From fc0d8fd420d54aeffe4cbb55ef604fb9aa41ba32 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Mon, 22 Apr 2024 21:09:46 +0000
Subject: [PATCH] Add latest changes from gitlab-org/gitlab@master

---
 .gitlab/ci/workhorse.gitlab-ci.yml            |   4 +-
 ...e_end_string_concatenation_indentation.yml |   2 -
 .rubocop_todo/rspec/context_wording.yml       |   1 -
 GITALY_SERVER_VERSION                         |   2 +-
 .../environments/graphql/resolvers/flux.js    |   2 +-
 .../empty_state_without_any_issues.vue        |   2 +-
 .../page_bundles/design_management.scss       |   2 -
 .../types/ci/runner_membership_filter_enum.rb |   3 +-
 app/graphql/types/ci/runner_type.rb           |  21 ---
 app/models/ci/runner_manager.rb               |   1 +
 app/models/repository.rb                      |   5 -
 app/presenters/ci/runner_presenter.rb         |   4 -
 .../json_schemas/member_role_permissions.json |   3 +
 .../devise/shared/_signup_box_form.html.haml  |  12 +-
 app/views/groups/edit.html.haml               |   4 +
 app/views/projects/edit.html.haml             |   2 +
 .../15-6-deprecate-post-api-v4-runner.yml     |   1 -
 ...eprecate-runner-setup-instructions-api.yml |   3 +-
 ...rt_type_severity_traversal_ids_archived.rb |  17 ++
 db/schema_migrations/20240410104838           |   1 +
 db/structure.sql                              |   2 +
 doc/api/graphql/reference/index.md            |  10 +-
 doc/api/graphql/removed_items.md              |  15 ++
 doc/api/rest/deprecations.md                  |   8 +
 doc/api/runners.md                            |  92 ++++++++--
 doc/ci/yaml/index.md                          |   3 +
 .../sec/analyzer_development_guide.md         |   1 -
 doc/topics/autodevops/cicd_variables.md       |   2 +-
 doc/update/deprecations.md                    |  32 ++--
 doc/user/ai_features.md                       |   4 +-
 doc/user/analytics/analytics_dashboards.md    |  41 +++++
 .../container_scanning/index.md               |  22 +--
 doc/user/compliance/license_list.md           |   6 -
 .../index.md                                  |  17 +-
 doc/user/custom_roles/abilities.md            |   6 +
 doc/user/group/saml_sso/index.md              |   8 +-
 doc/user/packages/generic_packages/index.md   |  26 ++-
 doc/user/project/issues/index.md              |   1 +
 .../service_desk/external_participants.md     | 159 ++++++++++++++++++
 ...ticipants_comment_editor_warning_v17_0.png | Bin 0 -> 32285 bytes
 ...sk_external_participants_comment_v17_0.png | Bin 0 -> 19911 bytes
 ...l_participants_email_obfuscation_v17_0.png | Bin 0 -> 27676 bytes
 doc/user/project/service_desk/index.md        |   4 +
 .../service_desk/using_service_desk.md        |   4 +-
 lib/api/entities/ci/runner.rb                 |   4 +-
