVwAD_`I`wqAlN(I)O9W^pDNfx4+W^nug*S%f%ZI0yQvzsH^Lh-rFIMa
z`e!d5)aR@F#sM-rAFH?S%7fV*9VqzogL}hmGN-yI<gdbjvJ*|iDIX2V^7eMq<H_dF
zm$0{A)PAOJ7bTvGy6;FrkF$9<ZiLqrjY!HFZ?!+6WybXOi(8iMOgr<}9dgbZ&B>AW
zkOdn$b+&(Ts;8#LE@X?}-uIZ2yn!}#pY6lASg`R->cSn4lP0-My+=I@(%)E_cU{zd
zDA8GT@&GkBv0}on0SyH^P(7U$iRSZug>J=;NwEjJcAqxR(Xz@vofJ>V&ORm`iEb+E
z4}Br6_$y%z_1>u!ZbpN&k!bvwC*5<p*~{8u6U&wux91&nuQ+W#ZG+v@YL%VYgl@`D
zE%>KmX^*?xq?*<BM{Y`~#RNmD`s@2d7t;3?ol6o8HM30@gVeFG9qXc3!}5yX06qs?
zI7E39KlirU+B!zx+?Je|iM>ynv&zBRyq8Of0>wBDeQY_V?OBw($M%(V>_3atF5s$m
z+|()NEg@kj1uQ;<n1kfsF99$i3iC)WFf^or2OAvz<dFSgr(Sj-_rv)&SHt!<>~W6~
zcp54ioVp2bnv~99qsJbhwslwNglDPcCBItz-CgMRefg`}qP&j1CkG=hRTa5`yNJ3*
zQ+L2D`w)-YuU7muUz*`yR3!dYSFyAe@Ns+oF!veXJet|h$dopcafS(~V;XlN)Tn+x
zZ=R`h<zE94oU00JtE~@r=%>Fo*&lln5<^>WOsJY|D#C0Wxy3N3yQ~37PiboR{%BSE
zII9B}q}Kn4j!t%&`7G{^#$cDe*0@y7wzlhZ2wvy0`7e{h?H(I9Tc-`ix{);HnY?Ek
zfj<}gWqL4tcyduhSBGfMZE~TTA&_d2oKQ1|s1LHcC%4Bn4cBFNW1g!wPn&0J^88%$
zPmxjkW)C2%_@?|n6<xj2B-`seeb!U=$TPy=SItibPruyj;ofF%ZLY+`>X}vV4t_FD
zcvimgMz+vC)gzAj>DOcjwCj_*Eyr{-YFg?)MumRssz121uo2IghP3U_5{6Tz*2$j%
zp*wu4`RJSS;^CF9t-rs%jr!f)l*W8yly>dZ$9P0ZKUXrs)n!eu?)NFp`P)Q|r1}Rt
zZ9+O~Z+^O6ljqo?<c(x@*7qmIbet7Vuv&Dp>9pj1x?4$Hb>C5ae{%AsQ&K<yJ&aVR
z!~atnW=T1LG|b8W67<Lyt|b*cwC3ovi}wH*`6KZf%fv=A+5b$<{`-Jas3A#jy#-o&
z0THbm@8oBgfBQ!YYsm~PsUqM^{x{h!CCD<*%8KG?&`<uKvfv*yj-hCpc7M{7JG-9h
zrvh%&_Zn%#k?v8l|AQW2IbhZQap3vBCb7wFYt^d5llt4HK3~=(e)@lu-_jzQY|D&#
z!MH=^2{Bdx<&SSwWqz_c<Znq;dzyyF{r%4$z_Pj03Bb|-0hYAY#$@4pv?2iHXrbyq
z9s?qNJ7QxxQ5{&!n>z-JyJBI8{`(^1PFKqZ0QuVhB#}E@0X&wgfA4H8Ope`IPy(OP
z1)8P->{-YxTsYn2Sat!y#s0=WBu(HvMH<Efg8UCe;{lX_r~olqL>2U3kH_epZnB`T
zn$9yk2AfZhGUeoK41IIu{||qo%41<=oP|2G{D03Yb%k+daqHan<GRcxcJ)hlF3jI#
znpENX9b2D&v#sw=$G9eY<2Zhfw9A)zBTevI?GTB{n_0GLP!^(5!Z_9w)j*iMy;HyG
zku=3|IQqo=Ic55g9+W!1DH^)*)-fayj0e{q-<ulP9<zN+V)~;q%=Ax<_L4>SZhZ57
z+T>2(a0>v_G!@KkUVY?y<01?5R!zZC52IGFQHN)l9*r{>CjjENjBh1xY(9-miJ2`(
ztp3aNDc-Oh*k-FavW#mEE=|KLHeOo0aOvT~g_bQj6NWP8u4wg--`BY6=m7gv5QAt)
z*j0eJCW!Q!IEE~Ibhjen4K_KqL@gDsIzRV(WU&gPmJ|=pHZ3v=j`{6;dTJ7&rM6|q
z1A>;CUR;k<yKlVmB$<Om<$S+>Dn}c0FZ5PABQgI(q$=j~_eT%f&K@+EO))<{uV{EW
z*xUd7Yx#qG-qII!wf=)iA)0HSyQmedPwm~mbmU&GDROvu*RAWg?LBRK>DSv1Hpbbl
zUtT}|+8dB$-xm?F&wjQ^((3G%tE+pZX?$CCqTpUd*Y!IL<_M?p7Y(es3f6NjcSCXT
z`Y*qe-;j1D+noNEkO!&8FQ6A){%~+XeE_<fmb5r%&+aWtg12wIQ#ozRQp7)hO#FL?
z_dTmLB8zuyqGsa61GUo@ovWODx9mEY^UgF^M@dwuE+!Y7)+EA?ze{M0$@|KyZ~D;u
zZer*7hk&zs+y5}=_`~|WAIR%JgvlHVUcv^TuP@k{^O}?K6+PG!Cshj`A6viWl;<4i
z4D&UC{}$2j`$ee*(P%bh_c3!3<<f~@_YQPIi23kgA||0W{oJ$1rp&6;T~Exyl?69E
zPq{~R+++Qb=n<^nV!CbDnC{i3(_J-eSZOCZHf&s9T(DWaAzf79k{bG9>J__EC#^gg
zQg<xtkxTLnkH0NtyRUI3Ros>de({YPbLnC6%Da6{i*82`5qbFoTMc&hEt{qs__YI{
zU371W=@X^BdC#hh*1H>eeUx$J&Px~Z$dXCZF5=XCT_5}W8ACPtobgYZ^)6$LIM7R$
zP?a&x`|-`$GBsmy%Y@xP=&;(8OK>~X#&OE+g!e$c5Lzk5cXf)+fKZto{AAw<ttKwF
zksPkupZ@aB-t3G<vHcYX`?8F`)UKO$*Lxe!KPo?$%IldLzRXnnzB>GrJ(50mcF$Hz
zAL4*vW&fRf*N*D;BZYl0FLU5oH8f+{KJRpcKHPEmzVnm=lrrzUy3{}Pn^FvAh>;b|
z`I(|nNO{HHT<7de(6vun2gWr6#p>V9*A3m!wINz^K*QAF9H;N*mfOwIvtP}Vsb|SN
zjz`yvSDv3xeDi$H!@Sp?efb8vEA~T`&DXJ}q~FbyCw7Z~uwk{#bnIeFy8}4j^smta
zM>gFvtm5$WhaPXJ!>(F)(9U#ch+|6cwB9qo4}92{*f^_f(Sgc+|19DsJ<4-%xLxqI
zZhW38_*v#=)YW<l-I!n5_T;Ah+SjK&mYU98PU(v82|oF(P`TaR-h_|F#3mCxJpNo1
z^Fs!ksyFw4J2F@18uqZ;oqCnOqqg(;dS~>>>kf~NkzYj$S=PHJ5k9BEYWt#`V>DNt
zt8aiYuPstS&(J>a432(xhSGMA=T&f_4z}|<`Dm?YyJ@gCxqh~Jqcml60sZyUIPa0Z
z-=lnuhf8`kHHDZ8a&2d3j~^3TFbFTNe|jUtr`FT)MwM;XMduGUzrXV_#C^_AGdyk^
zzjIyoT#iE`Wv|{NcyccynybJ1tON1*19@kg;~OWQ4rko%Rjs+%aF<ivhza`cmXSLn
z3wAl%P*xJ#ueL7Pa6YV!Vl^t>kVPizH~KF1GE?ZqgZg=#x?8COC22Fv>umd$)Mq8d
z=_%uyPjfy-qKvMERnKnR&T@XV`GsumO?~utsOP=S_H|_!V^BsfjMFU<PTykKeNTsT
zUu%-f`v=^#>%om4%rR+3CL281uNqGnLOlLjowmphhfOw=9j=tZ2M3CpPZt!|zEtL*
zjhy`8r>BPdLHN2`9eWq(?{4%i47l0;sJ<X-zhiA5Bc}MqwQsSBZ$}W#r*ZafQL7&X
zMaR8(G;AdUQVY!zSpoH3uyWx(RrHPHn%aRgzdMw_hl$m{qZjHzW#-b@uH6IW4cM#O
z3p&kTshFO)rz+GuvGuvneQRXqbGw>tDeDNkD^{8wy?-;ZNI&P-2hN6b_ZChWRfdiF
zX8YfUj#mlpWazE(-dsf5b7hUmEj5a&>X!INdAkqBs>aLAN^Q`DJYnndAY++mu4tg(
zL2b@bQ`FV7h5=~00+0%TdF^kzkY9LTt)~N7(biO)F`@Q%|H2XG>$=MbV<T$U^>^`)
zq6oY7haW~=nKmb43MA`mFT2@3>CUS?`qZ-qYE;-4Omo9(56T?c`7yz6jA}leCC1&$
z3;l|`ZRi?SMf(_eb{HeCRMWaAXtjy*t?0(iBbR5J&xAGGzPhXJKV`5voHAWK>Z_)k
zOARzrh!Yv(c`IQ>M6+#qCR_hya&yBnncb>)>+h5;XmiM7@U~mksE>x#>=}4(-ZSuU
z8NkQFhYKwnSUt>JBl9TT+b;O5e-`4~`+M0pw-}qsRVL5H-xkKKe2=-FfHuySdCXco
za4w2gav|ra$GMIW?g!stz|0$<_fECP;r8gWf{h;*2Ax7Hm;8_m4`&=eUtZh1@yz~1
zly#jOWQor18&=fqnABDFr<y)_SSPK5-kC&}rkih^7iG_Lo^AF_I~cc_N_dyQR$@KB
zlR#M^%a{-N=G-eW)2u8O_4(@_{m097$4Zk4p^N{Vn^CuQb!qfTZ$!^?2VdiDf=rS;
z_h!zx%J7K%;Uw=@`hpN4ww7eH0rq)*W@3(Ubp$Oxrg-Y{@K~_FZFS$Zaih{Z4VRgF
zy>mj^Z@6EZVGanp^Q|o0c>8UwDRB*nv6s#}XwW}9b|l&OxA8WjC(AIaYvtYbUuz=b
zZhcMmGYSAyr=wU2J-gk%&fNWWoNVN9<VeDM*O<g{fMLe0kcB+*S+2>M9Ej_>rva&t
z_CF^3xb+Aezu$T|w7LEKs)CjL)!h1-%ddu9Zttktox4D^=qoDe`rSj<0^%dF(sOn5
zm6BCO@4F)!InMXNVI)awfXr&T+2cXh#-?w@jT|eh-2*i%Ou-Uef9j{S`9l}_R(;T?
z%u^0uX-6vFE-OFwp+U0HE#U4z0@moWqE)q`_2y>exp%i_U|ro-y)Sx9$Soyj8d`Nj
zJ;LlyHmI!5L4J4sNB6b0CH7+Sm8}_er66s?6E|%?c?VWhr?Gmt5HQlMBRvo6@6#rd
z7sP%kt(~y5=2Nq2-9MbogR>T-uR8r6H!fv{*}B?L*7Vne#m+tgU!0;bSVQYlZ_EEx
zdnaq^v9-4i8F9JYwYL^-$`Tzk-~Spdp3r}|{F!vSX)5RVU>^U~%)yyYU&CilS6fnr
z)2=d@Fi2^ic<)pFEOq$H<OTQmUj=>JlV2&`w@$MSerFoKM%&fx^S5?t&%M571?|an
zV|v>8Q}2(kx|jS`P_Miax!p8{bA0o!#St?M<D2(eV&fitcxDozTz!H@{OEr^t3?r;
zfHS_^Tedk&d_7}P`l&y9Q)iqvP>q+wE!A#Cii!qk{TWxU6DtymvAuUQtaiIv^bvR3
zV5VmM*6?OV_S!4YF*jy9#9zwEo0fU*2x^7t+^p<`qwLz*zne1?&uxw)tT(Y(_x>Ol
zVZmD9PwK?;r-Q_ufyE`~--zZ`PBH^Yk;VP}seXK72f|Nj6YlpouI^=U*5-1kL)9#m
z!Q2~wwmWXvw6^!e*$DWR#wmu@2j%m|AM|Oij*Fri)AO#>^#pC2X)e1Jf@!4ADxZge
zU5;MW^Zwjm{DVC~#Bnkdkk!0xdz1&I|B9mWkIrFUzj%0iQrG<>clXbDardIGZD6%^
zau)u}nwDX1%ZYi#xkHEc<Sq?}H|wIX+#yERJlLA*myN9-`qDn-is7%C`ySYboc(0W
zZe5_KIvslz_hje9?xY(**>u?PV8`s1>TOG^Kg=h&9?{BcHk>~4f_FzcVN7{iXR3=r
z(yr@!=(B#0`y!kn-0YPZzkGk}YwLI4j^}*7l$RVoVWG$O*Vo!({-i^X^}VVd>KN+W
zvT;MExwr^5;xzABY<-hve*V>>+`^#FX3&&(UdtvC9V$MU20y6gikDQn$?I1&?2pYz
zZ}>I~)eHOh43KiV;`Ll}PU4Fpw^|_Qvg}=m{b<C@csv-e>Fmp+sUwRQOV{%LDtYl<
zQ}0q$@mt~1f{>eUKRITVlzxi65|sQlo%FYHWNPHd3T7+GYU|1w=2*6K%-P?pMk9+Q
z2wQTwMJC{TG$LE>EbCYvTL!iomYV)MtmX0O<WY^Zz<&N)7W1S*{}V+4)o2G^13a+c
z0-#4iyTpw1PyVu+QZ#kJs_Djye>nCbPL@pHw`>J_W)J7w%s-dSxGis*fY>}y_OA5I
z@%Tm2XBOH2^N%YPoD;E9T$~Py*)sgZjhuSrW%8V^&D`%;d+q6foGUrGYbKY}Jtn4(
z`#-65|F+c0|5XcO^H6K@hL4T2RBsc_+pnx7=?2%2AFDb?dk_ECzdxq^XEi+b%u=%g
zAE3Il6kG6pO$|r88fKaX4@c{#!#CRws^%2sWu-PJ5ywsQGpH>ka1Txgk{v1HG(TVh
zXLZ1=){&qmaN$2=#q|!?(F%E@dbEHC?naUC1V(|Q7oegWdpvd*WLRpPVY2#c-leDJ
z>v8{a*FYY-S!DDCE`XCjV8Z^<F2GMbxt4+v;CsImWw2D?V~;I&mQp_#_yy+u4b+t=
zgSy>~(AJwZ#ZtEd>kpl2|Kq4_OxaJUQJMTCbcV?yOG_gG;9#^NV8JljJpfh)O6VV?
zj4nQX6j%yKXl-NON`RG#X8TW_Y2R8%TfP1?1<k!}!8R%f3*^uBeo!?^wEbv*;)fi5
zF#9(^d2aZ}K4bep4HXKQF3?Mu05jSJuN_&qFeX_goHngb^(7KDVJ%UT7&2I5vmQFH
z##MDs;Pm_O_sn(9^KihDN)KahcfGza+3PRUOy=VgtP0<WSvhk}XX`&yr|4cFCoWy+
z+MF7Hu^@VV-r{Qje;=a_>JLFXU1Qf8solE#&zO<k!~NTnMtY>yMUa0tameF%*JNfp
z^UG)LQtnrN<c+>B@8a!a2hhWB2aCH}o8J}B{#QuDq2q6!x{40Dwl^nt|J`IRA0jr|
zjP?ZV0a1DMU3A-xLVU{}+S2pLSeYGL-nURNzqc9U<@Lo^@wWWx+3(+;4#cJWzN@x@
z$!)6cx7(>d7PNoUhXVu8n`_&R&Ckj<VJc!mw6APUhXq&j((g(o_U@bX8f9xTuR6Hl
zlrXp9MLevaAt%V48O`Ur3+&gY>KUz)6t_lOlinUs%dOJb@v}@k1U!rQg-G;BUC~eq
zv%y}Xf4uskDc5FidFAA)Exli=b6FJ~$*hV_<;HvK>xSF2kdAwzno&)st$WNiCx*{v
zXd>QiLJzf+HCHhQ$+Jz6&`0|P>1&J?v+7pfEzLTKkvz|$M1{ZhuYqW;_?mf(H!hqr
zt!Y!_;77!8OJxeIRN5HTHfl2qu1Q07XXe}!glHA*@~DxI+?@D7QWF;a{4YReMr}0x
z($|h``D0qc%dGiTUliwkU{qAm_o|^HH`j%QI|p08d{+{EPI#ncQ7hjRKQ8M$cy^X)
zd)3UlanB1v3f{hq%zsy^$$KZtk8+HD`NY9-*FfCN58Do}HmXB%#uROx5f$h7m1hmu
zWHh_4teD}RxZJKN`nWZ>5g1rAJa~$*A!k_W+SSweZog)WMlWbeHS}X_Uq0@hAX#y}
zwX0{lbYx!P&B6Vz4d#-<mk9S=BkRPCr8dW6qE*@r!;z$9k)rn%jo$sJxo4$E%=e`d
zQ;E|VTP`&V8-FB`=wJ9ISlb(REwb<txIBfc?ylK<@>}3wLgDuY3}AGNj7?{D>NEEZ
z?CEtF-?Ol3c=e7itekH{)9oMIIo^NV-Sn~L;+)UrM_$H9_CKl4W<4Fm8}0KSgxT9B
zcmx;QJyLe3e!1TXh|Aj4-+bZGeQh5+{`2G8`D=fF8A=LSS8*(66H(#3L%=cERiL_8
z;%2!rqGYZkQ(NBkLc33Vk)b5L)5^$(k&_iC-|Vl@q=fWeoMp;&_@PZUrZ=rRgkNLc
zT2WI25z8zIwzii1MXdE=$nxgKX%=7nT6t|<Puse>z0l1&h6mf4+PKx>N3Isycr}{M
z*5=4t&+6CBU-x_Ud2`rS_h9dn^G71#Da#7*(;nJ*^;E7lKCYZ{DiU4M-w`_a`Jfn6
z9{c^>+Upk%4qo=yk-#y;tl?HZ4tYz;8Op@(7`XmJTvogE&fh;U>P;0JkjA2+<X&Tz
zmx1ISX;b)R$;J6;rz(nfVT-D7$MyDvbWRC=e9PA8VXXM8J~_T2kKi!fWfN8#Qym^M
z4ZJzs#9fGM8oqdMf^)T*HEj0_ue8;6^>v3_J*@tNF7(PYb113|;#{gWrJ;;<fPtw)
zx(=c<3OJU==u+dzy{nki>!|~f#+s(+tk;fx5o^;A&e7{SNZ?HudXaAD+-4T;al&sj
z>2jSJRl1P=!NKb<hKh!`5z665sgTF0@1?81On&rX^YJ;Ci-x>)PA6>1n8pirn`&+~
zB}de^BH+oz4K~z*>o%AdN1F13gKFEl(*(T>%y$7n)YlMWC>>vZ#DIaA)a;`Udo)5G
z`NYNWw4)ddxvsi+?-AQi6U{H$lpP_d65I7HsdogX`6lzri8^QXt>|tc)SP!bYUCTf
zI{I$1G-Y)o(`^S4<pr&}w11EilSlENZEAZ~X<fC!<%`<CsX^N|<}?9y9eAF;X_M=w
zgius{T9KO|Z^7Dk;r3<wqgEPG8w%Y7*U1X8DJ!FeHm4S5oKRVQDGd6g_|;*LD?WVg
z_p&2hNnsv!4bp-Ih4QsQI;bETJ{-QfcmVm`p=**kOJA7R^K$2Cpepj5Y>sVv_WW+<
zV!gW1E$6nhU{&AMH#^%YukO-Ya|_+9-!?#eIwbF}R&5>`c5y9oD`@KtkYU2%d8a~3
z(RJ+y6Wm2DL>@BV&Q$g4xTg4a|2**F4}IaX_Kg1SgOk(myk(;dxC;rBL`2R8K;=iH
z;(|NUl&){X7kgxaGn35JwVPba^4D=15gLMfXK`ui(*~eZL-+G)$e7^u%_W5&eJe6r
zz~RUmr7?-SN@M<DUZZm&rkJm;T^pv-_XOYE{N7wR#GyD$RV>Xg%V#8Y5GE$XWxK^(
z=oA1P1lN9xbi?tYDlSeQjnc8>VUMFWaOH04dYAGrzb1Fv!niwn=Yswo`oySo-Hw5_
z25IB9*!NjIh|^Pg4`^aq-|A6@*0_5fey!gEQ`YYqh`&RN?EmW8IMv*A=jqc7pIAw?
z`qbT*FeLO!E;T7WsA>3nV@G{}fJ9wzzv=D$o!hof|6B^HqVL%9x6{iz?8Bt;$<E$;
z|GFhVdvvS)FWkfAiyX?ax0vP?lRXb~_)NaOd1CX5A*-Q{$%+u}A-{FA<>khPR=V%Z
zm4{EzjyDb}OfL9aDICM9tb;rBjb3BnaoTtrQ`6wZkXw(MZpSO*zB(BtK6uE~rWZF(
z4KkLdY-#L>Ea}|dG^|i_8^YRQC3*fUF2<~I)%9*MWSx$kd0^hBwm;46tdhg!9nG(h
z`N1pehrisA;$nXL%y)Y8NbWdN?+M@9mekMgjJ%co;d|9^9I;5heR9_AtXYeV19mxM
znbjO%V^ccrRDQe4Q<!;(w<~U*+NFPe=}Sj*W+pDN(#L_hAV$E{L9dCzY;P4uE#G{5
zgIdq|B%XEb`m&|wICF}}L`+b=pm*oM$DR9MeAT_m9<0Bgx3e?tv-Dh7Vt#<VIGM32
zAw)T8xQYj8>xRq)!_i-{Ia&T+2jbg4eD2J;l~5rnh;}_KT&um5xzbousEEFMXI_Kz
z4ry1+$1&q#J}=D6za_~%?lu8bmC@(E@Yv;)do@GSTM@4xrN#7#Qx?R3Rd@MT#{(?t
ziz|EK>1F*ZcNMMJPb}HtQBd-_sp)i=-5cLy?}eK?qCFwkwiFza{I1<_FJkwxz8(5*
z{jP`BZI9B1tVeZyKioLk1;|o~>C%j>)2hkl$8C|z{b;4PhCvy1!u0QDUw6ef^}Km;
z`Hjh8Z5y_uM>{PcALmg3KOH?Ny%?=Aq~vSVO!t`a2lH{?xX^2mt{wWJQrw$#lc-}r
zoba+s1=~w`xqg8IuMTm#LUm?ia(bEeK=eQfs$|oFi=bCAr#yD;{F-*E-dDYA<LBo)
z^$(gE&q~s)X8&PEaGeX2_wLl^x!;W%>U`63yXxln%5RCSrw4mmJk8BjH@~%I?|I{z
zl6PJ(SrXzl{3<u4`oyR5gszcKGN88_lN2C!%{wLTzV$7-rQ~V#*Mi8B9+(4HpG&Wf
z35t4QWPGwOa~aV!zuT+<rFVWXRGCk;x<50{85jgq7Kq8rw}r`}%l}P|Eg9>NJRL~O
z|ED}1$iGIjY*(uVGJ}o0@AO#C{+3^qcR)Y;|2A`;@o$C+WZct%)1Mipfk#EzuLYy0
zgFreyaOR3n_Q@Ks6_BX@%=RtS!zh_Q%Ye~(Wi;EjAh48D|Gl#KkD7txIHnesQs%cf
zfy>I&Ur5W0lTW;{r2hX^3ysD=pxF60$+w(%SrCs=@q<+0@lTp;OjGvv?KqHre9v9r
z5bT$x;3sc@bpG9)I(N^^J8FP{*%QqO6WO4+hrANjnvlHLy~klB1o-QlrLJ3$Wc^}-
z$FF0R4Ct-O-X~EtIA`pPvgnMpap}?@RSxLec=MAdKWeliTi%M_|EO`$ASp~fwsq4u
za}4t>f5QU`qS!yD7~_8wEnahfHz7?`f0#9J8~s?>S?UbT%D@_Gaz<L98KaTktIYy6
z#_8E#$E$y?9Jp&+?!nQ(HCest!TtJwiD3TkiP-KcZ8Y|z{+u%B$+m%(+_TG?b~T9R
zS%@1>857aM{Pz1%J@sj4*BNoiliI}ZgSSZ&{@b>E+dJNjy{pb~n`}P2tUlhj7C54{
zRDB%qtt77A!FX8N*n1e*D$Ce-vZ+7jYhhmH#idK5!DC!7r*}@Zly$(CjviYAwX>z@
z87nqN#c!Dj6uXvMaqFa5{bF9%AEPIgR{Ncele4LSb&MvAKaQNojzocD<<W}Va;Ev?
zkb4a4Xnp>p!nKsJ7OZ2y1JPfk_I-@elWt&1_sik<>n)k1buIujx~Ue*ek$vzvUvg+
zENWp{dvtq$Lhf`0P>gQA#V&#WV($GRPXN$?wz<s3W%ijRz!1;@_)o4a)L05-z~p~$
zJ*xEpCd*2IT3fLF)cT*mTbBSfe%rjmvg9-?)O^!U<5i%99~I({cEl(-KZOXeJ6cHp
ze@Z<6zIecU`SPaV^3;Zgbe7@qzm|W5pl@GR1+KczGSr;gTt4OwjwnieldtR<+e?c9
zTQ+#w&q5zq@`rx@bPJYd#HciX`iq}#!LqNG*zkYl1cvPTp0!+zPoMfWu5jBngzAq6
z3G0>_H+wJNb12@f>iCsahwgnW-8t{qpotNcN6)=Qu43S)+xR>PqMoa72x_}hhZxy5
zytGUE%%$h(p1gEBhZ^&6bkd2ZC8tg-m@`=ZPH`G&xmx;eyIp@a$1K;QT`kLy<<j!K
z$TZpz+j!C7QBn)^!G7LfH+cAE{Cf+auw0Mz)PM;;+H607N1u*0c`e`nuJd1jmLbcW
z|Aip^sjrw6C!j53W$8RyPFF_K?ghF#eB1Q<X#dWFVzhhQJncU&Ewub613;h8($}+)
z^W*YA7aXx`ZpekcFyzy;J5C?VI))dFb$%Z%e7pML(3UC}y!p|1{f4qN<UaIH#LfCT
z&$FNrOkSh|d_$7m^;DDI!EVyd{8M!WFO!cNhj*J`=J`WY*x=beI`cPwNN%HAmT~#O
z!3n*})j>z{)aa?1VdZP9%$WLn`-}%lH#hcXW{)gr9d6-rJ4_d%Qv&CkzFj7S7WAA)
z+HP30dtm8-=%%95G%Kr-KV>n8j!$i#R<YUmsoVD{PVF>6@|JY%^ftwfPgrY0N9AC)
z94#HWU=wB2o>!lIP^{W)4C%660tf*R@O{Nh^&Vt`?eY4<`=a4!>yKAM(q>+LY7LzA
zC<HcfvEBEg^AZjEWb}H&wYhB<ADgJXrWHT-b0bXF_0sy`NgL#)PryW6+IG||^}9ER
zKHQ3QkQGc~=Lu~Gh_^@jyRcrC6Z`4vtuf~eG59s7{1~KmTwY0UA9~yI+UBdD^=Z^N
z-uxoxw8)EDHKwoMUBCO5?jB%lHrBMm5(fn7&DRS$*Svm@wQ0OI=x@whKXl)eJ@hiE
zEU7&GNba3EdAX5y7H=txS*~5X2aJBR`cluKostd5=|cafU%x|m7gN(`+Qe0)+Te(I
zS;|I_6Rzc%3#T}Iutu;mNO@rw&i904YGw+4YWu*@i{S4Y?tFXk!Xv#v5@PcnU-I3h
zYbL$tBikkjz3=ARL+-aerCxl>?x=*??$u}Vt*2JAn(dLI_A+5bQj5HEWwZUI^oG)B
zR~Oc8VlLu1q;JmAU0cjXzj?YaJNRZx1CB6PU)H~AU^}>RU$FJss&&x%J5_HSD{twh
z@7C8(*_9)L&1v9%Za?pEi(SmAZ3xuXB}*%p+Qshg{+C9#7q`+{82iH-hl^rp`%bm=
z{S(V$zU;Y^c)hgA=R;u)qYARtG?__05e|Q#T)M<0uQqt+e4-chcdTsA@48a7&ic2!
zpf;RXosqe?P;hZSTYsSu(rxdB{N-C%UgxxDbIUi$9NIJD45|ODaXoQmrWrr-q{exB
zQ`IlB8p*_fJq-!{op0zp#kWi`w)$Ahd5y)I8m(vM*xT9N*`0grS^c}EZ+0iy#tC43
z6D~C6wgw5(jux%BagT*@xSqP^=stqSn)&&LvO6_rkvY0ck2cKTJFv^0N5*ad*|=y|
zGY0#`vJhEA!G$cl_STrG?VUHW2r~*A(n*`<FHx?la;RHeB5|m7Nt+t=$z`BhN=izP
zdQ}&?)`S?@zkX?djy!v1#(45t)Av*RvuC(S4=&hu!SLx5*ILj!ZfIbDbNs#CFXhPd
zo2+qncl;#Y<MKXz#rMSPCA$q7$4;>;_#dh#)vk{}Jh_(Hc;e9BAZJc-Y3Kd`^qy9O
zVD7Wy3lc@5YZ;L;j~Q{$u+D(aR{6nGCa0uaqR}nti?!;o^SCa&+2NO%V`1kOGd>a;
z@9#Wu;Yv))9rwN$+_qVwl+$YdC+~T(lw&dD-|LU$9LlAeZtrneVmdERsr!x?U-H0r
z@4#^aj60h?u;Rss)Q(fUYi$;9HR@T-O^VN3*y_Y6S=Y_m&Y9s@O~cBeHzy;mS6;}<
zIQeIrbH!$Gv0ga0#9)vZ{Ab^8d2tOebDqPA{FkL4?<ud44XP|dLG?M|Is;_lg_ym&
z^|uxiijhJ32K~F1pgzHGOB-+9q_3?xbVTwfug+oNn-olcB@06_iabw-9X@e*&OVAP
zWeO$wdv#+7^t^VK|F5>ACJr2mr?5NS9xgncYtUbGxVkOZ&Q&(D;9*0nzc6yyk#_On
z^|#m?BWjjq+rcaM#|@PB-A&%N`XG0uNpWb->7J=?j?xoB8gqSfFr_`|*Lzu_qsKB|
z7z``tpW`*0e3L%^bYf{~xhQvJ_K~}tYtdcURVLMnHpBe!0~_S5hf$z!jSsO&4}86i
zy_-ClkZ(4H7s_rNq~Cc!9{n3YO5DKVuX_zew{6r1JKk)&ls-uziilbo*uKke&xxsm
zb;shjaoxI-C{6zW<hdpW9NGS~rqRxs^D=d&+N<bp7{_+OjeVQ+`Ci5WVLZB`tlTO8
zy7ljIX}f-VvuWPB*^1H?sC;%t%>iTIwe@Zg?e`jAwd2)aWEHiFU3Zdm>((4M+tioj
zh&DLu_dM|3oqOVSQjp}@Z+C-bZte97%Q-6W|B8o0%=dj4yIHBT%{p%*u@txN%RQKi
zeBQmJ!It=2+H1nmwzEN^hf$){>(<VkVSaiy#bYM(Ggg*ZY0s%U_(%T2nPzXV``PY?
z>ZswbZl7@dfB1UycqqF!emrC^ODZ8$iV(7gP!VN)ME0eu*~dB<`yQd}yCTUR!Z7wV
zJJ}igzTI|%F?{bC^*o>N>-GD6`zLcR*SYp{uJ^gljG}E1<*xD`;nE|!&GOraBYH3C
z=(qqzYCB~LnP*4`=7~{^nQPPsnoQiRiHl*s$*wNUR{xijZmplHN*;DS=$HX((il&4
z^Bnujt6FLn!ZCJl*Wqvj%{1;jbx|ohgI}5zf|*lZFOkYt&Y`(Q@m$Uinw!N(scJ%&
zL%ST|+Pn9%+4xuSPs`|yP4|{%L*YEFf@q;i`y6W2{2TvS&y}+>$MRf9kr7MQ!#~p!
z*ex@EE7n=B_;t5Vliq6Cq0@DSAw^Va<Ir6~-82<oM|EIsmb-$pd?k6pVYY@-^|`h6
zp(}rVDWjd;u&`=xQep9lIhQReeKyr9m}^qt;bK<SJM%&WY0(uzo*wJ*c79$vWkOYz
z>gD$APihHGST+_z5rEkmBH_`)*{)UEi<`Vpv9lJqFFP}JABZa2kNaljh<J@8_DhD^
z)^n>@MyiOzWR6N{y&xP+w9xH6ZK}hv*~x6lDs>Ldl9#oF&FWR9ZkR#6S#I0wjOqxl
z5tdv#J7ppNOUtQNGtOQ4M-S&$8!s)MkY@4P#ZAqf4fVTWtY0B%{8St&9)Zm!O&+6X
zf~vc}D?Y3gi+$0a!fp_QljsxVX2A8q?dY?oAvJrf%^s~>A1$oi`>wt1iFZF_X2qKa
zX_)Q3)w$uR9<Xq0W1BIzUQ4*b@gb9YL<lUqpRld;WRtiMPX)`0<LJKPM$pfr-VM1{
zq?;#o0vygW@@&(7<pXI=c?it#VUCRm$7YHm0ofJP`4A&kX#-NSj#jdve-lw{>FMtr
z`LWbrW6$RDXC>x>7EHRnbia(dXUMW>3YhfChoHs0Zuif8iH9fctFNUB$LvcjguPG@
z<pwg7m==DPPqz!yFh(dSG1`n%Me=1YI=pQ`gvLU}l9Zi(Dk%xN*`BK0QdK~YeQm!>
zG}lnwIe%C9ySco4?1}eTcs49S@b=-W+E*IV|EeaAQ#F?Kt48Z!7&Wg!>8K3y9<lVs
zU=VH6>7CCq9bp%f*t24UX1PszgE;gU`di{`g9z-ra;@F&+cu)*OJ}+wIKGcx2}Z2;
zJC2R!J6E$-1W0xl+LGJ9tKl@WH*TLY8xxS$Jmi6)cIg*Vh#|TyGd_4vN2Km1eG`dS
zW6)4E%AwUUDyEn6y_+Yp|2eq%NATh-`;{VMg7oVFLIm}`XWn__;;vD5mhS~UJHxB*
zU^;*grzDsyCYX7eu=1*!?NsRpsqZE{PI&xor+e6}Mwx2-BJ0_DV;a?tB!{kKxiiOE
z1+hWThn5C$RTt4HdGe|2$}&#y;p7jPBW8tT{c4_d)u>uL)q);M?(m3IwD{xa8umTw
zb+-NeyVWx(>R@Gp#W$RFb4MmK9SOd*L%bjl+@2V?9Lal%?LPEXzSx&5$l2)eWsh5y
zdEty90QNR522n9x&BVCZ^u!4s$4DkQ?PA{3O2FB?ac{R!u8T3tnJS8B&#1JP?vbkK
zaScI0nwa5?r$}M|qHn+-*3}j)(YM(UYCP1gT=Sz~s-FRK8c3Uk?+qe3wy?8<R+VG@
zM|zc8Fs@4ZS2M*QSt3FrH1Ahy7_c|izPBlluGN>QO|QBM5JV;L+(gx-d|4<Ao$-87
z`J)QL-)GQ3i9~F^*q7jbPTV^ATz;UOA}Fj@+XbbY7U6aM^uj;<!EIBRWsf};xx>Q-
z9`dtFDtBiVuiNt6$TY(Gqh(XI%}_K#nbs36N-~tORjZ0JP9~S^OKS<ul+YTx>uKOZ
zeYUWbK^PIs-{1jrJBZmk)W=oQ?=Pbi!0*jFSXlCqoV+nM&)Xq9gid{6y^$FcM?1t!
zTcB4VF1-B{AO>9Bmk*m_u9qi!*`4egpR!Zrab0yzxT#q^=#@G7`I_Y}CrtonpE6J9
zM1kid&k)*EXS|_pq_*<WIRDk!xIy=+09Bd=C1wMc3cgwkv0v8X448-I!zdgy^%4T_
zSNwk!rkjtFYIBBgr*mi2aD`_>wL>aA8~kV9n2p2Iz<mMiky~sJG+5eB2){W$c8jZT
zu_tt+t^n2*U|%|RuY5eu%=Tp**nNR}s(&L8rZZ%PE#<)y_kW3i1FC_AJ?;+n7%&HJ
zhduydTX%jG7zZn)Snp~Kg6G&16NQq=&S9`htW*5ECI5HF{ucYpWGoCsM?iWh^wt#`
z!cPoqoB{KWZ5#rp6jpY^z=OSXP6c}i09%8D;0&&n0E9R|1OW@pfs}C=0j^-jRr3Fj
zdx%>|#5VU=>~MA58mD9IIM6M3_<|$e--7->Vt@AkL2%+PGWY*L3%67NM%rRhhZC^b
z{}$dK*(5T{QTUMyljC;-5r~iYce#<{#ilIC8Ja`E{oJUJpU)d7mS3U#&`N*0D3%Wi
zQFW1j(1+!d|KAV3giv`LXu*yALVg{|^%teH(S(%$Me-`&)K6eZy+MIC1;9Rq85%CQ
z4v6ig<Z+=^iC%OLcZ*w#)Ifrie@@%9f!lV)|0#V$j~s|aV)vJ@(9Iu8Af5vPF;c=0
za8%AuS1g}%a;|iWi61yhApQfY?Jr|k;{}L00>0?B5icyKe=f{}7bsy3wZEB_v_Y=^
z(CZ{b>6UG>2clD-RqEI)KY>H%^j?hH7utC16`Yi+!lj0J;IzfnH-RI^^7&M6NV(hP
zj{+cz;|7!N_fK<f0u_#4bDifvT2S~^O3=gp0(Ll%=P%fW4GkR92a1G+II$qyA8~Q6
ztjC_T-*xlF3wZg$Bn$_2+44hgD=MeJP=gR#pa=7-s|ZCSCFU~UIZ)cyKO9K(8oyTy
zw7eh#4(97u_j54wlha@;ryt`qdY-XOc)}J(@vVVH;@w_2w8gMny*qZUq=*)=;2vS{
zKpSO7d5#0->(EnJq!^5iJ>`y_<UQ~#r-;S$j&T3&1&A1ah_qFAAL+POqH(Px&AEg0
z?8_dV#{wnu`H2>7=f~eSXJQMWg){(WJEQal5PGeo2iG|SnuIi8VEN#dlN0BHJ{wZF
zj2h_SG;PG<l~}OuYA1163gbyUB#jij(>j~M;)6Y|f;FCNoL|?;Ht&q5hu93$r6w7N
zf8Wua5J39%MUbGvtOL-LMSb#EI1r0g?i4gvx>%JhjV-TK1XUN6>m3F|BFdsyQc|=m
ztE!D(!wZ{ajQ*0DPYJ29O?mGNdsx<`VB1lsoKK3XU%r*JS*w2yU~7-Ex`p&P01v5P
zy%-BGTC8_gS7r!q%p7*TqU|U`?$ld0VB}UVvyA5Z!~XGftc4Jdp-LT;b;5a&Gs-A+
zI5{f3od2vv?3L&*<K`r<4-}p`tBl2QXaj|AE=7~1K(yM*W#WDvGE`RIyj>KeXObx`
zHE&lf$0ROopHeVYNW8tS^wdl?(c^>6(!Jud`n{6v50IenBQS-$jdKCPK^R{{wL7oe
zx7iJ;ebnoo#}#T1FlrE|?ai=8kDS_CuREeLUi#n6;a)n`QHt9EB@Fuwm_l)$#`3IJ
z*^^;BoHp=8%$&>jEj8||g{6{SW~GZpw$9PL)13iZiD#1~g$`-YOf%nA4(?vjcGEf$
z2x4ZY2D7^l<6a49xi%8i7owR|31;gBrnMP^8s*n{-kV)QWGMMkbpHc^%c!ZwGrj!N
zC2xdNg9o56IMaIi`t(xz#uQ~HN-{!nS!s|}B#9|=y8ivh9z^;0>B{h?wm6S#d2Mc$
zNFIpKQmn_L!7yQCL86HFd17Aj=yPxsdQC|f(9FrE36Y>SEgC(F%;7v&4JdW!AJ7^I
zB3{t|qiasi1vm9`E~9)_mmV`1fV-aeT?=!*MXdS5qIM&94Zqr-xGRB}GO_coAkbq_
z#{RI%DvwT=DA@w0yz(COJVhYP+_HV)Hzj2=BRlGK5bVGZqqr28(}<aQpV*qr357*v
z%qt9BGP7)`9(8SVf^|7c;pnx{`hZ$_Ns8Lxl#;DU7+d$rU~%Gv8oMtwcsOS4e2NIE
z1s!ak2pUS?tp@I%vE9@o?_a;ave(Jl>N>pY`cm1}{wfv^9;rDyU0RA_2SbO32DnC>
z5s{A)9=m!E(RWMSR)4et;&tQnOvMiJ6Mn&f5zvsKciJ-Cg+#2@uBiMTomrfjJgG9K
z#3J`Ur@N+3?KaU@t)9ZU{6Xfxlbwm7Pq{rsRCy*f=*yNSh8n~NpTTL<I{UUZ2r}g-
za~m;l8<*_M0w7Z_%3Y%OYW;BJsxDz?sKlcw+B1br{6mscdQ#K`Gmzl6*3G8Q%72+z
zXvgaSSh^Sf0B_m_65<<(_qNW*rkBF8hssGuEc~PV$)Ko3$y0%hEb$u*^$&ylX_ZO2
z$^4#v&>~<UZ^E-p^=%U@|8en(=HmzR%p{lA^$*IHO2>0h`qeqBInFtXNvEF5MXD0x
z!h$IgCi^g{Trd6C)uIaoC?CV3!~93-nr(6c4HH^N;(8wL9a_dRK?ry5-MNV0p*j%@
z4!b@u(|2#ZwDrVUsqLcu*EYV%OCHvXyX*f3(&$_G>QYGHQCX;34qB!6-eQnKt;dLu
z`r8iSW`)4iNzbWQ+;!II3<<db@Z_3YO^L%8F%a_rMWm3u#R&xFk8$lAI@eO5oVH`8
zMp%+9?rY3UrsR8W8)3S#W-^ef?s`YbRw7G2u*0gys#^xt)GMDU;WUD+mTVAP*76MJ
zN_R;wN~F#uU|YAkCN{GL|4desZfjO_PB*07-*9&n{7S<+bsqYdh&Kka+^Y~~+RZyo
zp4WdR+LK%cx?2iIX{_txwp0Qa?zy5Dzcf`*ptf8;DWv_}bSsyuOZm=@4|F-Cbrz09
zaSumzrJe2pNep$2@N$J5mi<7haHaRM>V$`Bp{->`erU<{+~L(M9Z@7Yg%W)k!#T?N
zQVzb<ggG9cEed#-@#`s{A=Sc04s&`}hqtb+D$>JP5g&SIT1oD}-cwn>3U+o`Mcm0z
zP5JgT1yUz#{p}AV8;^}J&mo;IQrJ`S4zi>6-To@Xi~EPC=Uy{&&}Bv-6t(`lo7N57
zSQI~UY@S#~_sLKrk`mE7+-X5J@SvWKoJ0TeonX6ZrHjayD@&`Kvs0)2^=iEf_&{BC
zOyaR9-F?)mlVK6QeB6$fax<48^$g(3Y*kJHT~Zb8VJ<7I*>sx*fT!D=?PAJKa888W
z0un;WX!62K*m57H?SOTGCI{i+7^!1#F=_}~A7Yh!)>M`l!Ul@q1M|<@p1Xk1V3VFy
zbkJd)ilbvdhCOxtf~-laq9Q^0#7SjRTPrXE?P7*rTS2ht`<#YOu>CD=T4dwW^Un4U
zqV3!eHhkdjvDw1@*5X+_3CJ}gT$ZcUy)tt96FNOa|14i-&JRs&M*5=hMac7OnCZ#U
z1%y{55$dZ715heMZ96vc+H9ql5VWbtE~CjcI1L{33P#OU+`WFm8Aok+SZ${NYeWIs
z0$-4h8L81Mw;H<RPz{kJaeGFObP$};hg~iD-f8LN%TzhdB*8OFloGLeAL@gX))eH6
zarX(x6anfO_K!>6j)SH?hT=XmGcsjx5c+{I4c%l7qPFD%gVPeP2!OX4!Gy+(18sCr
zoZ_enouZ%POtbfO$L-Ky(FY73Vj!*r5i+)ZtzqKm%~X8NVIw~?+)H528#Z!ZBrV4L
z($doVUyvSj0|wN$1rc1>cvF0uqB7Wl1TGAZcfO7B<&g6_;0U&Ugxv6mOcf2~h^>ay
z=6dWWR5zC#&oGIGJUWdL<$>x#dY;$L0<&j$=Vay+FGGm+nnW%lvw2hIH;(sfD>AsV
z?^B@*eU*7w8pP@F0EdIFm5ufgfF2pMArEsVAJkLg!9(?`#3o0?4w#D^csW>1SM43u
zh&VB06^(yRt)S^QyHR}{vOLCwa+8?y8U-q4Nt;F=9+$GA7!$)f0a5PY94qOzh)AfM
zVUm!Gn-T@Cpn!#21WV7|2P2P{iLgF!5htLk-pds2u_?!p+9RckZucG8X{L|lKsVby
zdwDi|MuIa{GmHOO<tYr=DC=r^j7;^Mo)i&u*H;=43s0UGQo^Pwn&ms)x2KgpMV?u$
zAR;NUZIwKh^^2>0Aj7dTY5NTx-H1$;B2Rcw#H-ly-@(iluNrZ2l<jQrPpK~{5=?JC
z+_N|F0W}Sso$yaA!v>e;U!PC}H_lgYkrwIC+S)Z>IBAivYRJ^qsT8^rOUba!jMsWf
zAxd0e0z#P<r(!29gS0aWyMPV-&!LZkyu}9NGV}KAzazQ&*{5C{4+U5{bcjfEALxIe
z0ZMYlhcEFU4Mdn3#Rz^`&Mhjb!DVkepOi69Rd^l5$S(*+xxBiK3@o<h(Puq6qW=`n
zuDz-+&*Cr_I_hA_U7Mi7q*rirh^w%(&@}fL853bV=MO6+L$yjkXgQ1TT9YW7j3JeU
z$dD`_X0;#Mo4R?9>?6F%vD9l%qILV^=+spvY;XZ|ZdZ2g(Bms%bk?Q&<YH{mvJQnx
zo64N>Vq@ftEf=8+cgoBscYP3WzDZ|T5k8=|KWZZz0P|P*FkX7y{EW&@|93&p>WW<i
z{(l<1T4Yml!20aK@IJ;zcJJ<N0NN<xGw2=PYguj#3<XMtkfBI2T)e(-H;6Y>4J5yr
zR@xJpnfzFd@)kR{X{zB^?znaiDQdL0@n%*lAxc%XmQ;4!+q}4?A0xy8N@jQi)d2b!
z&k!Bx^WDSU443Jc;eI%K&a)RxZ4X7GeIGrbp6(H0F@-a?6>aE!5r8ufy3{bUG>W@l
zomyMjr3Z6Uv!;SuVG98?oz-RIB5-a(J$^XDP}Z$FRx@y8Mctx9f*a1+@sQ%EVPd2|
zt*OP=rA1Z+96H4LsCF!ckP-N@Yj~rBsUiY50i2V7)JiW<8<fW}!6{+!C|wbWhlW9j
zozz}CFSr>3*<(1U84Dej4umb=A7sj|jab%+VGy>KPKn!fMxqvsQyKnqZwe%j>gse;
z<G~zD&)W^C?r?ZiR(tzqApE_tS`e(@fR?s{#S^++G{Vr940riF?tp%&@(E&obmH@2
zE$CuVWXI<jOnrJjmEBcD-*DsW_@!7ft%Zump`tv4*(0h}2CIUXmJaWA8~y9Rkix>f
zp_$)fggm<m360zSn<_)~!+zH$7hyKFTxOC}!fBZ8+*c6^%<N8u2F>?}>MAi^Ato&3
z`(2^?b8W`IJ5gPZ%66+){w56{G&8Xs+HH)iTEbR~OK6yVvyeEXlbjmNj_11akbn=b
zjqp@VvLi^3M!e(qQesnR?|_reQ;ppNG>S`W|E5KkEd~l+$+kbz?cDs~(tAaCCyDf1
zFbSLhIz4Gst+{5=ro>UYSYC604_@M%XLzBwn>lw7BV_&F^$tG3+knBC>d2cWTIY`~
zqT^>gOOihi<+ztzn_=qb{;GjaW+>7SZZn;K_E2y9ee|G+Fe@|rLrLl3{eAr^XCY>!
zFk0nB=wK}!%9ba-Keof_Iox4C@$t2Rdrad$^RrzTIQsSrkHF0RgcdhjuJCDDn!b@z
zpu`G!5lITNWDyAvRaQ3<f{B6xyg&oq7!atw1VP`h0aIdKinkaZbXrMqU^#(ud=~}>
zvl{^vOqEC<F+mMkWx+BwDDy*3X>fL;!Htl;B3E_vlP^A7*W5sibAs6fs`fvGt4wH+
z%u?8wK_h^~gM$m0fXkyWaIFQtJvluR5FPw|VS4hTrO^4v;MWsQgDKS^7@Ya3v5a6Z
zQ&WTN>tWfa!Cu4%lBJTRu*ATbjSc%qFsOe&?q0(Gp1@8y?{QYa^8P+J7+e?!u2&P|
zBxX~-Jer#n{M|%f%vQkI{d^Eti(i{A?}N1$OKEV-VaZ~tV&BIOd_FE#6f8IA7a?q*
zNk504t4vxN%c~s)mTT$1B4fwKW_NH5P-EbmSbj0&-e@Oez|Y$-CmL#xnYLl2a~3oT
z-v=+#<AwuAkOql7rTwcn>=@m*aXS3ZB3NzoKF1CVa)MPHMmv@%C56+mz~R*eEE`ys
zV7q0f8VrU;Iy?0T2y&ea^Nn9STv<p1Aybyild!d+OG{J`wqr>cbocjAVk_Q>($Y?y
z&$G|8SGw=AhEgTozDsBHOo%??rA70tm%N;`Ew|#If40$OC$kX^9+RP>ef1P*iBbEK
z%S|LFT%M#wf*}UZ9wv=;?z-vIBxRS1w`@Y~x<o|SM5<k*dt7&5sl-pI>M%Ofr>&bz
zG8)Yg75BZooyMut-!7=$oqp;X%ezblH|GZoAJ-^&RfV_idZWcV!fjrB=#<at2`4%{
zn2g-$6){wVi`3<|lDwRBscR0UMR<!%hu<Rcb)f~I#Rrp5AYMDC%xA|FCCkTe9Qp>@
zZ!NjYqWrCG&mKR8R^R>l@K^Sn|JUUR(r3QjXpCH7g*d~hyZ)QB<C+U@PfC5C^pQeS
zo<9~j5TBM%enAMSm394?`|&jJ)~^Wi`1Pmosh4S8-kE&1FDNTvSAefnbkoV3%S>X(
zHlgWLs_B|1T-<WTrc%-Z-|Q9-7CJhjOQ`wa@)6K<<Il0ga7qRwv#}?d-1n9w2gtQe
z5A3*ryAnnWh<f!tUT0l#TJ(B^q?PX5-DZ<17f~FCSFWBiL(&kHI|KlVb1y1Y{nt=)
z*sz3kP@Y;lDxu8xQz~Tm=RH?jVmJZdE#`X*B<iUFIa|1F*FRwiF}rrDtzM2Azz6c+
zDW}R~^e1Yhs4p_ZkOq$c&t93V<BPXd8+I6LHZsDteo`V!Ri2F;2EDj*yC*B6eWy=*
z|GW5FNn>@wi(l!7zuwN7sBR?R`TFS{K0t!i_cR3@wPFwbJ>ds23yx%{F`WA@ZWH^U
zX|dA40wInpQQJxKBdy39s$_HxueDn)xhfPlIf&sGuG1^(jFiqE`w=^#bGYCQi!%79
z$m3IybM;u^1qe#!WDi;&Pi$ZC&u8Z2OSkdZw@jWX9oMInRq-FsvEQaKY-PI5bLgk4
zaz}EssKFyK%)^9IXz{tv<Ju{Oww#A`jCe@ui+D&pRE-|sTnVEF^xWR_ax?K>{m1qN
z4>RfY1@IgER$4|I7YrZKhuO)M^Ks>{Q53wC=!G1`7^59T;E)VSWaG)}>;akQjC(Iq
z3}oDuBy8v6d|~>I{r!zUIXzw8DSqnlB=kmT6e~%_b`@9C=noG<#ecr^SSCPSvJP~r
zcOpeuKcmnj5NwrOkB8X)m>F94EHG6tbdWBOoSnHl9ex2I@x1_eqc7_L>R29S4Oxn<
zbpd?TU`>%;c_rH&UZwP_I&?}aeP*-l29xnDUz-r!Y=dPI!?Zw0RjVF_QYOQ0EYxYc
zgZEL4ep7{8klksD&m7qW=%&Bmm)<6;9-m(GW8ETQr0lY5g)|SG`G;6rM9kxWY9>{P
zZ3#?n@jxR_#mb4fM8rzMLR(NdY0cu4;9tIAo7^Z_rAinTP!#>$&a2CfV@+&D<#?BT
z0{B7t6OqZ$h$?6nm+f4ii849uxdJhJX>BpajyZbZRhg0@nULhSXMMm?Do_f|K@tO2
zhM%}Nk=eDrgI(Uy$$kdh@Dj1W6Kb)r;qgaUgRAFXLS!ULvfs-?b8g5FEn1aa<b|7Q
zv5tD^xJ$3$p`4Bf)U?Vzh5L)4kH0ss<!J9+(<FTD-(^ZuKdp8VB1?4<!fXLoHYg|S
zlPwQ*`Yojd?Wq@c{**baevQV%pU$uSs;G}%L571quPW8G=HKEU<U@0!N4&+-LdCD&
zoBu#<&dwhGWznlues+a=PJAZSwKW(sM1(3Tz91^u(#9i<Jfr_KMX^_jUpFB&Ln9XQ
z^Fi*H5b=Xi@eT5aT-Ras82>U7-m<r!Qo3ilZIIVlR)wDK&B!|T+2cX~u=fhy`n%^B
zlrj?$v}m`qHXh7z;H%tUK=M9>Bk)CV52Z+s>HGC>uUz}Zqvh>*Teh-EQ4gn{rpY}&
z{Lw3Ts+MpHjg@prk&9V}l-FQVO#=|R@3Y!l`6>?=d|{!Iu=_F+qF7C;C2lxmY?%+5
z1&LK0h)grR`Bc3pCO$pMXLBag-3_AQd3_J0)r{1pR+B@C$lxrve1RyRInB4+ycRXD
zw4-bbehtp;%CdW*KU;5#DhwAIEsFdW=hCt&FsGvd7%UDVhIgj#-`10ueK@(I(r;zp
zZH_SaL(Hp3^{j8q#*qW9zWexx1)LX<;@78K1e52O(V1hfEpJ*CGkR@m&DE%o6_4e`
zGXU&pX#w8xUXrjHV<9fSdyA<Tk)OnR@`qQ6z}SU&^?HeU9kpn{S;}EQTJ<7K8?&l%
z`J0EI{x+uWjQ{rfP_So7b{(Ret?y`Kga_4fmU>#oo_}@e+KTeg_rAenIZAkFd5@xX
zXn_k25V7#|_A`1L&x+}qx4Ip<Od1#9FkVY{<Zh%%&lL<D|9z^Ts^EsNjeBteCb4m%
z=yQ%Q?8(ny-wh2OayX0RopPqvgm4y;>C?|=&Ymntqc$-^gs@o*wfGlzlALc;j4>In
zkJfo%i0g3TOPnQF4nCNe?)zh=&|3X>EZXA+R20_u9}T)IlR^bIWkWyyOak3s_5lQH
zfHw^!=sJp;vcx-o*Ae?BMuDzNnRozz-xz2Li4Y-Dg1~t$s%@*0Kx8jKFFw71BF01g
zd?bb{+FrF4-<e|bTh#C5Fe;YiictM@m4|47@q@kqlBQ@NymbR&P+XD__w2B-_`68b
zjjMo|ea{_!_vKv3@B_%E6PUJSpD{ceN6PU97+fc_s2E^X3H^THjlOeM-0Y9$+qBD)
z@mhITuj3x_E3m5P@ehLwf73!E36z)H>Gj&~-jA+18@SxQ!O-i%%x@c>BgQ*Sf)i2!
zRi<)nWYDzgel@3sLXR1T$4ZyTP*8hipTT+fp%V)dhL!sLhjy)y54M*2KeYEfDpKHI
zS|_r0XD-892KZGbIf`Y((b)x(W?j6}whvZ#3ME+D%?B(C2P~fdP3%E5Kz};496VuI
zn0&mfpO?%LDJUjQJ0i`~rLCw|E?c%N`Naxu_Ti(sUHlXtG>~`yN>J%oW!c@jujc%_
zhAz`jAXBk=KkyE&d50PZH%wqP0(~}-&ye=wlky|!O)3YIIUS}eD+H);O)c-TMpq;B
z6RwI5?RUw8bsdE9rla`z>Amt1bc*N;e{D14FJ|ym&32L=*wnK^@gaqq`4o!Ts=ws_
zGO?6aKCYZeRcxFlSAz50*V=x)N;&#<jH~f5%CEtLFTE18&vXKw$n6GWrkX~*naPb)
zHtRaPf2z3R$x-iex{ZJ&xHmIm2+yM)SWx@IiI<+}yKH|}mvuD~GCa~yBj{H0!eCo@
zF!J!ph^s^U?Q<<bTBq{f`k?QK?XM2&G-AR+H}nJ1d742lAJkpt*d0p<cVjiH%=#KG
zc3TOK9t@Tex-ZCXd~bE8Kb_X`7Cg$b3=_hYIpAj?+&JM1swc?4?VI~(CzQig0&S#C
zvu3KuxGr!IZ1k1g4;CrgIX@X&y;qT&b3@SXRwA`X(j;lf=*czYDB0VJcukTwMSPPY
z8o6S9bM`A_e_ct65am^(%2^(Wh6#^XUxHf4C}!(3*!~QT$4mLbQCkK`_KAGCjQTNm
zozmCvmiJ|VUig)Hz6uq~<qq~|=^KXM>=msDXln7H#s5saR4r`Q(m+K0%k34dvhbUW
zMoc3QK5~>zLeTBm+gh)!Snd#IStRhzc{|Yn+DTh(oKrb=r#H^7WVJ9U{aw&Vs6m$2
z8uO6!fGtzS2w)E1{Py9@_Nltd<BTLoh!(OW`t{9p;?9xj8Ugd<;>;WtW2=A8$dD!{
zRZ6Y(g@tuEZN>fOUDUE3G}aobIflsUPM!TSA0?k*c}>sbSrSG2y6xmwsjj0S3rCf)
zSaLc-Q?WaHIe(ZrlrAiB*INu9%r*FMN=D>ScJ1VKU=#LZf`8c}G+}H5{Iy3ydix7A
zRoW?@!;7i*iHg7DAInQ0xipmfKUU@GJ5eoY=BRv88W}leH2xSsmyyb-5jv{ZRTtIu
zkYrOhh}F&`Jg%1fOoH@m$EZ$V^I%TD$5)RllM;!OKae~_6uw6*+fRE6oz3#)w^<kU
zH4IFT8JTvOA1f*ghizOwTfa2zX=}gs`h{1Epx2!C1UP$K04PNkr@GTfQIe+)XT7C;
zBBaj43OBku<44k#!x0lSI-%R_69ffunw5`8Jw=5wOI0Z)dUU=xJH%=Q$fpZ!r(a#^
zC@gHUBlH%tKij=E<GD7uhQ3k9h)sAYAXzr4kb+Ncn33;No(I(i9;0HJD_9-jmbw>!
zUya`AAL+SDFQQR_Y{k%jWGTQq*kvgT$&Ta!Fx70gM^SgE88DqwC-^(^_KiR*R;r$`
z`Y4X=rke^R=4@Nfasn8Tnet9lBiz<MU<ls4=|{Az_AE&FLk-=Tp;K~v4h(Tq?4DfV
z{BT(wU5}e=k3(zG8gnGqVqlNEtS2E@4MMy=)r`CU-cznU+>OY8r)7;Rt3fnC30uge
zy{&zD{p7Gi16ME;12{MZBH4d>jeFNnAG6Q-e?M(qd)mY7wck<e0S!?+n;Ew~BgNIu
zU@3>igZ~ubSnTp4-JjYN<N*Arb`c0D_*34Vb&8`ozJleeH#&|8^^Bk4yt>50LW6ZF
zIAj3)A4Dy2#VD36SjGM+=>Oj6Z62n=6|(;hi>-mds`R|t#RqW3E*`Wd@Q@x?l;S|<
z^U@V$2L#ddm&ah($`lVOTKNo|*s*VHrl`;cq*CIF@T?5ZJu!W(mX0RraFsij9juuD
z*4)_I7raf61r*-n5EhU<EJds!jE>l18r%@Tg63Gk{y!N3Ida66&|vj_PL32_iwBnk
z6_hq7NL!&UjMd&fo})=p99KL`d&lyZz-Ljf&ancl$*?%XIsWk1tTd1%OYBwUL8srN
z2kr|sA@(hOOx0D&%RQ^5xofMhDQ{o-kE={SbmxGYhdUu+SivZ2^jZZIP&%J$c}MyW
zwqPIyN-ZlQvcetPc&q#Zva#}rY4V{mA<FZRLOrWqcbni`+o=4!O_6W+)?nn|)_@d5
zIN!6K-_Pf7FF?&xINhc0uKM>g5`xM^P`3CJhQa<f1&4SzvwOqJ3cYMjV%uNOnSolP
zY?$~SZeJ;|JOD{crUw>RruDZjP(!kWNl+0}7e*uZyIN^e;RYvLh{yxAA>q@;VUR^;
ze}uV2h1o^unm;5$X&noKOfezJ^<bOPkh7JHmkX<N%CviTs)eT<sM;MD2A1>#e!4@1
zSC<H&1~uPX+#eHyZ?Ll=$-AtSNTGK)M)F-dp5CWM%8yb*Y?b}g36?}Zq4%t&0U1i0
z_i;<t|Jb*0loF{ZgZ0p!R|QuYXbTJOA}!4bPyp!>IcPMjO&kvhpi!T&`yBjXoO<j~
zRV^)30hc^sOG-vFiEBZ+tI8XcQDBQ<`3<<p3=oFwJ2vpbw4SC9C;wcpe=(|z@|y7r
z+PQb&Cq%i)Eg=9*EElCqt|>BcGl;{gN;$%XlRaF%t6Msm35^k>ApJ>Mp_zJV0+AE<
zltXP^REybq_%m5V9ayaZB2S2gGDlq<PnPn75J^duC41C-SVvH6@DXEyf{J&76z0wU
z@}Qo$r5-nv9=LXv*diwO%&tRDg5N?*-SMR=s{i=y%$?vhRw+qJWQNJuhFopUsO&#I
zm%YgUDSaR{+O>b&g4nX{X#ZYt;y=@q`|Wm`^}r&>=jKOl`ALYd7LI7oVY$hM<A@}|
zhYMOFHYRQru6sm#_KHa^mR(z$(6$3~)SKZMmDLT2Curf!an~);q&5bA7?TVUXr1?R
z!Vt50FscyOfpq!_`V`K&puF&xR*6cVx6yl9T5O+=?>%IxG;oUWMhlcSe>r)R^QGWn
zTAjzEoIoB9@15nT(THKz%^X-<O{*2r=9@%U8I7V{j)W%R;xW%(b$TN^7XoU8Rwu&=
zetM}^rWBT+##a<?T)B%)ZPJ+xaDIC*;PhZ*Wkxwwd(34T$wxoPfsTR3XYB_LjUJH|
zWYM_=_e%(&Mq99j<Wv<Wn90qfGMS+vJ;tKz+ct29onZ>sX%GZzZG|7C;-Ln*IrWW}
z(6|WrE<gaqd6DJ4`;z1qL=JNaZ>>5!O6{_X7G7<pn7(b(wt<^jhIl}Px%Q1u-rEq&
zjPjjkE^^C?u)pB9^MYPPGImjqoxJ%h^5lpWSncLy><Ue5FvjMd?^b_kuT2BFw+{03
zLaQu^+R5{4(a&dUj*i|?A_o~2N_*0Xb;?T_P-Usc_aVZ&je3Z+uzd0~jtsy(Zyet2
z3Z@!wF_lpw-~)DE8BT@WJ|ou3hE$ce?&{~c6xFmI4Md?ttj($~Q%_+YF+VUY?+*8c
z8AT@V6$h4Uj+7x48_PB-z{Ak@vc^-I-w3@-gYpmqp`SLL7#F%KtXn^gYuEZIr{2E+
z{q(@Yz*6@f3v>cclnL;3e_^?y&so#j(pHyZUsv5*3T}V&RZt-5DhN>g1-+$}21Gz)
z+T4B`jNPNv^0`}m2+y`fP(26NvxeQV%R~NY>}Hws0qAxOFU@zdOW)bj)Gs?n`y!k?
zmee_vv!h;oTh$UR*s&S99HUX{8MAHw@tKvr!&tX6w99WSoESi1x_qN~ComfXjyI8h
zDXl?<RU+(D)(=5nh(3cYJ^unGkaPz|oO77zewo^?xrAJ38+E?3p7kPi$2cC6u;0nI
z&>^7uoX@?R9Q7_mrXp_fI+D{I4vn>ejNU(bCh=86D=(+eB3@r$Np%0EZpBWzp&4xT
z{mrr1rOyU#+06Q#1tStqj%K)_`uwv~;#QtiTZQ~VzTRRRr{K)+esZKP1(#mv;T@`q
zLgW>-^7$*=ZrQs-{M?Mvl9WMn(<48QW^80<Bg!lvGkU{x{8?O%NLY>szQJETVhS6%
zY)Ms9uwYfDdB*?f0_yEUAIUsxd6B|*s`BEj&%sf-)4bSuWUqCh!kGTS#UXfv_B;-4
zW($xH8XCloy@XNq;`?uGU10*qxricl)#OP+RBA9!VGf|Buuym@C;PemrHqRB<McaC
z2V-$M5Dkhped~_lgS(r$T5spf6p(W%$}!AeUez|k3EFY42A;{qx!RORIGRK2-8Zox
zVyN=K3TB}1tB0Vi^6A^}Y5kqVP)-;M4{lbtakpw^#9XgsI3(oyGYwiz;VuTVL;@f-
zjRxq@vwd|n4bCQ(CR>PZiDgftV8w-n?w_!*ZJdy!tgCiqsiIgNx)MPThcXv-b~Y<H
zG>X%)OwIcsVp?)7httW+z76@ead*IL&f1)t@!-RpA~O;~F;Ttc97HJNrQ>};KV@Pt
zjbbCt@egUUnMq|m?`*!Z`PctYHcnVud`O@LS}=ByT6N*&@~AIvL;z;pNipNO_Cejm
zyQKiM)#jiAdA;6fMF|bS{pwuVypY<<N2jN;I2(_zeu%qusr%67!~JApU;^60KW!s%
zlNd$(`j>E}xNMJsje&IgyZ6;JP%$3lLIr0BZ89kN=7v9-gdLa1z=P6LHMMY(v$z_P
z<?dhD71l;N-!OY~knqH&A0n-W@6}QhB<=qA+Sdc5f*1U?3;l%%RD(wuC4dSkqlFEd
zJtjfH7?Dva<=E97ID0JmpslC(NC3PEFeIVV1(T2XVoZ?LE}GVg*Exl2+&^6hobgXu
zpAN?{+j|hg3uj$nrTl4bF{z(?5mdloeQ&DOtBU|Mq%3G9jUYS#J>d!OU>RF!V`}tb
z_V{`UyY#8v2geZ5kC-Vy%GlljdTPj4mR!1?7Yt&qKy0(6CQPcHeJSL2NDo4r><!Df
z6#me^4D9G`WxZ>TcT1eR9U2soJw@_hx4|P)>(}#|!mzUEKS#dK+$G=gcNK+ijz`-p
z?J}-`TMbz^r^I~3`e-M;7MQQXIm>@11)xi^h7Ak}XSij5nX){hY5Eu^a5<kYthf|{
z%BY<{n_sNOM`rXiX=g0^DrmGfO^}o8M~i)Dqh;$NM=6=!j;pDRt#p6JCE+O(e}Jz5
z6V4nxf@~%VUPPMP)}<`xNBe?H#%U(u7X_2q9}4mxz?~qQX5I8!)%3`c5)b7gNY20y
zmL8~WroK7_yqv#dOf0AD`N7v+=jDT~6qA`6sA^(LhYtOAu;(KZ!;84pD|RWF8HgyC
z>%K@?i0_!7?`n4pHd?WM3tPW1?XoVXJbN|!^^d+QPl|t4nrt*Zi0&vjBBP2X2?%__
zvT@tnH#l9c>t2?0m}a)gHNlr9ALpq8eh`0!yhnu0>poz<elh(O<-1Jrco=1VX0_(H
z<<eZ2i|ONd<GMHTXJ@?+4_qG3X&vv*xwfG5_=pCf$!wY`zh@eK5l4?Zckf@ff(V;1
zYA95|>cw9X0*gaCA-nmC<#TK==}@Mb<Ijuii8o5wBW#%*^h8T<38&%XashS`%_I$%
zO)RZsG*d)6x+lImyPFjm=F+Ig+$EF+lb7IBvD0J$LYiFRT6UNA8Ey(I`<Iv_v-3nA
zRINTTtBy;#7CKD6Dz{k{AT_>NJ@ez#wQv2$W0+|TZoEQU8;R<zkUL8=H?jr{@cws9
zShO%}X%a+X{c4QWfHM=c8F*Dh#TA{G33)4`_8_KEBQXba6IxNR)sUF}AcB+_nIC%N
z9-rmty5YdlWMdTynj6rSj0%Pgi5?-|S(NC#Z|^O;!oR@eiedGtuY&QaRrno@MYjs~
z#3~QacrY_AHe_S7-+B3<7suT$!sY<yPUg_d87X-8mCx;4=PUGn;!bJWT+Mhu$hsE^
z<QhLy#mdQ-s_BBJjX1r_h`_dvw8c_`Ou5sT`cl7xk?3LJ2sdlJylH1_YQk1l#6YD*
z+=7;IF(U6Ddn#={w?Wv1^oA@F>g<|WG2zu7`Klh!n`Rn2n1uTyey?xWu;sdJd=?j4
z05`8)BL-Em-CAH!;z}32U`Wnm8lz^{I48O5&Afe05OZE&AXmi4q+$^QrL2ICN?gsk
zug4^rk-QDKm=%u)BYtyMag$m$c!<nSx)_g&%j!u?tS0Ta4}X-`c#PsMsKFI#=fuS*
zVJ#A=h&Q#CVgrkZa1-uDNVeaP_v<0McQOV2VfW3vdV0$ay0_zebQiumsquQXY;2{n
z0AKP_#*3O2iIJ}>df=z}MejDA3{&LPuy5KHT-EK5)}I4a!At}-7@i~mD?hMyutS3x
zg){)x+!R(edFl&ucW*T`-_*W;H>j+U#-6p+B55L1%W__<So>$)1|I5dE1R^c&HF4y
zf$qv~&(y6)I*LUntY0M=UYV{BX*^5#>X6fxzLDRiJ(lcHqbZ>=4_oTzx}KNvBayrs
zs*J~R{iZG1`VZ%g&lX8z8%aTvqi3lf7q5aVEQzZ?O^X${&YCDCL=q68o*X3kU3tl?
zy4*v_BQ0)P^_^8ccG#IO;nmAYM3s0__mY{01VrsHW6^?BuC&!uLw#3IuTZ!oH9}86
z;RTz~d%)OJFv`iAwOq5^*jdi9f}=-POP4+Gx^t|<q;jREb{CuJSR#T|?s?`aMNToh
z$#6<^N9SUa(fgADx!BPS+&o-2b^%-7FdMf%iE2LugeL{=x2H1vbAUXa1iA0~jN5D{
zd(#8X2H?Ihc5fNNmUDJWhWi6s9s7XdpltE}_j5H=3ETqyw{TV)#+*zo)l!19$KPw7
z@z(Cn);6pPd%Wgmme)ZB{vrX)+Gk?W@qcc7nmX*k*4-dJz;+#|!2%4HzlRKdb|9ZB
zgH=D~>*AXB1lHkq5vtDZ!*f0`Yb3>3n^$=cm~iz`N5>32*z)=W5C~fGhD~%v)o;uf
zZgnC{dxSha$Z(Y#4%a|6zDVufOj=^lS-*7rB4G85{69(1Zyj}}a=p%a68P82cdmg7
z_*0MrLA`-Bs!QF|=RJ2ImtgQ!hoj@ll*c{a%2HvU{8RPsBL%I~B+TGo)Z^aAMrh&M
z;!lstde2)p^<mk(h+M0*{poSck3Mgi`xD7}O}x@<!~oWPRUVs3o<kYp(=lF9d~oyq
zrc|AHe8zAqFBZulV8nL2@tzw9*9PH8-HK!6JSpf&gO6kT0C2qhU-#H>q;Mtx#Q?#L
zRw_KylLikqxq1uYw>YakrM0^R>echo43na#Ts;R}zzEJ}f8J!4gc~edetsk9g=a{B
zny#A|#xCQR?}Xo;_H5b!0S`7BK<>sbqWu21!IzPKU`=i$bUqMviGgJcWFE^P4r2Ms
z1WsSL1_!VW2FCzaQP_Tt-sgWMJ=fs5<Y3YQ$$`lWC*6O9n|S{`jYSQxeypdqiAis^
z0UaMZ9*Tw>n=5kfA<GvVd=#d#>QDNX$|y#RpNa?KBU_oJ>M-wiobqjOjQ;U9OHx$D
z?#UH0&7~!Z8^BE|ko9V%-F;yYR05>|A5!;%(4J6`=@N@S4>k%m`mb*SC-8q_{%Oy^
zuHDXspS|(-FRUauiOv<o*4xbc7m35^{v5$!R$_z_wM^9{o_Gtg8C1_o+WyabnEQ!o
zk?7AR!qHiC+s+$Pv@f0VL(9apXSZE!EnQuo=!F{;?9(uXNi%`Q#hD&t4?uVr1nk{U
zElIO<N_z-L1=}0A75={46wK=G!6=4o{mD=e8<$nOP-uzyzz`5m2r|Ap2W7(vhV#dw
zIZ9OS7^jf)O4N$~L36$ZM6$5p;r{YZ27qhG5P{1##1Fvn&SN5I;Q6(M6<1707WIDV
zS{^=%*!gSR3{%l!I|$m~B>neM!IivYw~1(j2+^f#wK|O0ZMVnM+<~3V?0?(<v@Z^n
z(T^Gmc%enke%sU1b3%Bp^^+W2vH-+usch$e>+P3D=s-4aR7*%a9J{@_w*1ce-8*r_
zUV6sKa+1bb5%{wi<BK+zgeD<Ywbk3l<p<d!w40a0u{|yS0)OC-pzyqQi@TPl!~jV<
zQArYFi4+%tqZoK>n)YYZoCv60@3h^!%^G<H*q9Qg%RPH^hqz5=Y-+iDZ%S~8Nr8@G
zosW1ut);X%yCzmsK{80OaY5gMTy@tzAjoK}WEC@`{3j-G@}NG~d%W<dE`ZyvGYA>9
zkG>=a^mbTjk*$)nhIQKX*poq;vQprWl2~kbI%MdHb`W<g757O}kGs9(Zk}yXK=%)=
z*xd0uUaSpkTet{D)xXU>;_o1v1NuLD(mKa&Ey3S3M*JMeNI@1&`J(eve^T{}ix*_`
zd1=xbJ~OzX@_yoWR=chS^YOdoosUAlPMf?DV|#OPiIZLy4<)XSi%&i}%+m>G-RSEP
zC@HTJ_|^ucpF<hK%~pIWeS7CUH5hEtmXGu$(O_5Z|1h8l5mugKO45_G4A0CBv=Pnq
z*w(C`Q}Xi&M_5Ai1JK8po$h&D!h{Ho>othqYm)Z}t0lEFXb?{i%PY^dXI4GKJkuLm
z>O`uFPi7VCVweofI|x9n^WLuM@78c&d5heA<<X>LO-}QFDRjENdWLw-$?~}5w6FId
z*hvCa=<o7_7Ag4EVEFoR>2Ajhc<$NbfngWROJkN0VTqBP8oK4zXBGGStB%dJgF8e!
z=33@a%9r7}!gqD{DZfqj*}l_AYdRv@J;DakKK}XQ<A7DxR<Gi?*?b*qM`lwnkF!H0
z(?|K%RAVPf&AE8y=dT%2iR<H`!Vzv8tjN|d>TM;AYR(lP1@)o7(Ggib%`Mp=dSANy
zz)KAU(4{@`pzfQI;A$$_nNLx|Sl7`UJurOsc#w&fm#J?Hi|1#1P6L*mMDV!5)1I$I
z=t@b~`?i(L5yE3baHfc?9Gh9iyWpve?r)i&Ov2`fDXt1!BB2dejEd9ue<&`ns+evZ
z_1#rfs^Md>R>g~GZ>@`tb8>cdVYf2$3H-?E-abmwBD~gZah*1BG#SD8$e@nLey!9%
zz+xalW$vuD7f^z}cCyO##0;qR(BM1bA#Zz&?SW@0!fs|3nJ~!)I*Q~o7(Lru{=_+5
zbD!8;)fc9F*q&^kb%X7uan0^M#&EhOJk;m!7KtB&M?%yOrg(O*<z7Xu{Ce#ulH!ZL
z$fZ=~8+#N}%JD^p*ITTP5!|XGam@UN3^)#K+Prbw`Z$+g(!dar)qu3Cj&<Q7TgHb=
zU4SkJc#B0<bp2*msiL4t>+G1WaVJG4*qwYlvqDU#GTM=SoR$EHQH$w1gpBsfmW_c{
zzpfHM$ESkN%*`6KQnSH$0m-21y}3Wxy4l+*&wrUb@P$QwL|uS-i(P~ST>!$@oyVh=
z_rw_=4V8*Z@{h;Wd(7~`<4Cn;Q~ACT0C(uWN>o5+ykVWh0CRxPl(rnv=traWfA|z0
z-!z_>3g%ZAsbicD=O&(((CjVkaBDyzBOnKtRX8!0OG}F9f`SZmjNLBC)PcuQmed=L
zdJT1js=Bre>~q|HtLOuZYmR?V;>$VgEfz}VC1e$ne+3nx6~!cwJQK9s6JDNk7bfPN
zdkLqpD~|b8>A5!@AAhhJomvB1l>jR2bwoRwC`7B0))0?QcHZY*=Bp}3<mh+1D=c4U
zz0o&s&wZnJb@LI+aNyNWFtp1_YBATmF_o3vE2N$EO3N%i@#8i}`32wtlw?|hq_?>e
zVZ_|Rmdx0%M8jt`UR^)IJ(M$=zJUiVartL_g*t&%e^hdLC}m=KtNtlBFz{6VhlVm)
zf7OyUn$L;=<Or+TIt*#(j$O;jY6p^^_4&;;#V0qWY{8v}XQm{)3dBhM&WZreeg<Ty
z64_AXcSV`BPvGx3oUY~Hbapg#KU@Cn*?0j?0Qw*L))S2n2SF-OVKxt<I8Di%$d|G(
zZ`fWZ6%agSb`75OTqb-&UT}avJzAuGwZz`8PfmBx;K6SCb?Xf%PzOh1$>2CbM_ucv
z{dpJvyQP*?lV+BOt8c`;+jpM*oFW2LB(7}1*YS~!d`YYSc<&LR^xPgdJFC**BOTiJ
zydKazyv+HJuw*FR1<{ia0}JC9L32~!A&D<kUW%EXCF?0q8I)NQuM=N)Uy4$}17bxX
z>%uDxt1cfB<U(kaE+i%Az2MS5u3{ICRls_~GzI99l3E4{7j^C&uiP4zb7;IoZc?WJ
zWaM|RUjM|zQ|^NZrmEQRg~b#(&D>7_&(g_n=Sl$7Zjb3Ky6k9rv_g8Qqna@nC@I^l
zm7<4V-YQp5iq1E5jnDIYl|;#Z?$=%iz0FlL4#PfZ=g5P$xwfya*N_SPC;DI14j)9>
zZmHd5F{ssDZoiv;)8d_SZjesUy8qX2g7?eU%mT)sZj;h#YSO<thlTHujV$Mee&#PF
z#YPH98m+3vzZ^Ds$DRo@7kF)Q@E8v&^Z}wwM+$tSNjQw@CjP)Vt*^@V0a6nAZLoF0
z$3HJ0kP)7=XC?N3PYQ}2lu7}g;zTjk>A8{#6%wEru4lDGzr|Dsmo>v5ck1fCqK00R
zq>=wn-7X|#-r7cfH6c;1@_wQZT5Qazhp*8+-e$h_c_mnbVdGlz<pie&>WvS=6j-|w
zyf0#s!`^N_-1RN7+hkH;%C*Y5a2cYqV9Kc7#O8VT{-qa+Ga7VO4#RPGJ6bsOMw0AF
za(1-$yOvx0f9*sw8x>Nqq{Y7vt|buQHoke7o|k`%o_^AaMG7Bupk5YKO6|m&o3~j1
zd&EfVEBZA8q&YEHWS;Z$9y!=7=}cnxb&f94rRPqu)k;zPu_{9<8iG!#+#FYE3#bgG
zGkuKlaCRp^rsV*FtzzI|0Wnm@j@Bbc??K)tKB<MeVV-T`t8Qu&?K^9#rR{EoG^?d^
z7%G;%eK~a^&kqHCtnr3VX0jY32&TdxU+(fy)JRu8J7WfkdOh`EtHYeiiB?aP?RpR$
zUqBrO2469<6`ej+bpPEuad*HlAyT0Arq{7r7NT<f$!Nn@J^en;nzQha&!6wv{s~vm
zEhqB+DRrAyVCs3in}l~BHYf=-8g?K)vvGQr1}Vrjbrea_dTG`h5yBcpMNNp@Q8aL(
zD;00&dCz{<I-G7OLHhB}i(m$DEXnbgKD=NQ!I|cKZZ1jz$9z3)`SzhB6d^E5y@ZaN
zmf(`qx^3KP*@sGeIvFhBs{1oU^|U0tPCWm?c^binOOTC9)am8x--1jLbkFw8{}7XK
z6bz1XReJYT5<=T|Yrm~J6r7fp!)`;q+<YVOe5t#k|E0cz!t>JqII6>NyKS7X@69^Y
z(*B9WP1#uHsIF68lgbAt>aKn^uWv%)Uhe+1v-NKCN`~m`?lOf7YbJv3hE1~AOoAGS
zy<|hfE{@jut0K>)NG2!bgrnEA1RKBA7XMwi7Zr2SBR(7Nm+kx1)TJ%SydTUf8KTp^
zy2z>j524q44;d*25(yw|xO~YtJsIK5ZpN0p6_zcL(QZs4;!t)M9uWfhxIR#&Q>9?g
zI-E=|r6@er&*>IG1Ub9b^UtZ#+E=P#-X?6K#Ki+R&6rtpF&Z6lHysarDYm<Yq;>Ow
zX)-aB!9!Ksn8b={sLl7%3k_-~ztqx_BpAMR?Yeb4&9%LXjwv(l-Wv-%q*pz^T5LAq
zK179yR4W!b;}iQMZ(Z?T-ilk#uj7(f6GqrU+yl-&FNAOGpvzWQe*Y`hpkoP-v0_c<
z9|Rq8lP2oz#evM5bjQ1!UjI%`SiLm_m_#pyo_e}HY_)$b>pngCP4;&dD*@E-k+$Je
z_%Asy(Y+Z~ik`iRe95XM_HCKj{Dms)>0Cli+piOg&=|d|teEMS%kMte!yZzC8^%4o
z>%MHfNADk%wMUIuY#+JSuYKZVZ^LltgWssXSKYIb6IU)#`|w)u-fct5bhDSu)^hL7
zQ-6|)yOmV#?mq6&ROq4?Z{Xis@;bu|ztKT5CkO2Dj=87lPGBcNFsNqi(MsNEzX9Ey
z&l9E-#NZE;K~nq>xprO2uf_`<Qxg+ozsyR}-|Hd(9t-F8R`G3-YcXD)J}pW6LeW94
zBqOvG%i@3b<?%FN{GdV@zDZ+SoKNYvxlHRPmZrEY8F4gGhsk&MXQo85mqneO@QzHM
zzFFIMxO(np20y{(7`3<0!jt*AVrk#I7MdBm?AsC%qlzh!G|>nA?wlh-;UbjWG<OUx
ze3RDvb-8l%+KAcqTn3?v7WW-8SI(Pj{A36C{>i&xQqN*90FsMz?LED=qAgL#L@p`1
zEaC1RN-q+4tND9c{opd7w@mXGcI9s`z`W~k_hn3`Kg~yvpj|q6Tz3!p|1kC*;BYl>
zAFxhHh#oyU5d_hLB$DU^3DKkXUKXna(IQCnE{I;EE~57y1i|XPt*DDtzOyTNp8x-S
z-|PFni!08aIWu$LbC;Q%nf?9tyjAD*#ii^eI|bUyQa?5MV4@~xl+R&88#Lg@$sl{>
zaZfK2I?1UWj~-Q5uD*sbAdS^M+)bl57xql4OTPG|=S)!~^kF5;gjLca6&8&JT9u2^
z;F;%avrq96fmDRX-6+lNFICo)ojXn#XmFKr*j2}eGOSUN{PM|aLFEB7<YH(3lB9)>
zTGk<5(97_!kO?D~mSvlkQN3E?Cn+>|9Di)w0ZITnnrd-49I+H!?A$d^<LAGj`90ZH
z@#n4j7X2CJ1lO5u6L^KV=JvK(-gkqSlnLMEhM|UCqPt0b>$sIGRd*Qe8*q1YCmCo;
zW=q_bCj7t^LK=gU4R-a0<`x@nOFY~cjzgc?kCShqX2hXk&u^~>1rJp6eDz9GXe&Rc
zUPmJ)G@}I@wAx9w-=DS~^DHo5qBAi$BoI%trQts1{re@H4s*nX)UB7FN5^MgL6&Ux
zFh@B-K}o+zbE%&Vr4L_dDRFhH6`o^yat1GYX`flTzDg#_eSVi#tNe<;wC?@-t?J86
zo@2`O9Ssi?mO_>_lAF#E1}T%j-+|QzZpjMsEJ<H(+D3lZk&`Sfo6%J8{Uxyc7BPT>
zTAZ2ZF{OJmUl_B$FnyT|wh&}a|2({7J!lb%rx_i0<h4NmXST|qB!rQf#Dl~AZ_4Nh
zze8lSslAYYSI;v_8uevvT3k`qq<b&M(1K1+bwYVZ-eHazpn~?&pR%eGx%|-@NI+z=
z#u}M)pXDLz9X{%EzRQn7Eq8MgUQ@gv?thv`qxr#~=1GBvHiw=pHb^g4d%d83u^<_w
zx-Rv@cRAI0upgQTHjb82SDJPf66|S+uH8r#PZxC_gx`fALP_qFF-NNlWS!aGUtpaV
zp@_97`<$~giZKCNlq611+3Zebb#-{oLm1bevhmo-N?o{tq0#2Xp1PQ5m90v>E79q%
z+0KQ*`N8>F@34t;7dHFaWbUgPS-~tBKIXQ9aZkRz7#u?~JuKVe^Gd4S2GRE|sn<U{
zM7VIy?4P3;&`2l$+^kxt%N=Mg_HKj_MLa?xYK!-CMS~Z<U1{uFb>;Mk7(Y%@`Mna&
zdwh;|52Xb-Pv*KvKlO+?9~I%hd3n@Aw|q~9TE~~Ddj@^qiZc0PzGf~5>&?MK0g@0C
zn{io|;N}^}AVeQH?dEjLO6MCGndF@a+!pWKV#nUqQ919@n@!`L<+>*Oy+`I}OLFz<
zf)#D-mmJK2pWVim%LGltrRxotwf*8{i$uhdSiO%{`|A_Mh2wcUoLl@50Z0WO@Q(ll
zjsubL+Bkjyxw<PVSPB3a^h$7Z2D>gdkNCa^mG=S%0!0LGwA}^HU{jnRl>8AKC$mza
zoj>|qAIp$Hq^D0-5)Fq7F&2J5aM+_ETHy-Fr5b0UqH%mLkkR5@^!WWduA69Z-rqMu
zqJ#qGdBz!~%c}F(_gsIMV>*4Z1y2Qn*Zm%-H}&|q3V?qsxi#qxT$Z{$=$p6uCA4kJ
zc;1=ueYW)?K>P&j(LGVVThfn)<_9|gvjIQH;{J#rw_r+~s1Xe@G<d>@WqueA3q<{$
z2P4%-{93Z#I-frCS76na<BgIBB{nOHy_>&y$@;lbE*Jg~Lf}3d<Kv@Ew(P2VDb^W*
zt0G_%wfg&grZXBSa^JWw&j=s*I*!gF*!>#?1a3KVYJU=d#Vd{mLrEO6qi<u#(lT%N
zcHbYLnQBA+TcD0VBEtRsSJxLOzXbaSkTPCc`ys-ucKIL`7pwDx%}O3IjsqOgzy`k&
zDBcYA0SBH3O&i31emp1Z=*~9-Ui|9se%jeJt(PJ<j2RiR7jVlOrpTx*6>a}<;j>4v
zL}FLo@w_Dk&Zmz`1CHgyH(>lxxymnhHe$x5hnvtKVLUP`*ao_X!Pi3e&R=d#{eBow
zUzxNpQlc=%5fkK;OSAj&#7W(dGnVOl<ky#$J?>qukp;06`L`kLXGsI1R@`aw!;r#4
zsY7uKgUYKX5*n**5*FyN(8kTa5J$trmC@Du*PFB~m4&<lI-FnCu!S4n(3>FL4be02
zlf@y21FD{*g)%-$k@ukp%6v=bFRmCl2JIk`FS!kg?18UgExm`%Qj&2xGv<y#@u);A
zvpy_?_~yON`wV;0;2%v)$};aX;kAsI8oZzc{eCz{e?vbVt*@|G4Fh@=$3Xb@+4tPd
z{kp=%gpapi9c7OiTqlJfHM^Vv;?W3uG}xk@Z;8RSk}}Uyc%qBc+v?tTimPR0as2oE
zOA1~r-Ybf(q06mSaC*>DhYeFPx!f`fdO^CAf2(k<KUDE*Tp8Cng~wxdE`$Dki#M@p
z+4m}DkEw#6*_>u&^>2sTiXYOgxjfhrF`$A{K_~AZe|InG_aBr^*VxnfBj!J<Jj8<8
z$0BahP2}ihh+n>`Tb-R0skEtUrikSq=*`4|KhK)7qHkg=UDPKd#8p0EKg>H-;=2J$
zU(Vf%5b&33{&uAkW8+}Je<QoYbb5aFi3%0e*VIYn0VGR;Qu;et9bfQll9>9F!0bxJ
zeGY02rLEu4JF*29Uq7P5vWw#ENfM;E8q4nPrIQ&&=X}`toTWJzr^)nX&m;iMlI!ZY
z4wby9yu)48+eD~cjbV9o6Lu43gZhO#5{2WMeF+<EzR=C=&tbTi#q^{)TrIy*$Ct2G
z8E5|W67D>VO+UO34*Y-HUiI#yDNu^%foHD%LYa3`HTPEX_n0k$lF^_m_OGs0YxIF-
zj08}2y0wi+o@pGovgcGRxLYIkbW5XvpXPueC@+IJjoovDa?{YE3xlZY1zTliN^gVz
z&zJqTi8$^b_2G&AFn^lsantChY`9fJV(=b#F#xRRP!AF{xVRT&F61YAFJLnay+XKM
ztc8A!o9u1?wTcj=?TvnSDuan>H0NIWb_X@@JciQ|?b{0<yAo3_NWX|F(npPvzfB0R
ztYUgvVu0W{z$N&>T!w9#N6@dnK&ft9W`IK{K+Z$=>9$cfv%PuPPCvs<*)D2-#QO*V
z(2UZdXH~o5(nA3XVeiLoOxaA&HD?jTk65ulTK(ji+L5*nrITl58GY3)4Q**|OZ1y1
z5eTsiydlztLxQ6Rkm!@lI~?q5qihhVkLtI><TZuK<Jw6(!erA$2}kaKtd7#HUkbp(
zQolGepZziw0FGGNiglUDYHGYM{G(f+iqEPs@L}402bB<+DeOa#Yk~%KI$dH$xy+Dc
zV#-tj`QFV?=%@;i8UG~4-~jMssnRk@8L%z!ny-|8Yx48u9=@0?3&rt|=fbbj)=8T_
z=8M;OS@<KiOgC<&=ax}p!DD>A4Dm!oL)uzK6$kC|DBG6zbVfIMTvhUW`!_><I6kFJ
zm8xq+24xZ~Al39%sdp!$idDBST~ap9G4sfTjNb!Y5*(FBfUTYn<!;E!`-#7H0?Sz`
z0X_=}w)|ZY;gY1Xbo@$AlTG0!bH?azg;UNYQ{A<-JlFdZ_;!9Z<Fnd)F&dZ@BktwR
z7m8l0kC<xkQg4obyez7|i9X2+sj+%4GmV_GfO%^!b|;2<r8fL25#P?>zDI?s`~%3`
zk;JPvw_g@3U}i_9`XP+FsB)VmPc8+GmY<HpEx8KSJx2I;-VRx=c|Ejy2iA~-HoIuO
zF5uUqA`9~<{qmHwePQ0Rx5UK#=9HvuE`dY(Nb7@n1~`XloZC1YWB&5#ZcA4)H)Y-S
zy8^}OG`A!Ak@d^HW9)<nO1oStWD<a#`5|G3Q4FAd|F#ke<?vB_iLYgq{?BQ!jCYqf
z^5@aGPD#{>98Hzl?0?MRD&~2YSzu`_g0&7Oh_tlBpG)v45gavRz^SBa&G97ZerD4{
zE5gEF-+~ouQ-wVEqjf%a?h2-G`i52gXwUN0z@S%-+T}>_1nsaa+tA%Q#ze&j5YQ3*
zz0+(3Xk-36S{9LvCGKWDG+UwUEWOuUBAD<n^-XRJr^+AVCv}<Y;GwTKk^~_Wd7H#L
z#wuJ66Vt0@THcF6jw0?!TV1UujlM5~&R<|BG)57mHbT|?_6}Z!^<seVs%E%k?WYmH
zO)(+D-VXNDqdarcBr{hH62O`DJihC(5Q1b?n5ORwWp!b}>XQN@wK?v`@-dnA_Ruep
z_+VqxF4QurD^jlu<t}InzA_p~h>Z$-oTSC~)Ofy>QYM^QVzP#5HvB@U9+v{r)*Uyc
zA@{pV^CE5iS9-f(u}$5d^aY|ye<Lt*6j#6bzE*2kT$o;fAJ4j&lJu(B?Zv630I;~r
z(7RjIrQCN>=GCh`--yXdl3XuBC9Z1geRn`opT5Xu@oMrMr=#G7iezdjDFbd1QRMXJ
zOAw!`r)IVq>pf<b!>fDC#hvmh)ulNWyUERTq+>5AaOYHdERydM;;KYf+gdAq-HUo4
z2FmslVR|RQDPa|%S!CxOtndMsE7$+o`N(O7eP-Asov_PfnPN{wKNoViO6H{B!x-#u
z!5}1w%b|;1O+NyFxpSI?cZ9zXIQfhPFKZpSx9uR|S9SPq=_j-5{mqyAL}1GpRd<{F
zwK9&lyI30CxDge@XucQZ_)jgxZ!K4E)6)}HultFHe%&TJ<t<yU=4vK^7);{_hzE$%
z1Rzo;S>MU;ASPJf@*!7)sr;$sTk##NC&oDrV29m-OppXVEL6tKuY0WW28;(5JVXjf
zmVfa4XiY4JQ}^k__c*<qyh%)VXUa19W;HFLPQ_QRrER`_ZJ9|uIIO=_Lk`Sn(Z{-n
zJ-<dJ+w@Kam-x??gX*j#>$Y%O8XOF(XusRw9k;yE!+;-4>|9D<tzYgIx6ol7r7)&(
zc&<}!>N!ZwPVHyk*;;z`z0sVyMWU!|nMY)>{eF9J7@r_KDh>C=Meq$wC<B#i5WAy{
z4Shs9$?XPw^P(*@8oGqzk>lt6l}P1_rsjQa1pm}lWSXdMMJ*9WTN-vV%B8+L-GeZ~
zZ$~d)DF5hj;GMthjT}qBDe4t~%<V~3O0eaYW_ZnTOTKd$p5V7Se4sR+R+UpLE&Lph
z=Hj;KGk@{}hi~$aE+J!@j}F7A>U^@JqxHxSc~bYp!3Ca$rAs_E(w(DhoOiA&mQsfI
z*1kTa5>e9Dc>d!Py2lC{v@k|XxGbB=u!emvoJzN&G2_Xe7H3&HX;|rkCNA%EF)uM>
zNY?hFo5Teb{L^E2WDPdFdZ<on_R^1G{mEL_T%HEJ6dgv+xh>CTtcWpBukps;{P7AJ
z#yEDvZsc3tBt<+KaB!n-(z7&bGP>vFo$oD(W{%37<9>Syix4Vw$%h0#Ox6vfPl%Rf
zX+C?|Y*g97;$+K(3L&YkbMrL=VX-R^7RaxMpqE(;xxKWOU2Ge+6sh^^_H7Khgdi3P
z%+K2X-@=7WGWk}YS?9?z;n2H$s>B<3{D4$O9v{Rc`&yfW@B_L>bi~)4$_h2ecV%7|
zr{D{jSuN`wZy(l;Do<;r3m+LispHAdCh02Ur?6fAw}%2P-hEm!0y(Lbf)ej)(P2`D
z0x?xhkCKZgy?NZ8ab<ORm-^9yWLOC7z=lsi52$%pnqDQDi@p7JS)x9@bI|MwAG}<v
zNzRxt7+xB$pHy@FomO_qyOq^Nd!?4DS9Mf#_eFZFO`$+ppod3Jy|y01Np+137g3{m
zj?|*S;oQ{>7Q}$hL25#9b^#5}yfP=R7Ue#18v<v$|9NY9gNe8XbAB|^bV68b`*4DN
z=mnW*=&Ocw90C2hJ~Dek*I!Z$X6E;RCRD2jU!V2gbs$MRAj#F&DAaN3=F?g)>Tv&V
zq0EFSgM3Yx!N6?4g9V{Ejm}RNlPFDOo4Qx6?0xCPRpnLoWunzZ`?usKGz140`pj*s
zD$9ik5*bNPKgFLEt4zQoIB*M2KW@IHb^FV~y^2e!Lv;Aw@R@=Xy=ftCaPF-{TJGxA
zx0kBD8!n<o613eG6BN+WNP25<MB%To^UrX-^o(R-RYzQiL6XH<pA5W|u2zH+13vpc
zTUPW%PNlbFlLeRl^F&$>t}evf3QIZ6R)uQVJQlOM(zcJyDO(v+AXB<Oxzur5RN;Oc
z0;#5!v$%?hXr9y19r*g<n@5`(zBu6+*PCp8Bi_EG@YJUnz1Fa2%Mu9MD6u<bj|#bm
zTm<>7i`rZ(QiSrlM>IBvtKI42lF%J|zrdR$2R?AWq3D(~Hiu3$WSKT-G@_x)aDDqF
zJ9N{t<$`f7y`6qHsGm|nYi3b;*32SCI-5`}F@3C<8hAs|bUuW7A*2#^Zb+A(^k&yp
zQT+}SOcM9YipkWD-%|b}WHb-rnf@uWRx(sX=FM^|k>Fb^s$81*g|5?d>N+*WzN@dl
zW`&KXutx;~n&nJ>#)K3JmuJr~o{EZnja?q`ebyySNR5qr2aN`c&t4l8d$r*h_pyNw
zaqw#`xncKm4ey(Pm^)amra0@(clOFvHunCs&LScxR|%t-U0>|a@=o8$GbzU6EQz&m
zGhOw>DNpdASsucaGWuJ#pzj7k(-CP$bSrL($akgJ+h*Ub+Bpr`hpXaAD{<Mz*D+xd
zHxx$5{k+*<gJ?u^Rafk6VmQL@Eu=o{z8k%r6TxxL$w?S@gU+ChW>vFwjX;u={5bcx
zHnWXJ!PD&aqtG9myoNPf*m_pEVGYrR$;F})!fTfsys>^+Xh4?$nnrnht$n2S<Xy-p
zVf{JR6m>7y-vU1CV{QE2vpW}ZrxksNYNk5EsMflCwSYYs8frYJ<Lr?Qu6cPis^#pw
zq<dE`5tG!c6!$4e7)l|G9%y!3+qwQwhjGq3Zd5ua)%p3h+ZJ|%pO=8jo4KB8Z<&R3
zD%?LWya^qo(v^)Hi#PYOWEmWG<=#Y1-Ri1}isz$uZPBxy+JEhv1FdI2q#t2jDxgx;
z-(?vx_Lz%zDvG2`d-9uQB*B?s=T6wi@q#@EwIlOp;HwG9_ij!1wZw>cE9SV*S}uZE
z*(gSp%qMl}?#FP_JfIj8bmmD~<DmJ%)bg%%uVAO77FPAVuJ<%$K(zF*u8(Wk=`Q+w
zY-vki?(dua);vd(q8X<`Y%B4dGTGD9J0Y%W)1-*-%%9WiKOR&5*~l|!poJIFd`v<l
zgk!Zx<Z^9iyl3S!O25;#8lkmLK;sm6{9fr(7u!bv_+B}enfhox=iV>B)I5E;-sRyE
zo8<bZ0(qgnBk$h`HuYv5tm3;o=ecWc68)Nwb6)Z-+4XLLLDGmd%$HSNAz2W9W6qsZ
z&uMk0e}l<DsL~xyn5h4?Rc{&VQL7QB#7C8VZMONeh+1y`cv1Viyjjlm<CeA0wDxl<
z$kr2=D(>T$-Nu4X4Eo*g+!f+oUE-_ID&X#hVG|#I%#^%I3~cycIS%|f)|iiAo{k_K
zJ_lS9&NcilUsb}(r@rEm_9c$VrFW}ZAQyLi)uboi`OAv(b3ucPh}GGZ#nzej;8zFR
z0v0Ka%3fmoGv72lUt1-EOm^&g-%5#b;$Mf5Zy!%ZQ>~_`l5Ta8e%!AUqdK1*izHIW
zID{sr?H3(S(!{TbH>!4&A8EF;i5*l#D@zm-mZK(@SfCuSTOcRhQU-z;k$9K4?ku`E
zw+8Q`!477#NBBG+X2Xd^J-wYq99kOYIC|D^KLN~x+^;FMTl*PSkU44!K${@%`0D74
zMYv-ufiYmyl3=6pHGN0O8BY8lgX+GmU1Zp*HSPSHy(HZlhz$>L1~I$cBu|q_Ps~=m
zwh^4Xc_h&Cf-?2plEh*nV}JnOyLy57!59mFs~uN>wH9vf)y$z1e53CA9W^Rp01k<8
z#RZiFH+8S;Wz)m?AyTjO4eGQaI;~zJL|{7cuL`Kb3llo5OFX6&3~Dy(B?;;emgc#|
z*NF0MJ3YfTkJ4k3_6HW5O$ID%uP(s_LpRUo(+J%PFBQ#F-r~MNha;mH*d)L0hX}0y
zbcy94r3s)Lqh8A!ID1&LH|ts38@GiS*<7-<)8J$MdP`8hUibx;sV2a>ADqr%DxT2D
zW(}+4n>%T~h}d2?B>y$o_;@JY`EK2lQujq_n>TKGM~64ax54J~xbPRZp>xCP^hf{I
zYvF_xI+XYRpFXY8p;cD;yc@FZ?ut+6m2+GUKIW3#SV|GK9_lWG{Q#TG=a&@Kb}l>h
zR@tJ%Uo$-K5)E{OQbqP1nWR!hdYC$p#145g3arqYcESgniD1LGw`3ZzW`uE|xDgnC
zHlP7JB6r`>VVZPx5m383Ur983+vd~8ZTUm8y1q6*rL)s`NF2q{Bro0=)pjqHWYz84
zJR^1}^_040_T43(bC!0q%vZ91@W9WZl%lKYaPaQDW4d#+A2V;^7`NDR!ZY+YVSDbw
z?-0$Ze@%I{AwTVgZ(#Muhop6SS=gi8SVmZ(;>_mSYGt1TkBj4s@3HxuV1V*QJ4h@;
zh`%|d#PiHI!m6Iq4G%mdBx~?YRuYK#Gn*zPR!gsjtw;hsgh-ke<?VYC3+{dI49fl%
zeA)8A0tkEL=Jr3kdIlcr+8IK!B%u}!AiJwcT<8pi{7;C*+#98@{i$DQDsZ62x(zC_
z!@9z6og&J*H|l@B3*}m>Kcv3b7J1<NkZyysR^`Kvw?K~G0|{i8c~M(v#9QHCo5fkA
zWP&TBbk8E!-MgQlT<Oo~0{e;07roM&ZH9Bclq7m!(I*-F-(D~{*srGG=FsQN4%T)i
zQOYBf3*<eiHtfb~X=t+9KRD0af<!-In^dAx5+zF`!|i(?Q5yR4-MPHQ3oV$Y=CAar
zHTs{W8;xmHSoN=)GMJ}!JfFl*<u{EiZ<<*v4-M4%o++5l18E$&0f#)agSu!s`{7D`
zzzR%Ldun%}%++vOTee(97np;5=brmdY)~<9U<}?J1BSn!m98_<6=d$+N?k5+pQGW(
zLCzDmp)}60EIQ-Q!`j(WQd}Dv63DdrU*k)J?qV9>uk`?~N-YnbPa7pacAe32&9v2j
z{c`iYy+}+0>F~V%ukO83W%uaKZ=vcnUCU!!ME#N2tO%`1>&98}>^dJm?MWd}pxI0H
z&DwY3!bSEzu`+91XB*@^(}n&1=VY?@5TZN4GU9rg2lPW;NTch8Z!R26r>+d|3y%k*
z*06kM;i@b>)-^&pyg>|B8gWglg_9LSdAhog<daWUY2G;DqZ6SjGL7QL@}=^&2N6Xx
zN>tl7cQOB?X@}qv5=eR>e71B(^eFQw7B4dK8TbPveq_j}fOJvjhp4p@x}JnlXRMF|
zjym3foYt=QxsmItf5rXR97w-JojLkj1voNv6B!-^od2UL;6swq$Yy2@;2%z&>I#tW
zqJO(y<)DsTp}`k0;W~*}F2yeF&IBRAvBG~{o`?Z*wN|P#@ydAODEtb$73XiSNa2ES
zLraS<U;56cqX8S%9zfFDl|Y&l(BKCs08#7diU}Rc0pn}f1IR03y*lDot|b$HqA9qM
z20G*#PC4(>>0ke}2T=AZbAMd<PjzI%=6&g)$x#b9-*vR3yigJg8x(`wWWOF1)NVV2
zzrVOVYCjS+c7US5c{b@5I@bSkUvy~jm-&dOKMt31RRQXPIMS%11?4|4<5ANJe+S`b
zY0myxr2QPn2Ewm<f&uf!eG;D1s@Y9GvVnzxl{ZL-bwV+$=3g5}`pj#Y&|G9r6U$Qf
zy+_LF9>on5!-0Nl>r5}*0+OT=MYX{DcEN51Nk$slc5(jl{j1gAUds-`(q^&%Ft$7;
zOaq{XTu2jw+7D9xTsb#G73F<!U^piqxzQ?dSZud2Ym90jJqxzo&kId9t5J>*>yy9g
zN#5Hr3R-1=1=LKCzDK-my||)4wg%Vg<AZX!e*6CW_FZB?4D&jN8YdY5T74m{dBvy}
za(D*`;=Ukh@<*&ziH=rp%N4>_04*PGNC4sjy+`s$a#Fw)xRA`0dJrOAh)yklgkJBU
z@(pMU7pWWAWTCOnN@l^z6s23M!~jxjRLu)YSYcsmsvDV`+my?nt{X1`>tnC!D8W3?
ziOEX|==A?p#tq%A@MebYj$9A{av*fuBo22Z78<irwc)wc=j3Vtj4Kj{-@9>verggA
z&dm)i29V?9p8-k%loJiJ|8#V1jpl#ky0(TPpf*a^YnBPhvcDSDqc|rN-T=Cyh+L5j
z=K%lfeN^+nfT7qT;9iulE*jse>p{4#QlSfBm=oF&09GtWN&Y-~t^)~f1VHU&^dNJl
z;Dg&RrDVW5ccJD~unc=w;GqbIQeBXnP=*vQR7Mw4GdUZG5Su|ZFvJg)Zra2D`$VAO
zTFBqC0Qhjr9sN1Ub3FhYZ^LJ&2gU1oEvVMiO%Teke_1V1bO?XM`9~_?CX&?in)(({
z=|9Sm=;KJsBE1%%?L=Mvxq}D)e)AH418af)Orr+y4Lo?St9dSPaTgkP6W%htb)(h$
z0Z@S$_L>x6dq8;s>W>VHSQKy}6n_W6Mu4&bzzA{8vx+K6^ni@&AQUBVWS=9)4r!Z%
zFmwD_g@1&(jkcSOGEQK9HyPeLhaq9;Den%4`^}HNte*@~!^|Hj?#|0Dbi(zOHAtL?
zI8PiZEl#r*AVB#&9uL%pj|Vd6nQtJ2-O+dq5qCxhniDR1=g^f%0Q3@Ji2c4^fbzFK
zKIkSF9tc?pd5x?Dz=@;o-i4;tzJselXpq$zQUHFPXTbH_UI!v?@X+aeKlUzb1K_E}
zb~m|Rm55(={98Zg2K<Np_d6PSfSK|C2oOYm8|I#a6s2{h45M`>k-(idP&|nIef>cT
zQkuV#319<PUH?2$kCgHHiT9}Mzw#m_YrZ+#N89*x3elJU+1_=D#1Ca0&??6B#&}Vi
zQUr29-r_C5`hhmC^}cSM6$3deND>Gh;@hx6Tyq{kmjC;S|L7mE$}O(H1F}SdP7mxC
zPlK;(v&Xe*$_4@tM+Jc`%$L0G%o$xMO1Tq$3B+fD>M^}@C><U?OKkj2i*!_7;PcRw
z)rF#p1d56z9`7!+;&}W57jOVl*Tp$(JW#wAzrl2H-R={lpC5u&NzfNy{0io!4QNuH
zx32|%3|ZU0xM&J$7;TaQ-}&d>W?u~}4TVf$jX^jz(xD#u);-hZL$)YpPg^H7i8!op
zK?;$!Sf$WT-gb`4Gx3Q|Dl5rzUc|5iz;rcrs<4tf_a;(P!~5<t8_e#CzMw0_gP#KU
zy2ARpOxH!N5(4Jz2pIyI4Wh1sbbch=Y<vh84lqauF3l}12BpdjJn1TI7{Cq3P>2x_
z0I4avX%~nqukL7M{|+5Uk+l%NB9g95DFI0XP?dXh5DeO>?kN7<k~@Ie*sXK7RHxyz
z$OuB}v7kIYTP(BF?ff5&fS2k&0wsi~3Nj*3Y7gQ8bAWwC1^0{Xe#K#G-ZWhwR0d+-
zpJ|OZc<0ETA`TA(eA$6H1=$EP{BOe&q>$tYKpwpTbc$ldQO9HNPe;Z)Q2KWKfiJQY
z;G`l&_5?(;-3YNVPzf3PccCpshL^}vcQPQy?IyasCtbBS67>p1k{K~tLW13d*ytAC
zpGpHCpFje%+Rl+2$^c!9@>^6jpenL2fRzGh7;9ApNFFkf`u^LfVpPBXcX5IglDjD9
zCSWtTqFC#V1DRbQG7D+mi^pya4tAObIba;bvmukJzeBFm%p^b#^xsWhYlp{vtzGL3
zP^0xcQ3@C;Ko+xG2S{oXKo$|dQ&Ob3u>V7gPfSqXz|WNxt9%a{_uC|bOFtc7I$162
z%-B)t^7ZeyZGdNerNnE<U_)<dcZxi2ezXH<J=%`z>>)(QBkTN`YbAHs>hxNXipUiH
z8E#}(fJ-n#9qW-?$$v)tPkz51aTI;=^)!S`+<%P*SPQtkR_mWuh+&byf&!RMk=b9x
z<~I<k;;l2}(w3-+6ghb!nW3&n|DSmPX;vh0GteB8k_pHUGLR)VBySSZ6@fY^`6^Mf
z)&F}{WSs<HYMYxSMT#eWoiTwPbN3x~2M5^>*HBZBGGM!lPA)+8SM)HHtzaVBsBQs1
z5#VVgozOzW^mCLCAqhBuVfizi{eKBh3_EX|ojhPGsWd$4mhty2z~&s_5`OqZpR=-l
zDyXS^=2YNiE#Iv`E_|J*Px)_2aNT41Brc5L)wen4Go~@Zl-pje8%&Em;b+-`I<M^Y
z3jhSKf2oU^kyOjq1j)Z|v|qsVWThTM?WYQ90G3F)MhL`wG89Rk{LGrG;{vvMgd2jG
zLGm}YQIf%LBDs<8Y7?V4lF<NaNn{m($PnET_XQ=g47lfr`xy9)y7#vXxPhb>ysn1)
zi@Nc*I?x1?bQ#$c(B5@r)FX~Vp$H}LE+b0b%NA$@0Vk4AS^8$B64bt6@_Qnre$eb&
z3PY}0bJHWFh{CBkVdBR4$jheBkg&;xro%RuaRLKxcm9Z9dhSOsht5Jo^`KRa*hQjq
z0VC{jB@--N7D}a#BFNln_dd>w&dO~s%6P6=ayoOP28JkEq;&fGpv>O~2ij-SElxk~
zSX|`OmZv^27I*AELkOTVh9Rk+L;ebo45?Sq<}*>rulpn|#6&o0c^<?4KOTvPBwq|-
zQ>-v@;b|e2|EGtBju{$Pp2e4RPoSq==)l;NGQvJ`BF%Ogv}k9Vcs8KF9a%3mNyi+y
ziMKdd0}O9_LmfmQ2QYF7VmcJTcY)W*berkBwYc)Gf~Qqt#74>`<dw{|fy@<wCL1#$
zbCvK}=?;k>(eG$YZcx#V?1#wuHfKuN=0#x9v-6;+tM%t|8tSY+AlPYvF$(78foZv2
zI*)EK+=C$=8hbO&%=8V&LX(Iucg8;N45t+Z`xdo%vB^u1r^DHzLmS+=^BOi<w23B;
z?d(6aCf{cZDC_%W;g!&%bL24{@?(7<yFvd-e_&DOykkRer#4_4>6*T7j!hfX_DYWS
za|swohV9oC73hnS_lu}LI5;bzm7j(@nLCNoyCL||IQA2H@|yBEouWZv;HRT)h(SWm
z#gzW(cOMn)waT=6n|3A9CC0f+E@xqiGsVt*ZwsxJl_M{2*?(-~{Z$i1xegw5L;2o?
zzN7v0b!WCDaNB)Vn~b<p-(2{bw9o|0Ti}#=!|rKLWANi!lRF$chv2g<_u2&GJa4~X
ztuei#eWif(8AT}b{jToW7x4NBXr)cZ2Ecj>MA#fV%$5e_Tn(=m(|DNq4`OY*5=Gge
zunWem28+NMk^6!sxSK+B@oH|W7Cgt?`I~t4zdRJ@3Kk_V*(6Rtiv<Hgp?_qQbhMwm
zmT`v!{uOWk{{BIS3J8yw1wKn&-d8Shm?Pi4dOR`OTWVt`Px!T~VpP*q{D`%<YlMog
zwno*C2#fs@%BDV%kQ!^G3*3gsg@T;~zrlMCU^lepI21;DRz68&7rnlCyvE6sqv6S-
zLkvH!Uxp<(wIVIU3<KZ}3OmV=A!?rt(M)BF3M>*i^z31JSvavJS{h^{*0j>KDN-{!
zd2i9FJI!ePzUZgaq+^SV6v-+EC0j+xXRblVhPKPc8_^vSl&4wS$4R90s1(v91Jw~k
zc`vxHeTK{6%9q=u-f2jWaWGyQXxC}Og-V}er%vukr>69A*TdVhszU>suL|zx7X%NO
zoU?3*8=7}%i8-^K$$t;kelOSIZHv>IDqEF0nw!A7Y3J}qe9(W2U*F;StjQI-kj2FM
z7#be7;Q4*sm%T~kmKGOY?qhtA!|6)`rPHz}Y9@23b}T%XWFTyc4L1fIE$GBT3W)e?
z{Rv$rd+xZ304f)@Ul2Olk6oLGn-pY7!E9TsZ$PVG9PtWYOX9#<D^p3-1Q9AQv@BNl
zA^Vq`TkX%Nf=9`fFj8M5TgIk`X&pYVc#83dKNAR{qFfBL`}7Qb(PvbD#<jgc?>eVV
z^bZo1LUI|CZ5=fkO{_I!+7nOcc1)D=NXieMb~Eq>x}KHz%!P=ABJNAB-ko-~WHn%@
zdL;mgQpn$PHb4>E!*#eGTvfk-?ymZ#TV4A=k{7_`EPe{<4=g%<w<)WO0gB+VwlPW7
zjrladQ^>=+6C9)HxEoLFHLJ??U?e`LZ;?JP^2iCB<~n6NHc3OLA6}botG&U5ad@ea
zc>&QsF*WC~WtoqeMO*%2d~c$*GOGJkTyg<z<x@G<ixCrnNCxMXYU71AYSc^=0cq-3
z{Mi|S%5k$|jw<G$-MMlxrid3YC00u=q9(W<{sRwuV??|aruU{;qwn0Z?AWkgRPI1c
z8;(r|{~?1!s&JZZ+_#hzk9n_W^_9gXwB>4<XYo(nJWUNET^yq-HRrwrLDW%Glniv2
z5-t>e-L0gf%E#l{-`(qmW1j<~idB}PKGBgEG6z!e3AhTp!oCOOb|AllG20uSUmK)G
z1sWOe*7txxgRaLdSEz9}#|~sr{fUF)<do5u7T)`;<8`p;buC127&z=t=%hn(8|r;l
z=*t*{7#ySR{JfP%JhZy)2);FSGq7{$?z#*@CiyfwN^M>}hvoxOhm1U;+i;41#H1Wb
zeL6Ay>0(I?ZF{8Q^Po3qr~K2vM{%w0hvcW2x12n8tbDVsii&LCrM=c7H1&q^hKiH_
z@l*80*&IG><aE6C0Xe%$s6i_pj>RP&n$^!qd=VqzmE(_^ZY%#J_}#0v^FHmm=K1G{
zS|Go0`9Eb3Fp*F*SN$v0#1eApkPE4?ymq9zMIZHn)r>{@kLAa8aw-(|n%~w+5{a}%
z`yBCMkjs5CDOZg;truNlGT-Cx3s66=nFt73<M5BBuJa)@0ZwmyWxGXiC<4dS>G8fE
z>hwsq58#R}GK(*e11|Eru&T!PhDxzH?f&x}7tw-W&YIK9Pc_u*H`8iF_4;tQq4q0`
zg~e@MHEj{){gu3~K|T2FOTY8=Rig2^<Xo&@{Cv}?B95!0_s5P1aOj`L?N45yE$WA*
zm5aWRWG&T@IXkv8?;ZP$@j`=x!R~uWeUv8*U(}?{>eM+7cJY{Fk$&bZ)vJ4O`R&H$
zvtCEHgdURwx}W(hu%tr-I&$s73=<9mXQAZYMK!&J%YKK8b2`7QFO`{GI<7Quo6o!4
z(<V2WKr6A9LjyYM_8oukNTuRjq`@xrgZQ6_0A`PHdi5`UizNr)XzdNNDiKmV;ay`Z
zn;~2hyJMeRM^7}Q-8@-M5Z|5_l7p%~MQ@Rn-4`EhE@Xox?W58NFav2j+V3Y|+#&-V
zcVe_Rz%)0M<VS}2cr|3|jC7ezDsG7`8nZ+*tn?*$AHD9;Ca+qYJqivK?q21NTRw`O
z&i)&mxe#FwML)I=;u6Q`j-?6@g!e~p*X#w!WHTloE0vO!=Tmk`eet$rs24H8jW|bl
zk#SMrg6ZwDg4{hCh96z6Zn=Ep{M%MML>Q##_u>QC95Q`SkF@J=BB$PqM?v^BN6<57
zno2X)p*igrBL$kh^Gs{C*2yNU`9f)-F5&qzN}!Pw53#pm*dv4I9x=k3Z%g|EDXO|k
zxpHfdE9J7Ze_72LNWpa)!~aGNDICZtKV%(w-H0%{vo?$iYh<7+_@Na^A7wh%JG4b(
z)9jVuhzplh4Uh5~1FbpVH-*+sYV}=X_S5=1D#TnRK7)EEqPV={-+na=Palp;9bJxw
z3C^h*K0&Q<rDUPg0y&Q{@4?W>`}GLcrnoPHKl0RsAp@%+95Qj~7j{V*InZVmTz`I_
z_=@%Y-8|&VmKYS6e7xEC8mfazoW-Bv><5_b5`BZdcAnk>*Xw9t#o#k4I148Mon$VS
za0j1o{G2Cu_9b;3DknuwnW!ama48pT2G%G{wS~v|N)W{G@ACQNwxhW`>8obwwo4W3
z-G7(<zXulyU+#QNY}d;|Ee8Ltyp#Hw@XI9reeNAZI$9;st}>=J7`duNIyEx;{jhM`
zkLyGIXCma<PYDN17}6dZ|6R-@*ZsjSjDy(2fhEvg81S7AAN{Fb3bY6!Ns*P-cM!f?
z;Yy6}d#ryno&?yOYY7Unkdf=v{-Ah58Cd6-{c7FpOXUX*PM5ry!QL|{-ho?HVGUQ{
z#8}a)?K$u4siVD*NNVG9XEHPyalvC|Lmhp%x}2h7=c9`Oa~=DwDyxGA((D3IUje{R
zk$}!*=G?ed<#}cFcL<$oOmz6x9C!u;B20_Kt6+Q&7Dbg{Py4+?;<H@iN9;>Mr7GzD
zMSXQ(ziN|cal3|VK|vR#o)f`$eT?rR(Ns_XsSfPv&3ayM6|NCiP@pBsm%;Vxi1XOp
zI3%JHRo$Pq#i7rG?-mqBJcC^flr{s<C)W)o5r8u5R(R5PTn|&PuAyafh5YIZjdzjd
zWMtpFW~(`&G?D;<0Q*fGD5r%3sA>oYqOQK+GmHDU$9paYOw&9=gnYRD3p(uCYlkMs
zrLBR9S}Y9Kc&Dp>&|M(v&cIpw!osldCr3xeixn3(yR=A{9VEI1L_K<5dD$w+yEylk
zBp@?D4u--7N%fk+m3ZHX0YDpED}e!9-a2GYw*T)tl7)<i)c>>vV6hm$U*F20{db7w
zl^bEj)K7u$@gke9LWk<nq3C#W->Q^1H?TT@T#M|GSRYRb;rr0jfWo<JgQ(9qfR3mE
zI3K`Z!C(&<)*my?D=QKKgMW>Ab&Z~atc^kqLa76Y0Ca@}i~-cUmK^y2U}>N!Boxdw
z4%c6lmDD>A|95K%CevuJTMU7f*#9lwHD)gn3zTN|fBMrOT$A?0#{j75AN(3*A4qM0
z&)0ZAe`tx2&^G}7&$SQz^*`k2e;niA1_G|h&|t_iKm#9aSV_bm++}-5KtwVK=_sZ{
z?w6LCF-e+hMgMV!KQjF_UposD=ICGbk;q1Wjs3sJ&+x(j-|^#?a4JYP-t|C(6MZAZ
zSN}$&-*#cd=$1(Qv(wdtsbQD*9r)8cZ1c@b$^2kaYm!rg!>*Wam|l76^!L7BQyEeV
z`f1|64o8RyBA|gaiopCyYICg`2dVy*@-_|jD$w{7xBH-90C*NANV9aW&QIJL-?|qd
zuzetW%$II5VtWvE8tJ68#|-Ur&NY}Hq@`)q8dre$HmX;OO?GFji=5E_R?w{PL-w8O
zAQhQb9@_TlecMK=^SnO6&>ij!1$R97oKd08{EtdnabQ#~dK+e2FqvHzH-F!Ttu?gS
zEc|!~1tXmbAT_5PHm$Y~p}y*31X=~G0>**2iSPbuHjDxv-Ub4}iVf<Fu$g`7Du#l~
z!iA-^NOU1gTE}z&uyBwS6O`A<X6Dlv7zLh%3!`sI6=Zb@r$a{7KmcNDZnBP%3qcP&
z3V5-EKLW#A{+E~zCSa;0T=*{>9buDObJ)m!F+q{@KEgw*x3o_00FwNC2)Tksh11mW
z_#tyz^9(b@AZPMBBbNsf(Ob|y5*!2+@*BPfx5+TtBBQX72BNO8Flh0VLsG=a$`XjM
zpFR%e4+Bdh9<(+rG)!>61Gk~l&{Ie}CTxytwn0*JyK%M@%U9FlSo32kg+3a5wJOno
zSGh#l!|k-^>1-r?HQ=c=kqQRDnt3~~BMAelrSAVN2MviU<t1)J(XpO(@rg<)J1VX!
zUfxvCU_C74B;J%<UAcB=+pp^?g81|P3gTdj1XkgFoIte!U#E6^Rxo;c`kD5L)Wl_>
z+4=ETH3e5)gYdQnoshV}a$pn?46q{3W?%?8tnnR)n4nUjPR0^vU-NDg{rt*mH|BDq
z<Fw&qY&7nfd|DiN?10C)iv-gp4m7z!+&15<^o5y3?FUT857`p7o1Q*J7odR??|bbQ
z+?o%i3?5j!*tSV9<A|Zg6V*xft#Pt>`p1whj|WkwOXE>fGEwUwzMkGW1%2;*o19m!
z3#zdmk0cK~;j-50kRX7V>XotCMkFs0=_W3(kmuT$JNJsAH9xE6JRbJ+@|~5Z$+?vq
z9izOcA_omL9)niO*(~Aiu&a92PJH3CnnT@}m_KrtJ0;b%KE-5-@8I@l%wLzQ(U%^s
z&o9z0b%dB(Bj+kcd>rOJ3A-Zv8nea{_7>lOyU4{y7jHB;)@`Mj)C>+DZzY&m)59>C
z&d`uvHF#~7CcrH7E#6Nh>r;!oD8zKAzgErd`X-r#JvAvVkQ*=0S((gfxaiu(+rxr@
z=RT*rN!6o-FAp?c*7$X*GnFr%FFXsePz=#@RW7gErT5aBu&w89M<N(uf`CC9Od>fK
z#D?G!!YZuhWIZJBkQl8c2e^2h$!)~MR#IOsZLymf$cS<C8jI4E`h+CVF~&yQ=%(#R
zZC+WPCO}iT?KafoRoqk#R-fFvVzM*vy9jWWzgphV1+8#zO4T-L*FpDJ8c2Ph5`gvw
z1$Q2D?VC}i)Gxl>v$VAO37_e_j2>yo-@S(@jh+d^9jrgg8QI|E(&spSRXVbgX#XT6
z(coD}QDKmk&y{<YQ-3ylSXiO2V9)Uo43-+x^x4Su`0(Vkz&rZIa&~TET<G9lN7m7T
z`$`k@tn)dW-mDg>91yRBfP23ax0auu0K7s3qSDQtMvl39pQI-S$8y{QbD@{=f*jpj
z%iLVHS8R0m!AINfJ?qlE*r5lxfp5wh1$%gsg8N(QzBeQG*B1B=`k1Yr4dLy*Os~)k
zLBD9@VvJZ8>`xH5WiuJ?Qed!3?HTJr@1NaALuP~t0qf`N!)EE}1Q}STJS|{s6$CbK
zLb@&@1MfsLn|4ZWeUzZZKeLN`#LuufM`~1)s}jOXKJkfkG4<d8(_{90s1@2)?jd?F
z?RZmxLyY;0xiV4rs|=$kZjk_ckJg)CsIvTfKAtYkSJukanRr0vgm=@zc{Zh72^_^w
z3nfjBMxpO~3HDH+Ti4!%(UfySg`AisE*(_74n`%$7+9!>L<?7^J|vouHchcV3obTA
zbftcn^Ih>8&vc4<Ep8MvpuUy<-lLl~zRB~gLX$3;>Tb}_(dx#W7_Y-O8+>busu#EA
zOJaRC0$+Q3Se>M!gNDGIyZPtoZk5kd5i8wkCIVLTAA2nC8@jz$e14RCQ(R$=z)=5X
zeDtbq)dx+*a;KN9^1h#<9ZF5Zd*$j6pIUX+zPEL4Wv&&|^zM6hgd19?AgtIl=~jNe
zg1zOLw<(mmKtIQMapW&n|2^i$8v26-mlyk34)$iKS+*jlayV%u$iZAG@pslsZ9<SH
z!e)vdCI^n}fU`}yD@uHOG$=`N{EMGd_gFT<_M1tu$(Zq~mRtEEJUAtCF`j+$<RV0@
zCXsCHz3ABsU;1oead2HRuk75Nqml8<Gq9^;;aP^8LfYxd;kJZF*4fWI%{8A#!nySE