 lib/api/entities/ci/runner_details.rb         |  14 +-
 lib/api/generic_packages.rb                   |   2 +-
 .../packages/maven/basic_auth_helpers.rb      |   2 +-
 lib/gitlab/auth/auth_finders.rb               |  60 ++++---
 lib/gitlab/auth/request_authenticator.rb      |   2 +-
 .../ci/templates/Auto-DevOps.gitlab-ci.yml    |   5 -
 .../Jobs/Container-Scanning.gitlab-ci.yml     |   2 +-
 .../Container-Scanning.latest.gitlab-ci.yml   |   2 +-
 .../Jobs/License-Scanning.gitlab-ci.yml       |  38 -----
 .../License-Scanning.latest.gitlab-ci.yml     |  48 ------
 .../Security/License-Scanning.gitlab-ci.yml   |   5 -
 lib/gitlab/graphql/type_name_deprecations.rb  |   6 +-
 lib/tasks/gitlab/graphql.rake                 |  17 +-
 lib/unnested_in_filters/rewriter.rb           |  94 ++++++++++-
 .../auto_devops/auto_devops_templates_spec.rb |   1 -
 .../create_project_with_auto_devops_spec.rb   |   2 +-
 .../kubernetes/kubernetes_status_bar_spec.js  |   4 +-
 ...environment_flux_resource_selector_spec.js |   2 +-
 .../environments/graphql/mock_data.js         |   2 +-
 .../graphql/resolvers/flux_spec.js            |   4 +-
 .../empty_state_without_any_issues_spec.js    |   2 +-
 spec/graphql/types/ci/runner_type_spec.rb     |   6 +-
 spec/lib/gitlab/auth/auth_finders_spec.rb     |  58 ++++++-
 spec/lib/unnested_in_filters/rewriter_spec.rb |  38 +++++
 spec/models/ci/runner_manager_spec.rb         |  10 ++
 spec/models/repository_spec.rb                |  20 ---
 spec/requests/api/commits_spec.rb             |  23 +++
 spec/requests/api/generic_packages_spec.rb    |  10 ++
 spec/requests/api/graphql/ci/runner_spec.rb   |   6 -
 .../shared/_signup_box.html.haml_spec.rb      |  20 ++-
 workhorse/go.mod                              |   4 +-
 workhorse/go.sum                              |  43 +++++
 77 files changed, 791 insertions(+), 320 deletions(-)
 create mode 100644 db/post_migrate/20240410104838_index_vulnerability_reads_on_state_report_type_severity_traversal_ids_archived.rb
 create mode 100644 db/schema_migrations/20240410104838
 create mode 100644 doc/user/project/service_desk/external_participants.md
 create mode 100644 doc/user/project/service_desk/img/service_desk_external_participants_comment_editor_warning_v17_0.png
 create mode 100644 doc/user/project/service_desk/img/service_desk_external_participants_comment_v17_0.png
 create mode 100644 doc/user/project/service_desk/img/service_desk_external_participants_email_obfuscation_v17_0.png
 delete mode 100644 lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml
 delete mode 100644 lib/gitlab/ci/templates/Jobs/License-Scanning.latest.gitlab-ci.yml
 delete mode 100644 lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml

diff --git a/.gitlab/ci/workhorse.gitlab-ci.yml b/.gitlab/ci/workhorse.gitlab-ci.yml
index 21b4cfba137..411cdcf65a1 100644
--- a/.gitlab/ci/workhorse.gitlab-ci.yml
+++ b/.gitlab/ci/workhorse.gitlab-ci.yml
@@ -33,7 +33,7 @@ workhorse:test go:
   extends: .workhorse:test
   parallel:
     matrix:
-      - GO_VERSION: ["1.20", "1.21", "1.22"]
+      - GO_VERSION: ["1.21", "1.22"]
         REDIS_VERSION: ["7.0", "6.2"]
   script:
     - make -C workhorse test-coverage
@@ -49,7 +49,7 @@ workhorse:test fips:
     - setup-test-env-fips
   parallel:
     matrix:
-      - GO_VERSION: ["1.20", "1.21", "1.22"]
+      - GO_VERSION: ["1.21", "1.22"]
         REDIS_VERSION: ["7.0", "6.2"]
   image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/${BUILD_OS}-${OS_VERSION}-ruby-${RUBY_VERSION}-golang-${GO_VERSION}-rust-${RUST_VERSION}:rubygems-${RUBYGEMS_VERSION}-git-2.36-exiftool-12.60
   variables:
diff --git a/.rubocop_todo/layout/line_end_string_concatenation_indentation.yml b/.rubocop_todo/layout/line_end_string_concatenation_indentation.yml
index f00e4c23398..34875f252e0 100644
--- a/.rubocop_todo/layout/line_end_string_concatenation_indentation.yml
+++ b/.rubocop_todo/layout/line_end_string_concatenation_indentation.yml
@@ -105,8 +105,6 @@ Layout/LineEndStringConcatenationIndentation:
     - 'ee/spec/lib/gitlab/ci/templates/dast_latest_gitlab_ci_yaml_spec.rb'
     - 'ee/spec/lib/gitlab/ci/templates/dependency_scanning_gitlab_ci_yaml_spec.rb'
     - 'ee/spec/lib/gitlab/ci/templates/dependency_scanning_latest_gitlab_ci_yaml_spec.rb'
-    - 'ee/spec/lib/gitlab/ci/templates/license_scanning_gitlab_ci_yaml_spec.rb'
-    - 'ee/spec/lib/gitlab/ci/templates/license_scanning_latest_gitlab_ci_yaml_spec.rb'
     - 'ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb'
     - 'ee/spec/lib/gitlab/ci/templates/sast_iac_gitlab_ci_yaml_spec.rb'
     - 'ee/spec/lib/gitlab/ci/templates/sast_latest_gitlab_ci_yaml_spec.rb'
diff --git a/.rubocop_todo/rspec/context_wording.yml b/.rubocop_todo/rspec/context_wording.yml
index 76f2b23d6af..8f9eba3cdaf 100644
--- a/.rubocop_todo/rspec/context_wording.yml
+++ b/.rubocop_todo/rspec/context_wording.yml
@@ -334,7 +334,6 @@ RSpec/ContextWording:
     - 'ee/spec/lib/gitlab/ci/templates/dast_api_gitlab_ci_yaml_spec.rb'
     - 'ee/spec/lib/gitlab/ci/templates/dast_latest_gitlab_ci_yaml_spec.rb'
     - 'ee/spec/lib/gitlab/ci/templates/dependency_scanning_gitlab_ci_yaml_spec.rb'
-    - 'ee/spec/lib/gitlab/ci/templates/license_scanning_gitlab_ci_yaml_spec.rb'
     - 'ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb'
     - 'ee/spec/lib/gitlab/ci/templates/sast_iac_gitlab_ci_yaml_spec.rb'
     - 'ee/spec/lib/gitlab/ci/templates/sast_latest_gitlab_ci_yaml_spec.rb'
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION
index 36f61c2a24a..f7f0261106b 100644
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
@@ -1 +1 @@
-faac94442a49a42427236f28d5190c6d721c172b
+84074347b5ad5ff09fd4d6068c8bcdf356f7798c
diff --git a/app/assets/javascripts/environments/graphql/resolvers/flux.js b/app/assets/javascripts/environments/graphql/resolvers/flux.js
index 5cb5db5d752..fa2c3adeb63 100644
--- a/app/assets/javascripts/environments/graphql/resolvers/flux.js
+++ b/app/assets/javascripts/environments/graphql/resolvers/flux.js
@@ -8,7 +8,7 @@ import fluxKustomizationStatusQuery from '../queries/flux_kustomization_status.q
 import fluxHelmReleaseStatusQuery from '../queries/flux_helm_release_status.query.graphql';
 