z!<Pkpqr18^Xt1>0-Hhy`g2=%98OmXEgj8?OORtB~MYGw}sqt6d#%>DhJ&L@=wcC4x
zpS*>KlATxG3iZcyIW7!e8N97N6s-iGT{h}L<q|#Al**m%&fMGFji7H5>&andVXB#c
zkJXl&<uD{|r9Fz$WT+}yo4g_FVOHU24%y8&l!Tw_clwZD<~KS<f_!@>*%SPx%I!gf
ztk8?wz>uH=N!S(wWRx#0dft9G?d*Tg0$fU6`Lazii{3fX>2M457=CHr4w<~cw5?UM
zd7-ttoCkAZ)8fn9e7)qGIhSY>e3+#ynN2sw?#-Xh*PFmTE^uYMtE)dXmHEJ@mXZ()
zfAG=!JoCF5ac`drw#aRAeY+Q{pysmNjO$N`l`8UqLxlLNcF9ZHZf=pSyr1GbinOlU
zsIP^?s>Xd%NJ+u=+DZ{Va~zS;#{H8Bou&!~>%{v81%*efB*tlQxjDXQ*HO*Y@EP;Q
zhn^rw%gYUA=gDAPSjz{uA4~A1RYCHA0~fvkk1>4=+j0S_#Ozt&0JE)4YR=L6FRK*~
zISk{Kj@4Nri^YPgbj60LWpsCo1+~(1AOf3MfgcmL9kdw44D8D_H#>^oKU-6k>|ERE
zN#c#5Rho&_NZ-kFjvWL2j%+vaF5f>?5ZF<!Hn7yRMxI;}r-l-%qrpNrzkT3DgG2np
zXI6P;?8+?-?4EQC9(Sml`ft2~x!EUd$86f)ur61g@Z-~hC6zv^U$=>$-VI4f*vcKg
z+l8A{cz;^tw_q~&H`1-*`QD_i*0s?k{uw&6aw5J+u-UBsPn%d={JNdjcu}-`J-^RR
z0?m8z2WWbe2gl4Ys(;#2{k|K0K`YUOUxd5rC?8q2qEy&BnH~E4#$d0>g`+^hQ*M5n
z@}EAXB&$Q&q%_qRAA1S&@_H_pJT5#bb%-K!KJ|Q9NS6giubyF`PU<n|paFU<(gUhF
zV!>CYm5x7}`zn&s-&Toj33&`E@{BI_oc$o6mA<S&7sV;R2417!iaY5q7-Ffn5M8wM
zYtoQP2R&}6v4nfZrwT+C23P$!mF1;T2EJnNTl;}`|Fdc4njO<VropF7UAk=MROb1t
z{Zjs2J#b;<_L?7$X}N@}>(ZI2|MVLHUb_o3n@4Nf%VldTzf6wi^y3ou%6g7HtKavY
zc66v2)oMg{%4b;%E4huGu903!RoiU(MG;bbr+3ErU#eij)!a=ozV+NQS6Y3B;19P1
z6CDM%;jn?Th27teGvh3&SEe~WSJdde+Yix`8Z|n`P7+Q%{0{f7R4e9SSk-&lbF`V{
zI!=7y-M&NF=34ri$mf<r6T{A{V-snW{Se%n`)B2fzw5>_D_U>JsTC5|#-JDJc`u_8
z>3(0G99&mfO<G~oa#7uAj*;uHeV*Hu25Momw$g+<e7co<-|?B=-l5CN^1wZN!aB=x
zt@sd|sH+Gug~(f*7u9~eNX#NMP&;tc(MTR@jNdF_H}A9gTvNl8kWk*0E%`&gq8iw>
zxH_~4Ha!DfxQSLNkq*GoC&}gCXej$}RA5}^sFAKe{pHeSpr$dj`72F#qrw5V+nZRx
zFbB3N4xTpigFZ);N>3RMXbojOgeHq5*99WIxe-up{$YZXK&5KCBEv3cIcLf?86t~l
z!8Sv7+8Rx0<@&vv#Il}<pPCCg1gU#LJ#P7wk%xXdHU&Cv5wnRlRpGU%$V2B5IDbSh
zGD3--w)a$A$Ruf$D3c9LyF*4L)ZSjqCT<K?YBvcsX{#3OP}Mx*;cocgd=!yiQu$0c
zr_c<eqF#mFpx4|&bdpH%m<l-G>{?m7fv<CaZL-7Dj!#RQL_{Ir*0P4eFoFAIw@I)r
z>p{l)LTS6n)eqc8vnD;qLQ2X>`!+U2gB{C~eWDS=8>$V<x8;@%?Qst~u3F-3TZyA>
zbznTenZO1BorDj2J|cmnFag6MQjZ>PIJCuCpIe^6ZdA@JG+}AMvg8)sP<il*I68Y&
zk|1$0Gui)Z3i@JIk0nfaGfl^J0Nwi4^ql+XDZ!NYvP_e5y9v8uwZS{YOum)*nakT_
zjNVlT5>XD5@}EU&p{}(LA6`08i|*(2;MfgsRMpKQv?W!HqI!IO;O4lO4t*FTX7mFK
zS(VRizTmf@S}_IPjkHs?X4~0(ekQC*le{e;Zcl_dY<ZoF_QHW&^ve$sYYvCAvq-3w
z44SalzVd^vXxyu~>M(IWUga|?e=b*Ns<an26Q&fZY+x1HzxM=D0GFN9DR^aKIdz!s
zGPUt?&|huk%dCksGY=ZPeniWJe2XQxp%i9RvPVvkY$I1&K2RXEstvWwE+6eSA#Kzn
z7ug(Cz;u1+7GEL0*E7Y6`HpAosd}y}723UW@6aNIDZgmiu_D0@YCD$RdVAp^`-l9K
zuPXDHk!LU+WE9aM%sK7+IW7QKjE2>&gqK6Q26ypWeDvL$3Q5BuJrokt^XmLB_obt`
zCt2STM|*46&^r#ANUc1fhMBW(vd-o_?2x+X!iv}UktHw#t&Q@MRxFTpnh5D3gm~XY
zY7k*wZn%*V`6yUUeeKZ@CaYoe&OP_pY%0}+ntbbEFM1BZ9frb5?WSEwM@rV!*0z&c
zGCyVl01pKH?_Tf|3u^UBmG#&+=3<e)s*`>Mf87@Ttllj?iiZVIA7Mj-1<VJ@dD+^)
zE1y4;g5w8HI$YSGxUcob0TBa~b0um`A)v%mNy1<D+s(20;9A7tW|VulV)Y%#welIO
zWyNYQ0IXqIOTE(dhRD`E``@{0mXA#1gu)nVnI|{R>dynCy{si;Vzo-jdV=Dk(V@GF
zuWov(l-puo$r^50y7D#AWM%CYmi3H0tKqR^pY*7087BPJ5;U6h^KkIA1vE5Z>+Dze
zoNrRKHz(Fdc>|pN24`1Sd^?_vm@_Uz(febe`{56l_0N_?9sUB79_HmHt&jMWJNPX+
zn?CnMP|qO`?I!1Ei_QWEb3-_RY!oBX5fgz4T1!QPn^80)GH@qk(g;TbLQ81a6nNri
zL}sS4ZZSP!j(%-xcQS3W{<Y2QqrVf3Fv=uduKW()^UVlfWeP48TRm**nNODYwS_u`
zhfP<qFKCve)eTH>+_dNx4Tc6aqCGj-ZOU=!-lUzO`y-;xc6=F>8h8h?IUXPs_{Uec
zmC1!U4Fc?h22HMVd`rHNZtW9i?*yt!*bO(ED0mvBkiaAzd53=c2=J(+4$<|S9*w-v
zFA$RgeL9F`&D~Opi)y&lI6HMGx`3--fZ~Oxu$jBmu&Jt3K*NbipL%IwE+TfZwV)*D
zSF?%0PEj@<5NRM0z*mt|q!Ae~Mebq3pRF=|XVAeBWMb=kjsGZFx5}?aO_`^H>0_07
zj(6s37@Ip|hCoL%t7_66r<ssKy+_~1LWZC>PI#)tEz|AUHWiN_J(|ODXcF)~l#Und
zIf&5PIu2X_f={$!BJJBcA9z_m^IMOZ$qM6;9YbBb<=gCgY=s?i$(m1jUD!93;&KG4
zEas;CJ@~t8x%(eOBP?MuT447A=r5D{=>#-1Aij28{)QL_Ah|If@YTf9e9bsPh0~}<
zqV643s<CFc%NKh2nhT26cWLB1!GKJ$mVqTwEa^jDajtK-G616Vwt+-&X=3~R#6;yI
zhnEaT&+O#l*_JmPcREk^kLvr-VW6xGDrZ9iO)*Kf*{}n)bd$q(vK$jT)4yl4R(8e8
z2a}$Z3*TZ>&gX+!r9a#&NDu0NmF4L<=-cN@X%VgW$#YU7IpY{?R=%=%oE&SW78?o6
zvBtLSnUE9G8ifjoX{9#3HTv%MQ&4>crr=$Ti8{X>0pw^I#ZY4)fpn2TV{PfY6kZP{
z@h%g1uBmCJ2PZZ8LdIzFog}R2_Hm~;Q@`gop0&`bI=oaG_^3F(O|V1|4<2hv#<i>Y
z7SghW0qX7leXKM$s|(`T)2Tx&TiQ9DHhG;ad2F6-S1-gn4D5-0?qTb#U}jdY`_hRY
z9&LJ$S3lmLjX^ZYOSsmyabu+QRF0RfRz2}i?5?*PnPgqHN7|XSxWyE0v>PVvf95(7
zq#^KOO}aE{p(l;5hC+qF=aQ0^Rq<9QwVf%;6(9J~{mQB+CZN*)!`hpGL;3yv<CR1d
zm87hxtc8$uEJacF2-#ai_Q^66V@N`hrHJg6ki7`Q7;9NW_AvG>+f3HMSpMf8>eJ`>
zKG*a7f4}Q@T`t!>_j1nryw}%xpN*5|xA-8%+f67Aecp3fizL(4+2nR-7s(>MalHFe
zk3(*{L!oE`w4dcB|4s~pR&ov`TlKzpbwNK$>A)c8-7Lw2Z4Q#%YAAXE2vvk0*>P9U
zWchg8t<3<{6m;FqU2tz&+4)$%Ny%9I{s!dsLI(=|sHcLA{}J|jF`S5fpHre#%;Zh?
z2&G;;&g#!$ook)Y)!URfcKtC~+mPFV3R8F^gAK$|NJ#FZgM<>ML9c-rb1d<S3CvEJ
zV^w_@-bB|u>)Me(<Fupb)SH5R7A7X<8Tm`r?h%8VZAo1YyGV&(KYB_)o~Nzo1Ig;$
z__r(cK&ibmw--QwY5bIB58E^RlO%j}b`dTL?X1e6tU7_n2Q&H=g((7{EREP%BSBdg
z0WCG4T)Z`b)?fXzEZ|=SQ<fb3>kinT4@O0bv?Wru)&>31Jg;K9oplp$F+M2uyI@rY
zg$~LRgTL#A)+1~$o7jE<f_HzGZTvT+XYGeN96rXBbqRl#5>YOUnP|aMl=jEJmpA=x
z%x-*33}uf`m=46P-?i`13Vu3d#r3Go%Ku(#v9%901+29Iv@X_G^tn$s38BHhVcXjV
zmsQ}BWy~qBa>`&}#J$iayx!d~)OVGa7Y=YyrQb?AA^n}2jaJx5_=nE5DswT@@89`#
zPWIHQJz+if_TtM=_k1r_zkC6|BMm=K>nQFM!Kq;{>H3lL_;Eg8JwBH@l~^;hg}$45
zf${0-nyCV?O}G1^VY=7!Mnd)!7sMIL3L*@|hJ3L4?_Vo^z@iSyga4jCdzHYN?fmoS
z{*ym{M7^^D<{#ET+Mtk3`lX$@q@X*<Aceaj1?kX5p=}*=;=&`#aDKy?PT0eHkeJD@
z#gqDv$@NHXFp?$WmP5#YOipz2el(m}=&eGFA4-XuN}=tS>1b~H;7cYud7pVBJss*q
zJWWM_w>7x6W$Y!rvd#e;_MWx72loy-`qZ7SB=``fN>ijmvxSOu@kQc;t=-knioBkF
ze-6Vh-syuHFXC_PeTD9e*-rhyEZX;g4IlqBiE^<A6tcbY<pcFL1OI3p<suf+k2k=)
zATjT#;Et_0Li+Yki~p^16z=D5?=ZY08QMX|a&#K%w<!$d8kGKCLNt_u@geKF{HHDa
z_cd=<OtD7_(|1&!A|vP-Xc>O*jyRwacJBSr2>dp6kBql1>d(qE@0T+k`OfAaPfsU*
zC?x9plF<)5+b~xKDNM7aE9a1a7KRVVVOW;?`Ge`EHwMF9d(74vlU$1x!6BTJ0mhym
zh^cLy<>;lvyJLE`C9XA{#^g!f_)^a`EW;iV%Mipf?wlze^`HYms>`xwadfSdz_`jc
zIv&F)#q&f;@FXC$%*OjsqBJD*;SWWf+L0qf_@oqZ{{z`FG-~)Qf@O1&gIj?LZ@4K@
zrSW|g*XOpZXZ{r5Hjpnq8xSYHpnr|~*h=QwX;l6($AGgL43Mu!3jvj@_1&o?L4rqN
zkkfL)BGSXVq@pjWlh_w;g<Tx9>f@fyWX&C#Z75ZMZ(S^#C%$+Pt{2{Ttxzk+POR{9
zb+B>mGkH`zH_YSkAm=bxS7rbND$)M|6s+c1fqr`=?~>HplrM+yWp**aVB9D^=MbJF
z`pLa~(;shNh&}x=QyaHzBy49vc%7l@cxsIs%Zk}jF(C7ZIi}Zkj=IY%B&4Jx-W|$S
z?O|Wix+Ym?qF~9?b7Q`Pd8zi9X{|67!J<}q3lgRjHQ|GR=suF4+P8guPhyTJ!x_^+
zpQh0Vg}$TvmSenLs42v=42?dK+wi<v`Z1X=x5xX`NXpFRBlWXxN8X0LlGTcNH8-Xt
z`Os}5ZT6`cCNE$UT8`#Khrh0O=Kz8J)$4=B`z3h%2RU^CfQzL<+Kk6+scJq&_vC%H
zk+`pelTCPiMW%FW;As2iTZdjo&RXQp3pn|lhrX(Lrw!0}MMI;>9|aEmcVo9cDJdfi
z$d$^Giq1D@e@%4HHovk(-MMWyxU|qe>sqVp;@U<tq3>-LfgSwL#+XD+P<+v`dF+JL
z(vx4>odWfdG9~*hCroCw?!Fu8yQ5&i{yHRIiStYxB2}-D({CoLE9YmUbhCS?QlxEp
zcRR~Z7MI#$^Ud|mOH{mEO>{;9{Z10q4x4se8LlOPuUy4eHG88OjCwJq3TXY$R7v&3
zG-MO-D`m~gkU53K9BGKjHGo@u_+tNE^Mim%wm<_|AU7a>upHfIOLv{&NTF%Jp^@Zb
z>tcrP_)1y2Yzxfoinpa}XWv@tva8<*KDAT#`sNx!{PprqYw5W;6=@}&x%@I%L*!mt
zAMGa=*4(@v7S3FO7p_{=)>u?}Ox(B0H)Zmz)=>v|l{%A8PqCI<HXP2oo!!y%({KG!
z;@Gcr6*|0Psr%{P6`&<AgXiv63P&{r#O0qZOg4Q3+tlHb_PE56D9(npOP|O;gsyM*
zdJ!tE8Ir18@TOVc)_ACiet);#SUktp-V3YzId|Ih9b~zmONVQ=5$`vC9KKwudv^Ln
zNA4ZX{ONCtyK;)@U&tgL=uZEhD2<Qxbi4F)=AtC`!usIm*}@Tez@Jh9xT>ame@w0x
zd}~GJoX#D|pS<l6LR}F&<?@*TcS+F@Mjy}lZiO$;HP;UE=Q?|_m`PV$EIQ)x=D^qw
zcx~|b`}G@l?;u7C#>=pYR}YLTI&gH@4tRXo;yMCYBPC^-<44#1Vk?<1F7|80Dt3H@
zdpcn<4leR7FWL-ux6$m70DS9}^3udlOxiiUnTp++VwR!xdK?3U=xj}9{ov$Ebx9ow
zNlj7rlTr=sfy=y>uuZFP2bAMkj^wgT9jZHN=~8dg`eD4D`daA0h;}A~>&(!47{~R9
z@pj9wW4=$BR~qS+B758~C(b7G`tJ&`5B8W`t=LGSo%=^SRN#g@<B2A&Ot$rrcJ*x)
z@}IXGURcr`DI!N}By%dpy*?u%=^IaoVE=CU7Zc(0-Q6<cI<h6+b*KPq8njwZHuIBn
zV_i#)?%@cpv4okxLo`+q5=;DNpZL#YE;rH}B@9cuboY04Ao7!A;y$Y9wj{+eNH`8W
zIcJ@jiVV6^p!=3Pg7wU|4r<*o6>z9XRg`ww*>JDtA+dyq%XKcP%8|vn-bRufBI1(n
z9$v51TlZTWRW!Y8Lxu<UF~5s=6ZWc4o^_&CHs7_jb?8GMI;XOiuiZTlsEl=?m0zZ(
zS*cRdk31%lm#938xE4B=!6;#DdSTT8r}pVbRGDzH8NZfr2HEmt*OQrpjltiqN{{dE
zuu&rhsWa!AN*OoP5xBg_i;U)Z(PNYlD*?RvJ<Y+*C)@7Pz9>cRAbz6r=p*tz5t?hu
zk@6PBwT1D4VSU&R-WR7UUxl!?ghzgB7(IVG<MZh1K~8?5Wo~y;`%KIDMwr9&>Ot$1
zdIdAzmF{&u&y5kgC3_e$Dk()vJM5a2Y0LvvgVGBwqC)1=!(sArqFdJ-MqjjFO;6FQ
zU1pso&VJeY@@#FctmQ!)+E`>Z-hhUQJ9acMH8-a2N0fJ=W*6a?|77gz_cLq@JfH5L
z<+BmR6P$lVhxLgsh`4K29-7ef%dB#yr^(GsVXRUrxWg-AS)nKv)y5%U*TmTUEJ;_a
z?txr{HW%NK0D(0tj>HLBOB;4eA$f56CQXDg75}}-u*UA@Y2MPI=kwnULF7ZbMEPFU
z3^deqzj>$Bu?4uCPZ<JErB1Am$ZKwsPET$u^gpq$liZgvFD)?HCRr?3_;Er+M{p~0
z<)!ib*L!CV?~P{YKJ87j{8}8FwG8i2OKa@%u5aAmePTA2E!V7LugrSKr5BvU^KI0x
zZ~ScCENI|H@!vgZbfIjehfDPYM{Z3Zt^Z6Y*Spb_k=%igdC%@C6*v_H&0K@s6o_~b
zGb-H}^Ey)?=Z1c*LE~GG#jAey$}8g5Q#uvhO|b{Muf1|&;^syTdEfW13S)ecZ^ij&
z?WASL2;0DUK2N#n<OF>^`e8v!-{(SWj=8$)%zk`k6-YD3`J#;~7}R)Qsar~#fqI(m
zH}3S~df&zB=-n~a>)(w}WX3c3dcw;v>+Rq6$g}1-eO8~0cyl;bs39Oy!u`$BcKz7L
zL!)!>R_@pXT1<+kLtCHe#H$$Pd~G)UR%-s5D>t+kxRRwu#}DYA>=k0@_Bd}WLL?Au
z2KD*xcI<u1B&Y6ot5(rH;_0p0%|%zofe*29!)9HIx8QH)FURw#gnHoTuHj}Tox6@b
zOf#*v%&3tlxGWK>B+2}GwET(vK-s3R-srW@-A(lL-6>4Ra@R(aB-uJTXp%j=daINR
zGE#od4C!nL#w^%;v~YFoA`+_EbMMM}bcw~Ce~{jK)o%uF;uwP?lJ=CN$FO0JyYW%Q
zhRD$h4hbF=iF<)*Z-YVT9ZPPH&>VmOao2vr=eADiTHZ#ZLr1fuN_hlJ_<CuZV6r1;
z)IQxqwq4Mfum2j6QvcZXNmmwwQBSypMfk{|{dI#@{^?(2-L)q#zlWjQON+Rtxr%<a
z!y2y#ACnDj-xIm?@WQgaq7mcgCnqkv`sp{*%vI)v6dPUbyHHY}w%}}gOx3PS#E^&Z
zaErF$fKw^wmAJ+0)|Vv;-rQNdXm&5iRp?9n{%-7`u|q%!wKdGiIgeNS=DpH4%97_S
z8}mydu8Xu6kJl#7(=v7s{#5OnCR(~9K2#{qIuFZd_updnJ|1s_;&|YF^l{8Q-tiP8
zP6uw`zU)CiSepB8KL9rm(gf6By$;3#5aK8?*0<n`dSggWu$K;P-lfYut@$KV{L@*(
z(HF`r8iH5vCfi&-D)6GGJ{apG+AC|x#uUINxz*giisjACez5-WP*k5F&9U)gG$HU}
zzuuI?1cw5;r!2aAuQ;5cy7uu0zwMJpGQ5{Q?Ki!8Pvpy;E&p~K-MvkSg4ApI9f&T{
z#5c^{?2JI!kqHx_AT5;%_p;`iiH*71TV6*iL{z#j9{3pk-51NNA^Fg|IVQ84R=1$6
z=gJMk4ZcUKUMdqB5;Y=*G4}3R8q1;HTO=;;V2*{^-u&k&mn6~<yI$Gjl%nlB46WAA
znN66F-n<>oSh+rLYhu)hGBVuvM66qHz*$*B;yA1OTed(gS&z9pPwO~evvAbXFIpO%
z8Os>alrR#fviK#TnzNTtbRjxZ{JdVGLcDr-<2l8c&6O^3QIK>cj79|43oN9*PQJ_}
z!!spA4fmFS56mv%-z>F{-Qr)>keu#i>C<cBW)R5=dN9X79>VUX^@x<@qTXn#)-b&~
zEWqdcS=fv9*>zr(Z;nzr0mlbIH``KMEtQEx_i)WvdG1rSp@a@hgQorA!-i^{F?wG(
zBdv26xM)_V<-TvGx7?UqDltE-nXmo9lJC^3x^d48&Ct=P9wwfBx5F*Is*`TWXN)Je
zmqg2evHFjt`iV!}-}2fa1KfF0b{d^r=QZ=yzB8v4geSCE2BjMmy4=Jb<&D+ctNkgA
z_w1Cr;7?(yA-5%GUYIsjieDx;@(y1oU>B)pPLQrO()%`jg-PaKhs-^c4^_r)(mfv(
z{C2xxevU__<wm$)ji4jgQbTBp?G9qzMSUyRZKglgtV7Q@CewT0gfaDM$BM_Di2bQT
z93B$PZi*phk(~+7-r_e@zi?|9=Bmc`Ts?X}GId|SmN;zFA?~pI+dEt7Enxdpyhr~1
z9(oO`kWoW9n_PDbgkBob{^B*8@H@iir$6)<HQHB32??iHH!qhke~=YZIxT{?{94&%
zTyDuY``N08zCA)P7XQpc{if8kPB`;Y2tpwLp5zhDqXxOoiQ&>s(@i8K)om~zi!iqr
z>0JNPr9KFuW%l603q6B)y<H^!M=06vLGQA8AM<K1<FmCdY|!Xx4d1fpNxb<qS-GxP
zu}?QVv3343`*bjQl4|MM)WhR-L!z8Q4t$3kuV6hyPpe-2xzVV@abf^pB-qhDieU?F
zq>}ikt6FENcc6r(BXC5;f|L=BaWgANOG<bSl&sg2ye=4Z#Rdx3=doD!W$*^uS!~{Y
zpQu|M+g!j02HMz~GXf{S*V0QF9WFe$l;{8pJb}M@qt%6QN4dpOY;k5nC%m!8=37M1
zRaZwlPnNpTt6Y7rWRI*~MoWy}J!)DA=4uc`_feXv7FQl0mpc`=2cvo?7^RZPEGTg!
zz(zA>CYnRqXaVJ9uN1;AZ+qLqOm(EzcrH3i-*qOm?WM5WQ?ntk>B@ZLX5#zKmwFyr
zf-{>|A41}K8q(w0s9}P_qYSQnV+0*-Ri0UYW<!o=beQHh&Y$Q!TYk?4sO-JXo9MEn
z8ZPvZI?EpsneDkwrC-?^njCrlO71(4Gxg2><M&OBgxEBLN(6XOwy-#^o|n;*-6*yJ
zYpdZ;@}Df1WWt%nQv?OiPQfq|PFk~1ABQ+bwzSHV=W~7iMK^^9889{O!7!P7MKU~K
z@~@VWo7Qgp>D>hVmgCAa7iH2CHs068AXrQ$?OYHopH{w+WZ_F6oxc^O$vcGA&)XO7
zZ8<m6zpkcl?ve01?!(Mas;Kmy%}Rok|I||(RG4E%@a0O<Sc~p(`=EGlg7M9AePfPj
z!Bk7~35m$vq!VXkFH5i4O(mxB$=KwYV}qV01=;87eMvUTPt8p^-+g*6XU1BhBXj**
zfz6AWzGEp@`j3Wpv}KPVrH6-(u{T?G#78*fXMxRTG4ODX*GmCkL&Un@brZa~NwDbU
z_S5;r`kvQi^3Gk{3uftJYFL1cHZ%%6*aL)`?m{=nxgV|_6p4T(m5_f(OO)yJX&Okr
z?nee8Q3Xbi;Cv@OIKR1(RVSN-O<3vn7|TzM+z7<J3LkmyZ~|^uFi%f^fYU{=dTKUa
zy7QXf?H?5FrCErbHcv+IF#b$m9Gf(aT5VNUao}v_JuB}i_Zd-BW)tt3;dahGX&0uM
z-`%;=e59$7$meGLluN_lNAuX%Ysuq3sO*rRHJ?2T5H_t{Zl91qzHTW^-Oza5db{Z7
zxIHrPV{Po6-1IVk&&BwuUk1y<g|lfnp<K&Mh)<S!48xn5yl2n9)w7ci8BOlF!rYpa
z+iMVYf%hyvKV1JF4(I#{nexoXrkn#FDuM~ui;UG9-U}SH{>0I8dDfas$J&=ir7EmW
zTngu~v{(C<JnQ<wxDt6!N)hH<tR^V)t3yyN1Wihk;*u0&im&hohl{#9q{_@fO8tI@
zLyBGEn8==kQqSw2b?rA4>Q>CKXNM<VliG}*O-;)>6t2ISw%m~T<5kd9uhS1c;{~(S
zsfD}<q*AAix9zB=Xg6AZ*4E_yL$*MMJ?LMHUzZE4B)efQbq(Yvrb@kKxrw=i=uGL<
zizQbgnB8dA*FnCWbexOknwF8RRv<HIjX|8=sr>|(rT(B58A4jN=q2kL7p5_Sot9&s
z;{=?SUteL1<n7T}-os?^8`$BtJ8ulGW9S&foQy^Y(u@8Ty*B7h`L=y}M3I~Qb!3L6
zr6#;kT)OD@aFvtQ4tA<$g{e+u_FdtDJa@e_y7&k*9#_WL%F+9n9jGc7f+98*@*9~o
zZbf`f;+RqmM+9p|&Io?_R5$K8>Vha1Fzc^BaaS+Hpsnq+Qv=JZQmVKsHe)?Uhc2Hx
z@G2D+sBt}+V23T1NThWtIDXy;r8nZ89xLC#AZtrBQCl+6o+0T!vYv^#8ogim#vwj7
ztcMke7Vd2$1hyK2^QB%spZbL!sCGu9z>B>ku;b7Rr}Bub1HFZ_o+9LLcKdL#%U`ce
z6*WlT@kMTZ61CsB_2g>}A_*TihY+kOiZ$QjBZ|z31?QHi%{A#)VRZ<R+O2Ko1MCAM
z55#dx#m`P)Lb)7@V66IFS_$eSS+}#tz0d@)O3T95EZcm;M9)1-x>88fI^lgs_^N^o
z1}kl(EZnAjPV_Ws%ae1EQfBUT#U=(^UWG5YBG>e2x>xSD*JIV6r3CLKxgCN$4niyN
z1SGx~5JqYrk?HHM^NA-Hejf*yY2zIn21$8bosufDF}slE=!3GUFZCip4j*_dj->tY
zP#MhWa(QQ7GU>C!<wr1J<>7kJd*aSuCp_rU9^PJ7g}B~@ce{~5>-kc55gw6M#=-e7
zaMeesy&47_iaJ1%kifr#3>Sed4*Hs7H{r0TQ7TKueJ~IMeFg=0Q21u1VDgdJr@Kf+
z7x;@ZGPI6{EI7)Ww?JU$!7e1IQ49Fa-K4Ig$LK-TzdwV@(4hxq90n9Q9fF?hCT!8*
zC#G;T+dqD$R-m)Z`yRpe;9LBCu@muS-<G_fw`k$2iU$cUjdOdTOEv~V0$8;Gt|$#X
zT^@h`6kv)DJ@g_CsAVsuR`9gt@`c@mN3ajnw%d;m4~9U^f<B~B`{o#hIS_?AkHA6*
zCUB36@aGYDchB}ysC^0>n~TBa&pwyRqm9|%d@;jp;KaQ_1vXn;Z#DHP!XCT5gv)yN
zKp+-xRE!^bgucs6tz^~5$6nSmO|m&%fgTcme-`k~!>x=T<2_(?@`_P!??4wVJ}?EN
z(#DF=%I_~)9^53582RhhHmX>`;qym(@Aq7VTVOnJd*Bu~>3zvq<bn5B?WSDJs4+~M
z4}w#csF2#zjD%*-9R5~g$~|V#g68MO{0YVfF{f#%;i?CMx~KqGr~oe@DL_~Ma1Zbo
z%-XqmNb|oiZ(HUNL-yb=32pQAf8!IRC4kjRMl^7+BN!*d?!B0toAgL-YQRIS3vWO8
zkWD4nc4SK7?2|p1)Ba#K%WuJK6S%E5&?ns6^7>5;MC9SB$M=;W+1rAL5cQCNAfeF$
ziJSyF-434q^FgRI#(O>deE0c{RWQ;A>e+CEV2t}(vlH}M6b->*GqAytwb0vWH^zH7
zDD<-eRHzKK5R76b9&TFksigh}UviFxLg}U0_n|p8vtXa+UyGbqjI^oC<%b6q408zX
zpim_(Be3b?Ky~EltXbj<FzpoP9X-7v!brGt|BYsAZ(#!sNn3lMKqq2pc9Ln3(*d4n
z7lPyj<`||2j!o(vjd(f{F<bixs6J36S{&l*hP)*616=Abu;I^^n$#r5(TES*HuNus
zJ)v+9aAunm6w?9>3OTgRmj7ZH+k!6V_=|fKK|%Tfee<uPDQbga|4Vf#%JY{IqRxPa
zQ%iK^=-W_5s%*4`1W4{XG6ZL7)b!(?7`RRBW*50l5ReU0!Dv|WUpSdJLuD1y=oi8f
zC-y|`Sks|XfkAa=4*4o^-aqgpkhfr;l#;dSQ&h#deZ`a6I>qOnAESHa)2hjWc+rh<
zHgGX7lIlV+g)`l48dz9$9Bv%BF}6lVdk{t*!7%EB!f+ZSoCQOVuQ1z#gs!8?%?23=
zdyqabj4!sF17E>`=K(MH!oWM!gzfkL<2C4$R<EJWxw>0}rPAlm|H8OWn|e;S1j(%@
z`B)i7sjy8>MDE*H4GOC;>k-0Z2@%EdN7l6VA0haG1IP)2GWeXOb%Nzdcw+FDXt0En
zP+_0P?%*pX*aU{IX#V2;grO?*fFU<E(k2Q{EY_PssQrZTT*a`+T2nzEhnhYwer}{J
zImJdrl7HS=#^Y^G+)^6MepZE>*4j-PMACuA)bAnL?dMD2$kXS@op@;xXI=v5-CVk{
z-as6ms3}KFB@sgFKA;{=3})9?;d-^wdIjDRj{=swq9&*ctHj?eXjPVs&MO>d3l6im
zx|ln(>FzADCZ6Dn6=Wni!jc_RpOoqWhUv3nEE))%4tFI#aKpq3Wo6xSme9x=!!D<$
z1V{8cQJ74xf+&j!zNDlrEGxK1$|}}^m0iQjb8e^+3*-3Q3ilQ-V%*?pt}q+yzn9uR
z8}Xe&y&4s1X7MWd^}+kKlAUX<0~^6bo?gQDykGmMufE2`%Bh^teBPv`anACz3r1vW
zGSGh<c{~@Hv>5$V@A`!k1JB<1^mux&t-b4ZU@(4w*%IGS-=YGvm*X1#YAFq&D+W0`
z4prjSw%(`Bm+0l0<W8=cA@k11ieJAFr!}+?I{>$X_j1Ex`)Vz&9t~|vUbkLrc9XyV
zb!anVQDo$_EDh2JRT!^ZsHZd_0Q5qT5g(hXYJ68RjvFPu3HNsMMDuUmaqb*m9>q`b
zt=6(%s~-AR3718MyZ^u>d>iOcuah$GM%4B<CxrfB&wZf0V5c`1Al}Ddd=Hbj-Y`+t
zNRT78$^do5&TebbZX~=*eP#v5*FPPIFp{;ZI+0s-{d0tZ{4dX=!PQ*kBz|-uzPf|o
zI8?Deq|8BP^P#(7Vu0QC_Cy8AqR!=rsx0LK(bzcpYYf<Xwb>Wu^+Z8srJKEZn%A4@
zv)!BB$x^Nigj~I1s6O4Sc;{i?<`8d2g6>;_=ZXtk4nhK|a_;!I1VfDM1=lnK6#JE~
zyqui(7RM(Wtemoz`C|j>_&BWw9;Bcz@+uePC<>sO`%n(b%Nh%X@S=q`_t<k=8VIxD
za7rzN2<_Pj+u4X4M55<h6?YZxdp@b$ECAo7NSb+2&AT<e$?`2slhd1>!v@`kLv^c@
zYnoD(B{!o>*Qu{mP0Gauz1v(j=?d?n$!F{~pqiY1X{;=Xiq<{7*>Pv$Qbl~Pg*2Yt
zEQ1Zd<cz2{pYV;>{S^N)@wxXx6L&dI0%mb`abYl9Iq?&U_hz%NP7`LJAtChm6}^Ql
z8h*BhwzGxVyotd9Gk!DgSgy5A%01_^+e*$Hnh~vU$~(QGTsWRr)W@2;YT~PTh7pZm
zKZ;lM=vuHeKaZ!Eucjx+uEZZ<{vnXqBhY~tXnsNVfoiNU<5oy1LKfE8i%h!UYg+Y~
zOako1_Ny)okiK-gGK6F<N^J4Zg~f-yBd;==UY!_HBPSMoYNQXGH&!nAbgve{4y;CT
zuEJt#6n(P7Out*;iWc>&MHvF3zJeGb<-H4OBZ7X-*d(&G5Skd`b}U{EyK<mcosLw&
z@BKojr?Jt6E$D350<z;7->*TP<%Z~2;*()!_YYQdEJh7{W_(rA$I#sq$=&<lyI5()
zH@4n(7yF!z`7W6M=%6r+XF4^(0io8XwI7|j=vb)t&e3k9scRsic2lVos`wt*!H!Il
zv>-g>BGKIQ;v!jgW=T3}sJ2{Qxb`$dy)MJsDmR=<okb-^<c#rv=YE|mgk*fcLYB6x
z%xW%{QfcJ|kA;l>V7B1mLI^B*0gdO1SViM!BXH&DW+$3eBM+7pd5k*h=R*$~Pw(Cw
zMVGO5nz2%6+gZ<P_eYb|KZn_T!^0c8^A52LD^^U7nlwq4DI}U(d3=yKAJA6Ay--N|
zA=rL%#yr5j<`VEa*=jQpi*->fh2;4>LoKup;cRM;01X|fYwJ}%eJKsnhJ*`mYT`op
zlk*u0qL>MVu{mF~1MWE+VIPVuTWd4R#g}FnSRmvlAO2iURz_s5o^I&I+Q-{*+)duN
zTu0cc1#m6^6}96gPyysmGX!ULd~#ouLd{G=7t){nl~Q=!qnTK{rXP#?s~g?NH75Fk
zjU7&UOW_*~b6Jk?+?`)fS{WG$^yI8ge0`$ZQ`v_|cd)z3_c6BI457A<B)sF5pP9-m
z^^S@xiNm8176UGuNU3`55V@-5+)8=(Wed4ehMkfA^DHaYA_s~upxoCHat_{^9gbh6
znnSd+54?B!nUB9pvk?3$UmP84_)<$jbP<k_b3eWquJQ@UM+Zd52CZvD{SMpCTJ12#
zJF(R0JVqTWf|ecbf`Nsae7)-Qr0Vua7NSUUR|W<@P+a=;YE}Vewb~3_cSw`dGp>Jq
ze*DU;O042{MS~f?%VrF8AO`DurM`y~3%0{uGA*9?o_PEKp_QOc^v)sDlI+ZWm>Xki
znC4YB8RyqLHlx2bR-n#uM2}3mzqoJp3BhBfJAeFVQQE^_%Z(b<z7Kd%yIfBuwmOIx
zAaZ7f(0SRG+D`TdyV+JruE0(k@TECQ9<*=~*DObPmk(k_2FBxq>e`XemBEC53lH;U
zgiWIsyzA_KQm8h99CfpY+XN;rg*#tz9=DWCZpfe?I46gf`y?vuKDoS7J87IHO6qv%
zb$IgA*O_})?N+Zvb}!`>8gk7pAm_hbs=$4jCC@Bzm!k)Kung1$Gvu}zJ)t5Q3}zc1
zA@rRkhV^|t?uh-QARljW=&s;1;gUC7m6rgu07(EKg|l;m@hrygfpCepfaZJRFJ_WH
zSz@*xsk4o1dIfwTG((!I-0(WOq{uEO4_iBBk>P!kh8jXUKG=9&DhU4=vJir@khC{#
zBi7!44?uB+P%Nh=F#Dq%mZx?<ucDIS-v&Xm5GL?J`3;$82<03cu!yzW3;$Car82rI
z+)DtT*d9?(6a_Xxhzd?aa^7*~pnS#AWi+!cfLk1RWna`=7fEmr!eP|Vo7*6aatDNH
z2we?=C8vKt*bY8Zhwd{Fj)1R#*=~PML0G@h+cuJeI6;Hl523g0UqhRn)l7E<e<s++
zLG`HZA)Uq{)COTZ-_E8UD_Z8noUIin1hL`hih@P0@l*k*w{~v6ST#CQDo&Ldj>BpD
z`k?F(r3ODID$FibZq%Bn9(7Lb-$g1PGXE)R4mZ3ulx<khT0!yZ`j4^Z9iV*_{0KE;
zheUuhx6$QaNOLdLYzhvAxc=X;K={8P)19`lV2E3S?*n#`l)9$&0eK2CkUD3;ktx`6
z`Pyal^4g)nQX;51o30YaOyMphA*iN*LEr70|AxL$1r*lq5VS+wpT<zM1OQ{K>qWTY
zJyz;I0l;M{9pFB9gnX$IZ9nos$?@(1eBozeM%ZKQXAz9ztVE=5Hp%8Gu(PIpc;-`h
zZ3nqDfl){vBxh<ux)>fc8&Qr_6M+z`XZ6MhQRauL@egQ_Y3JZM0Fu%`%J~-_-&Tw5
z)__(+O#VmSJBkAI;~yaZTMz)z`(i0<hwPwy!yQmGD^HO@zBPuW*gy*KOaB3;&}zcY
z&x?~HmDv*nKh6<q<VGTnOk*RyMJ4S;yBg^t!{`;p#-R0cnN7BMuU9z!<kfvN*N?D>
zz8U_`-@!z8EdPcnogYIhPA7oPNtgrsS?7LKk{yfFWcw^>U7fQxBQ7{~&OM<kRyX+C
zllHaM(uXhkEZ~M;hZ35#DD+Si;!mezyZt+T6R6t)Sg>t3fAfO!AutPyi2&<?-iOMe
z@Q8t+n?K}*dS|#W)Co&shS)<*=%g4nIp6+NTzbE3vsuDtW4l3fQH;eymR8`S-r$Ns
zagLg4()fk${RBaNd}#U}(xE1C`7UL!<NvdYjY`!VposJ|gyJ(8E`3m7gi@tEBVJzz
zQ^qfaHw@QSa782q$SPRZK8AQN%uEoeKZvx0`X>JLq%QqOsCL`Mn=A*7APIIQS8lj5
zgZdzJ`*F}K?-bnWa;OCA$}s*;M*hl~vhL;Eb~!L+Z%O(5<4P{Jwz4?&!ZwFRq9SwO
zojjNI3)tqKA*)Re*1mk-e7}8=@5q>fml++#m_VLQ;wUCSwc`=W^R~h!MkZW=5YYX4
zRyZ|kKvj9seY~)0CF0#ELOqMn+G^lBcbm3PYH9IGuwLHMd9fogY~6(lcx_?<9prt|
zrSZ+?diB&h?Vuw4LP-poYlnu+$o=GYkaLgBGa;IpyX&ID6P-WjMWDT4Pr831T598)
zvwO@Z`^IiNYm8xtrC3N%pudJ5CE1qu#Q=|<Jyb4__t;qeum~Sew+NMHZv3%E7+UDQ
zU!d?*``ojARtpa%&U3!W%byL7YWdao<41PmSMlZLPJ6MJdE9J_<FA&CPb(ao_abVo
zzZw{>;-9PO9FAR?cY&B|2&6wAqbt0_i*p#hGC7OM42$RFjQh%nVjQ!4b)ZUC!QsXq
z@uSb*ddy$2hOMnBdAbY5yh+tM<H3%WFYOzjPva)vk}sV)S$t25e8x3=ZsVl8z_2~7
zIQ44O>U1X8Y+B-K<Cgr|q!1ABVir7<H&7zkm?G|MR>HsyAAkGfq0?pc@brGgTh8pk
zy~bHg8}S;oljKILBt=V*?rRI_k7v#8&7Vm(oGg5OExYI7ZJ8p>cl%>w?u}(lb9!2x
zZ6@C9`+-M5GvTuYUYY38?I-yx_fsK#$UKbQo>AD5m5zXxnwfay#Je1M&5)4wg75(z
zw%obd*23LSL)|TvmyL+WM)Eh~60Rnmk9X*z>u?|BeCca7RHm97K=uRaC}f%#yf7tV
zAAyP^Z#VKF2f-VkUf%LzZey%(^n3NfBF~d+jfZ6GrVlIs@LpZ7vsOlAA-|k<&+E6Z
z&0gl6UWxyFf79Q1*2Y<|b)&E8M%`e-(!%xbAuq5Q!>hf7)1485*-$UBSPV0OnOja(
zE$crw9kwyt_gT`TM*5v2UzdW-a?_%>L_A}+UZKe}W49}6y03Xlh;>q(Ej%jnTV~W@
z!q9{wu;65u%Dx!guM*TC8XD4)*c3O9Z>*{f1&Ff>&4k5k^I5g3$x5<0MXI)1^mTjI
zI*t|glJC@(u6x#22V5R!AWRTf^`ELVueF4XDsCpR<mBa(z;Z0)Bp$BlqIp8*E<wXs
z?^$UINSjOx0`*x+_TVDD?@S9{tO;Krjj#rpkd)Rs&AY?oo1CP!zJ~R!Ou28y2IP@(
z(I$H_i3_tQxp;h+jsab8^}-~&p^N%!D0(goFPq`+-G5t=?8@!&%O&4Wi?7ehgS&W6
z#k;l|dt;*6%S+O-Yu-t;YjWl?a?*88`;q^WbHzqAvCjKtAz<B+Z7rrI7|L4qPKt&Z
zuYJ3BL6zta4>R|QJJ4odTR>iL=JOP_WSPHS9Lvt{{#~(t-sCo-L3(SSMxDErB5<4P
z+m40>V=)<)CB)aO)76^iZO+r|(r>qzZKP>6rF&YQH+NomZRPf412>z68_b=Y<LKHE
z>pC*Ec&ko#xuE18II?m@vF<cr*?ypmfUrHJ436BnPr(~F!dm?OYJzrZz$Jo+*L~vG
z*xR4&@*96v^>wz5A{Y^jR#QVx%95q&tLfO|PH{*@)>@}`q0I<MY?jsL6KnUuP03A~
z72u|Uv!~ck`G#$P{jAoOl-s-5c$W6F-JJw;#HlS?VurW{L-)#4wa$kylw@9)*5shq
zQN_&I9WJR+|F(`X3Eb8zZW9wzwTU5Tk3B7}PW8gG$*HUoN!N~qw)u^D&@T1H-|r!)
zuyCbVXj&w_c1T1@_4PU~I4%njn8)Rj&5R^AWzMX@&82-{Z&xUKL_DjKPmCWp=;{qZ
zkA-`1{KzUS9=XvFYlkIHm;|`sT1xUTVY3>2{aV`RWmkF&e{wb}_BWJWK{;)X5vGP+
z58~Y<;9Ngt%)$32dH~3HB0xt5cUhAwCtGVtTi*C=-v|J!QoDYKDwK@zl>F(n5^2~i
zpp*b8?&wnvJ3i6x{HCpKaW7q}<mY|c@NY*X(;dqXx1z|7R8Y|40j3Q;rN`&k^r3hX
zJ^?;~=(=;Sp{=Q6CeL?CMSzP9l)jt)_XA28g<%Z&fv72Qm4ZGYv4bK}W`BoE;L!n7
zC=r__m!1p9xd$)84&jPRn2DW8{QnEEQ0V&KaSi1)3MK;+FvmudMD>3vBxrzWtKPMj
zFc4~_M^~D1^az1!7Rot}9wyC(i!x(c!V69lQj32HzaJDfqa`F(tLP6_S1T|d-gbG+
zM+gI3^SEdDQN}^9M$jocK@fBRZ_;BjGAWh=0WL~gD7fq|NVNkTcd+-rQ5yxmY=gD!
zZz+u20XpD%!@{3@5k;gt%XWgU0SqrUV-7$mz{=QuZc<n}9Xq7(-K7Lv{{~C6CB-Yh
z=K}12BA`wG6W09=87cjPKX?)J75+=d0?PfG9l`TyCMijQh~v164k$eUyX82vSo$es
z>pqg+-;(b-3K;o(Oi5}v?L55Mnh%p93s00=y{Y$t{7`H^VQaW$n!9|X(g&M;7+;eq
zKy9H{O-DtNgB$vVU_x2-sGZsmgYHQ-J$~!1rho_JO#bRK9D&fx4tV|3XQ1dVg^N4t
zxQzz?m)ExVFpQr`oD^Ou6DqL)rSBySnqR;$x_;aDH(>m4y8;xA{JTzy3H%>o(kch5
zcLVkF)s>3<UM2m{Hyt%Kz}VA{8y$PJqXrx4Ci@ffN!o>sw*}TvXP>x(?xY<R@Mn~6
zk3{k?;PM2Ls*ejV@y)S%YbyjekYC5~6}X4nKBY^iE5f!M7h|XPU=YI9hI4BYn_HxJ
zkKxVZQ(N6wRM=I5!lRL)TfCz&#~<F(+k5K0`U|nfg88HLxqg29wt1Mrx?`!s=_mP1
z-~6EUIa*<kIorBd*QEChJj|}L&3vTI)U9tJG0LrLg76aChat>(mWD}_#~%cc$=<Ks
ztj0T~!o7Wp7*FI*v$26m{6M;E=6cmE+pzm!5*MdmV%b0gJxS;6I{gJj%i0hlAklqq
z{BbGI<?-qzke{+Uj*ebmN9);QR9{K=*GpyC83r2@#aUv5oEW>OjHf^6-=K8sCzCoO
z#L97*+t9j&Ym#x0G1;H&H9<NcV%X{(Jd(HW)3aoWad+-(@}E&rc-|b6i(D6kv`U>T
zFC}6Rfyayjk|Rphz4v$vi{q=#IPh4+hR2iUZ9KfmHeL&L@l=5c1Epg~;PNWWJW!hM
zi!RYa=B*U;p*-0&lS;x4Y^|idhbtcN-axDrGnHyNayZT+wf2X7`!SLg?Ane9n7M+<
z$9;b&%2a9&DJyny$WHCVpm`^ykgA_Sie<$c`@I%J`rWNty@M1iQ`>}>t*Qn*d5gp~
z8aJY@UoewrtSVr=GCkxIJnGX3Q<nTT8op?F*m|LhQeOLHl+(h}ml)mL?Gj&*wJpAG
z+*su9?ai~iFIicwg^1HxmYGmv&#}}VAaLZ;#ABnTmdq&9Ay{e(Oj3aOi%7Ec!S2N`
zW{TBw?wh|HUt_OJ$bC%cbKD&0fAJ6@D(E%X-&=0TjoyVJxq;+Sl*HE<U1tmuvijE>
ztJBCaw%i7?&63(g`P=hGp;CDTBM)I4OJCM!Oj&Ts%VOxSbC>e=5$^6K`H;*Ncj0Lm
z@NSCETcD6?iDYRwaUVf&96-W0?X8vh0B>)-bnaf6u={I*>-PlPCij<k^k^dj<6ING
zCl2hIezh(oZQZ#o6xGg%c}mn{&F(L|x{1nISs-0du-<hwgsJ%XyCj(Mvb4usDK}eV
zJm*BS?Y0CC+tnwL&I#ysM!d^`Fbu1o8eFzE{}%&ZJ(Nv$7TsjdZuk!AnHk-w5UUyB
zd=LtG$&4h={aQ3e+j1LJh~SQ87j3`V{KYMPAn%7g;qq*+_?|O-G(Q=-m#oCGg&p#(
zwA;~FWC>!hFr2GCEI8L?*SRlqqo#-&ui_-jd4zSX1~E)Na3p_*Fnh;B2*m5YM@+w=
z-dEP#SJIn8&w2`#-6TqQEUvVuup6@0&E~;a8eUJzIXJE&Nc$=JJZL^e5&ob87=L+b
z)<|%7F2Z)Ub~~<k9CGZc+z2gT4fe%GrFy+EHM^UGE6@oYIZcxah0NcOkkPKz-=+v3
z@@{g$@{wiDRw`ewgMo9skoGd?)z5wM+U1<v6*+1O@Z-tFAcsVc59sqMP&^}YBAdRh
z`nIG#U*S9zIV!i!orBokmiKVu^{j*q5z*8zEk_suJ}gIxj-cy41PTzulY79B-X79*
zn{2R>s(UISG^4l>4tHDaY&*s{k;7=f)^->ZdJwP5O+iV&vrB(QCs{DcQh;;-1peoc
zK@DItWbWJOgAzmlxTGjPCExZZQ82jq2u_^tL2U=zq@n(<d?*i){jv%NgDFl<Fa7ht
zni7fYhWg{T5f44USCF5h6i9gu3PuoZ|4K*vlbZR{3QAo0C*k!wMo*dpyxC}XH~l-V
zG#bj0sq7^rYTkrU4dfl)lQ2ZQ#)oqGQlrl`xKzN_wOxRA<G#V{!+zx0z#2g~6O+?3
zFg(x;B`^--70GMj%tdL<6&s0o)W$A2mo&VKw!-XgZ*2vR4U?e(@51c+n^@2qO0fI)
zfG{N)^(O%ZxkCz5|0h5J+6S?G>o#y0J2@vV3`Gr&U^4E*iFSzxchJlKVSRrymcr`4
z!#0#_1?IY)!K>a)&`Y`gHWsi^YH%+>P-0tkGs55&CGMH0ka@HO>Hw4llvNDo#}8;6
zZ}4***1SCkgqygy<N-H4Jfz^ZAglWVg%+nKeDz0JB+fm?svIRSbw)hS5n%H3K_LNt
zSNmME@kvzw7iaGX7$W}wa2@b0|9cLP;*9=D&Ot;|bb`WE2ubc_m3K7hFT_KZu0#)J
zgemL-?b%M@ZF^$q13&vgTo>amk`G7_VAW_zj@wEJnZX~W{3AVz5B-x|qnOiwX!ABh
z|KOdiz#deYywf=?wggInzdH=7EQCgnl<c~!Ao7N<aM{)-*^u%)SR8Z|#~uMLQ&JXh
z^sODcnGIvOem&0j^IO{7{1E?3_1t6fj|!+okFggNK!Fj|1oSM(MEH>3aGa@fv+_dR
zlj**>MrN`9GAD=eCEtfIG$rs~ScY5B6W{hBiet~5DAYbcNvlC!D?l|h;WRC&?flJ*
z)n%|vM8|)5mPA8}mhPXj@2Vu*$ftMO#;3u|GLn@Gi#uf<gpx@Hb|w$xOs2mL2jz9n
z{?JHV&s{Bv<_x`IqG+12xe*rMUnINXkVXoGHR6gAVnx_8GJ+*30;7I}-S)*^q4KkR
zU7yIK*Tm_RU1b!5x^A-@R<6Tf_5HCKL)lxS#5PxkY~He}<B6u$%A)oL)@?L}?~0;5
zN1Xia?ZjZK<@ysJQ&ty4x_esY5wc(MoQ^BvC|PgxC~%_yJ+fd1?k?O80SBj;eTpQU
zzGf0Q(#P-NMIJvOmA%l2INBJGB;<&UD;Ky(`ULaE2bZzuu4-t>YEP^+q^>sp%1@ZN
zlZNC>G^JQPy8WL*4eMg>kAH1Qz=jMzl<d175D?RHWo2twY2=F7#hiEJ)d+T?ll_gP
z`%>;>Q&V|r$9-73!ww?tId8NE&vGSdT2-xVC?mMt`)yssPh`=r24p@!Z=U36S+d{%
zI?hQ#stTE|O&Rh~82+t2#7|RdrM@F;@Kn_M@7E^u8tZK5x55`m)YetBvj7N)luVuP
zzL{frT1+byj)}LIV`R&zq{=Egp6hZOp`dPMy(AZMHtKqNZNTi}B?ZgrZtJv`3^)oh
zr9Gs>0l!6(*x{%c_k22Ia_&-4e6xgMYu}mMgIVvJP1C!ODF2x@>C)1^y6esUGwvR!
zqJ?L#JX32>{`M<c4c*+AJCYWezNdB{XOzEIHs<>9(sJ~)J+A*XG$2uq{?a@GA{+hh
z&`9HCW4A?c+8Co@$<I5Ce9itN@1gYt-q6iZ9C?56d=r)QIUjdll#%=u?(e(jzMDlX
z>4;Pr98)_+#eI(M$TfV`V1(G^Vik=8wEF|IB|pAbuf2WEL`405$+_i|v;t36D~u1(
znH|d+A52T_NAxQ$Xbl&bp=;_&!bz*_Js$#-I#)}zy@`nfSM4fJu_sKogk`A=a5^+~
zPQyg5db-sXBq*F0W7^A>+<NhlsaA7=zYE#&P@HLcgfk0<B#RfH?KlVwtR~`d6&T|o
z-COejs#f+Y#ZG)qNNx;H+c~lj6FljWG?%mVbFDI#K7WWqSu*amVfgS^M75%ItU8-|
zj<}_28!S>SJlK#nb?svAUT1C`=chS4<819m*nUC0csv+k@WI|ys~GB!fg&l<`EJnA
z>~g3{!znJFAQrv3_)BQCbxOg(ZsU(h#_K<`$HTHptHU?~S@hqfUxJI4RL)s0SlY>1
zp6!aYHgyUGLI87V*x*PFieVt%EhQ&6WT`Vvgm0uZ@2ya>IcGL|9E%orPtqy?f=*=3
zO_n;5d$*VK(8r?;9ky~tNfw3+RZ}YKH~MdR9jB;`XH}mllxH05ub7%kYj|&6x2MJu
zqcL|uuI+UK$yAnQ_O)mnLwDNA<3CniaFby|uS^P;x~fc`vMQSQE4YRWhk7rTu{k}0
zC`*80VB1+3*pC~<dtaI|A3xZn_E5DsdKB>{%~)uo<=0xp*{t5@G1^mEDv9&e$_NG8
z1YR!T07aYReA8UkgWW9o#_K_`j?cU8C?0)+jS#Y(fYa)~)c%k@D`mj;z}MBEzBQK)
zIbLLO^toRAsz1_O$RovZp~Y;>^>ODr>xI(QFo*SD7RJ`nTq;uQHHnI7G1lCm$)u8k
zc(8y2@K8SW4+nF9Js;BW>_v~Mea8=Evl4F_stIe!acNfuwW!s<8f_`g2yS7`GRq9!
zSFvy|<Frd%3TyI<v6GmVl`G%QpzaxFe~rCodY@sfwd1~%JtdmCpk31MLL(vNIA0ts
zu`OEByU+v4?YXPGJZNQn-K4SCe>mu<)Od<WXlQkpu(03VB6ER*iT0jrD|l1focIBa
z5<(aUf2w|EcyvWkk6(cG%YzG*iDC~GN*|o<PVjg?_mU;CF<Zz_U7{KATo~RggXh?e
z1o4@YA7>Rdofl4EhBm*Csd-4|b(=cVi4{A3G}bEfp3HYT(_@hQSs})2#PhR~xSQze
zxU(m#OZrl`wc0kjHy(uj=63-idsVU|zo$f;U-m8Ldx_Pj)xqA?hkHY#!r8pc&y0}f
z)|&WseUp-^_(A(Pqu1PKxP#k-)r;L*`q#%*<K`++n75mx*LwNYC6)O)ad3WeS5Lp+
zXL@+^XG19vLpb#4b_O_6BrS)|>Sm{J_^go6rFQl;;k$W{H7lBbNL5rYh*uLn8;33c
ztE@O|M)JF&3|NkdI1TuC%qsC19}A397R+C(TsRv(y}HIkMJg=z=%dCIa%>k*3&!37
zcl4IB<pk}(@eaJG1yL#)(9eN-A3J*La{VDqb1R{2#(5s@)9UBE@KS{W4Lmr0>s^T1
zn}?`*k9Gd6K1Wf{J->`?hKI6F9_OIsHPT2!gx8dQ5Al{u3)}Q<7IXI%E4A{L{B2B*
zV?@?$53;8Q%-9;5dw3MBe)KVIz6n*r@`s4;KZaLEFBh77zAJ^J^CjaKrX>JoIVcTW
z2St(0<PQOT+RX<(p+po4#DQUeaYR#wNT9iI`QX$m3i`qABWc+EKN*AnpRrU1X=t;l
zf$Mo%0wExZ3!rv&86WZ{RfvGRm&Rmcyk6c6NKH=FF_XHZXqKJJ=z81ADx#PS@F;db
zHNc`{M+u76cMauxe5e$c58zGmTr5&@Xpl>1@T9UlZxI%p2x*b{%h$pe6<Q_V26D-U
zT0_}5lw2blc$W#Ue+EOOA<44>j_i!MgHF(&Ne2{o{1=w|E6D~W+<tdYAaDvj0(Jy-
zvVc^4{wnQXuc64;FvRX{(tWVMbr*b$((YWIa$_0nM*wXz+&$D!NheaeZ4hMNfx8sf
z0Kv<DkmvUGpN`0OPiedV24TuSIF^#Zq|gV*-RTfgthH<pNrRGD1+D#~0NLigs1yk{
zNLBuC`LWXj+GY%e%I##}P8RrIoeu~%Lr#bVgLIo{KL?RBkKYd$G36`ANew30<T!#y
z8G~@A#wK)hDJTBbh$OkZ?-@{DCPH)*=w}r7b~;@uxW&;|zb)5%Qt_f8T;!%V*Iv*q
zlx=s?3b(J2m8S)hg_gb!l;dt~Y&JkMVRWr!$-;HVGEvrG9xkqwybn*`DRtHWP&1_y
z>VLK1*1@bt*v~;6TSxKq9TTZ*P<BI0Vo@YQ=!Q3|EGW)VIMj4q9K-TKyZ$UxUX8KL
z`iXDHJ~T6IRYFMvj-M5uw99elH|ACfH=q|L)|RD<SZZf$2qa(Z=LWrkbr}rHd+kuU
zpFng`vK|^TGq%x{rhIy(-iPqXW{P?4wm<u821_T%D}8VELMaq5aOwH`6XF%r@=+y8
zsl<aDt-)!7!fu(qXSo<0<A0vjZ6W9Cl#MW%_;M+%MVIZOeuV1%NAJdlUpph<XTK+8
zJK6mTdbLHCdJBW4rT}Zmw@$Sm@~UYew|cJ(m*ZwTriH=(ax-1zgO;%*`rm5vaxdZK
zPS+9AC5mjp-qfIfzTKbPkLTGo3Fy&3H~;7@=!gpMB!-V*eybn2**^w+`%yekS{D#`
z<35Vg`(V!iUB3o62mYX1cP!!W`u>9mYQldZ@dIUO9^4!h9xHC-v$#TRfN4u^+=l#3
zYyT5e3J%ODt=HRnc>eYJ7Sh7v5Ic733)g;%dO=?18tD4kAqWkNAiFV^(nuzflKGk*
zuT<r1t#X09GkYb)wM5;3gV`Z`7<F8qA(7<Zf|?@T9e_B2Jp++gG&xYw+)m=5<XM1c
z$3}!}B@@T8)LY7g9g+uJC@kRt|IO;Jl&NRGlyOGzpxH;`m5DrHOC^W{!Vn*H8Dx)@
z1&1oCrLij3Y_!a+*hc42`lb+flCwzxD<{MToR$G!Hyep}i@1Q6Lac+@?pCPW!ZwF{
zHG4x7?A8;Q6Sc}oNdQ1~PT8JqaVB@hZzeuLZN>i-?kL^LMQ&wYx4*qBAS%;xukx+f
z*QerXum5W1qdj%pUMRCQFyEr0mGMx<g`S%~Y;RSxE~<UJ%8jsDKPF~v<ZFbq?ymb5
zEk5BMgPQYGCp>iNALx@n^@H;;!5PX=u<(G_{eHx%#3Y#^h1EB;1H>mNrz+gC(EG!c
z=wxiMA1urrV-Xjh;fH$2w3!SKcnDTq=3o*-p1BX1$N4)e)-TT8Kxb+(R^pa3x(wgi
zvYAQ@F<9cv4CqP3F~g0^7-cz&dSYeY!W~CUXcMx*V&&z;h|JloK9V15B)z}~PGcYS
zbI41_t0VCV?6S+IZA!gJ*|35Q*>J*0A@LWY>Mh*K^v6DM9Oo^pt2EvsfV3ZaPuGh{
zVZGoyzD)ky)|vimk<EN1hf0L-Y^0<+Y_!NXhRdg%qB<%!9{gYyc>?<)CcO28Tyy6(
zhJ~xaVl`}J#GQ+?IvVbTw`60dMV2Eb9WfTYj20yEA%++B&62D3m{6Aue$w2iO1Bb5
zDhDdE91+MxVC3z+vo*b-TFG%rI&Q;zvm36Mv6l1@?dt06ffVwr-nfY=eDmk+LSh!x
zC$u>`A*p$2#A?BV*Dm=N5?1yEMQ=}aGI2Kd7#f>-oY2)Toxxo^^2`t)x*%uD=iM#C
zx}PNZW8b6MR&z{_2Pq+s_1#&)N?h$q_sk8vTt`5x-gLiGI)3+&USZ!?7I{S*w+4uu
zv?Q%!MFn9GE<*fmwq2|CQ5H#;t8nY=A5%q^9alB?4)t@`6)rOrHm7^nU&UC=rYiO9
zyU5vl@5XyJf<g_4>?m}WEb&C5AQg}ubdsy;*-DO!7^+I>^wizpFjMG?9=QuB%_R)X
z_%LBt<@RCO3_pZ-PFbZ|6vVR?p`b%?SqR^5E@e9oF^ra&2{$!eI&GZ?jz$&6M_(t)
zn*;U0fV*1Y5Z%6(XK-+|GIV${#Noq~E2v)R*whe%C$L9w8la-kiK-tdRDmCqqnMvy
zlbDAXPHrCp4({2rfYRbQpP*(<uHN-*bR$k3BV6?F9UGoG3XX^6$Z{|Bh(ATqOG?|I
z^J}*o05$4AE2fwR44f+q)%|Gp6lgOzSr$+O9VpI`1z15v`}-{O-MwSF7%68`|G_tI
z+(UBy_mT%b<~wm~zSx5MWEM7@Z0NFo6Ix07RI_Urng<j_MX7if)H2vEsFZ(h3^DwD
zqdXbjJWr56L^yQmG}4XA(gndFci<4=I|FfUPrD2ZI`j6>b}IlMo&aihg!0cX=!KnM
zpkAmhAWP`hq|Z?&ZZ|`zi}87SKwNy+%yIi_gDI!i(m+Dz7-IO%c?z|($Xz=XKt=xj
zi&7-!C_$hfM?;ImE766SVNi|xK+_=M?6haQt-o&oqW|N@Mdu*`)YR_`prxR3G@Scr
zk@o{g4|h++#ZwMe2CB#Kr@?>%=+}K7Jj+&ldRkhVO{X4oCUY?pA;{vHl!SytqlX~n
zNMz`m8K@P_(ErEWo5w@_y?^6cr9!2$lY}Bmgcw7m(qgG>Nl3P=Gh-W!p|T~R2+3B-
zmJq@)hO%TQdl;j!uQOR+7{mQ~4fTG1?)&?_@5g=r{`q-4>hYS_*{*Y4*SXGhp68s`
z<z#1PCl1mShWztRY}YB$MP(q{X{x8Aqr-K*g}MP}ur;D1Gu+@yq89iUbFOPExbUA+
z8lcALf`5!K^-@GAQviecS+8ljnW@kpV?gjf`tZLp3ko0q;s!3w0}wbyG#X5M%`|TK
z|Ak*n=eLt72f^+!<g<;z6((pv{qv%N|G$2bw#%4TmqOSL<xa~FoYGZi-|;Wm!@zQk
zFxL!C*!%?rMF#Z&io?ukiSY~4hev#sgqL_g;c-`h|2$W8)cPzzKHk|y{JbccRBNvg
z*ZsIKfNBwLel0G{m&spbxh49~SpabCLW6D7((Krb<P56Krf~r~1;$PWlNphm!K{o{
z8Oab0kE$50GBU9-8S+v>*K{Fa{Zk$+djYaqn<fTSNoXAZH??h=w!fJ-dV62@<~1-u
z76+^bZ--Nr2ZJ-y^G{~WGjRo--WgIvLYhB&+w}X%=NP1Y`8V&U0k-tL^GXhvr>6^U
z#9ln$fB5l%wx<pm$L^HbIY+oeL~?Cdj+WtDcEsSP9v+h0H$UH4$D-Eo^ywo;fG99}
z3dcb(KGX4Ej96d?86m8`Cj9S`|76?@Z3PwugEm2Nq`=@_@6`@cvWQTuEij%J$$6kW
z80R8>uvKt7VDR1H5f}#wjAC{Pj6ua{94yC(&jr;0MxtWG$%07P4u!9Jx)~h`%m9%B
zk_EN_W?_W6g0gRg-#Y$YflR6=0DtRl3BX7g@7j!Obr9+el=W|Kz$Y+@*IzQAh+Yu+
z|2Jf0FVWTBQ`b%l{~-eKwI9%IRrHAln*&-N(;VX5UI?0vhD!@>oPrCo?)Gc<&9|Zd
z+_+jerq<6<v!F$NQ+A98CQZ#*LIziZQh<1}lW6RZxj(A)p$2nh>G$|-QkzM;3Zmtw
z%2Z7m;$EQ*yq|-<pe4;yc4pSw<@rCQ)L1BOZ)c@^J3QEk(kaNKl54Ycq)s8wiA-9L
zN=UJ(gkRUbRm86VU*|uzC1K=-GLD+UeYUN#C5WaeSGD2G0-$`NReP0QB+Y!Dn58m-
z%!c^>h}QiL`&zBk(XEOOE@^FIvqGU@K3n1k#Bp&eM`CyQ9Rx-ZAqT;W)eJt<(kkG_
z3)OPmD8$VZ&8@2*@n2kyF_Z%m;8((az~Mq|tp|k<&_<)`Fh_aE>Xs6z&2hgdACtf<
z)5x*2Oz7jsR~;Err37KFEPVE<>JRC&NCpZLaV!+`kTpgqs*OzAx>i+!Zt&Cf1Gpkt
zYZo=5mQF(OZ2?p`r(m-0>Gm&ynKz9xkjllbr1OA<n)BN1?JMSr8SYisvGwV`G>w^c
zQbPSJ9aEUv#w^#l<`vl=CUZYOv^GbcS#8p(K^0O~_C*eN&g$b@B3YA?&hh3LX1b;G
z8NFVA@IY$mWqCuj$ISDpA(SGK=C^L=doDT}9bZEBvh2gE?Gbyk!-%u_m#2NcAN5>H
z<O`~Ac48+1j5EaVK=foK<~Ur>pZ`!d>UegVeeM1z$nABTZ;+1CV!jb_p351xS<F49
zIXvWAIsIni%8DT$iuZjsf@dOf$)$-8_*pntaOZTxp^zHtcH4&X=QCf<35^uAEA@`i
z&Sl+jAx@!vwxve4FwZGhpQ1-0bv6#US&!97^R6Eey<`#}*8hT}0ft3*z1B3Nxz=th
z({yQq^j)DkQ!BarC8C~3Ff#HbUxC~W)f*0{QDOTl^L!SXUo>Y6hDilI97Dir2GhSN
z-|Q|Xu8J%Dz&fjxP|wp-U18<%e#1r+U1^&}02~-eOu+EQyXk5Da+yI@x5kSI(`}TX
ztM7@ipG9z(0Id&rSKq?|Meny0gA%e{vR<?&o94RM%6iSQ-1m|o+RSwbwU;d`iu2`2
zf5Scy^Tny4+9VPS)~*<an3Hd0Hn8w>3PjDsheatq!FbECsw>sXWxEYL4g{|=`Sg~o
z_VKj4GXiKq!>TU`A2%`IA<O+$>N!q_+4@wCE}6o)07vXWcb`OHQa{p?Qf#{_2@l35
zXFhxwlMle>8kjmQ49OB%StvKY&B_sX4Z1le-3gH9`fhxW9i7`JiVW{gftODUJjR#K
z&()l(yt5sB2^ueZa7AoD@P0CO@UB}G+|(8+nLdEhbj-vZBntQ2hh|&jO4%q!U{uWo
zGbhzSQ-^zMgNdlMwcULEMmMY*Jg`kMg^S1y)DB|No2GL3cC_bMLV@)Z6g!VGavX7J
zhlvN(JKyTMRbi7gJ{jAOy>d4ErHbt?TdKzFr&PTBmQVI6ds<{&)&J^OHvMWuwxCjW
zuRANTX%rbQ-dsmV#-M#V9EoqXgM*d9n?QV$&fw1!PCs#B3d}Y()=}o<U9H0T`jyP{
zdMkq+>IXhm{YHFdJzD?cHxm1MAf)}F(-Vy6m@F&{Pj*_7xI8>R>k&WMMNC>(X|L?(
z+(AK*&oqwCooL7_eHxdoT{`hVf?xme&OzFokMiXq+OPFD@M7x1hx{}e8*x8c8Wu^v
zPn9SSVcIhIMSFqa)dsApi1)y)E5!U;zgn#lYlihZQPws?d9v3P1b7dVrCO9YGnGD8
z0x0)W=`&Ge)#*@hhp^vM;g{+&?cH$FE}(n9_vK1F%CPL{F*CN?kMWDEEfce7tKVk(
zp8!^Dhz{-x#v|velqnw*27;0^d%;^L%wycJ{=~dt8<bM5@h_hqPj{a17++R4btvW?
zG&^pb#z{M;^S6CNdse}D%}vrcYSJFyiqm?PI)4XoF(H@$heOTpJ<eogR`mBi#pD=#
zH7S~(Hr(Z-JWz&)5wnJ`TI42&+arDBv|hEGP}67co5O3W?W%GwoVJ1!Yg)5|3kRzF
zlQT*lSF0mAVN~9FbO%OKdSnL?4Ci>TmAVr!pb*f4M8aBL-7V!7bpce%cSL^5-J^3N
zuVdHPCJcAQ41nKKN!kCR!5E|a%V`WP-BxLWpEp9uc(}ueHUTk|oUiZ$fcy2F5PDQ|
zVL0Xxv6_|_UH7u7LS}7G<;W2nJ|+J{ccK0{cQb+G<(!lUV}m>DLOhaRdRar^8bOQP
z|BF;_K=s4e9D6;+!qFg15xl};Eo}58?9;MKVd*ehl9(SNGEZ|CpJFSqM)m0<yD4jT
z-uU#FAE6k0BM<td>LWKY)Vfh;BL=!Jme~Cgo>NARmB!(8+0nLj)ps3rUg>C$MXpzt
zEbJl1R3m<9ERh=9nvynK-%gqNij~-%#W}co&9kcil=O1ZD`q49%WX<3ykAY23`*29
zUjQTA+0K`3Sc!|Uf#@)A7YSnZo0y*S^G9&f&x{kU)c6gwAObBjb!pN?*LWO~ao)!+
z<BUz!arnu1M@!f#E6vrX`1mgkW>rBEDxtYNnw)qQaqQ;NkHQqcwsa4L$;qp84b1nL
zL&>V`jd@&Gce;0S8djQ=yO@=o)a^01z}dKXlwLs=>6L1KPg(4B9MRfK*zi(o%=y+&
zJ?l?vJ(*OXK~AK4-z&J8s<i8m&hH0`e`iVWP9Hf4m<E@}erJwYyMq4O-+5XD7ws@(
zmyPMDFe#sp8AN)!p9NbkW2NNG?IxUeVHREdRLc*F_2FLNvr56JIc^L#U{HZ&W9ZC5
zB!ZhVvGD5hs;>?|s_6P!lhig7_#PnH`V#!bXc6vBpEGz%ZSJMc-9Ws`n2loFgo2U;
zKcKOg^-$uMs?%OTeMVLq_y!+XDLX{rfMR@t^An~Isnf;2U##c)P}3D+sKON@mX*i}
zd^5S}9fNgil_l~w<*>E2oU0eXi*->YYKRiQ1iHRqkJ)0@xQNWkxS$kYg}+mT853aX
zgr{2PAJ1+?CE1SR26h0k){;m2`2ZN160>`{zr_#piajq!u~qN6USAK#XxvMmygE2i
z&`wGlPGSbk;l%2iCyQk_e?bu=H|-fl_5d9`EYndhOtD(G*1fmn=3baxNys$P{~mFG
zc8tg#HR-@Y3EYW3!?^~(9o83(E_T_m5}g@{ksuCL7{Tmers;|g;QX}Xws)D){ovF#
zpqG_2&&&+QvxHOv+>1AipFI|i3mWO%MVlK5*LPRQu7pdq<h`EgLX~q+Zj1<Ir=@m{
zh2p|r!E)S{;p%tUWG7@V(bbkH1M)9R*?*loS*!Ay*nW!n)Dwk<9T(Y@vKxIr`(C==
zx3+Hu=5V>K$KJ+PXy?w5M^CjrYac_7<Ojzlg;~c~60dm^&V|7u5?W`^4fw>zQjyBx
zoMQAIWRjKBaGNIS27GPD%rvmSy%afs&xlVL>z{zujL?!=?IunPq4WA2OeNph&Ufnc
zi%}AiO5mZi)@QKykotGd@m9jU<D)KE@AY{aj1kV=?r>nBgnky~h&XqsJW(trgdU45
zZ}Q%kr`_qkv<t7Ln*S|Ka1>#O8LONoEE*0?<iA9YU9BLji|7HSyFo4sQl=USS`i$;
zHQb5YV<RU<Y3?FD?)YBM{1JXKNizw3(8_|VDo#RTfQ!=l2%EoBS8^Nnvx=_jB3NxI
z;&Y$O$trdsb<(DedCpM>7nHW<YA})P9_uAKzo6c8&oth1muZh)bF*=5if)cGMNXQy
z(nvN9T}K-&ZZ+?Bj>y>)jM1|$SaL~KC{Lq4$%7Ho@RisXN@%P3dHscLgRYBgWC69g
zyJJqd>pW_8gJKl(_#(rMF@h(N+`TtMe^ugn=I{<%DhqHjN1EdIRuH@9nK3h-*3uoq
zhR@*kbZ7lYkE`$TT;S1C%(-PnbsP#{EKt|8$*Rxe++QVtH<A19&RD93=cKA6lpdmF
z^^<+P`lc2+y2IB`_BOAjzFc4a4bIGEr)!nJDpAOz)(xE>xd(XiUfK;Tc_{IP3FxK?
zT=vbI_gJKYAelyYzCoE-(okxlVb((g=Tx)NWK_S`t|f%H&Dg9jn;B+fX%IF<+{aif
z6PA(e?@z6cdOz!^f(z7-c2OxvU!Dr<3hd#5iz7<A#bS!%d}4LW<%!9C1AHfmkz+Ws
zDxI?;*u%H)W{e$PcQ?f`n}Hu=h%I|`wt!}|F7eq{*AwR3NT&;f#~C-3$`Yp`OrF1Q
zKbWXpS9|%l9j>Ub0)D1<pz6L)rGg*80(7n*;&ANl-qs#vn1%-f$tCn)WO*MiB{MQ!
z#5f3M`WSD<3h0x3+2*$pqM$uMI;rd1QWgC5@P}USMK4@;Y7bIp9hobElpv>kM6dzB
zlnZKajZ7jr0FUAIwuQQVJDmH_FC*9R71$`F(g|a6qMx-ee)fvo&)L1x{d$yUF=Gjh
z%bZeMZ25&0Oi3$?4aUe6*GBg`e!1ULhD109&>l+Y#q@Br8sADQhZFtk^dF3?aPd10
z3f$X}R-&3N>1r&O>DCFf){H-GHf0Cydn7792yw-UWglx6XrD2>Kae_yE-R^5Sq)02
zxRV*k!LA^hveDPp+gIZb%{Z~X(8xGtpH{5jHcKtrIhCXnb5)zxqx+VYA7hKOI#}T5
ztV+ZgTj?lfoLD+)Faz+z%IgkKhcDezQCn!I^q(lfHpq^7xay`&oR$5id~JY)iZ4Ds
zKO*rAk@3yd`(mRvm)R8=pPq}WrxQKrD(iloI7k69Fw0f5#E@QZEWeLM8{3@f=e6aV
zFZNGm8QyP6bq8-Fs+}k#!I$*)K(rA=-#B?G<#y)?I3*>xBU<1)4RNgPV}U}fs$)R6
zajNE<hFK4lJ8VOHOqNE+vhurDN)_)Onf)mir++>9g6D=zuxxzx#w1bYbYQWXqc#H3
z>sut<0-HiDDT>lZTvfQH)p(L8I#=z8#4|IA`@0g{rxrfU%e*dK-8(&?mpC;$6W&w=
z<7_9lrlms|sW$~FZ8<|wW1DZrmuIDA*;3SEzMb|Ac$kqznn06KXb^2#|76N)q;%vL
zXm?)3HVImJn3+;miYj@U%bF6`-vsy#)2_^w`alp4Q<xI5!QyrC{w38?tCdg-2q*?Y
znTBNk{vBzaSVAccA6=$;7=m1w$fmmuSM2x6i?Xp+fN<+0q;&YYkrQq}Np=(9A!rsF
z9tb@ev<s5*d0b2yQKzT`OYREVN_G&PIC7nrUA<=KR)!Ywha`A&Nmj#rbM*tu-Y}@`
z-{5+uwig3JT40lp09N2)Ap{%#1%W^~7R109%|kdegg<R!qYw@punFHXGBd!}|IDnD
z>C4hdh}pLFHb%eT=tnQ<9a~Tq*!UKL4B=}aC<#g)0==QeAfQwVs-8g?BPW9juq6nE
zh1BHScStU9#%s=h^B)3n84Q8&`u`G7gFrhI21d_-Xc?I+$IecU`D1*Cze3n9xF;lA
ztQxl{M<yjDn80K}q^;#BCEyc5j7Ua$74*841c51?cJLr@Tj2KuDE6$q=ySuhgr#^&
z9MZRb>CI!1M5sR}hid7k`Z;_RA!b927~v}x<A(SPHPRMFwAc-)1xWF`HDUA)hB@P;
z{N8qj@_+xn<`893`dtYi3spz13?;G>!$paitw9AJ|NRbPs|ikhMdNQ1<Q>n!y#Md-
zB_X=Mim?F~yGR_AHSH#+(4jU*0SjDrrjSJ1cD`#kPTBl}U_!s|dIM@D4f7mw1vn|*
zt_2%N2fNMwAB0eK2$}~$eCR)jS)1D;puDzlWC&?x`~uZQ1GnQVEf6DQPh|n$fpw4+
ziTip!g6~0q^E@bCFaxBbkh=bXZ2yg>LK?TF&0sS4Yg0gsiZ>PVU-}EZ{kQ)9$qo?&
zkqI@r$v<I`bf`nnFkx6<km4;}0I6hX<mOh&*E9bRPq@EmS6iRKqyc_(tI+}K%|A4Q
zwJ=z-tcC&FcrKSP-S;@S{PuipcAThP<yDKfx9TqE%|>MM9KKfdDevmxZ>P66e~-E#
z#4D73;lib=ZRqSv{mo8Dx56jBU)7u^yE;u0oOHNCy&}ep8apJ-<ael-o9HpNWwzJ`
zZ8bp(^gqjkS)Gtq=#i3l{BK9mBbCTHzmuyfDy1tX>dl<VTC9@&lWtYRSLA7eC57-l
z%<}>=*|3#;`7~Iik28*1hX=sU!JmZ%MvR=i%Vxf6#=1D&ThLHfZgX9DJ%9eI4nMv{
za6+l8;DFR+{Q7CbY{zbpt!qcgWn#&D(f+hBWcfNjS@mE=G8nBmnim$n@163T+e4*d
zijTtrtr9MfDg+6?Qk5OZEb5h7e~Z+SeuT*K{Z!pBG*TIMqTfe>aCww+v-F&-#NU2w
zpmAo>h!qrB0PiMc8Y{uCaO9#}YC*&++LOOZu@OU7{pm0|+i&{peJi@Xx;+)VFS0&X
zPi(U+^HK<#u{5^9X*5{~#S2bz`3M!0Oh2(EvXL*8ohx4Op3x+j;kuI~`;BI}Y+T88
zOL*72Z>;46oJBTXq};NOYwAh&S*btB5c!fVE+<GPBC91O{F5k2@CL<MiGB`W0zXti
zKvzx>W$b4sQ`VxFt|$@PVZEI7oJ4#6m>M;M%pT8F`yLg!8}LdxsneBuXKIjMujgKP
zBf0gV&!7fOqlb-L_cBt*`zSQH%##9X_YP9pg@~H#{Wz1xo%vBgwArp`T%_Pw2pV5O
zcarxH4kHgOmk(H&0?adG7B=8le=cSf0G?hRDR%^8P3mF<7WhUU&M|#r3?gPRqT=B8
zvSQrpS4hXR`v8xLb@$uT1w9X49*FzT1_yf?;xvYYRGf0;^BSpz{D{Q6M3t!ht5zB~
zHO-cVg&)P<UUkFkag(hDX^Ml3!JWaw@7L+Uv5Cniq*NH@fV`nbv{&34Nw0**?jN<y
zTYvvXA9cG%G2)3?2<IqGC7uUw`n=<fuC-51+QW{E=ib~CP6`drc5(}%H7$!>a8C6q
zEjr3h*HNiWSgWZjUaHI>Twx*8-v;SI+TybZV2hyz(XOJ%Yr1>J@>y%%Oa$6RcVjE)
zxAs)d6r>DaXyZ>Bv`{fv5?idCNRUrK=2ZDcs%<mAF`90xXH0clmAkQ|Ld1j~T35*2
z4_d2p=gF$PRBVFd>*t)*6mnwu5qZ;+HZ>yECSl+pB@?Dv-L#}B7j*Gl?-5E)Z_#|I
z){>~<OpE1I4yn}WR0W~?WDs)zO<G^6<MylxxQqeK7@byu9d<S^K;Xm*R8is_(q&g&
zuvzI7)$8Q-bN(4iy_%@S()PM(MRlK&+-&5)9&;77MLpS{w^w#v#sNGdg`Py;tjB|f
z<VRG-1aXj}MkaTlQzYi=c7_XApA8>i19A^2^xC(SSO+;cIW=GMoBf{UU72to%q@Uc
z+?G)j$zd`+yFIlmdDG?vfit;p3c0Kcgh|1T>!N2$eEB!S4Pj!QMtk4gMSN(#dbIs}
z()3=S(uBNT@Y<;CFa@izWgMB05tGu$K1yuUb13|Nz;L!VE8TV5`fmq}o3MZ8Ej<aR
zyWvOM+oLMzcEyXy(kY&Hy+!p4yq6ghCv18QsTPwppv}AdpvFN)ZeJXp4d^64c&jNJ
zHFS5vYc0by8z@+sei>d;L3hE3E*tOL7ukAoPfgxZj#+xAXb6(3_-u1z|12U4bfe`%
zhqCMx_${-*&DM(wv8&k?Soh+NiQJG`k2JF)(@f=PEnL}4)f>IDPf~B=5H(^BhY>Db
zha9VGJ{36)Ww0J4lMo;r2<@wVMpV+>)&tvDJ!&iH`o!7^SD9onb&vM3XS79UoZ``l
zvFka}H9C}pjOLUOVDMdqd#Q|I9=Axlp_mA|?NtT+!CEreev0k&aEY(?kCj&MlBJ@a
zELoefGyhPm>Y=Qi^{%`;agQfX3@Fu8Yig11$_p8WRbt_)bJH|09!ii-m7Q%)!cXyV
zHC((C0gm!MZS<O_ky^vTezf^?f8#*QT_2apD37T*V(em3olU(>gc@q5xp!qv{?lxW
zU#|50Us2H%i0yT4x(!C)&Ca_o?@z%6wH-guD5+$Uf?F=_Rg)q=Ud^(5v`G7?aiBG5
zqJPaipx%L(Ulv768qsy~7T!`%Let*w`3kHK33Q+iQYNNelA?>MUdEGZWev6LGFQFx
zqLw6djUK_vVzRYUa?I;(0<TeTuINqe1$v8<=Ly<gmMUt$hDY9y3fdTdype@@AmHX5
zJ)UEy@avtm`|=uc3Fsl!RT|*{?#sB1i&2k{BD8m%I|fb~-Oyx8kJ~MnZIW?TxkytA
ziz{FLykT}$T)NO*ajAYZ=3O->8m8E9>?^;p(Bd`lE{RV~p3qDBEKm1dZRskFSPVjk
zeWE-#ylI`y{x}!^-7NWEc`e}l&u~h90c-%=6G+_pRTD@{d@lYU^DJ2UU;YQfJz<<V
z`BTG|Tk}8r8=y&te2NC~pu6H_j160;Jzv8e@2tL}xwo7sh7$sLMGPnUk9YEq=ktGb
zW!N74nZWtUWi{eEBuVjmk>^3FX7@l|892p5?$xGq4S7LZR55(9{}a2`R812P<uNyA
z#DK0gXjd@cu@7={&O%MY*Kf{bcF?=rwg-T7>*Fe=ahFe$)%^ah7NAzQRw7Uj{_IwR
zt^POuKO-}!k<iksJgfd)^s`NS2rhbnfzI;}xqojOTu>H_5e>2Lk3+|BNWlsiyxcku
z^e>+>0X(Osn02ck!&LL_u^Rt@yf~o`lOjT{PC-9Yc}lK{W_kX&zbE*$K4-8{Ov%ad
zREc*L{d<y?9$5Z43-Dn7k?SmN7jK;G*ZYX4R8&`+NE98b#j<0W0hPvBO@{^1Gh*<_
z74M_Ua&>%_vz((a-{yFzBMbsJDK0rfbSYj+WUPW*3{F|yQ#$hYMg=@Zo|nv~k!^-U
z8*Tc<t{)^fJ6OU0jJm|~=Xo!p^4XuYOX<e$Kd+xrtQhN8@b|kPtG>nb^<a)oZ#IB-
zu-9ugY4$M_?S(vaS_oR^_*`1|Q2LVm?f$?T4-1+p%n>){3@+AuKJO49vF9;7<NE-z
z#VWIc{-~dgSz+P!){;mqV#v}J#=H<7TFhxoE&bzF3kHl%tnGF}EcS8p`TuF-a3C0M
za0!9g4iO2$2Hgg8#T~4$KR<gy&Xue$1@S+I@*g9HI7peId~MY>l?AvM7nVH5NrTpz
zP}$z|d?w9eTg&mwoYqe*4pX8cW1n?1=1TAd_(fa&3^$hSh=09djHLJb<W6k5lCI`~
z;K?3H3MDe?o6Nb)`C4d`h5uy3g-A8N*z7~=F0kHx=toZbfqU7YZDh1F_UU##&RP6?
zj6X)oUZKJStd_CnVPuAuH2Cp~{UB2hP@X~+fmQ-)Z&UR-O~CfR<&KGK@K&0sX1OEf
zkV#y5&za36!d0Ku-#w!etpzL7l}XcFP!*37$cYUFfIp2y=eihSV&v+mx{s`Z-v#z;
z+pj2woUm#QDMEGGXG;c$_a41*MjaaNn1eAlhNkUk?GH|Y{eTdPQD<9NNXk}2pBqy8
zPDejrP!9}B$J{+#y-7F!=X-X!hoQ<r&ifX3{3%X-G;;fI>E(u$zwI!e-Yg6dGU6Nc
zN~0l2!Do0Y12+76mZH5#juo`56<l%7sJ^|$-+vl~)@XlgXAJ9VGpT|*&$tgUh7M`l
zR$YwsSxEU7dC-cEup|10B-9DUpa7|L{mLL0l)Wi0rT89(>R3VW75-tOu*$Af*Z6{a
z@)<Jcm27tW-X9_$Q{Oc8`P05LTa`30^9J!ztZVnXfsny5;>IMB{rHC|e|0vroF&8|
zkoGO3c{yhM5M;?9a|Q_qf)TdN>-&cN;Q9s{h?}cdsS<|G^JqY}j6fg`^!8CDD{v14
zakkcPd(d+J|E>c+esOaS6DBsj0J{(A>(-pZY4ZNYpEQPmLCxK&<*5`{%Rq*+tnTdH
zO?Q-^Y^s;?;*_T(1J41gU<~}$fPW?!NWNR7GSV)^a9{lICZDaezXJhm7Kqos&TXi@
zYdiwfzosjHxO0$Vz2`rG0Y;Oc?rGrSg#OheV^~~@0bhe@EuC$lJyS6;!;#31a)UG<
zlh-^ZQf=XS<(}r`R&)cT%d}i}KyHdKA;tFwo}VM8-C<{e_f0ACa<8E;-kq@^lUC$9
z<Y1&Vw>W&Hsx!d=gDZDz)XTJ=0fOvfXEQBwJm=5d=KpD>UeLQZo&)QCqt-S-b@!cX
zvRnKJ3S~Pun7c_+*~oHC;o_*+bE1}jm+MG<KU~E{++WZ%QpnuqVQ9b)F(S+-&`G{f
zLqvrVELd`=B8Bew;ZVic3}Elrx4(1IBuSSQKOI?i;Jw}kZl(uc9vaU=1`pyf?b-th
zy;q-1lH)s~Gc#6J;Bt#UVD{T`Zt;OsP<4G5B~9CYs;l`HxT}`U$^;>On|{skP^f|L
zoIO>I*2_DJWDgJE7^YBg2x<1zYYZ4Z5Sx<TT}ilCL7$5hJ3=N+$bC7~RMXSCa54iI
zDaIy2<c#3GF^_G%f?)=@D9J)9QaVe4Kdy%Nt|<Eqt-OQ`laF^LHYKYxI{>K~gH$7x
zoFFC-vKdY_!7>RGpZFf&6bCMAPoE(Q2FmEF9)X*?!G2Vh{wa6DpSNcw_#{@ep<z)+
z{m!Q}n~C(6(^B_dXCQoi>3sn-P71h_vFJruDemg@%`U9K=9wm)PAXQxh|}9*z2LBU
z4V?x5Q9t&hh%e2|5e_4x-DZ1$<H~{;7aO_=J+4^1Br!&ye?va*Rbtn9hXHXNQao;X
z6loTwuzEK3m0VVAY-0r$xejPJ3YsRc36IRR9|$xK-yifF@DT2CkVk+^pD#F5?!(aJ
z0#hRPu}fqt@`Q$rj0WlRw(jr?Z|7*%OEPl^>>w<JbYJPKq!Y$pE`K`HU_V<F{s|i!
zNb}kQ=v+3&2>3qvojErqWI6Vx_yE>8eyV6RA}b-Tp3UdZ%0m%<6xsCrz?F?#I)zj=
zHoeSwN3v?K%0T0t2%_1SC(1k#Ep5WXV-f7P)~3GmR=~^VO=WeOT4JvZxr?v@-&!J?
zk~U5l&*`j_a}T5%>-h9OtRj>4yo)Hna%ol4wO88{1U5UMNKD4Xk~}Sc-@JPtrJCe~
zwf_9_M9Y%xWv`gRO1k?~eCfS14=LK{Sz>ZJjK8LLexWiWL`aGC>a^XSS?<+QOnwu#
zeLp~+0B2ey^;z@Nz7*1FVmU&qemU!GcaSl))nKq(aR1qI)rC}Kj_5m|oFkOhhy6N&
z&COUnM*-G(E$5qB3snCeH67P^WL$ce;0dy6mO>Jp0uCQ0GAWn5uFj_(GYWo)pI-VU
zYH=G^&_Onr3#92oQg+*g-?3e|9E!Uo796a9=)}={XY<1sI3JfxT+jV=<)pstJJ(yM
zaV{dgj_8z3C+1c51;JQMGZ2r7?CMx8b0d9FO$wE_n`@5Sp$d5UoE0&$5(m-!3?T8^
zO!DnwR{?JoR0Bu1j$KJdOa;;m341<Hw-vP}O|VN53sx*x0Iv$4q?qWQ+Mw0#_ct!*
zl<_PdBWH(BAEfY)KW@Y0zOVrNCd0a&4R8^~pXDrom~w()YIdW(c^}eO$c31*51lfX
zB)u3g{GsvFo0~rM^WU2U9kkiNQ$g5#f^)o~GXb1ina+bBZNcT#xqFve(XNw2(M9Ln
z8l&8A-p05WRxvAnQ<5YL!1CuU8x0rrcI6kib5UZv@Q5C^x!Qis0k$&JvoYI@=x;KP
zScy0K(=G;9XYj9>6`M<S_4;FE9#}X1UOB0oQ^o=)ej6bNlvx|w@=|h}umm|<f)>tf
zvc=x%^RDVdR|_rnqO9;8)l`4HS(o%%>2sW*8^W{)$c8^Ur6}0!Tq~7!w*vl99CJL<
zq4A)<H;E6g3q;wyMuzhj2TQG{b&Z^wzlAGTWWS1w@oQ;1JmQw3S|=qUYoRm}$Js$n
zTu`YX2yaMeyi&H~q>MZ~+L1`J&;-v4`=LGb)_Wsx)`DoWkR?>P6tSoxO)xhmEKg=o
z{hSw_UQkGuirHQL&Y1dGeUn$OiUWK&)r5zdz+(y$r(X3$B6WUp%Ox7ZV3<!+(<e{S
z9*wWEt?NhU2>6ppg7$mSIc82Vsw`#mKZyQr9GuNsxl_mi5h4scQ`Z{+etOa+Mkyt*
zj1~CR>YotWIo}_tD`6Uk9C*pR;P1x$o(0d{x?HpPyGEziACI7Z*9qv3_Qx<k1(Z=f
zG2oeGZQKT~zgM>hZE<=;o;qaez2YOPl!^!(wYoSvl`1ISb1y>9)A?KZw5ZRJIj-+g
zK6(Ah(#MS2qrbj&o_E(9ZklH%Q!xIRps;r=Db1kmyZD9NsGe{Bqnj*HI>NEUYd1r|
z(dfK}N;xJtJYC3&v;Iq8=J)g%4Moe9iRwiVF*VWO&q3i&7AqZ`B%`@O=fa;RIYduD
z=!CLY5@h(+?V1|m{TAfOs`eBcgDBFSKI^CZfPiS^z^ftWIazbh!jW{^Cl=sf1;K9&
zXA`HEr24~nsR6@Rnk@YuFdYGPN5bgDyQuP_%;$hUZeykbuJXhFho<g8^yA(WZf}c@
z&XlVX`;XMTBbe#nI4De@XSJ`AKzw)!Hav3ZIvlYV-NPz-2D4D@kD17X4T=&0A|KG(
zM9vng3xC54*v6hy$Dv!eCZmp2y)(~0Y(yIB8JA%qSp29=Mf%!T(5K7y10VJQ$cHP|
z=2g#bubxiVOh)~fvsi6CNesG&!*`Qxd6NBM;8b~xh(E1tXdKO#cn#5mEdOCVqwhZA
z1b#q!O~U60g*E@OWwz}SszEO{r=njo!l)2^KITOI8w&Xlg<mC*O|RY2Etb1roHV4b
zBz6rZUwLdVU?@tA6OHM1;-E~C^<rNq9I+6!?BvL+Y%*{7xCeWg3*0RB--j;Z*Oq@H
zufEm!z6xyWh`{iGtlLizT7A)TswiE051{!4UHg)Xh^x*>1WpS{7|ulK!lIT}k=;cW
zNuj6Q?wd85$T=8fDpe5jYi^2qBn4TJ(=;x;<?P3-o$`{<X*5a|F={&SQ<iMHCoq;U
z+PCozN!=&*{U=iJ1@oZwjD6+0X70$E2%O;a)t?p+$2G)uUp#O~=GqofH!2AodB0q5
z7h-eCiH4Kc1!Ag`m(F`(@NPByU(ec2)x~%!$nvj(^z_v%>|*824<73~HE+~z<B!n@
ze@FU-Epr|z<M*CB>m4p}fme;C`?FN7l&om<qE&xjF*`!6eLUe3VlRM2hpX&y<)kcC
z{35Oui)M7ZiK|Xzmlj=^*v>s){?%cTvKT;i6071An{ogBM`kia!QK2(pXVcMT1I|d
z=ckCte)~Dy%{3KSo#7R6<3X!7TwuSBw$`r2S9_EvO@0eeq;`YGt#j=Sh1F~|WX14z
zsdCjGAWT4gm42JoIb(5BF(t5#jQLb#tMlfj?}@2!xAg9XpS9vjk51thcuig8vAVb^
zRH}`cqv(5N%#ze=iSO^J)}`a~F<mnv>fd5^lo`Bw(}WY@QXq1qEfp|N{UOxNkUO%C
zSFT_(c^8NEDVF%U)`*FTthT8P7P@5Q2uiwB@WhWeJ6nCP`aryrk4@*iY~;5ZMVDEL
zPE}%vpSX&99Z|?cQcH1R@uHv$=nw9XYPvm=E3Iq1nh+g4yaex3x5|()!QOBA@oa)R
zj@hW5zWzn1;bP~HYsK%_wFzg4i-NAA1Nsr8nxdQ(yAfwv#`7;Vl(S+v={2K2dg_Qv
znx?TLoU)(t!d0EpQ;~-2t+b-mmn{OImD&Lr^M1BDt$C8viWk?sZ>;gedqp9QCTX@3
z4FkeS;-a^W{_j#hfBN9t0V!e=t6`C<OyQ9-%B5#W>e`vJ-L7}qKCiTgV8V4XTMzIQ
z-MBe({v}co_--}-Bd)T4n%&}3h;DyvoQWJBKSrE<8chgp+@?9ff_`P!6@WSC5P7O1
z0i5mE1}f;<%_O`H4W}a=ptWcqdZ;5t6NiZ#l}epNye{eH2<jd_xN*mKC}5upJotgk
zsApQ<3`PNnF`6ym)ArhU+aX4KAlbk&aD9?S;KmEpsgOx^7U=?}Bk&gg{JV+x%NbXa
zOqlP=A{+<xn-jt%*wcseAEK`$Z<KhBMYvXS9tocH=ZTHZEqHH+uF?!Xm|=k~etqXf
z<k!+Kd?_WaB{po#81DV;Z;Cy0fSeOVm_}(0d03ALCr0)W0~{#*+ceWsTJ!VOiqP*h
z+=oKg7i+p3XuDjP-AW9iGOF0w!-_cN91~B<|DM%#1dis!hY6~2Np=vj-F++ISAm#5
zf?UA8*}fc=SeQ@Qy)d@%XZ%ivgH2;@DPyXQdhKe<${COAL#m_uhI0K{beVOsdDU|y
z4C~4wue9r?2}*Nn8<%IuEPCcrKokx%_2pG{84yGWc@ci&5B7ss4xtGEMC(Aj0(`o}
z`RC~vkz4(_5V#&X4_bsjML10UJb|#A#ZyQ?JYYX<s0X*Q{B{9d$;2oSa$*CEGB#T+
z_JC_zFz_PSDp&}5DuKXD=!u!!%=KVDL>VOPts)8I$4mYp;v3g-;x-W2gA&1dz^A8D
z-w%M_KbSQYYX;%EV?-9l#V(kBxU<)?$?m^d8Rk7$3fe}7Tob7Le{_d2@$g^bgvev$
zg~${8S6iDeUC#tU3;;j71$L~NB+TeVxy7tNP^9j*Uy1&-1Y*9>->yL&+RiArN!2!x
zzD*jSrwcf_KrZ$Fg&R+${&Z~*S|$)&?lY0sL5SSv)t+LTD`URSe@gu_+z-H%FjVkn
zgxcs4O3aEHxRJV5BO}eTYhx|UScm#!xqRF6cfKrJguLI!=s3vZ@$G+`50=_&3gooO
zeTE1i;dA{Xa_Gk&hX2V5)dcAYC@ry)ub^Z$up6JzK=!Q^5a%@C!M<}Rp8H80D^~?S
z*YmiCSCh|-!cSa1em6x%aZl<2;&<_HyLioS`8~P!<kRQl#!_}-?lHy=xlt98j;EIf
zaAQ`@rPZ0iu^eKtEona*EuBTB*&BhiIn7k$Y2Dv<Aglp|yLb*!W<E+-mZ&h0AE}bh
zTX2l<-=`3%PeLH!Ac_J#{ej&6d9sIaHV7Q%G`aH^o7;SHeSjOA1JM%@Xk%po;*XTb
znu3t2ItZD@hHhpD;Q{>kcCd;q^bI5j6zoB$CPq>P&&B^t0wElTW-!xb&aMMsCXgWT
z2}0UbD&aBR;3<js`=I*H+k-#Bo$b~Dc?KF5A_aEspKd@07ye25j~;G;d|(e5Pv)$f
zz!0Mo5O(x_ADBc+|Nko&X^*|;2RT|72SXA2A*l2b5+PQ;u}rzF>q_tdhNxv{KwJv!
z86iuBUFaHcy2P|}AGsK@Z!2%nOU%_acxd*yKEKC|Qx#zOnwOY(irWSch!laq-5y|x
zuee(dX`@5(UcQ9${k_v>6E<3TPPE@o?1@{SVb>zBo8t$HKtK*T42l~P3yrIo7niT$
z8}Q--<|sw5P<^@KZ+bH5xj+YHdgg24CngdDG4V6szA_NQ01OE_yi;a9ERcrjFW*hs
z6#2XWSlPUrFyQr{Z#snmo<B!@Jj0<HH){L;qo%tu&VNn}B?4et0v*b>dBS824yL8;
z`scLJ|E3D+E2K1E!{N<w<MS0Nv!n(Vr@lr~KPG;1^E?f~cl7(vS)ecXhn;>gu+a)Q
z^(Fo>j3x+@zd34JFvBFoujchXXNG)kl6{<MFy)4&Ye#zWz|0JERPYWCkwi(&k0%+t
zl;qtiOnV%FIgrOMmR@TBok-g3gD{c(+utt3f=&@PRC;2y-Nw7=X-MX`!dt@dZbxp=
z@YIPD1N8ovU=)*jj}g5`Y%IV%YlVsg@KAY6kb<`^tp59tdF}m-!9Dgl2m{97u??D-
z+1!U{ChtSr*Fr<_zlJ$;{}XyWX!2*YGH}m_R1jAMVe!rLI9VXB8ul+-)qZ?lz^wo7
zy%JR`R&cUm?9ur~P25f{9xutgZF?Wk_$eNBMa?(lu^~N5EPKrxMi|9rxOV@gW}u+x
zUF%&}6P-QzX6v=&h8VHIjg}zfV7_8$ry0z<rE~aW)B#cV**Zy6(j+(=9V7OMm!$fb
z_$u@pH`9Gq_f9p01lUWePR^_>R@WteVSOK2iM8q`mmR2RbgID0Dp7v=WjEbk`#vmC
z0WVpBuEdf_S6T}^6dY3r+2_r$&lhh`OvE_Jl^K0{4lfdqA{4<7<`z7d^%|1D;TPqX
zC`cL_BN~fm?Ew&il$0qqYk-fkFUO2iwMa)au_#BRX3F^a(fcj(o8~s?EYT*XqY0LT
zow+3yBm)G*t))?Xq!z$~4cR{?Sp$$c=7Ht6VGmKZh?<fk6|a#SOJtvqD<uRF%2Nq7
z_#Qc3(KKEmu~nHIQ82u!31jEtB-z8F^2Qh!F6szhn60|5f~E>OY2nJBv6sxv(o>f6
zr4u<Q8WO}DX@a+V5ykNIkncU8IHw6^)5Pb^8}%bYi-I2X$%*Q^@BC(!t#-U0O^DA`
z(~nX{=IlmRCygs3rDOKxM@_w#cgwohGeQEEC$pxzbVug&&;u0@av+}hAY0|-IjZY!
z=1r9%2x5KP<JED%_kJJMp5rdGOWsMkAcK<L3p=Lv9UJs(o}ReFn`5SSh~mgciBzA+
zx!tU7=+hh127XR{8@6E1K6+yL`ETtx%F68$o5?!8_OIA??zuNlA7#!%3O*$n_ULe6
z??lYFOx$X5xP&mIkbUwD+VHB8KBC4#D%1S?$%HME3i!rc6$(^1kF;BBlYP$kKUn;5
zENnW(z@HX*vMaxwhEi63SWG*4fKr$D`qRvlyE-L=*Cz4Y6w{nQ%+hd2)?^m7gMaFZ
zULTBFphQGyWXdJxnx(HV#s*OAdy-x}PrBL~Nf^3jRj_fuSGIycI2>lRR{-2xrXAc5
z^dts`?rd<2^J3m>Y#h1R0+cS*RL0CNTB($sRr{TR6ig~B7OsgI<nW(N84|W-@2nt@
zNd^rg{0O%e(quyKL5hT%hDlajRu|QNT&f1o@8jj_QV{Qm8K-1AMl25tgnXBNN1d&z
z490+GaL!j^#a9uQ#WE|FA7t4C_nH5m=%4WQ_sHt!#U3z$D=Q}kVAdoOUWRit_=O5D
zjr;lZx#2X#UcrI17;Oze<y?U>50z3P$CKbh3ejC}PPS<MR#D#GnHaC8a+u<nlIcb1
z8p+*%9w+z>8LoJ!!?A<^WZ;YScT+v}k*WyGGuUj|=PF5#EAW^5g~saBR;9awXp=Nc
zDdlq|7QaZkfJ%9H_25kt9C(VLLnEr3Lzd%W34%@rW(AfCT(roldOdY7C}sk@H<A*2
zaXI9Bd+aOih3<`KB;0GP9+TMDbL~dEK**@H`KsP(kK{h!UIlzDe-w-eot$KR#*^?N
zbiC#ash@tswZUwtfy1^|k*-u55+$bnDVk?p#d0>XrEgh{ERZ!DQ>SEiwcEs9fHx~K
ze>RtveF@!f$O6RFz?JkN_k>-hB>O{-M}FnnRkxP&CFLVVGwc-(Cv06(ozJZLewHHE
z*yQ!~Kjg9n6rJurByzNRBjh@>mTp~xhoJ{I;tAzHxhO#LuQvl{`VqwL1G|3RTr)Cx
zYDZ8D&GLASzlU|U+w4Z}Dn*N&cmvm6tY>_5N=PMLyNR;|PrafxHT(%R+4w7<Y!oSd
zNpLM^xN9TJw|N#>*kY|nRy|^(ZP-rx_N@+#n^q&Bqhp8}Y*M<0D~H?lWv$ncdP=|K
z5>R|j<ge$2@cV_npS~y~!ey&jEBgK61NjsFmnQ2kKVTWZ_(RKJcYwpr*<Jgp15W(P
z&b&=6#1DS#ySVXqT^OA>FY7W|El6MN>M$-((&rO%k#)PSI^PJWFb}dZF)<CU*H&Y1
zv41}2DjBJOFjPoih}WsV_BKDDtLE{&<3V;W98jZ$RX5tha5Wh+WeQS1a$>&hh&b*@
z6r+^2dJj4kbH}Z&Q{WrgUDXLXw}?cP8xk1hc{Z4-BA4Fdq%kp3b_lKWy#llMgU<~#
zhBxk88WYO*B#J7)_tfUBq3A~C;Zr)5OiTjju3fsIce5IM4S&NWga(UE%gru`i%Y*j
zR9iz<!>jMu8HQZChAOw7E+9TIdD6aSm$df+Q3!O=nT}B+UuFM*XZ7uiuKB%FtN*ak
ztJD!3F^szGecsfsG<k3=%b0jAX_>brYlham&B9$$?mQ8j>{*>~NF~nlrh2<DWmeL5
z1ia(eJK7|F`0|IEURjBV#X!{epN0KwZIQXZ6Q5W`ds3V=<`Q=eu7^~^eW!o4;_JEU
zx>hE5*O@*@?WIP`3^-W&RbiX3Y3Xl|uhs}21-RGsZ1DXqA$T|Zn>dcsv*ukZi#t$3
z;DVIt5l-i3iI-+dU8e4-I{V72aqe&N-$GNf2dnQrc%x!mW?RF>hZ3tK<#vwOns8Hz
z!kes)#h!4qnKQu>+neWZ#VQQc#MmE0C5`f$-ib)}X}vv2sk^hRO^!XigEv{znhBM3
z-!L|@5O*{fW1yYCZ0{pB%mJjT_I*QI5fO_?m6hfL(v-}>ijZ={?l$}fQHn^n`eP!y
zq~h*BL~h(YsWNA9HJct~IJk(Co3Om6oxV5At3{9N28#b#&vnXET2zAJF=n0OY62!4
zN4qi~jCYIsUC~4SiG4nJQG1Ha`2wVHtk_$i@U4leOmw<93a~uwop#<RESV%6ldX1(
zsPUd=VV5Z*LaVA$Ec|jb)CpBI>;)fRo~Ib`@uOHgstICM{d23fN*9jDfOp6D4zi(`
zL7AgAX4)>Z{4%+P(z&!ph{Ah!`dH=97tVWpdEFf&+%nE{=W&dL;fz1>zKne$Z2U|w
zz0`Y?Kn%%<)2>U5a@h4D|FaaY<6_&21K%ePb_H_Jc0Bs{`63a{y>H;uO&yLULrQ}T
zD=H}+*G~WG`1<yBrK}d4JH)gZ&uXlkN8xU`j5)kJDaIP-RSi$A>X*4l8(5zC_C%PX
z^_>_hC`35`u5OtQ0ChKFL{d0cTiy%T?2D2-<555pW}&7inCIMcsh_YlAtqB|1Dns5
z7dcmpz{s+E2Cv?&T$z7{G0b1Leu0~JUJ=ofg72%9KU^*LD*7RolI@@+T-6V%WYR^G
zEZTet8!9OtCsysSH^S|VQo&EV#mm;Gs*}Frs^NBO50$hpeL3Qq^SVDikfM{tTP|t%
z-GmrcP>e(0l|&_EDOC5z9|m%og}l5upTep@5aVm|0f5;EL!EtwY0h6AVnz3GOD35f
zuRe7u=ulq%UDUnh^PGTO(W0`v-3_YA<p$PU%fo@AyjmQ<;b2TxbBRYa-4fkBadDst
z6&bfGIH<jCiDz+J3wI$7BYSjP+6(WrigOJIfZ$+QHSVL`QSo5f*E0X?mFm%>zzut`
zGxl!1@L-QbB~HY6=9=(cRCs2=n?WThiUrJo!`h+sAh6Ho;1j-$0|$VbYs<0Q!Bh53
zUpWo}%o#l@rl=(MxsiJ3>%<!h^1;tuj-4##e>wOnVWBQtiV}e7t(f1Tqn{vHeb~_a
zVOi^0l%l8J75i(Es9;Q=@<-TJL12vMEGi9^{9VC<RRh$4kYBpvIefFcPo%1_w+DTW
zb6$`IKYi8R<rcxwf-GEi;cl4bKp7J=(#9WUf6hw_Zxm=D{Jw99j;kvvJ%Co1tXoV#
zp`?4~)WqH_HH4p^+UIM?$)}YU2#tP*R)7~*Sq3<`f#{*i%cibtgO<Cb(wncP)a&C{
zC!W&sEX?Z+GE-R>dI}D(x#h>|f?N)*qWkUr5s8!Tb+l25)Xllqx?<&IR(8)%igLvM
z(}%n4x=-<97GzjJX4lO%Tt$4kd=;JZ87$;sX`UQ~<@;Q~&t@JS@&2PLmm@P>y<!lT
z90)o$9+>c@N9j(SZ<-}3PBpERsctV=v<%Lw3=q{KKed!crCG6%6th=$vfO=CS0br7
z{VHF=Y^3w<1BZ2Etu@7-d#5P3+hb44LS~q$ie7Zpu+w??X+Hv<aA;8b*@+vZmf}T)
zj>-8_*Rt=zrymqf+Fj=a-VYVtLXUVw9W~_1SS@fnFn@{r4dN_M@_pv!fw@H!Go?eR
z!5FjbT+5htmu<znO^E8A4cj^orEiVRVf`Wg>#K<KM8We!w?l<EM7mbKN|_~>FAURP
zrzV|p{{zktF+I>lR42wZ^A=swy?u(3?0<Jdu|h1(R0%d0S1g_9r}eOpq$<cT#-KO`
zgiT(ZP_S}^m7eUoaGN-MB&Mfi+%EBpo?VGJ&Gu$NdxS{j!pX8>(?=62Rtnd8QY#&c
zJ061*&CrfFSG>qy*k{A8yf?kxz@un1ALS*5jQ{<`?+dA(?Xqv&InVy?N05xZOK$WT
zoJ9fFr%Tg5pDO*assUbL{{9%ZA>pnvn8+Ekt6#LR7#Zg`d?7IeQ}A|pox^uZrm~tY
zXJNM7Vj(ncOe399-q9)jMX1Q3frv3`e0s;YDP-Ev%7C(>V!N?=73MzddDqk^jbV70
zz;CHd47$~~EqDrFXG`Q9)V3PSKuy~<ziM@L{x#~HD=*9`H(0O|w>Y8V5&|Qf$)9(p
zzUX;usXsNEInn6EY5lP9nDJhvK?-kZ1WWNEUQzQIELH_(oM8ffJH7;m_Sn%dj%#}w
zQ60-)nPiU)raf&izsi9|Kr_8%bbCQ39bf(EtU?uCXu{!MQq8#dWKr~rZg^)@UtBxh
zL|#HzZ(sPw)%oN>55ke3&gEu^OZ&34e{kU)u^8{4VcAEbJMWDz&zfpB+FuQ9u^ElV
zZ^Zh-o`SF_(^Hz@NlG1e7IEccBw6Z4<ot<KPMRp2gAF34eC4-={2XI&x@y<-`&Cfv
zugY3?mxRLd573iE#yZb9UnFAOGhaVX;~!?0-2Lsi_bxp|_BRnqsqyf;cOiI13o<-F
z#NBN7jzP9#n;MOM(pHdjRw?&~eAlJ4OUcKpON%Epua8`^3eNXc$GjS?j}`!fo!q@X
zt@zte)#793gH*~F_6g?D=))403K~0lj82^TNDU^xRLqVr$yYy`l<yn|>z2vmn446o
zU+U<(ck_FN%U<k}FDKuH!yawfh5>Ptp8BHX0Qbu}{9OHahcNG=I@@+f&9}RoQ2Ape
zzZcU>`oz9lgpQBt^!%Ex{B8UN+X-w`DBg9>A*i$gC&QCNZ=L-8HY=okqVmce+VTe2
zN63e{h){7^8W}RJ1sh^85}ZU4*SekXk_}w}HEKFkmaCjq{O3Vjm`MeW@_kVNtgD~~
z44PWPh25n!m{80N#k%i2xPDB7K3|1x<ia=e5JFWfLi8UV+A0VNC%NOvLMi{LdQ0<b
zU;)NteT)*WSF)O;pLxUsoMsp;fEk6OvrS>jIH#<OFF|fIe9`mZCeRD1r+-)h6~_fK
zL~#t7Pq#<_^Byz71u{W17Wf}SSbvK{iIno!zg;eK4OoHcpf5w??u1QRsg$-m`NK9S
z9uxGDrJ!4YkeYLj&vvj%Kuw33)YDJ_uLQS<nLrXKs@j@M*Gk3NHD{x^i_>>g@sZa}
z@CuEwqbZn}A;}d24DN+%DgAoe7NS%gV%T|N(kmPyPcOb4XTcVd`xV>GZ9LC))*i2L
z_>14^-;zCxiz8<ASehtiH`IwOJ=Q%0MBhea6Gt1Uty&-PVtHyJ6iMZ)E|RO((WcWs
zQk5-o1l|reKZCly<u|JFqr!D^Ritq>9-;9XmaDg>Mj9q{o?_%H?o7NcFFiqTQGJC2
zw3ZG*Y+wlN0FWk3Vg0^$t@@CK^<_s97X;lO7fA<(r+U?<6HIgt8}U4fl&6czpCMbT
zr};hNZadh1Yx^Dtg9{%nTvGimV1CH$^5ItoJ)Z=@?@hT?Q*T+GMLmuE<}aae=FFhl
zouN(-3)wnib2ZUp$oJ>Gep>Htv?zD&cDf3uL8nsMM+q%WwZ$$BX(&7QIC!6zgZlz;
z8%hJ>8A|#vN;>C@IVy6fZ9Fby@=|v3!4wnrzQCg)n2-4`_g~`5U&f#JD5&jvdot>1
zPr~&hv8k4`3$DtV6{mDkp4^{4-;G<Ta&e4xKsos|=enAD#=YT`RA0YuV1TaWM=@7{
z|3Lk~D%o;Ou<oD)TXw9A3n-crdms8<0#w)U5Zkp%3JOJZh`cVzQ;0Wj3U^~EhBz(x
zFM_$W%B~j7WdWO^<6e_?-3onf!|||{TPdn4q<aRp%n?&o0Z!?0dlAk-wMtd|2hflr
z9ssr<1Wvt_%1{2XJUK{tW49r<dcu&HZ*D(QGnk#YgSdDx?<Ef15nv;tsU6m~EV+6$
zm?pe&hDC1di+2+26B4mAqOyz>n)z!zxmMy&tzBPmIp9szDLvxUJ-6r&tM8_biT#;x
z((;6P6*C-dPf%=4e8FIas=7;XL!!MVpU<jxhjZEmIPVD_o;QBm7L8^D3d@o@jNGnC
zP<lJ!te;qS>Ltvm+&qMqW=ec$BTXYk`*#njzAF@yjg^%@W<Ini-N7tGd4$W!kJ452
z|LiQzbpG*E+OsN$t~6YWc#J~Nn3sWV&3j6i%p=o$tq&QUAvA%Pj!kxbrEnc$r7Y!0
zCE|MJ$FtzRVCNCVPBJVCtA-pjRUDFaSo%`(6r0fdT;x*N_|Q=?%IZ?%MIE_GVv^tQ
zTf)J(9fM`r3_hZ(=)NCtR2i7^5&F;fP9o!#?m0cr2uA=m#ERU?pg?I@glV=w!x2D_
z$Ubv>FZF-4cJ1*{ZF^kTxtEi7r#Rk{8c~r#2&trw#`HpxM^WddG~?AS<JH5v$5BZU
z<LG#2CNylOX^N%?=HL*;Ad{kGlZnBYnY;ELJ<k2ybMHU*^D*{bzqR&Szu#}I^;>K2
z{rmp*Bj(GsS8FbhK8y?6l{M;Y@??9xx+(J9aQCVZ-@xivuN~(>-4{{Y%JWs_<*3;p
z>}da;)uAJ?aL>LU#;bT#*@2y5%gk1aIUy1eVK9kYToIwMxbxvS@jRSSlkoB5_*l%R
zjEK7Y_HJ%gX0E%)PTSt;y2aXuy-Tl<RUyorsR|;DeQ3_hn%ufvSbU3)dQtTIZbf#q
zVdhiY>aE-e?!C(Q=eEUWXr#dc=PLbU8aLMR^s>9To#veZCeL1o&54B@QyEng2_~ss
z+28xgMWG7$!gLIN09VOhM`Y)>4+QQrg$})FF&-b?!G$*G2WVYe0O6+tFVzkdY~@zZ
zOw~S%I(6g`lWlnw`53#VJWU+ZS?QfBRG5}0-(uFp52^u%)xfRE25x61JgP8UQP^HR
zVP1HPVC3t-<3Bt5%5%*hDZ(m3GC3$P(84w{mumBt9i8g;$8!11^A#>Uag(^FN~wF#
zjZn{@wgfad9d=xdcz>-_VIx;#_CwpgG<@04C+D^j?zkGMSt(}S4KqdT4VBWS2a|-l
z$s6BTwH3Tb6=qO(oL_bz#WgadQ+Bu{+^Zo}JA^itYP$47J=6sZP9=^NxSpqsSxer1
zUpBJ=mopq>?$zh;+r^UYKlY|)9w{?FYU~xldK=+L3=JA~88)ML^G4mcDlZ;sa#ndi
zYfWV+k9HqQx4jK_&g_jUR})O$%(Q+dd&S{cAJ~h3RdLP<%Z~Iz!-vxLzq#gryQ3sL
zn-ZT{RUU4NXi^%+*U@waj!ziuSg03X{QFf6NVMXYDqU^oDmfe8eajU;Y2K^gIrLL-
zks~fkqt5$H$L6iyp7(Au_w1_{KmV0s^1u$oolzGo@*)$XQyA2&<Cc3n-7;XM1DA+U
zzK$q!TjacgVuOVc(_t6QVWn3#4v7@yzpnZlx#jYm<>R`Biy}#v7M#2#1jUX~VaHv~
zipw=3t$8`hO9Xw4zh7^+I*`)aUgVv{-?la&Nk|boMooC`t&bW)&1~*3>}Y3dtpnQ!
zmk-~GXjQXwynDd4tatTk{%PAoh<kRv8N>)mJN~BqNW@-I(OQP*_#>t}#oNZ({zmZH
zh=W_gr+kBP1yAs2nhJi-U*jH<;Wo;S_L%rEWWrI*>NE=8wCtAe#q}#zcLF=Iqxkp$
z-o<5Ee`U}z=OEcf_EV~7=^S8*fqew?T0pYQ{5dnTaXGib|Ml2An7I1;F*k0bNXwPX
zZ*Wo$ZdfTfsP6yA^CfuO$aEqtN@pO2k;4nJ`IXJW$zL2HDbX9+yCbONI?8%ppX$9W
zK*4L8pbLCWboEcN<B7>bO<wBDjg=x!F$jA4q4@Nw2G=bEr@wEu?s|(`Ii2s*pr1h1
z@2hUK!XK~Z>HTJUj6fjoEqcsZh4%_0+%w6%%hS8-@eUUk99BF(qcN<>J(4oNw4+Fy
zd>&qcfELhp$fuJSRF1_$UEQqN8lyE=vTS|Bal(KA*RY-9Q<lLB1lz`p+Jm75M}NH?
z7-^*GbL-a0j;onELqjw4{tcW3IF3X2RFhHprD}TgYiii4BkwmQ#2aJ@)v1S(bGVy7
z6f2_(%GV{bIc3G|+AI@J;Ne;A(@a<88+^+k)apnlvBC!K*=5^|JiF}=?O&W}K(E*M
ztw~{Ouwcpn81W@w6AMgvY{+O*K_OKuoFnLcn>VRJ-pu2;UNBaB8UKw?^ODJ=;6(}C
z>M1RYj~DZ2x?k^FV1SA|XN9)%a&BKqETwJFFU9XJ|HLbz<*!Qq=6a`Oa*M;=`JM)N
zhoBXv@3dz&kG|M}M|nsR*8U*iU0BSXy#`zZK$R$KG!Lt(6*WrVlBC=&0hyoYC7Ai3
z`TtBu^RQn3D(IgtB|9Yx`)6iaNwI_JGcz;%o^tPr31L8a<;ST$Ov7?A#s(pNX><Xq
z&5UGI!^BNQiO2G;p2qU)UB)3SBa0MRqXO0-${%>MM<xy|?~9UOqOF-RU~MAJQESs&
zAE4IHlLlxkOB&?j;sO~0A<@T@sHmkoxEHEpKROi3&2_0nk|Jy~*<AIYC^7|>6u{m@
z$>OT5Tp`7gb!Sb``pEYmIJ;eX9*RY^gX0XL&7jEqB!60@&@(5m5Ik9I7R+C$PH=SL
z#=3&aDbs~VQ-wMLVHU^pWOMS=t5d@C-upyl=l21(4nHbWIPu_(X@P_=kx`2d8E}`b
zl42*r%P~V9cM}tP_3&=?n&MIW;4{eC*0vTqJ7i!Hbg#zG`W|aoZuShiZb}7dG(|eP
zRoLpujIFbeIW%JNh}Uy2(`x{E`S2n6r)FzLh@s#4Ub`|YxrllvI=`nl)tXou?1**}
zItqZ=3Smhe(}()#nyO&9wxMb9oBpiy4uR<<>z&in@Y6#$#5#P1xU8#Hx8Z{vXM5+c
zVY8HBbT1ce!|wS=S^9|C_gjgd2RZf<yEpkBUG{2*-`&^SbL~$!jV#ZPH4AN2hRe5@
z{(;^y>}cWLH#|CuZf49%;bHEzsa9uROpE1B^_qpLBNR&YyR{mxeYs{`T4M({jq&+b
z1o4n2wr7l^;}FwOcd!Q&yjdtPwTn0@ih}OLeIzBn#4C7}>{@8*m8O~*!awognR#LK
zAnW(usmWSB?EdYGu853)p4yhz&@?Y*lJ%jdJV+bTc@Q!d61z*4v&(I_U#^P3u~tRk
zg6~x3$))c}ElTpXST_&1`a8vnhcWZoeq|(HPHg$5_~;L|`Gi+;Pd$3FCA+S!`|gbR
zoe#oaZM9V=u{Bp1%9ThMk*}*&CmXciL7v?W`{RZFE4eO};&I>wBt_R)Ya!2NS33$a
zRPNudvtMP-^egkx?R3A-gh&;Ng4rIDKGN>J328<^WOxkeColN!%5MHFd~Ccm5`Hq3
z6F+u$-({`CR~~lp+UX=pI-zI1j@L~PQW=A}<gDP9;$KkwSnDDj&w=mJoMhx&w;l4+
zM_8+x>9{X1zT3_T^;x%<<vkuTP~pS61M3|3&6Z`*9F#i~g?WR8jTIPL4FJCFo#DYY
z7&l<Tg%aLeZWF!l6*}uA+B%4~!o)-pD{5lk2D@15XrP7^*V(f?ks*hZ*4+BvkHvT#
zmrNB=`E6%!u_R?3MZZ7RPaxZzo+x}4Uge{A2U-jKc~Bf&oxKyRLfA;3AEAkKhY+6x
z`8_=q6*2BvlqnLC9M5MtO;Qq`>sg{+E_U*Q3kl?jABA}jhDnYJ2OLTT&`saqLErdO
zlIbDdCnm|UOh1v*p3jQC4zgY0>iw;$^QB-pHAD#ti4qU4bKAp_+@Mf&(`h-|^&M)F
zvHnl5qAd35tUkG(0-#1C*H#uDIYh;PTuZnt3#dypibi<CSe*-}frbV_g+_zYNPQDN
z$KF7rGGpEtpuoT7`I&I9Gy(4p08b?!bXLCsz*%V|LTK|BR1q5S=1-_13|ED^kx8+h
zUl3Rrz!m(HhGa+mdXB`vvC#CSOV@{yeBis#*q;*!(3gd25H~Ty41%D>zDvSSYS|Ox
z{1~gDP~hb=6bj>PN<oQ!w?>f|gsYJPye>eyF()Fsx@;@(vj3~U0u~!b1_Nn*6&N7r
zum~qoC@@H29NN?KG!}i<pBjQsk2encGe8TK3l;RU(xj*}sY2&89Mw~GT;b)#8s<`L
zU}sO(Ol){|qUo%+bgUhrXox!d+LqFU;JX4cy7B^}O5h<ODYd4><huGYYg*YPvx=t!
zd*UvhBVQ(4)#?7TiWn^d?;p_^;eb&Pg&p;kkj8$;=B6$n{wW)bP5=YGmPo$*5`fx3
z>JA9K73zV;8wZ|EAP?31Jak&4mjb^AKt#p*l8uGUM|JW!dpN~+4~#jFDa#8A8a7_7
znM+{Gzyj(6RsetKOh$iL3iVZ)OQG#yzA>mNkquuh9Zzv2!tJMqz$egl0kRDNFzC<i
z{SS7)<OA{Qv8q5*yAu8{f^HDj>E^!dl1%t~%B!P;*V(cyd%Th?^#1`A1QM8VfG;4~
ze<k=RLX`rUuA--geZ4Ze-$R09;0_60`v9lF41hHdePRKWj}d_8QI}4cxQ=+nOR|hi
z%NdeDO-jNFgZBRN>NvC9A?LTg=z!2NRoMBq9_?I^Ks6)n0MH$OO~_5{KR&6qL3@$c
zK(}`8l71vd34l@N+CzEz!Y#(WgbpRz%ADPx`giuyq9Czk_s*Zw0)JgIX|vg@%^#I7
z0m!!Bn#*K@D>W1$7qCG<NoZaiD(;V{sOZUODs}>>I_9jmJx68gb>sG0?z2$@C*S@(
zAj!R=_urR1+2-!<exWqM?tx>XP%NaCl$1Pnuh)G*g7Dx}3jy_mV+rV;ericc5G?Bt
zmxA>22oHX!NnAgYxyRj|Lj|R%XhmonKHzA{ooCJkM<oD9t&~x?MpfTv{~mm2UPfk{
Mv)g9sM*lPa0;Lx7a{vGU