 const helmReleasesApiVersion = 'helm.toolkit.fluxcd.io/v2beta1';
-const kustomizationsApiVersion = 'kustomize.toolkit.fluxcd.io/v1beta1';
+const kustomizationsApiVersion = 'kustomize.toolkit.fluxcd.io/v1';
 
 const helmReleaseField = 'fluxHelmReleaseStatus';
 const kustomizationField = 'fluxKustomizationStatus';
diff --git a/app/assets/javascripts/issues/list/components/empty_state_without_any_issues.vue b/app/assets/javascripts/issues/list/components/empty_state_without_any_issues.vue
index 48d6545b21e..0b3c43f2ffa 100644
--- a/app/assets/javascripts/issues/list/components/empty_state_without_any_issues.vue
+++ b/app/assets/javascripts/issues/list/components/empty_state_without_any_issues.vue
@@ -69,7 +69,7 @@ export default {
   <div
     v-if="isSignedIn"
     data-testid="signed-in-empty-state-block"
-    :data-track-action="isProject && 'render_project_issues_empty_list_page'"
+    :data-track-action="isProject && 'render'"
     :data-track-label="isProject && 'project_issues_empty_list'"
     :data-track-experiment="isProject && 'issues_mrs_empty_state'"
   >
diff --git a/app/assets/stylesheets/page_bundles/design_management.scss b/app/assets/stylesheets/page_bundles/design_management.scss
index b5a797725dc..59dc2c1233b 100644
--- a/app/assets/stylesheets/page_bundles/design_management.scss
+++ b/app/assets/stylesheets/page_bundles/design_management.scss
@@ -3,7 +3,6 @@
 $design-pin-diameter: 28px;
 $design-pin-diameter-sm: 24px;
 $t-gray-a-16-design-pin: rgba($black, 0.16);
-$zindex-design-detail: 1061;
 
 .design-card-header {
   background: transparent;
@@ -15,7 +14,6 @@ $zindex-design-detail: 1061;
 
 .design-detail {
   bottom: $calc-application-footer-height;
-  z-index: $zindex-design-detail;
 
   .comment-indicator {
     border-radius: 50%;
diff --git a/app/graphql/types/ci/runner_membership_filter_enum.rb b/app/graphql/types/ci/runner_membership_filter_enum.rb
index eb691166944..439e2b984cc 100644
--- a/app/graphql/types/ci/runner_membership_filter_enum.rb
+++ b/app/graphql/types/ci/runner_membership_filter_enum.rb
@@ -4,8 +4,7 @@ module Types
   module Ci
     class RunnerMembershipFilterEnum < BaseEnum
       graphql_name 'CiRunnerMembershipFilter'
-      description 'Values for filtering runners in namespaces. ' \
-        'The previous type name `RunnerMembershipFilter` was deprecated in 15.4.'
+      description 'Values for filtering runners in namespaces.'
 