diff --git a/doc/development/product_analytics/event_dictionary.md b/doc/development/product_analytics/event_dictionary.md
index b049db21c30..88cb75fdb83 100644
--- a/doc/development/product_analytics/event_dictionary.md
+++ b/doc/development/product_analytics/event_dictionary.md
@@ -1,32 +1,5 @@
 ---
-stage: Growth
-group: Product Analytics
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
+redirect_to: 'https://about.gitlab.com/handbook/product/product-analytics-guide/'
 ---
 
-# Event Dictionary
-
-**Note: We've temporarily moved the Event Dictionary to a [Google Sheet](https://docs.google.com/spreadsheets/d/1VzE8R72Px_Y_LlE3Z05LxUlG_dumWe3vl-HeUo70TPw/edit?usp=sharing)**. The previous Markdown table exceeded 600 rows making it difficult to manage. In the future, our intention is to move this back into our docs using a [YAML file](https://gitlab.com/gitlab-org/gitlab-docs/-/issues/823).
-
-The event dictionary is a single source of truth for the metrics and events we collect for product usage data. The Event Dictionary lists all the metrics and events we track, why we're tracking them, and where they are tracked.
-
-This is a living document that is updated any time a new event is planned or implemented. It includes the following information.
-
-- Section, stage, or group
-- Description
-- Implementation status
-- Availability by plan type
-- Code path
-
-We're currently focusing our Event Dictionary on [Usage Ping](usage_ping.md). In the future, we will also include [Snowplow](snowplow.md). We currently have an initiative across the entire product organization to complete the [Event Dictionary for Usage Ping](https://gitlab.com/groups/gitlab-org/-/epics/4174).
-
-## Instructions
-
-1. Open the Event Dictionary and fill in all the **PM to edit** columns highlighted in yellow.
-1. Check that all the metrics and events are assigned to the correct section, stage, or group. If a metric is used across many groups, assign it to the stage. If a metric is used across many stages, assign it to the section. If a metric is incorrectly assigned to another section, stage, or group, let the PM know you have reassigned it. If your group has no assigned metrics and events, check that your metrics and events are not incorrectly assigned to another PM.
-1. Add descriptions of what your metrics and events are tracking. Work with your Engineering team or the Product Analytics team if you need help understanding this.
-1. Add what plans this metric is available on. Work with your Engineering team or the Product Analytics team if you need help understanding this.
-
-## Planned metrics and events
-
-For future metrics and events you plan to track, please add them to the Event Dictionary and note the status as `Planned`, `In Progress`, or `Implemented`. Once you have confirmed the metric has been implemented and have confirmed the metric data is in our data warehouse, change the status to **Data Available**.
+This document was moved to [another location](https://about.gitlab.com/handbook/product/product-analytics-guide/).
diff --git a/doc/development/product_analytics/index.md b/doc/development/product_analytics/index.md
index ab76d6f0561..88cb75fdb83 100644
--- a/doc/development/product_analytics/index.md
+++ b/doc/development/product_analytics/index.md
@@ -1,182 +1,5 @@
 ---
-stage: Growth
-group: Product Analytics
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
+redirect_to: 'https://about.gitlab.com/handbook/product/product-analytics-guide/'
 ---
 
-# Product Analytics Guide
-
-At GitLab, we collect product usage data for the purpose of helping us build a better product. Data helps GitLab understand which parts of the product need improvement and which features we should build next. Product usage data also helps our team better understand the reasons why people use GitLab. With this knowledge we are able to make better product decisions.
-
-We encourage users to enable tracking, and we embrace full transparency with our tracking approach so it can be easily understood and trusted.
-
-By enabling tracking, users can:
-
-- Contribute back to the wider community.
-- Help GitLab improve on the product.
-
-## Our tracking tools
-
-We use three methods to gather product usage data:
-
-- [Snowplow](#snowplow)
-- [Usage Ping](#usage-ping)
-- [Database import](#database-import)
-
-### Snowplow
-
-Snowplow is an enterprise-grade marketing and product analytics platform which helps track the way
-users engage with our website and application.
-
-Snowplow consists of two components:
-
-- [Snowplow JS](https://github.com/snowplow/snowplow/wiki/javascript-tracker) tracks client-side
-  events.
-- [Snowplow Ruby](https://github.com/snowplow/snowplow/wiki/ruby-tracker) tracks server-side events.
-
-For more details, read the [Snowplow](snowplow.md) guide.
-
-### Usage Ping
-
-Usage Ping is a method for GitLab Inc to collect usage data on a GitLab instance. Usage Ping is primarily composed of row counts for different tables in the instance’s database. By comparing these counts month over month (or week over week), we can get a rough sense for how an instance is using the different features within the product. This high-level data is used to help our product, support, and sales teams.
-
-For more details, read the [Usage Ping](usage_ping.md) guide.
-
-### Database import
-
-Database imports are full imports of data into GitLab's data warehouse. For GitLab.com, the PostgreSQL database is loaded into Snowflake data warehouse every 6 hours. For more details, see the [data team handbook](https://about.gitlab.com/handbook/business-ops/data-team/platform/#extract-and-load).
-
-## What data can be tracked
-
-Our different tracking tools allows us to track different types of events. The event types and examples of what data can be tracked are outlined below.
-
-The availability of event types and their tracking tools varies by segment. For example, on Self-Managed Users, we only have reporting using Database records via Usage Ping.
-
-| Event Types                            | SaaS Instance | SaaS Plan | SaaS Group | SaaS Session | SaaS User | SM Instance | SM Plan | SM Group | SM Session | SM User |
-|----------------------------------------|---------------|-----------|------------|--------------|-----------|-------------|---------|----------|------------|---------|
-| Snowplow (JS Pageview events)          | ✅            | 📅        | 📅         | ✅           | 📅        | 📅          | 📅      | 📅       | 📅         | 📅      |
-| Snowplow (JS UI events)                | ✅            | 📅        | 📅         | ✅           | 📅        | 📅          | 📅      | 📅       | 📅         | 📅      |
-| Snowplow (Ruby Pageview events)        | ✅            | 📅        | 📅         | ✅           | 📅        | 📅          | 📅      | 📅       | 📅         | 📅      |
-| Snowplow (Ruby CRUD / API events)      | ✅            | 📅        | 📅         | ✅           | 📅        | 📅          | 📅      | 📅       | 📅         | 📅      |
-| Usage Ping (Redis UI counters)         | 🔄            | 🔄        | 🔄         | ✖️           | 🔄        | 🔄          | 🔄      | 🔄       | ✖️         | 🔄      |
-| Usage Ping (Redis Pageview counters)   | 🔄            | 🔄        | 🔄         | ✖️           | 🔄        | 🔄          | 🔄      | 🔄       | ✖️         | 🔄      |
-| Usage Ping (Redis CRUD / API counters) | 🔄            | 🔄        | 🔄         | ✖️           | 🔄        | 🔄          | 🔄      | 🔄       | ✖️         | 🔄      |
-| Usage Ping (Database counters)         | ✅            | 🔄        | 📅         | ✖️           | ✅        | ✅          | ✅      | ✅       | ✖️         | ✅      |
-| Usage Ping (Instance settings)         | ✅            | 🔄        | 📅         | ✖️           | ✅        | ✅          | ✅      | ✅       | ✖️         | ✅      |
-| Usage Ping (Integration settings)      | ✅            | 🔄        | 📅         | ✖️           | ✅        | ✅          | ✅      | ✅       | ✖️         | ✅      |
-| Database import (Database records)     | ✅            | ✅        | ✅         | ✖️           | ✅        | ✖️          | ✖️      | ✖️       | ✖️         | ✖️      |
-
-[Source file](https://docs.google.com/spreadsheets/d/1e8Afo41Ar8x3JxAXJF3nL83UxVZ3hPIyXdt243VnNuE/edit?usp=sharing)
-
-**Legend**
-
-✅ Available, 🔄 In Progress, 📅 Planned, ✖️ Not Possible
-
-SaaS = GitLab.com. SM = Self-Managed instance
-
-### Pageview events
-
-- Number of sessions that visited the /dashboard/groups page
-
-### UI events
-
-- Number of sessions that clicked on a button or link
-- Number of sessions that closed a modal
-
-UI events are any interface-driven actions from the browser including click data.
-
-### CRUD or API events
-
-- Number of Git pushes
-- Number of GraphQL queries
-- Number of requests to a Rails action or controller
-
-These are backend events that include the creation, read, update, deletion of records, and other events that might be triggered from layers other than those available in the interface.
-
-### Database records
-
-These are raw database records which can be explored using business intelligence tools like Sisense. The full list of available tables can be found in [structure.sql](https://gitlab.com/gitlab-org/gitlab/-/blob/master/db/structure.sql).
-
-### Instance settings
-
-These are settings of your instance such as the instance's Git version and if certain features are enabled such as `container_registry_enabled`.
-
-### Integration settings
-
-These are integrations your GitLab instance interacts with such as an [external storage provider](../../administration/static_objects_external_storage.md) or an [external container registry](../../administration/packages/container_registry.md#use-an-external-container-registry-with-gitlab-as-an-auth-endpoint). These services must be able to send data back into a GitLab instance for data to be tracked.
-
-## Reporting level
-
-Our reporting levels of aggregate or individual reporting varies by segment. For example, on Self-Managed Users, we can report at an aggregate user level using Usage Ping but not on an Individual user level.
-
-| Aggregated Reporting | SaaS Instance | SaaS Plan | SaaS Group | SaaS Session | SaaS User | SM Instance | SM Plan | SM Group | SM Session | SM User |
-|----------------------|---------------|-----------|------------|--------------|-----------|-------------|---------|----------|------------|---------|
-| Snowplow             | ✅             | 📅        | 📅         | ✅            | 📅        | ✅           | 📅      | 📅       | ✅          | 📅      |
-| Usage Ping           | ✅             | 🔄        | 📅         | 📅           | ✅         | ✅           | ✅       | ✅        | 📅         | ✅       |
-| Database import      | ✅             | ✅         | ✅          | ✖️           | ✅         | ✖️          | ✖️      | ✖️       | ✖️         | ✖️      |
-
-| Identifiable Reporting | SaaS Instance | SaaS Plan | SaaS Group | SaaS Session | SaaS User | SM Instance | SM Plan | SM Group | SM Session | SM User |
-|------------------------|---------------|-----------|------------|--------------|-----------|-------------|---------|----------|------------|---------|
-| Snowplow               | ✅             | 📅        | 📅         | ✅            | 📅        | ✖️          | ✖️      | ✖️       | ✖️         | ✖️      |
-| Usage Ping             | ✅             | 🔄        | 📅         | ✖️           | ✖️        | ✅           | ✅       | ✖️       | ✖️         | ✖️      |
-| Database import        | ✅             | ✅         | ✅          | ✖️           | ✅         | ✖️          | ✖️      | ✖️       | ✖️         | ✖️      |
-
-**Legend**
-
-✅ Available, 🔄 In Progress, 📅 Planned, ✖️ Not Possible
-
-SaaS = GitLab.com. SM = Self-Managed instance
-
-## Reporting time period
-
-Our reporting time periods varies by segment. For example, on Self-Managed Users, we can report all time counts and 28 day counts in Usage Ping.
-
-| Reporting Time Period | All Time | 28 Days | 7 Days | Daily |
-|-----------------------|----------|---------|--------|-------|
-| Snowplow              | ✅        | ✅       | ✅      | ✅     |
-| Usage Ping            | ✅        | ✅       | 📅     | ✖️    |
-| Database import       | ✅        | ✅       | ✅      | ✅     |
-
-**Legend**
-
-✅ Available, 🔄 In Progress, 📅 Planned, ✖️ Not Possible
-
-## Systems overview
-
-The systems overview is a simplified diagram showing the interactions between GitLab Inc and self-managed instances.
-
-![Product Analytics Overview](../img/telemetry_system_overview.png)
-
-[Source file](https://app.diagrams.net/#G13DVpN-XnhWGz9tqReIj8pp1UE4ehk_EC)
-
-### GitLab Inc
-
-For Product Analytics purposes, GitLab Inc has three major components:
-
-1. [Data Infrastructure](https://about.gitlab.com/handbook/business-ops/data-team/platform/infrastructure/): This contains everything managed by our data team including Sisense Dashboards for visualization, Snowflake for Data Warehousing, incoming data sources such as PostgreSQL Pipeline and S3 Bucket, and lastly our data collectors [GitLab.com's Snowplow Collector](https://gitlab.com/gitlab-com/gl-infra/readiness/-/tree/master/library/snowplow/) and GitLab's Versions Application.
-1. GitLab.com: This is the production GitLab application which is made up of a Client and Server. On the Client or browser side, a Snowplow JS Tracker (Frontend) is used to track client-side events. On the Server or application side, a Snowplow Ruby Tracker (Backend) is used to track server-side events. The server also contains Usage Ping which leverages a PostgreSQL database and a Redis in-memory data store to report on usage data. Lastly, the server also contains System Logs which are generated from running the GitLab application.
-1. [Monitoring infrastructure](https://about.gitlab.com/handbook/engineering/monitoring/): This is the infrastructure used to ensure GitLab.com is operating smoothly. System Logs are sent from GitLab.com to our monitoring infrastructure and collected by a FluentD collector. From FluentD, logs are either sent to long term Google Cloud Services cold storage via Stackdriver, or, they are sent to our Elastic Cluster via Cloud Pub/Sub which can be explored in real-time using Kibana.
-
-### Self-managed
-
-For Product Analytics purposes, self-managed instances have two major components:
-
-1. Data infrastructure: Having a data infrastructure setup is optional on self-managed instances. If you'd like to collect Snowplow tracking events for your self-managed instance, you can setup your own self-managed Snowplow collector and configure your Snowplow events to point to your own collector.
-1. GitLab: A self-managed GitLab instance contains all of the same components as GitLab.com mentioned above.
-
-### Differences between GitLab Inc and Self-managed
-
-As shown by the orange lines, on GitLab.com Snowplow JS, Snowplow Ruby, Usage Ping, and PostgreSQL database imports all flow into GitLab Inc's data infrastructure. However, on self-managed, only Usage Ping flows into GitLab Inc's data infrastructure.
-
-As shown by the green lines, on GitLab.com system logs flow into GitLab Inc's monitoring infrastructure. On self-managed, there are no logs sent to GitLab Inc's monitoring infrastructure.
-
-Note (1): Snowplow JS and Snowplow Ruby are available on self-managed, however, the Snowplow Collector endpoint is set to a self-managed Snowplow Collector which GitLab Inc does not have access to.
-
-## Additional information
-
-More useful links:
-
-- [Product Analytics Direction](https://about.gitlab.com/direction/product-analytics/)
-- [Data Analysis Process](https://about.gitlab.com/handbook/business-ops/data-team/#data-analysis-process/)
-- [Data for Product Managers](https://about.gitlab.com/handbook/business-ops/data-team/programs/data-for-product-managers/)
-- [Data Infrastructure](https://about.gitlab.com/handbook/business-ops/data-team/platform/infrastructure/)
+This document was moved to [another location](https://about.gitlab.com/handbook/product/product-analytics-guide/).
diff --git a/doc/development/product_analytics/snowplow.md b/doc/development/product_analytics/snowplow.md
index 21d92566ffd..fa9b0d1bd01 100644
--- a/doc/development/product_analytics/snowplow.md
+++ b/doc/development/product_analytics/snowplow.md
@@ -10,7 +10,7 @@ This guide provides an overview of how Snowplow works, and implementation detail
 