       value 'DIRECT',
             description: "Include runners that have a direct relationship.",
diff --git a/app/graphql/types/ci/runner_type.rb b/app/graphql/types/ci/runner_type.rb
index dcacfb48997..ebdc7f1d9de 100644
--- a/app/graphql/types/ci/runner_type.rb
+++ b/app/graphql/types/ci/runner_type.rb
@@ -23,10 +23,6 @@ module Types
                                               deprecated: { reason: 'Use paused', milestone: '14.8' }
       field :admin_url, GraphQL::Types::String, null: true,
                                                 description: 'Admin URL of the runner. Only available for administrators.'
-      field :architecture_name, GraphQL::Types::String, null: true,
-            deprecated: { reason: "Use field in `manager` object instead", milestone: '16.2' },
-            description: 'Architecture provided by the the runner.',
-            method: :architecture
       field :contacted_at, Types::TimeType, null: true,
                                             description: 'Timestamp of last contact from this runner.',
                                             method: :contacted_at
@@ -46,17 +42,10 @@ module Types
       field :ephemeral_register_url, GraphQL::Types::String, null: true,
             description: 'URL of the registration page of the runner manager. Only available for the creator of the runner for a limited time during registration.',
             alpha: { milestone: '15.11' }
-      field :executor_name, GraphQL::Types::String, null: true,
-            deprecated: { reason: "Use field in `manager` object instead", milestone: '16.2' },
-            description: 'Executor last advertised by the runner.',
-            method: :executor_name
       field :groups, null: true,
                      resolver: ::Resolvers::Ci::RunnerGroupsResolver,
                      description: 'Groups the runner is associated with. For group runners only.'
       field :id, ::Types::GlobalIDType[::Ci::Runner], null: false, description: 'ID of the runner.'
-      field :ip_address, GraphQL::Types::String, null: true,
-            deprecated: { reason: "Use field in `manager` object instead", milestone: '16.2' },
-            description: 'IP address of the runner.'
       field :job_count, GraphQL::Types::Int, null: true,
             description: "Number of jobs processed by the runner (limited to #{JOB_COUNT_LIMIT}, plus one to " \
                          "indicate that more items exist).\n`jobCount` is an optimized version of `jobs { count }`, " \
@@ -86,10 +75,6 @@ module Types
                                                   resolver: ::Resolvers::Ci::RunnerOwnerProjectResolver
       field :paused, GraphQL::Types::Boolean, null: false,
                                               description: 'Indicates the runner is paused and not available to run jobs.'
-      field :platform_name, GraphQL::Types::String, null: true,
-            deprecated: { reason: "Use field in `manager` object instead", milestone: '16.2' },
-            description: 'Platform provided by the runner.',
-            method: :platform
       field :project_count, GraphQL::Types::Int, null: true,
                                                  description: 'Number of projects that the runner is associated with.'
       field :projects,
@@ -99,9 +84,6 @@ module Types
             description: 'Find projects the runner is associated with. For project runners only.'
       field :register_admin_url, GraphQL::Types::String, null: true,
                                                          description: 'URL of the temporary registration page of the runner. Only available before the runner is registered. Only available for administrators.'
-      field :revision, GraphQL::Types::String, null: true,
-            deprecated: { reason: "Use field in `manager` object instead", milestone: '16.2' },
-            description: 'Revision of the runner.'
       field :run_untagged, GraphQL::Types::Boolean, null: false,
                                                     description: 'Indicates the runner is able to run untagged jobs.'
       field :runner_type, ::Types::Ci::RunnerTypeEnum, null: false,
@@ -118,9 +100,6 @@ module Types
       field :token_expires_at, Types::TimeType, null: true,
                                                 description: 'Runner token expiration time.',
                                                 method: :token_expires_at
-      field :version, GraphQL::Types::String, null: true,
-            deprecated: { reason: "Use field in `manager` object instead", milestone: '16.2' },
-            description: 'Version of the runner.'
 
       markdown_field :maintenance_note_html, null: true
 
diff --git a/app/models/ci/runner_manager.rb b/app/models/ci/runner_manager.rb
index 69b8bd1cbef..e4810d83ab5 100644
--- a/app/models/ci/runner_manager.rb
+++ b/app/models/ci/runner_manager.rb
@@ -76,6 +76,7 @@ module Ci
     end
 
     scope :order_id_desc, -> { order(id: :desc) }
+    scope :order_contacted_at_desc, -> { order(contacted_at: :desc) }
 
     scope :with_version_prefix, ->(value) do
       regex = version_regex_expression_for_version(value)
diff --git a/app/models/repository.rb b/app/models/repository.rb
index ceed9929d26..32e26474db6 100644
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -170,11 +170,6 @@ class Repository
     commits = Commit.decorate(commits, container) if commits.present?
 
     CommitCollection.new(container, commits, ref)
-  rescue Gitlab::Git::CommandError => e
-    # Temporary fix to address a new Gitaly internal error: https://gitlab.com/gitlab-org/gitlab/-/issues/452488
-    return CommitCollection.new(container, [], ref) if e.message.include?('listing commits failed')
-
-    raise
   end
 
   def commits_between(from, to, limit: nil)
diff --git a/app/presenters/ci/runner_presenter.rb b/app/presenters/ci/runner_presenter.rb
index 482534f27b9..cd268140c50 100644
--- a/app/presenters/ci/runner_presenter.rb
+++ b/app/presenters/ci/runner_presenter.rb
@@ -12,10 +12,6 @@ module Ci
     delegator_override :locked
     alias_method :locked, :locked?
 
-    def executor_name
-      Ci::Runner::EXECUTOR_TYPE_TO_NAMES[executor_type&.to_sym]
-    end
-
     def paused
       !active
     end
diff --git a/app/validators/json_schemas/member_role_permissions.json b/app/validators/json_schemas/member_role_permissions.json
index b2c50bb9ad4..2257ec48934 100644
--- a/app/validators/json_schemas/member_role_permissions.json
+++ b/app/validators/json_schemas/member_role_permissions.json
@@ -22,6 +22,9 @@
     "admin_terraform_state": {
       "type": "boolean"
     },
+    "admin_compliance_framework": {
+      "type": "boolean"
+    },
     "admin_vulnerability": {
       "type": "boolean"
     },
diff --git a/app/views/devise/shared/_signup_box_form.html.haml b/app/views/devise/shared/_signup_box_form.html.haml
index 33b364965db..af5ec456872 100644
--- a/app/views/devise/shared/_signup_box_form.html.haml
+++ b/app/views/devise/shared/_signup_box_form.html.haml
@@ -20,10 +20,14 @@
       .form-group
         = label_tag :signup_intent, s_('SignUp|I want to...')
         = select_tag :signup_intent,
-          options_for_select([[s_('SignUp|Set up a new team'), :new_team],
-            [s_('SignUp|Set up a new personal account'), :new_personal_account],
-            [s_('SignUp|Join an existing team'), :join_existing_team],
-            [s_('SignUp|Contribute to a public project on GitLab'), :contribute_public_project]]),
+          options_for_select([[s_('SignUp|Set up a new team'),
+              :select_signup_intent_dropdown_new_team_registration_step_one],
+            [s_('SignUp|Set up a new personal account'),
+              :select_signup_intent_dropdown_new_personal_account_registration_step_one],
+            [s_('SignUp|Join an existing team'),
+              :select_signup_intent_dropdown_join_existing_team_registration_step_one],
+            [s_('SignUp|Contribute to a public project on GitLab'),
+              :select_signup_intent_dropdown_contribute_public_project_registration_step_one]]),
           prompt: s_('SignUp|Please select an option...'),
           class: 'gl-form-select custom-select',
           required: true
diff --git a/app/views/groups/edit.html.haml b/app/views/groups/edit.html.haml
index 1c1388013af..afdb4cc1c55 100644
--- a/app/views/groups/edit.html.haml
+++ b/app/views/groups/edit.html.haml
@@ -45,7 +45,10 @@
     .settings-content
       = render 'shared/badges/badge_settings'
 
+- if can?(current_user, :admin_compliance_framework, @group)
   = render_if_exists 'groups/compliance_frameworks', expanded: expanded
+
+- if can?(current_user, :admin_group, @group)
   = render_if_exists 'groups/custom_project_templates_setting'
   = render_if_exists 'groups/templates_setting', expanded: expanded
   = render_if_exists 'shared/groups/max_pages_size_setting'
@@ -60,6 +63,7 @@
         = _('Perform advanced options such as changing path, transferring, exporting, or removing the group.')
     .settings-content
       = render 'groups/settings/advanced'
+
 - elsif can?(current_user, :remove_group, @group)
   = render 'groups/settings/remove', group: @group, remove_form_id: 'js-remove-group-form'
   = render_if_exists 'groups/settings/restore', group: @group
diff --git a/app/views/projects/edit.html.haml b/app/views/projects/edit.html.haml
index 90837a1a291..d185ef2f130 100644
--- a/app/views/projects/edit.html.haml
+++ b/app/views/projects/edit.html.haml
@@ -51,8 +51,10 @@
     .settings-content
       = render 'shared/badges/badge_settings'
 
+- if can?(current_user, :admin_compliance_framework, @project)
   = render_if_exists 'compliance_management/compliance_framework/project_settings', expanded: expanded
 
+- if can?(current_user, :admin_project, @project)
   = render_if_exists 'projects/settings/default_issue_template'
 