 For more information about Product Analytics, see:
 
-- [Product Analytics Guide](index.md)
+- [Product Analytics Guide](https://about.gitlab.com/handbook/product/product-analytics-guide/)
 - [Usage Ping Guide](usage_ping.md)
 
 More useful links:
diff --git a/doc/development/product_analytics/usage_ping.md b/doc/development/product_analytics/usage_ping.md
index 5d887346f07..8362a87bd3b 100644
--- a/doc/development/product_analytics/usage_ping.md
+++ b/doc/development/product_analytics/usage_ping.md
@@ -15,7 +15,7 @@ This guide describes Usage Ping's purpose and how it's implemented.
 
 For more information about Product Analytics, see:
 
-- [Product Analytics Guide](index.md)
+- [Product Analytics Guide](https://about.gitlab.com/handbook/product/product-analytics-guide/)
 - [Snowplow Guide](snowplow.md)
 
 More useful links:
@@ -613,7 +613,7 @@ We also use `#database-lab` and [explain.depesz.com](https://explain.depesz.com/
 
 ### 5. Add the metric definition
 
-When adding, changing, or updating metrics, please update the [Event Dictionary's **Usage Ping** table](event_dictionary.md).
+When adding, changing, or updating metrics, please update the [Event Dictionary's **Usage Ping** table](https://about.gitlab.com/handbook/product/product-analytics-guide#event-dictionary).
 
 ### 6. Add new metric to Versions Application
 
diff --git a/doc/topics/autodevops/index.md b/doc/topics/autodevops/index.md
index 86d3272fb8f..bf394fef7b5 100644
--- a/doc/topics/autodevops/index.md
+++ b/doc/topics/autodevops/index.md
@@ -498,7 +498,29 @@ include:
 Keep in mind that this approach will eventually stop working when the stable repository is removed,
 so you must eventually fix your custom chart.
 
-You can find more information in [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/263778).
+To fix your custom chart:
+
+1. In your chart directory, update the `repository` value in your `requirements.yaml` file from :
+
+   ```yaml
+   repository: "https://kubernetes-charts.storage.googleapis.com/"
+   ```
+
+   to:
+
+   ```yaml
+   repository: "https://charts.helm.sh/stable"
+   ```
+
+1. In your chart directory, run `helm dep update .` using the same Helm major version as Auto DevOps.
+1. Commit the changes for the `requirements.yaml` file.
+1. If you previously had a `requirements.lock` file, commit the changes to the file.
+   If you did not previously have a `requirements.lock` file in your chart,
+   you do not need to commit the new one. This file is optional, but when present,
+   it's used to verify the integrity of the downloaded dependencies.
+
+You can find more information in
+[issue #263778, "Migrate PostgreSQL from stable Helm repo"](https://gitlab.com/gitlab-org/gitlab/-/issues/263778).
 
 ## Development guides
 
diff --git a/doc/user/group/epics/index.md b/doc/user/group/epics/index.md
index f380b36cc00..e98c4b416fe 100644
--- a/doc/user/group/epics/index.md
+++ b/doc/user/group/epics/index.md
@@ -1,7 +1,7 @@
 ---
 type: reference, howto
 stage: Plan
-group: Portfolio Management
+group: Product Planning
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
 ---
 
diff --git a/doc/user/group/epics/manage_epics.md b/doc/user/group/epics/manage_epics.md
index a9a307dd89a..5895b611bb3 100644
--- a/doc/user/group/epics/manage_epics.md
+++ b/doc/user/group/epics/manage_epics.md
@@ -1,7 +1,7 @@
 ---
 type: howto
 stage: Plan
-group: Portfolio Management
+group: Product Planning
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
 ---
 
diff --git a/doc/user/group/roadmap/index.md b/doc/user/group/roadmap/index.md
index c185055f6b2..f9d49c1236e 100644
--- a/doc/user/group/roadmap/index.md
+++ b/doc/user/group/roadmap/index.md
@@ -1,7 +1,7 @@
 ---
 type: reference
 stage: Plan
-group: Portfolio Management
+group: Product Planning
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
 ---
 
diff --git a/doc/user/project/requirements/index.md b/doc/user/project/requirements/index.md
index f533f8807d2..09e457fb37f 100644
--- a/doc/user/project/requirements/index.md
+++ b/doc/user/project/requirements/index.md
@@ -1,7 +1,7 @@
 ---
 type: reference, howto
 stage: Plan
-group: Certify
+group: Product Planning
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
 ---
 
diff --git a/doc/user/project/service_desk.md b/doc/user/project/service_desk.md
index 34a075df990..456466a747d 100644
--- a/doc/user/project/service_desk.md
+++ b/doc/user/project/service_desk.md
@@ -1,6 +1,6 @@
 ---
 stage: Plan
-group: Certify
+group: Product Planning
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
 ---
 
diff --git a/lib/api/ci/pipeline_schedules.rb b/lib/api/ci/pipeline_schedules.rb
index a47d14a3feb..8a9ba2cbe0f 100644
--- a/lib/api/ci/pipeline_schedules.rb
+++ b/lib/api/ci/pipeline_schedules.rb
@@ -38,7 +38,7 @@ module API
           requires :pipeline_schedule_id, type: Integer, desc: 'The pipeline schedule id'
         end
         get ':id/pipeline_schedules/:pipeline_schedule_id' do
-          present pipeline_schedule, with: Entities::Ci::PipelineScheduleDetails
+          present pipeline_schedule, with: Entities::Ci::PipelineScheduleDetails, user: current_user
         end
 
         desc 'Create a new pipeline schedule' do
diff --git a/lib/api/entities/ci/pipeline_schedule_details.rb b/lib/api/entities/ci/pipeline_schedule_details.rb
index b233728b95b..d661a8940ea 100644
--- a/lib/api/entities/ci/pipeline_schedule_details.rb
+++ b/lib/api/entities/ci/pipeline_schedule_details.rb
@@ -5,7 +5,9 @@ module API
     module Ci
       class PipelineScheduleDetails < PipelineSchedule
         expose :last_pipeline, using: ::API::Entities::Ci::PipelineBasic
-        expose :variables, using: ::API::Entities::Ci::Variable
+        expose :variables,
+          using: ::API::Entities::Ci::Variable,
+          if: ->(schedule, options) { Ability.allowed?(options[:user], :read_pipeline_schedule_variables, schedule) }
       end
     end
   end
diff --git a/lib/api/internal/kubernetes.rb b/lib/api/internal/kubernetes.rb
index a28b053f8d8..d4690709de4 100644
--- a/lib/api/internal/kubernetes.rb
+++ b/lib/api/internal/kubernetes.rb
@@ -87,7 +87,7 @@ module API
 
             # TODO sort out authorization for real
             # https://gitlab.com/gitlab-org/gitlab/-/issues/220912
-            if !project || !project.public?
+            unless Ability.allowed?(nil, :download_code, project)
               not_found!
             end
 
diff --git a/lib/api/terraform/state.rb b/lib/api/terraform/state.rb
index f9a3830dcb1..c664c0a4590 100644
--- a/lib/api/terraform/state.rb
+++ b/lib/api/terraform/state.rb
@@ -41,7 +41,6 @@ module API
 
               env['api.format'] = :binary # this bypasses json serialization
               body state.latest_file.read
-              status :ok
             end
           end
 
@@ -55,8 +54,10 @@ module API
 
             remote_state_handler.handle_with_lock do |state|
               state.update_file!(CarrierWaveStringFile.new(data), version: params[:serial], build: current_authenticated_job)
-              status :ok
             end
+
+            body false
+            status :ok
           end
 
           desc 'Delete a terraform state of a certain name'
@@ -66,8 +67,10 @@ module API
 
             remote_state_handler.handle_with_lock do |state|
               state.destroy!
-              status :ok
             end
+
+            body false
+            status :ok
           end
 
           desc 'Lock a terraform state of a certain name'
diff --git a/lib/gitlab/middleware/multipart.rb b/lib/gitlab/middleware/multipart.rb
index 7e98f1fc1f7..a6d8a778e05 100644
--- a/lib/gitlab/middleware/multipart.rb
+++ b/lib/gitlab/middleware/multipart.rb
@@ -31,6 +31,7 @@ module Gitlab
       RACK_ENV_KEY = 'HTTP_GITLAB_WORKHORSE_MULTIPART_FIELDS'
       JWT_PARAM_SUFFIX = '.gitlab-workhorse-upload'
       JWT_PARAM_FIXED_KEY = 'upload'
+      REWRITTEN_FIELD_NAME_MAX_LENGTH = 10000.freeze
 
       class Handler
         def initialize(env, message)
@@ -41,6 +42,8 @@ module Gitlab
 
         def with_open_files
           @rewritten_fields.each do |field, tmp_path|
+            raise "invalid field: #{field.inspect}" unless valid_field_name?(field)
+
             parsed_field = Rack::Utils.parse_nested_query(field)
             raise "unexpected field: #{field.inspect}" unless parsed_field.count == 1
 
@@ -108,6 +111,17 @@ module Gitlab
 
         private
 
+        def valid_field_name?(name)
+          # length validation
+          return false if name.size >= REWRITTEN_FIELD_NAME_MAX_LENGTH
+
+          # brackets validation
+          return false if name.include?('[]') || name.start_with?('[', ']')
+          return false unless ::Gitlab::Utils.valid_brackets?(name, allow_nested: false)
+
+          true
+        end
+
         def package_allowed_paths
           packages_config = ::Gitlab.config.packages
           return [] unless allow_packages_storage_path?(packages_config)
@@ -141,6 +155,8 @@ module Gitlab
       class HandlerForJWTParams < Handler
         def with_open_files
           @rewritten_fields.keys.each do |field|
+            raise "invalid field: #{field.inspect}" unless valid_field_name?(field)
+
             parsed_field = Rack::Utils.parse_nested_query(field)
             raise "unexpected field: #{field.inspect}" unless parsed_field.count == 1
 
diff --git a/lib/gitlab/regex.rb b/lib/gitlab/regex.rb
index 3b0e4fa0e32..4ae6297f6f5 100644
--- a/lib/gitlab/regex.rb
+++ b/lib/gitlab/regex.rb
@@ -50,6 +50,10 @@ module Gitlab
         maven_app_name_regex
       end
 
+      def nuget_package_name_regex
+        @nuget_package_name_regex ||= %r{\A[-+\.\_a-zA-Z0-9]+\z}.freeze
+      end
+
       def nuget_version_regex
         @nuget_version_regex ||= /
           \A#{_semver_major_minor_patch_regex}(\.\d*)?#{_semver_prerelease_build_regex}\z
@@ -208,7 +212,7 @@ module Gitlab
     # See https://github.com/docker/distribution/blob/master/reference/regexp.go.
     #
     def container_repository_name_regex
-      @container_repository_regex ||= %r{\A[a-z0-9]+((?:[._/]|__|[-]{0,10})[a-z0-9]+)*\Z}
+      @container_repository_regex ||= %r{\A[a-z0-9]+(([._/]|__|-*)[a-z0-9])*\z}
     end
 
     ##
diff --git a/lib/gitlab/usage_data_counters/issue_activity_unique_counter.rb b/lib/gitlab/usage_data_counters/issue_activity_unique_counter.rb
index b6d570a3d08..7d019dc5130 100644
--- a/lib/gitlab/usage_data_counters/issue_activity_unique_counter.rb
+++ b/lib/gitlab/usage_data_counters/issue_activity_unique_counter.rb
@@ -174,3 +174,5 @@ module Gitlab
     end
   end
 end
+
+Gitlab::UsageDataCounters::IssueActivityUniqueCounter.prepend_if_ee('EE::Gitlab::UsageDataCounters::IssueActivityUniqueCounter')
diff --git a/lib/gitlab/usage_data_counters/known_events.yml b/lib/gitlab/usage_data_counters/known_events.yml
index 023427946aa..30c72267ba3 100644
--- a/lib/gitlab/usage_data_counters/known_events.yml
+++ b/lib/gitlab/usage_data_counters/known_events.yml
@@ -315,3 +315,7 @@
   category: issues_edit
   redis_slot: project_management
   aggregation: daily
+- name: g_project_management_issue_health_status_changed
+  category: issues_edit
+  redis_slot: project_management
+  aggregation: daily
diff --git a/lib/gitlab/utils.rb b/lib/gitlab/utils.rb
index e2d93e7cd29..3df54e74b4f 100644
--- a/lib/gitlab/utils.rb
+++ b/lib/gitlab/utils.rb
@@ -10,6 +10,8 @@ module Gitlab
     # Also see https://gitlab.com/gitlab-org/gitlab/-/merge_requests/24223#note_284122580
     # It also checks for ALT_SEPARATOR aka '\' (forward slash)
     def check_path_traversal!(path)
+      return unless path.is_a?(String)
+
       path = decode_path(path)
       path_regex = /(\A(\.{1,2})\z|\A\.\.[\/\\]|[\/\\]\.\.\z|[\/\\]\.\.[\/\\]|\n)/
 
@@ -208,5 +210,33 @@ module Gitlab
     def stable_sort_by(list)
       list.sort_by.with_index { |x, idx| [yield(x), idx] }
     end
+
+    # Check for valid brackets (`[` and `]`) in a string using this aspects:
+    # * open brackets count == closed brackets count
+    # * (optionally) reject nested brackets via `allow_nested: false`
+    # * open / close brackets coherence, eg. ][[] -> invalid
+    def valid_brackets?(string = '', allow_nested: true)
+      # remove everything except brackets
+      brackets = string.remove(/[^\[\]]/)
+
+      return true if brackets.empty?
+      # balanced counts check
+      return false if brackets.size.odd?
+
+      unless allow_nested
+        # nested brackets check
+        return false if brackets.include?('[[') || brackets.include?(']]')
+      end
+
+      # open / close brackets coherence check
+      untrimmed = brackets
+      loop do
+        trimmed = untrimmed.gsub('[]', '')
+        return true if trimmed.empty?
+        return false if trimmed == untrimmed
+
+        untrimmed = trimmed
+      end
+    end
   end
 end
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index b100433ec94..6bf07db03c7 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -11072,6 +11072,9 @@ msgstr ""
 msgid "Failed to create import label for jira import."
 msgstr ""
 
+msgid "Failed to create new project access token: %{token_response_message}"
+msgstr ""
+
 msgid "Failed to create repository"
 msgstr ""
 
diff --git a/spec/features/file_uploads/multipart_invalid_uploads_spec.rb b/spec/features/file_uploads/multipart_invalid_uploads_spec.rb
new file mode 100644
index 00000000000..e9e24c12af1
--- /dev/null
+++ b/spec/features/file_uploads/multipart_invalid_uploads_spec.rb
@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'Invalid uploads that must be rejected', :api, :js do
+  include_context 'file upload requests helpers'
+
+  let_it_be(:project) { create(:project) }
+  let_it_be(:user) { create(:user, :admin) }
+  let_it_be(:personal_access_token) { create(:personal_access_token, user: user) }
+
+  context 'invalid upload key', :capybara_ignore_server_errors do
+    let(:api_path) { "/projects/#{project.id}/packages/nuget/" }
+    let(:url) { capybara_url(api(api_path)) }
+    let(:file) { fixture_file_upload('spec/fixtures/dk.png') }
+
+    subject do
+      HTTParty.put(
+        url,
+        basic_auth: { user: user.username, password: personal_access_token.token },
+        body: body
+      )
+    end
+
+    RSpec.shared_examples 'rejecting invalid keys' do |key_name:, message: nil|
+      context "with invalid key #{key_name}" do
+        let(:body) { { key_name => file, 'package[test][name]' => 'test' } }
+
+        it { expect { subject }.not_to change { Packages::Package.nuget.count } }
+
+        it { expect(subject.code).to eq(500) }
+
+        it { expect(subject.body).to include(message.presence || "invalid field: \"#{key_name}\"") }
+      end
+    end
+
+    RSpec.shared_examples 'by rejecting uploads with an invalid key' do
+      it_behaves_like 'rejecting invalid keys', key_name: 'package[test'
+      it_behaves_like 'rejecting invalid keys', key_name: '[]'
+      it_behaves_like 'rejecting invalid keys', key_name: '[package]test'
+      it_behaves_like 'rejecting invalid keys', key_name: 'package][test]]'
+      it_behaves_like 'rejecting invalid keys', key_name: 'package[test[nested]]'
+    end
+
+    # These keys are rejected directly by rack itself.
+    # The request will not be received by multipart.rb (can't use the 'handling file uploads' shared example)
+    it_behaves_like 'rejecting invalid keys', key_name: 'x' * 11000, message: 'Puma caught this error: exceeded available parameter key space (RangeError)'
+    it_behaves_like 'rejecting invalid keys', key_name: 'package[]test', message: 'Puma caught this error: expected Hash (got Array)'
+
+    it_behaves_like 'handling file uploads', 'by rejecting uploads with an invalid key'
+  end
+end
diff --git a/spec/frontend/releases/components/__snapshots__/issuable_stats_spec.js.snap b/spec/frontend/releases/components/__snapshots__/issuable_stats_spec.js.snap
index 8cffa9c8d36..4010d22ca54 100644
--- a/spec/frontend/releases/components/__snapshots__/issuable_stats_spec.js.snap
+++ b/spec/frontend/releases/components/__snapshots__/issuable_stats_spec.js.snap
@@ -1,7 +1,7 @@
 // Jest Snapshot v1, https://goo.gl/fbAQLP
 
 exports[`~/releases/components/issuable_stats.vue matches snapshot 1`] = `
-"<div class=\\"gl-display-flex gl-flex-direction-column gl-flex-shrink-0 gl-mr-6 gl-mb-5 js-issues-container\\"><span class=\\"gl-mb-2\\">
+"<div class=\\"gl-display-flex gl-flex-direction-column gl-flex-shrink-0 gl-mr-6 gl-mb-5\\"><span class=\\"gl-mb-2\\">
     Items
     <span class=\\"badge badge-muted badge-pill gl-badge sm\\"><!----> 10</span></span>
   <div class=\\"gl-display-flex\\"><span data-testid=\\"open-stat\\" class=\\"gl-white-space-pre-wrap\\">Open: <a href=\\"path/to/open/items\\" class=\\"gl-link\\">1</a></span> <span class=\\"gl-mx-2\\">•</span> <span data-testid=\\"merged-stat\\" class=\\"gl-white-space-pre-wrap\\">Merged: <a href=\\"path/to/merged/items\\" class=\\"gl-link\\">7</a></span> <span class=\\"gl-mx-2\\">•</span> <span data-testid=\\"closed-stat\\" class=\\"gl-white-space-pre-wrap\\">Closed: <a href=\\"path/to/closed/items\\" class=\\"gl-link\\">2</a></span></div>
diff --git a/spec/frontend/releases/components/release_block_milestone_info_spec.js b/spec/frontend/releases/components/release_block_milestone_info_spec.js
index a17a8b9059c..bb34693c757 100644
--- a/spec/frontend/releases/components/release_block_milestone_info_spec.js
+++ b/spec/frontend/releases/components/release_block_milestone_info_spec.js
@@ -31,7 +31,8 @@ describe('Release block milestone info', () => {
 
   const milestoneProgressBarContainer = () => wrapper.find('.js-milestone-progress-bar-container');
   const milestoneListContainer = () => wrapper.find('.js-milestone-list-container');
-  const issuesContainer = () => wrapper.find('.js-issues-container');
+  const issuesContainer = () => wrapper.find('[data-testid="issue-stats"]');
+  const mergeRequestsContainer = () => wrapper.find('[data-testid="merge-request-stats"]');
 
   describe('with default props', () => {
     beforeEach(() => factory({ milestones }));
@@ -187,4 +188,33 @@ describe('Release block milestone info', () => {
 
     expectAllZeros();
   });
+
+  describe('if the API response is missing the "mr_stats" property', () => {
+    beforeEach(() => factory({ milestones }));
+
+    it('does not render merge request stats', () => {
+      expect(mergeRequestsContainer().exists()).toBe(false);
+    });
+  });
+
+  describe('if the API response includes the "mr_stats" property', () => {
+    beforeEach(() => {
+      milestones = milestones.map(m => ({
+        ...m,
+        mrStats: {
+          total: 15,
+          merged: 12,
+          closed: 1,
+        },
+      }));
+
+      return factory({ milestones });
+    });
+
+    it('renders merge request stats', () => {
+      expect(trimText(mergeRequestsContainer().text())).toBe(
+        'Merge Requests 30 Open: 4 • Merged: 24 • Closed: 2',
+      );
+    });
+  });
 });
diff --git a/spec/lib/gitlab/exclusive_lease_helpers_spec.rb b/spec/lib/gitlab/exclusive_lease_helpers_spec.rb
index 40669f06371..8bf06bcebe2 100644
--- a/spec/lib/gitlab/exclusive_lease_helpers_spec.rb
+++ b/spec/lib/gitlab/exclusive_lease_helpers_spec.rb
@@ -88,7 +88,7 @@ RSpec.describe Gitlab::ExclusiveLeaseHelpers, :clean_gitlab_redis_shared_state d
         let(:options) { { retries: 0 } }
 
         it 'never sleeps' do
-          expect(class_instance).not_to receive(:sleep)
+          expect_any_instance_of(Gitlab::ExclusiveLeaseHelpers::SleepingLock).not_to receive(:sleep)
 
           expect { subject }.to raise_error('Failed to obtain a lock')
         end
@@ -98,7 +98,7 @@ RSpec.describe Gitlab::ExclusiveLeaseHelpers, :clean_gitlab_redis_shared_state d
         let(:options) { { retries: 1, sleep_sec: 0.05.seconds } }
 
         it 'receives the specified argument' do
-          expect_any_instance_of(Object).to receive(:sleep).with(0.05.seconds).once
+          expect_any_instance_of(Gitlab::ExclusiveLeaseHelpers::SleepingLock).to receive(:sleep).with(0.05.seconds).once
 
           expect { subject }.to raise_error('Failed to obtain a lock')
         end
@@ -108,8 +108,8 @@ RSpec.describe Gitlab::ExclusiveLeaseHelpers, :clean_gitlab_redis_shared_state d
         let(:options) { { retries: 2, sleep_sec: ->(num) { 0.1 + num } } }
 
         it 'receives the specified argument' do
-          expect_any_instance_of(Object).to receive(:sleep).with(1.1.seconds).once
-          expect_any_instance_of(Object).to receive(:sleep).with(2.1.seconds).once
+          expect_any_instance_of(Gitlab::ExclusiveLeaseHelpers::SleepingLock).to receive(:sleep).with(1.1.seconds).once
+          expect_any_instance_of(Gitlab::ExclusiveLeaseHelpers::SleepingLock).to receive(:sleep).with(2.1.seconds).once
 
           expect { subject }.to raise_error('Failed to obtain a lock')
         end
diff --git a/spec/lib/gitlab/import_export/attributes_finder_spec.rb b/spec/lib/gitlab/import_export/attributes_finder_spec.rb
index 7f6ebf577af..428d8d605ee 100644
--- a/spec/lib/gitlab/import_export/attributes_finder_spec.rb
+++ b/spec/lib/gitlab/import_export/attributes_finder_spec.rb
@@ -59,7 +59,7 @@ RSpec.describe Gitlab::ImportExport::AttributesFinder do
     end
 
     before do
-      allow_any_instance_of(Gitlab::ImportExport).to receive(:config_file).and_return(test_config)
+      allow(Gitlab::ImportExport).to receive(:config_file).and_return(test_config)
     end
 
     it 'generates hash from project tree config' do
diff --git a/spec/lib/gitlab/import_export/group/legacy_tree_saver_spec.rb b/spec/lib/gitlab/import_export/group/legacy_tree_saver_spec.rb
index 6b324b952dc..9e1571ae3d8 100644
--- a/spec/lib/gitlab/import_export/group/legacy_tree_saver_spec.rb
+++ b/spec/lib/gitlab/import_export/group/legacy_tree_saver_spec.rb
@@ -12,7 +12,7 @@ RSpec.describe Gitlab::ImportExport::Group::LegacyTreeSaver do
 
     before do
       group.add_maintainer(user)
-      allow_any_instance_of(Gitlab::ImportExport).to receive(:storage_path).and_return(export_path)
+      allow(Gitlab::ImportExport).to receive(:storage_path).and_return(export_path)
     end
 
     after do
diff --git a/spec/lib/gitlab/import_export/importer_spec.rb b/spec/lib/gitlab/import_export/importer_spec.rb
index dc44296321c..7c10011273a 100644
--- a/spec/lib/gitlab/import_export/importer_spec.rb
+++ b/spec/lib/gitlab/import_export/importer_spec.rb
@@ -12,7 +12,7 @@ RSpec.describe Gitlab::ImportExport::Importer do
   subject(:importer) { described_class.new(project) }
 
   before do
-    allow_any_instance_of(Gitlab::ImportExport).to receive(:storage_path).and_return(test_path)
+    allow(Gitlab::ImportExport).to receive(:storage_path).and_return(test_path)
     allow_any_instance_of(Gitlab::ImportExport::FileImporter).to receive(:remove_import_file)
     stub_uploads_object_storage(FileUploader)
 
diff --git a/spec/lib/gitlab/import_export/lfs_restorer_spec.rb b/spec/lib/gitlab/import_export/lfs_restorer_spec.rb
index a9f7fb72612..c8887b0ded1 100644
--- a/spec/lib/gitlab/import_export/lfs_restorer_spec.rb
+++ b/spec/lib/gitlab/import_export/lfs_restorer_spec.rb
@@ -13,7 +13,7 @@ RSpec.describe Gitlab::ImportExport::LfsRestorer do
   subject(:restorer) { described_class.new(project: project, shared: shared) }
 
   before do
-    allow_any_instance_of(Gitlab::ImportExport).to receive(:storage_path).and_return(export_path)
+    allow(Gitlab::ImportExport).to receive(:storage_path).and_return(export_path)
     FileUtils.mkdir_p(shared.export_path)
   end
 
diff --git a/spec/lib/gitlab/middleware/multipart_with_handler_for_jwt_params_spec.rb b/spec/lib/gitlab/middleware/multipart_with_handler_for_jwt_params_spec.rb
index 875e3820011..a1e9ac6e425 100644
--- a/spec/lib/gitlab/middleware/multipart_with_handler_for_jwt_params_spec.rb
+++ b/spec/lib/gitlab/middleware/multipart_with_handler_for_jwt_params_spec.rb
@@ -123,15 +123,46 @@ RSpec.describe Gitlab::Middleware::Multipart do
         end
       end
 
-      context 'with invalid key in parameters' do
+      context 'with an invalid upload key' do
         include_context 'with one temporary file for multipart'
 
-        let(:rewritten_fields) { rewritten_fields_hash('file' => uploaded_filepath) }
-        let(:params) { upload_parameters_for(filepath: uploaded_filepath, key: 'wrong_key', filename: filename, remote_id: remote_id) }
+        RSpec.shared_examples 'rejecting the invalid key' do |key_in_header:, key_in_upload_params:, error_message:|
+          let(:rewritten_fields) { rewritten_fields_hash(key_in_header => uploaded_filepath) }
+          let(:params) { upload_parameters_for(filepath: uploaded_filepath, key: key_in_upload_params, filename: filename, remote_id: remote_id) }
 
-        it 'raises an error' do
-          expect { subject }.to raise_error(RuntimeError, 'Empty JWT param: file.gitlab-workhorse-upload')
+          it 'raises an error' do
+            expect { subject }.to raise_error(RuntimeError, error_message)
+          end
         end
+
+        it_behaves_like 'rejecting the invalid key',
+                        key_in_header: 'file',
+                        key_in_upload_params: 'wrong_key',
+                        error_message: 'Empty JWT param: file.gitlab-workhorse-upload'
+        it_behaves_like 'rejecting the invalid key',
+                        key_in_header: 'user[avatar',
+                        key_in_upload_params: 'user[avatar]',
+                        error_message: 'invalid field: "user[avatar"'
+        it_behaves_like 'rejecting the invalid key',
+                        key_in_header: '[user]avatar',
+                        key_in_upload_params: 'user[avatar]',
+                        error_message: 'invalid field: "[user]avatar"'
+        it_behaves_like 'rejecting the invalid key',
+                        key_in_header: 'user[]avatar',
+                        key_in_upload_params: 'user[avatar]',
+                        error_message: 'invalid field: "user[]avatar"'
+        it_behaves_like 'rejecting the invalid key',
+                        key_in_header: 'user[avatar[image[url]]]',
+                        key_in_upload_params: 'user[avatar]',
+                        error_message: 'invalid field: "user[avatar[image[url]]]"'
+        it_behaves_like 'rejecting the invalid key',
+                        key_in_header: '[]',
+                        key_in_upload_params: 'user[avatar]',
+                        error_message: 'invalid field: "[]"'
+        it_behaves_like 'rejecting the invalid key',
+                        key_in_header: 'x' * 11000,
+                        key_in_upload_params: 'user[avatar]',
+                        error_message: "invalid field: \"#{'x' * 11000}\""
       end
 
       context 'with a modified JWT payload' do
diff --git a/spec/lib/gitlab/middleware/multipart_with_handler_spec.rb b/spec/lib/gitlab/middleware/multipart_with_handler_spec.rb
index 742a5639ace..8c2af775574 100644
--- a/spec/lib/gitlab/middleware/multipart_with_handler_spec.rb
+++ b/spec/lib/gitlab/middleware/multipart_with_handler_spec.rb
@@ -139,6 +139,58 @@ RSpec.describe Gitlab::Middleware::Multipart do
           subject
         end
       end
+
+      context 'with invalid key in header' do
+        include_context 'with one temporary file for multipart'
+
+        RSpec.shared_examples 'rejecting the invalid key' do |key_in_header:, key_in_upload_params:, error_message:|
+          let(:rewritten_fields) { rewritten_fields_hash(key_in_header => uploaded_filepath) }
+          let(:params) { upload_parameters_for(filepath: uploaded_filepath, key: key_in_upload_params, filename: filename, remote_id: remote_id) }
+
+          it 'raises an error' do
+            expect { subject }.to raise_error(RuntimeError, error_message)
+          end
+        end
+
+        it_behaves_like 'rejecting the invalid key',
+                        key_in_header: 'user[avatar',
+                        key_in_upload_params: 'user[avatar]',
+                        error_message: 'invalid field: "user[avatar"'
+        it_behaves_like 'rejecting the invalid key',
+                        key_in_header: '[user]avatar',
+                        key_in_upload_params: 'user[avatar]',
+                        error_message: 'invalid field: "[user]avatar"'
+        it_behaves_like 'rejecting the invalid key',
+                        key_in_header: 'user[]avatar',
+                        key_in_upload_params: 'user[avatar]',
+                        error_message: 'invalid field: "user[]avatar"'
+        it_behaves_like 'rejecting the invalid key',
+                        key_in_header: 'user[avatar[image[url]]]',
+                        key_in_upload_params: 'user[avatar]',
+                        error_message: 'invalid field: "user[avatar[image[url]]]"'
+        it_behaves_like 'rejecting the invalid key',
+                        key_in_header: '[]',
+                        key_in_upload_params: 'user[avatar]',
+                        error_message: 'invalid field: "[]"'
+        it_behaves_like 'rejecting the invalid key',
+                        key_in_header: 'x' * 11000,
+                        key_in_upload_params: 'user[avatar]',
+                        error_message: "invalid field: \"#{'x' * 11000}\""
+      end
+
+      context 'with key with unbalanced brackets in header' do
+        include_context 'with one temporary file for multipart'
+
+        let(:invalid_key) { 'user[avatar' }
+        let(:rewritten_fields) { rewritten_fields_hash( invalid_key => uploaded_filepath) }
+        let(:params) { upload_parameters_for(filepath: uploaded_filepath, key: 'user[avatar]', filename: filename, remote_id: remote_id) }
+
+        it 'builds no UploadedFile' do
+          expect(app).not_to receive(:call)
+
+          expect { subject }.to raise_error(RuntimeError, "invalid field: \"#{invalid_key}\"")
+        end
+      end
     end
   end
 end
diff --git a/spec/lib/gitlab/regex_spec.rb b/spec/lib/gitlab/regex_spec.rb
index bdac478f557..ebb37f45b95 100644
--- a/spec/lib/gitlab/regex_spec.rb
+++ b/spec/lib/gitlab/regex_spec.rb
@@ -137,11 +137,16 @@ RSpec.describe Gitlab::Regex do
     it { is_expected.to match('my/awesome/image-1') }
     it { is_expected.to match('my/awesome/image.test') }
     it { is_expected.to match('my/awesome/image--test') }
-    # docker distribution allows for infinite `-`
-    # https://github.com/docker/distribution/blob/master/reference/regexp.go#L13
-    # but we have a range of 0,10 to add a reasonable limit.
-    it { is_expected.not_to match('my/image-----------test') }
+    it { is_expected.to match('my/image__test') }
+    # this example tests for catastrophic backtracking
+    it { is_expected.to match('user1/project/a_bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb------------x') }
+    it { is_expected.not_to match('user1/project/a_bbbbb-------------') }
     it { is_expected.not_to match('my/image-.test') }
+    it { is_expected.not_to match('my/image___test') }
+    it { is_expected.not_to match('my/image_.test') }
+    it { is_expected.not_to match('my/image_-test') }
+    it { is_expected.not_to match('my/image..test') }
+    it { is_expected.not_to match('my/image\ntest') }
     it { is_expected.not_to match('.my/image') }
     it { is_expected.not_to match('my/image.') }
   end
@@ -372,6 +377,21 @@ RSpec.describe Gitlab::Regex do
     it { is_expected.not_to match('%2e%2e%2f1.2.3') }
   end
 
+  describe '.nuget_package_name_regex' do
+    subject { described_class.nuget_package_name_regex }
+
+    it { is_expected.to match('My.Package') }
+    it { is_expected.to match('My.Package.Mvc') }
+    it { is_expected.to match('MyPackage') }
+    it { is_expected.to match('My.23.Package') }
+    it { is_expected.to match('My23Package') }
+    it { is_expected.to match('runtime.my-test64.runtime.package.Mvc') }
+    it { is_expected.to match('my_package') }
+    it { is_expected.not_to match('My/package') }
+    it { is_expected.not_to match('../../../my_package') }
+    it { is_expected.not_to match('%2e%2e%2fmy_package') }
+  end
+
   describe '.pypi_version_regex' do
     subject { described_class.pypi_version_regex }
 
diff --git a/spec/lib/gitlab/usage_data_counters/issue_activity_unique_counter_spec.rb b/spec/lib/gitlab/usage_data_counters/issue_activity_unique_counter_spec.rb
index a53ab6ff97b..c86b3a01d1e 100644
--- a/spec/lib/gitlab/usage_data_counters/issue_activity_unique_counter_spec.rb
+++ b/spec/lib/gitlab/usage_data_counters/issue_activity_unique_counter_spec.rb
@@ -8,42 +8,8 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   let(:user3) { build(:user, id: 3) }
   let(:time) { Time.zone.now }
 
-  shared_examples 'tracks and counts action' do
-    before do
-      stub_application_setting(usage_ping_enabled: true)
-    end
-
-    def count_unique(date_from:, date_to:)
-      Gitlab::UsageDataCounters::HLLRedisCounter.unique_events(event_names: action, start_date: date_from, end_date: date_to)
-    end
-
-    specify do
-      aggregate_failures do
-        expect(track_action(author: user1)).to be_truthy
-        expect(track_action(author: user1)).to be_truthy
-        expect(track_action(author: user2)).to be_truthy
-        expect(track_action(author: user3, time: time - 3.days)).to be_truthy
-
-        expect(count_unique(date_from: time, date_to: time)).to eq(2)
-        expect(count_unique(date_from: time - 5.days, date_to: 1.day.since(time))).to eq(3)
-      end
-    end
-
-    it 'does not track edit actions if author is not present' do
-      expect(track_action(author: nil)).to be_nil
-    end
-
-    context 'when feature flag track_issue_activity_actions is disabled' do
-      it 'does not track edit actions' do
-        stub_feature_flags(track_issue_activity_actions: false)
-
-        expect(track_action(author: user1)).to be_nil
-      end
-    end
-  end
-
   context 'for Issue title edit actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_TITLE_CHANGED }
 
       def track_action(params)
@@ -53,7 +19,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue description edit actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_DESCRIPTION_CHANGED }
 
       def track_action(params)
@@ -63,7 +29,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue assignee edit actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_ASSIGNEE_CHANGED }
 
       def track_action(params)
@@ -73,7 +39,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue make confidential actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_MADE_CONFIDENTIAL }
 
       def track_action(params)
@@ -83,7 +49,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue make visible actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_MADE_VISIBLE }
 
       def track_action(params)
@@ -93,7 +59,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue created actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_CREATED }
 
       def track_action(params)
@@ -103,7 +69,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue closed actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_CLOSED }
 
       def track_action(params)
@@ -113,7 +79,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue reopened actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_REOPENED }
 
       def track_action(params)
@@ -123,7 +89,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue label changed actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_LABEL_CHANGED }
 
       def track_action(params)
@@ -133,7 +99,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue cross-referenced actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_CROSS_REFERENCED }
 
       def track_action(params)
@@ -143,7 +109,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue moved actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_MOVED }
 
       def track_action(params)
@@ -153,7 +119,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue relate actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_RELATED }
 
       def track_action(params)
@@ -163,7 +129,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue unrelate actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_UNRELATED }
 
       def track_action(params)
@@ -173,7 +139,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue marked as duplicate actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_MARKED_AS_DUPLICATE }
 
       def track_action(params)
@@ -183,7 +149,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue locked actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_LOCKED }
 
       def track_action(params)
@@ -193,7 +159,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue unlocked actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_UNLOCKED }
 
       def track_action(params)
@@ -203,7 +169,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue added to epic actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_ADDED_TO_EPIC}
 
       def track_action(params)
@@ -213,7 +179,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue removed from epic actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_REMOVED_FROM_EPIC}
 
       def track_action(params)
@@ -223,7 +189,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue changed epic actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_CHANGED_EPIC}
 
       def track_action(params)
@@ -233,7 +199,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue designs added actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_DESIGNS_ADDED }
 
       def track_action(params)
@@ -243,7 +209,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue designs modified actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_DESIGNS_MODIFIED }
 
       def track_action(params)
@@ -253,7 +219,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue designs removed actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_DESIGNS_REMOVED }
 
       def track_action(params)
@@ -263,7 +229,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue due date changed actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_DUE_DATE_CHANGED }
 
       def track_action(params)
@@ -273,7 +239,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue time estimate changed actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_TIME_ESTIMATE_CHANGED }
 
       def track_action(params)
@@ -283,7 +249,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue time spent changed actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_TIME_SPENT_CHANGED }
 
       def track_action(params)
@@ -293,7 +259,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue comment added actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_COMMENT_ADDED }
 
       def track_action(params)
@@ -303,7 +269,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue comment edited actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_COMMENT_EDITED }
 
       def track_action(params)
@@ -313,7 +279,7 @@ RSpec.describe Gitlab::UsageDataCounters::IssueActivityUniqueCounter, :clean_git
   end
 
   context 'for Issue comment removed actions' do
-    it_behaves_like 'tracks and counts action' do
+    it_behaves_like 'a tracked issue edit event' do
       let(:action) { described_class::ISSUE_COMMENT_REMOVED }
 
       def track_action(params)
diff --git a/spec/lib/gitlab/utils_spec.rb b/spec/lib/gitlab/utils_spec.rb
index 1eaceec1d8a..36257a0605b 100644
--- a/spec/lib/gitlab/utils_spec.rb
+++ b/spec/lib/gitlab/utils_spec.rb
@@ -3,6 +3,8 @@
 require 'spec_helper'
 
 RSpec.describe Gitlab::Utils do
+  using RSpec::Parameterized::TableSyntax
+
   delegate :to_boolean, :boolean_to_yes_no, :slugify, :random_string, :which,
            :ensure_array_from_string, :to_exclusive_sentence, :bytes_to_megabytes,
            :append_path, :check_path_traversal!, :allowlisted?, :check_allowed_absolute_path!, :decode_path, :ms_to_round_sec, to: :described_class
@@ -50,6 +52,10 @@ RSpec.describe Gitlab::Utils do
       expect(check_path_traversal!('dir/..foo.rb')).to eq('dir/..foo.rb')
       expect(check_path_traversal!('dir/.foo.rb')).to eq('dir/.foo.rb')
     end
+
+    it 'does nothing for a non-string' do
+      expect(check_path_traversal!(nil)).to be_nil
+    end
   end
 
   describe '.allowlisted?' do
@@ -448,4 +454,29 @@ RSpec.describe Gitlab::Utils do
       end
     end
   end
+
+  describe '.valid_brackets?' do
+    where(:input, :allow_nested, :valid) do
+      'no brackets'              | true  | true
+      'no brackets'              | false | true
+      'user[avatar]'             | true  | true
+      'user[avatar]'             | false | true
+      'user[avatar][friends]'    | true  | true
+      'user[avatar][friends]'    | false | true
+      'user[avatar[image[url]]]' | true  | true
+      'user[avatar[image[url]]]' | false | false
+      'user[avatar[]friends]'    | true  | true
+      'user[avatar[]friends]'    | false | false
+      'user[avatar]]'            | true  | false
+      'user[avatar]]'            | false | false
+      'user][avatar]]'           | true  | false
+      'user][avatar]]'           | false | false
+      'user[avatar'              | true  | false
+      'user[avatar'              | false | false
+    end
+
+    with_them do
+      it { expect(described_class.valid_brackets?(input, allow_nested: allow_nested)).to eq(valid) }
+    end
+  end
 end
diff --git a/spec/models/packages/package_spec.rb b/spec/models/packages/package_spec.rb
index cc7d51cf09f..b07c2debde2 100644
--- a/spec/models/packages/package_spec.rb
+++ b/spec/models/packages/package_spec.rb
@@ -122,6 +122,21 @@ RSpec.describe Packages::Package, type: :model do
         it { is_expected.not_to allow_value('my file name').for(:name) }
         it { is_expected.not_to allow_value('!!().for(:name)().for(:name)').for(:name) }
       end
+
+      context 'nuget package' do
+        subject { build_stubbed(:nuget_package) }
+
+        it { is_expected.to allow_value('My.Package').for(:name) }
+        it { is_expected.to allow_value('My.Package.Mvc').for(:name) }
+        it { is_expected.to allow_value('MyPackage').for(:name) }
+        it { is_expected.to allow_value('My.23.Package').for(:name) }
+        it { is_expected.to allow_value('My23Package').for(:name) }
+        it { is_expected.to allow_value('runtime.my-test64.runtime.package.Mvc').for(:name) }
+        it { is_expected.to allow_value('my_package').for(:name) }
+        it { is_expected.not_to allow_value('My/package').for(:name) }
+        it { is_expected.not_to allow_value('../../../my_package').for(:name) }
+        it { is_expected.not_to allow_value('%2e%2e%2fmy_package').for(:name) }
+      end
     end
 
     describe '#version' do
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb
index d66ef81efca..b28fb9a0255 100644
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -137,7 +137,7 @@ RSpec.describe ProjectPolicy do
       it 'disallows all permissions except pipeline when the feature is disabled' do
         builds_permissions = [
           :create_build, :read_build, :update_build, :admin_build, :destroy_build,
-          :create_pipeline_schedule, :read_pipeline_schedule, :update_pipeline_schedule, :admin_pipeline_schedule, :destroy_pipeline_schedule,
+          :create_pipeline_schedule, :read_pipeline_schedule_variables, :update_pipeline_schedule, :admin_pipeline_schedule, :destroy_pipeline_schedule,
           :create_environment, :read_environment, :update_environment, :admin_environment, :destroy_environment,
           :create_cluster, :read_cluster, :update_cluster, :admin_cluster, :destroy_cluster,
           :create_deployment, :read_deployment, :update_deployment, :admin_deployment, :destroy_deployment
diff --git a/spec/requests/api/ci/pipeline_schedules_spec.rb b/spec/requests/api/ci/pipeline_schedules_spec.rb
index e0199b7b51c..4c8a356469d 100644
--- a/spec/requests/api/ci/pipeline_schedules_spec.rb
+++ b/spec/requests/api/ci/pipeline_schedules_spec.rb
@@ -97,14 +97,50 @@ RSpec.describe API::Ci::PipelineSchedules do
       pipeline_schedule.pipelines << build(:ci_pipeline, project: project)
     end
 
-    context 'authenticated user with valid permissions' do
-      it 'returns pipeline_schedule details' do
-        get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}", developer)
-
+    matcher :return_pipeline_schedule_sucessfully do
+      match_unless_raises do |reponse|
         expect(response).to have_gitlab_http_status(:ok)
         expect(response).to match_response_schema('pipeline_schedule')
       end
+    end
 
+    shared_context 'request with project permissions' do
+      context 'authenticated user with project permisions' do
+        before do
+          project.add_maintainer(user)
+        end
+
+        it 'returns pipeline_schedule details' do
+          get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}", user)
+
+          expect(response).to return_pipeline_schedule_sucessfully
+          expect(json_response).to have_key('variables')
+        end
+      end
+    end
+
+    shared_examples 'request with schedule ownership' do
+      context 'authenticated user with pipeline schedule ownership' do
+        it 'returns pipeline_schedule details' do
+          get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}", developer)
+
+          expect(response).to return_pipeline_schedule_sucessfully
+          expect(json_response).to have_key('variables')
+        end
+      end
+    end
+
+    shared_examples 'request with unauthenticated user' do
+      context 'with unauthenticated user' do
+        it 'does not return pipeline_schedule' do
+          get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}")
+
+          expect(response).to have_gitlab_http_status(:unauthorized)
+        end
+      end
+    end
+
+    shared_examples 'request with non-existing pipeline_schedule' do
       it 'responds with 404 Not Found if requesting non-existing pipeline_schedule' do
         get api("/projects/#{project.id}/pipeline_schedules/-5", developer)
 
@@ -112,31 +148,61 @@ RSpec.describe API::Ci::PipelineSchedules do
       end
     end
 
-    context 'authenticated user with invalid permissions' do
-      it 'does not return pipeline_schedules list' do
-        get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}", user)
+    context 'with private project' do
+      it_behaves_like 'request with schedule ownership'
+      it_behaves_like 'request with project permissions'
+      it_behaves_like 'request with unauthenticated user'
+      it_behaves_like 'request with non-existing pipeline_schedule'
 
-        expect(response).to have_gitlab_http_status(:not_found)
+      context 'authenticated user with no project permissions' do
+        it 'does not return pipeline_schedule' do
+          get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}", user)
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
+      end
+
+      context 'authenticated user with insufficient project permissions' do
+        before do
+          project.add_guest(user)
+        end
+
+        it 'does not return pipeline_schedule' do
+          get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}", user)
+
+          expect(response).to have_gitlab_http_status(:not_found)
+        end
       end
     end
 
-    context 'authenticated user with insufficient permissions' do
-      before do
-        project.add_guest(user)
+    context 'with public project' do
+      let_it_be(:project) { create(:project, :repository, :public, public_builds: false) }
+
+      it_behaves_like 'request with schedule ownership'
+      it_behaves_like 'request with project permissions'
+      it_behaves_like 'request with unauthenticated user'
+      it_behaves_like 'request with non-existing pipeline_schedule'
+
+      context 'authenticated user with no project permissions' do
+        it 'returns pipeline_schedule with no variables' do
+          get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}", user)
+
+          expect(response).to return_pipeline_schedule_sucessfully
+          expect(json_response).not_to have_key('variables')
+        end
       end
 
-      it 'does not return pipeline_schedules list' do
-        get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}", user)
+      context 'authenticated user with insufficient project permissions' do
+        before do
+          project.add_guest(user)
+        end
 
-        expect(response).to have_gitlab_http_status(:not_found)
-      end
-    end
+        it 'returns pipeline_schedule with no variables' do
+          get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}", user)
 
-    context 'unauthenticated user' do
-      it 'does not return pipeline_schedules list' do
-        get api("/projects/#{project.id}/pipeline_schedules/#{pipeline_schedule.id}")
-
-        expect(response).to have_gitlab_http_status(:unauthorized)
+          expect(response).to return_pipeline_schedule_sucessfully
+          expect(json_response).not_to have_key('variables')
+        end
       end
     end
   end
diff --git a/spec/requests/api/internal/kubernetes_spec.rb b/spec/requests/api/internal/kubernetes_spec.rb
index f669483b5a4..a532b8e59f2 100644
--- a/spec/requests/api/internal/kubernetes_spec.rb
+++ b/spec/requests/api/internal/kubernetes_spec.rb
@@ -166,6 +166,16 @@ RSpec.describe API::Internal::Kubernetes do
             )
           )
         end
+
+        context 'repository is for project members only' do
+          let(:project) { create(:project, :public, :repository_private) }
+
+          it 'returns 404' do
+            send_request(params: { id: project.id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
+
+            expect(response).to have_gitlab_http_status(:not_found)
+          end
+        end
       end
 
       context 'project is private' do
@@ -190,7 +200,7 @@ RSpec.describe API::Internal::Kubernetes do
 
       context 'project does not exist' do
         it 'returns 404' do
-          send_request(params: { id: 0 }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
+          send_request(params: { id: non_existing_record_id }, headers: { 'Authorization' => "Bearer #{agent_token.token}" })
 
           expect(response).to have_gitlab_http_status(:not_found)
         end
diff --git a/spec/requests/api/project_export_spec.rb b/spec/requests/api/project_export_spec.rb
index 09d295afbea..ac24aeee52c 100644
--- a/spec/requests/api/project_export_spec.rb
+++ b/spec/requests/api/project_export_spec.rb
@@ -26,7 +26,7 @@ RSpec.describe API::ProjectExport, :clean_gitlab_redis_cache do
   let(:export_path) { "#{Dir.tmpdir}/project_export_spec" }
 
   before do
-    allow_any_instance_of(Gitlab::ImportExport).to receive(:storage_path).and_return(export_path)
+    allow(Gitlab::ImportExport).to receive(:storage_path).and_return(export_path)
     allow_next_instance_of(ProjectExportWorker) do |job|
       allow(job).to receive(:jid).and_return(SecureRandom.hex(8))
     end
diff --git a/spec/requests/api/terraform/state_spec.rb b/spec/requests/api/terraform/state_spec.rb
index 21cc578b1eb..0fa088a641e 100644
--- a/spec/requests/api/terraform/state_spec.rb
+++ b/spec/requests/api/terraform/state_spec.rb
@@ -125,6 +125,7 @@ RSpec.describe API::Terraform::State do
           expect { request }.to change { Terraform::State.count }.by(0)
 
           expect(response).to have_gitlab_http_status(:ok)
+          expect(Gitlab::Json.parse(response.body)).to be_empty
         end
 
         context 'on Unicorn', :unicorn do
@@ -132,6 +133,7 @@ RSpec.describe API::Terraform::State do
             expect { request }.to change { Terraform::State.count }.by(0)
 
             expect(response).to have_gitlab_http_status(:ok)
+            expect(Gitlab::Json.parse(response.body)).to be_empty
           end
         end
       end
@@ -167,6 +169,7 @@ RSpec.describe API::Terraform::State do
           expect { request }.to change { Terraform::State.count }.by(1)
 
           expect(response).to have_gitlab_http_status(:ok)
+          expect(Gitlab::Json.parse(response.body)).to be_empty
         end
 
         context 'on Unicorn', :unicorn do
@@ -174,6 +177,7 @@ RSpec.describe API::Terraform::State do
             expect { request }.to change { Terraform::State.count }.by(1)
 
             expect(response).to have_gitlab_http_status(:ok)
+            expect(Gitlab::Json.parse(response.body)).to be_empty
           end
         end
       end
@@ -218,10 +222,11 @@ RSpec.describe API::Terraform::State do
     context 'with maintainer permissions' do
       let(:current_user) { maintainer }
 
-      it 'deletes the state' do
+      it 'deletes the state and returns empty body' do
         expect { request }.to change { Terraform::State.count }.by(-1)
 
         expect(response).to have_gitlab_http_status(:ok)
+        expect(Gitlab::Json.parse(response.body)).to be_empty
       end
     end
 
diff --git a/spec/services/packages/nuget/update_package_from_metadata_service_spec.rb b/spec/services/packages/nuget/update_package_from_metadata_service_spec.rb
index b7c780c1ee2..92b493ed376 100644
--- a/spec/services/packages/nuget/update_package_from_metadata_service_spec.rb
+++ b/spec/services/packages/nuget/update_package_from_metadata_service_spec.rb
@@ -198,24 +198,26 @@ RSpec.describe Packages::Nuget::UpdatePackageFromMetadataService, :clean_gitlab_
       it_behaves_like 'raising an', ::Packages::Nuget::MetadataExtractionService::ExtractionError
     end
 
-    context 'with package file with a blank package name' do
-      before do
-        allow(service).to receive(:package_name).and_return('')
+    context 'with an invalid package name' do
+      invalid_names = [
+        '',
+        'My/package',
+        '../../../my_package',
+        '%2e%2e%2fmy_package'
+      ]
+
+      invalid_names.each do |invalid_name|
+        before do
+          allow(service).to receive(:package_name).and_return(invalid_name)
+        end
+
+        it_behaves_like 'raising an', ::Packages::Nuget::UpdatePackageFromMetadataService::InvalidMetadataError
       end
-
-      it_behaves_like 'raising an', ::Packages::Nuget::UpdatePackageFromMetadataService::InvalidMetadataError
-    end
-
-    context 'with package file with a blank package version' do
-      before do
-        allow(service).to receive(:package_version).and_return('')
-      end
-
-      it_behaves_like 'raising an', ::Packages::Nuget::UpdatePackageFromMetadataService::InvalidMetadataError
     end
 
     context 'with an invalid package version' do
       invalid_versions = [
+        '',
         '555',
         '1.2',
         '1./2.3',
@@ -224,13 +226,11 @@ RSpec.describe Packages::Nuget::UpdatePackageFromMetadataService, :clean_gitlab_
       ]
 
       invalid_versions.each do |invalid_version|
-        it "raises an error for version #{invalid_version}" do
+        before do
           allow(service).to receive(:package_version).and_return(invalid_version)
-
-          expect { subject }.to raise_error(ActiveRecord::RecordInvalid, 'Validation failed: Version is invalid')
-          expect(package_file.file_name).not_to include(invalid_version)
-          expect(package_file.file.file.path).not_to include(invalid_version)
         end
+
+        it_behaves_like 'raising an', ::Packages::Nuget::UpdatePackageFromMetadataService::InvalidMetadataError
       end
     end
   end
diff --git a/spec/services/resource_access_tokens/create_service_spec.rb b/spec/services/resource_access_tokens/create_service_spec.rb
index d8b12cda632..f172db72a48 100644
--- a/spec/services/resource_access_tokens/create_service_spec.rb
+++ b/spec/services/resource_access_tokens/create_service_spec.rb
@@ -11,16 +11,15 @@ RSpec.describe ResourceAccessTokens::CreateService do
 
   describe '#execute' do
     # Created shared_examples as it will easy to include specs for group bots in https://gitlab.com/gitlab-org/gitlab/-/issues/214046
-    shared_examples 'fails when user does not have the permission to create a Resource Bot' do
-      before_all do
-        resource.add_developer(user)
+    shared_examples 'token creation fails' do
+      let(:resource) { create(:project)}
+
+      it 'does not add the project bot as a member' do
+        expect { subject }.not_to change { resource.members.count }
       end
 
-      it 'returns error' do
-        response = subject
-
-        expect(response.error?).to be true
-        expect(response.message).to eq("User does not have permission to create #{resource_type} Access Token")
+      it 'immediately destroys the bot user if one was created', :sidekiq_inline do
+        expect { subject }.not_to change { User.bots.count }
       end
     end
 
@@ -154,24 +153,36 @@ RSpec.describe ResourceAccessTokens::CreateService do
           context 'when invalid scope is passed' do
             let_it_be(:params) { { scopes: [:invalid_scope] } }
 
-            it 'returns error' do
+            it_behaves_like 'token creation fails'
+
+            it 'returns the scope error message' do
               response = subject
 
               expect(response.error?).to be true
+              expect(response.errors).to include("Scopes can only contain available scopes")
             end
           end
         end
-      end
 
-      context 'when access provisioning fails' do
-        before do
-          allow(resource).to receive(:add_user).and_return(nil)
-        end
+        context "when access provisioning fails" do
+          let_it_be(:bot_user) { create(:user, :project_bot) }
+          let(:unpersisted_member) { build(:project_member, source: resource, user: bot_user) }
 
-        it 'returns error' do
-          response = subject
+          before do
+            allow_next_instance_of(ResourceAccessTokens::CreateService) do |service|
+              allow(service).to receive(:create_user).and_return(bot_user)
+              allow(service).to receive(:create_membership).and_return(unpersisted_member)
+            end
+          end
 
-          expect(response.error?).to be true
+          it_behaves_like 'token creation fails'
+
+          it 'returns the provisioning error message' do
+            response = subject
+
+            expect(response.error?).to be true
+            expect(response.errors).to include("Could not provision maintainer access to project access token")
+          end
         end
       end
     end
@@ -180,7 +191,16 @@ RSpec.describe ResourceAccessTokens::CreateService do
       let_it_be(:resource_type) { 'project' }
       let_it_be(:resource) { project }
 
-      it_behaves_like 'fails when user does not have the permission to create a Resource Bot'
+      context 'when user does not have permission to create a resource bot' do
+        it_behaves_like 'token creation fails'
+
+        it 'returns the permission error message' do
+          response = subject
+
+          expect(response.error?).to be true
+          expect(response.errors).to include("User does not have permission to create #{resource_type} Access Token")
+        end
+      end
 
       context 'user with valid permission' do
         before_all do
diff --git a/spec/services/terraform/remote_state_handler_spec.rb b/spec/services/terraform/remote_state_handler_spec.rb
index c47367feb14..ca392849d49 100644
--- a/spec/services/terraform/remote_state_handler_spec.rb
+++ b/spec/services/terraform/remote_state_handler_spec.rb
@@ -42,17 +42,17 @@ RSpec.describe Terraform::RemoteStateHandler do
 
     describe '#handle_with_lock' do
       it 'allows to modify a state using database locking' do
-        state = subject.handle_with_lock do |state|
+        record = nil
+        subject.handle_with_lock do |state|
+          record = state
           state.name = 'updated-name'
         end
 
-        expect(state.name).to eq 'updated-name'
+        expect(record.reload.name).to eq 'updated-name'
       end
 
-      it 'returns the state object itself' do
-        state = subject.handle_with_lock
-
-        expect(state.name).to eq 'my-state'
+      it 'returns nil' do
+        expect(subject.handle_with_lock).to be_nil
       end
     end
 
@@ -70,11 +70,13 @@ RSpec.describe Terraform::RemoteStateHandler do
       it 'handles a locked state using exclusive read lock' do
         handler.lock!
 
-        state = handler.handle_with_lock do |state|
+        record = nil
+        handler.handle_with_lock do |state|
+          record = state
           state.name = 'new-name'
         end
 
-        expect(state.name).to eq 'new-name'
+        expect(record.reload.name).to eq 'new-name'
       end
 
       it 'raises exception if lock has not been acquired before' do
diff --git a/spec/support/import_export/common_util.rb b/spec/support/import_export/common_util.rb
index c0c3559cca0..ae951ea35af 100644
--- a/spec/support/import_export/common_util.rb
+++ b/spec/support/import_export/common_util.rb
@@ -15,7 +15,7 @@ module ImportExport
       export_path = [prefix, 'spec', 'fixtures', 'lib', 'gitlab', 'import_export', name].compact
       export_path = File.join(*export_path)
 
-      allow_any_instance_of(Gitlab::ImportExport).to receive(:export_path) { export_path }
+      allow(Gitlab::ImportExport).to receive(:export_path) { export_path }
     end
 
     def setup_reader(reader)
diff --git a/spec/support/patches/rspec_mocks_prepended_methods.rb b/spec/support/patches/rspec_mocks_prepended_methods.rb
new file mode 100644
index 00000000000..fa3a74c670c
--- /dev/null
+++ b/spec/support/patches/rspec_mocks_prepended_methods.rb
@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+# This patch allows stubbing of prepended methods
+# Based on https://github.com/rspec/rspec-mocks/pull/1218
+
+module RSpec
+  module Mocks
+    module InstanceMethodStasherForPrependedMethods
+      private
+
+      def method_owned_by_klass?
+        owner = @klass.instance_method(@method).owner
+        owner = owner.class unless Module === owner
+
+        owner == @klass ||
+          # When `extend self` is used, and not under any instance of
+          (owner.singleton_class == @klass && !Mocks.space.any_instance_recorder_for(owner, true)) ||
+          !method_defined_on_klass?(owner)
+      end
+    end
+  end
+end
+
+module RSpec
+  module Mocks
+    module MethodDoubleForPrependedMethods
+      def restore_original_method
+        return show_frozen_warning if object_singleton_class.frozen?
+        return unless @method_is_proxied
+
+        remove_method_from_definition_target
+
+        if @method_stasher.method_is_stashed?
+          @method_stasher.restore
+          restore_original_visibility
+        end
+
+        @method_is_proxied = false
+      end
+
+      def restore_original_visibility
+        method_owner.__send__(@original_visibility, @method_name)
+      end
+
+      private
+
+      def method_owner
+        @method_owner ||= Object.instance_method(:method).bind(object).call(@method_name).owner
+      end
+    end
+  end
+end
+
+RSpec::Mocks::InstanceMethodStasher.prepend(RSpec::Mocks::InstanceMethodStasherForPrependedMethods)
+RSpec::Mocks::MethodDouble.prepend(RSpec::Mocks::MethodDoubleForPrependedMethods)
diff --git a/spec/support/shared_examples/controllers/access_tokens_controller_shared_examples.rb b/spec/support/shared_examples/controllers/access_tokens_controller_shared_examples.rb
index 54d41f9a68c..dd71107455f 100644
--- a/spec/support/shared_examples/controllers/access_tokens_controller_shared_examples.rb
+++ b/spec/support/shared_examples/controllers/access_tokens_controller_shared_examples.rb
@@ -73,7 +73,23 @@ RSpec.shared_examples 'project access tokens available #create' do
       end
     end
 
-    it { expect(subject).to render_template(:index) }
+    it 'does not create the token' do
+      expect { subject }.not_to change { PersonalAccessToken.count }
+    end
+
+    it 'does not add the project bot as a member' do
+      expect { subject }.not_to change { Member.count }
+    end
+
+    it 'does not create the project bot user' do
+      expect { subject }.not_to change { User.count }
+    end
+
+    it 'shows a failure alert' do
+      subject
+
+      expect(response.flash[:alert]).to match("Failed to create new project access token: Failed!")
+    end
   end
 end
 
diff --git a/spec/support/shared_examples/lib/gitlab/usage_data_counters/issue_activity_shared_examples.rb b/spec/support/shared_examples/lib/gitlab/usage_data_counters/issue_activity_shared_examples.rb
new file mode 100644
index 00000000000..286305f2506
--- /dev/null
+++ b/spec/support/shared_examples/lib/gitlab/usage_data_counters/issue_activity_shared_examples.rb
@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+RSpec.shared_examples 'a tracked issue edit event' do |event|
+  before do
+    stub_application_setting(usage_ping_enabled: true)
+  end
+
+  def count_unique(date_from:, date_to:)
+    Gitlab::UsageDataCounters::HLLRedisCounter.unique_events(event_names: action, start_date: date_from, end_date: date_to)
+  end
+
+  specify do
+    aggregate_failures do
+      expect(track_action(author: user1)).to be_truthy
+      expect(track_action(author: user1)).to be_truthy
+      expect(track_action(author: user2)).to be_truthy
+      expect(track_action(author: user3, time: time - 3.days)).to be_truthy
+
+      expect(count_unique(date_from: time, date_to: time)).to eq(2)
+      expect(count_unique(date_from: time - 5.days, date_to: 1.day.since(time))).to eq(3)
+    end
+  end
+
+  it 'does not track edit actions if author is not present' do
+    expect(track_action(author: nil)).to be_nil
+  end
+
+  context 'when feature flag track_issue_activity_actions is disabled' do
+    it 'does not track edit actions' do
+      stub_feature_flags(track_issue_activity_actions: false)
+
+      expect(track_action(author: user1)).to be_nil
+    end
+  end
+end
diff --git a/spec/support/shared_examples/uploaders/gitlab_uploader_shared_examples.rb b/spec/support/shared_examples/uploaders/gitlab_uploader_shared_examples.rb
index 12bcbb8b812..7126d3ace96 100644
--- a/spec/support/shared_examples/uploaders/gitlab_uploader_shared_examples.rb
+++ b/spec/support/shared_examples/uploaders/gitlab_uploader_shared_examples.rb
@@ -14,6 +14,7 @@ end
 
 RSpec.shared_examples "builds correct paths" do |**patterns|
   let(:patterns) { patterns }
+  let(:fixture) { File.join('spec', 'fixtures', 'rails_sample.jpg') }
 
   before do
     allow(subject).to receive(:filename).and_return('<filename>')
@@ -55,4 +56,15 @@ RSpec.shared_examples "builds correct paths" do |**patterns|
       let(:target) { subject.class }
     end
   end
+
+  describe "path traversal exploits" do
+    before do
+      allow(subject).to receive(:filename).and_return("3bc58d54542d6a5efffa9a87554faac0254f73f675b337899ea869f6d38b7371/122../../../../../../../../.ssh/authorized_keys")
+    end
+
+    it "throws an exception" do
+      expect { subject.cache!(fixture_file_upload(fixture)) }.to raise_error(Gitlab::Utils::PathTraversalAttackError)
+      expect { subject.store!(fixture_file_upload(fixture)) }.to raise_error(Gitlab::Utils::PathTraversalAttackError)
+    end
+  end
 end
diff --git a/spec/uploaders/import_export_uploader_spec.rb b/spec/uploaders/import_export_uploader_spec.rb
index b1fdcf067c6..cb7a89193e6 100644
--- a/spec/uploaders/import_export_uploader_spec.rb
+++ b/spec/uploaders/import_export_uploader_spec.rb
@@ -24,9 +24,14 @@ RSpec.describe ImportExportUploader do
 
     include_context 'with storage', described_class::Store::REMOTE
 
-    it_behaves_like 'builds correct paths',
-                    store_dir: %r[import_export_upload/import_file/],
-                    upload_path: %r[import_export_upload/import_file/]
+    patterns = {
+      store_dir: %r[import_export_upload/import_file/],
+      upload_path: %r[import_export_upload/import_file/]
+    }
+
+    it_behaves_like 'builds correct paths', patterns do
+      let(:fixture) { File.join('spec', 'fixtures', 'group_export.tar.gz') }
+    end
 
     describe '#move_to_store' do
       it 'returns false' do
diff --git a/spec/workers/packages/nuget/extraction_worker_spec.rb b/spec/workers/packages/nuget/extraction_worker_spec.rb
index 35b5f1baed5..4703afc9413 100644
--- a/spec/workers/packages/nuget/extraction_worker_spec.rb
+++ b/spec/workers/packages/nuget/extraction_worker_spec.rb
@@ -13,6 +13,18 @@ RSpec.describe Packages::Nuget::ExtractionWorker, type: :worker do
 
     subject { described_class.new.perform(package_file_id) }
 
+    shared_examples 'handling the metadata error' do |exception_class: ::Packages::Nuget::UpdatePackageFromMetadataService::InvalidMetadataError|
+      it 'removes the package and the package file' do
+        expect(Gitlab::ErrorTracking).to receive(:log_exception).with(
+          instance_of(exception_class),
+          project_id: package.project_id
+        )
+        expect { subject }
+          .to change { Packages::Package.count }.by(-1)
+          .and change { Packages::PackageFile.count }.by(-1)
+      end
+    end
+
     context 'with valid package file' do
       it 'updates package and package file' do
         expect { subject }
@@ -48,46 +60,46 @@ RSpec.describe Packages::Nuget::ExtractionWorker, type: :worker do
         allow_any_instance_of(Zip::File).to receive(:glob).and_return([])
       end
 
-      it 'removes the package and the package file' do
-        expect(Gitlab::ErrorTracking).to receive(:log_exception).with(
-          instance_of(::Packages::Nuget::MetadataExtractionService::ExtractionError),
-          project_id: package.project_id
-        )
-        expect { subject }
-          .to change { Packages::Package.count }.by(-1)
-          .and change { Packages::PackageFile.count }.by(-1)
+      it_behaves_like 'handling the metadata error', exception_class: ::Packages::Nuget::MetadataExtractionService::ExtractionError
+    end
+
+    context 'with package with an invalid package name' do
+      invalid_names = [
+        '',
+        'My/package',
+        '../../../my_package',
+        '%2e%2e%2fmy_package'
+      ]
+
+      invalid_names.each do |invalid_name|
+        before do
+          allow_next_instance_of(::Packages::Nuget::UpdatePackageFromMetadataService) do |service|
+            allow(service).to receive(:package_name).and_return(invalid_name)
+          end
+        end
+
+        it_behaves_like 'handling the metadata error'
       end
     end
 
-    context 'with package file with a blank package name' do
-      before do
-        allow_any_instance_of(::Packages::Nuget::UpdatePackageFromMetadataService).to receive(:package_name).and_return('')
-      end
+    context 'with package with an invalid package version' do
+      invalid_versions = [
+        '',
+        '555',
+        '1.2',
+        '1./2.3',
+        '../../../../../1.2.3',
+        '%2e%2e%2f1.2.3'
+      ]
 
-      it 'removes the package and the package file' do
-        expect(Gitlab::ErrorTracking).to receive(:log_exception).with(
-          instance_of(::Packages::Nuget::UpdatePackageFromMetadataService::InvalidMetadataError),
-          project_id: package.project_id
-        )
-        expect { subject }
-          .to change { Packages::Package.count }.by(-1)
-          .and change { Packages::PackageFile.count }.by(-1)
-      end
-    end
+      invalid_versions.each do |invalid_version|
+        before do
+          allow_next_instance_of(::Packages::Nuget::UpdatePackageFromMetadataService) do |service|
+            allow(service).to receive(:package_version).and_return(invalid_version)
+          end
+        end
 
-    context 'with package file with a blank package version' do
-      before do
-        allow_any_instance_of(::Packages::Nuget::UpdatePackageFromMetadataService).to receive(:package_version).and_return('')
-      end
-
-      it 'removes the package and the package file' do
-        expect(Gitlab::ErrorTracking).to receive(:log_exception).with(
-          instance_of(::Packages::Nuget::UpdatePackageFromMetadataService::InvalidMetadataError),
-          project_id: package.project_id
-        )
-        expect { subject }
-          .to change { Packages::Package.count }.by(-1)
-          .and change { Packages::PackageFile.count }.by(-1)
+        it_behaves_like 'handling the metadata error'
       end
     end
   end