   = render 'projects/service_desk_settings'
diff --git a/data/deprecations/15-6-deprecate-post-api-v4-runner.yml b/data/deprecations/15-6-deprecate-post-api-v4-runner.yml
index 9e8b1f81832..e8b49c5427d 100644
--- a/data/deprecations/15-6-deprecate-post-api-v4-runner.yml
+++ b/data/deprecations/15-6-deprecate-post-api-v4-runner.yml
@@ -1,7 +1,6 @@
 - title: 'Registration tokens and server-side runner arguments in `POST /api/v4/runners` endpoint'  # (required) The name of the feature to be deprecated
   announcement_milestone: '15.6'  # (required) The milestone when this feature was first announced as deprecated.
   removal_milestone: '18.0'  # (required) The milestone when this feature is planned to be removed
-  removal_date: '2024-04-22'
   breaking_change: true  # (required) If this deprecation is a breaking change, set this value to true
   reporter: pedropombeiro  # (required) GitLab username of the person reporting the deprecation
   stage: Verify  # (required) String value of the stage that the feature was created in. e.g., Growth
diff --git a/data/deprecations/15-9-deprecate-runner-setup-instructions-api.yml b/data/deprecations/15-9-deprecate-runner-setup-instructions-api.yml
index 4f5c301b7c2..1339225ef20 100644
--- a/data/deprecations/15-9-deprecate-runner-setup-instructions-api.yml
+++ b/data/deprecations/15-9-deprecate-runner-setup-instructions-api.yml
@@ -1,8 +1,7 @@
 - title: 'GitLab Runner platforms and setup instructions in GraphQL API'
   announcement_milestone: '15.9'
   announcement_date: '2023-02-22'
-  removal_milestone: '17.0'
-  removal_date: '2024-05-22'
+  removal_milestone: '18.0'
   breaking_change: true
   reporter: mrincon
   body: |
diff --git a/db/post_migrate/20240410104838_index_vulnerability_reads_on_state_report_type_severity_traversal_ids_archived.rb b/db/post_migrate/20240410104838_index_vulnerability_reads_on_state_report_type_severity_traversal_ids_archived.rb
new file mode 100644
index 00000000000..6b750eb3fe0
--- /dev/null
+++ b/db/post_migrate/20240410104838_index_vulnerability_reads_on_state_report_type_severity_traversal_ids_archived.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class IndexVulnerabilityReadsOnStateReportTypeSeverityTraversalIdsArchived < Gitlab::Database::Migration[2.2]
+  disable_ddl_transaction!
+  milestone '16.11'
+
+  INDEX_NAME = 'index_vulnerability_reads_common_attrs_and_detection_for_groups'
+  COLUMNS = %i[resolved_on_default_branch state report_type severity traversal_ids vulnerability_id].freeze
+
+  def up
+    add_concurrent_index :vulnerability_reads, COLUMNS, name: INDEX_NAME, where: 'archived = false'
+  end
+
+  def down
+    remove_concurrent_index_by_name :vulnerability_reads, INDEX_NAME
+  end
+end
diff --git a/db/schema_migrations/20240410104838 b/db/schema_migrations/20240410104838
new file mode 100644
index 00000000000..f10968480cb
--- /dev/null
+++ b/db/schema_migrations/20240410104838
@@ -0,0 +1 @@
+09626f964c06c02dff8c779f4e7bcfe56cb5ba6a256af43ce8a7d57dff4509c7
\ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index f11da557671..ae2e565ae94 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -27698,6 +27698,8 @@ CREATE UNIQUE INDEX index_vulnerability_occurrences_on_uuid_1 ON vulnerability_o
 
 CREATE INDEX index_vulnerability_occurrences_on_vulnerability_id ON vulnerability_occurrences USING btree (vulnerability_id);
 
+CREATE INDEX index_vulnerability_reads_common_attrs_and_detection_for_groups ON vulnerability_reads USING btree (resolved_on_default_branch, state, report_type, severity, traversal_ids, vulnerability_id) WHERE (archived = false);
+
 CREATE INDEX index_vulnerability_reads_common_finder_query_2 ON vulnerability_reads USING btree (project_id, state, report_type, severity, vulnerability_id DESC, dismissal_reason);
 
 CREATE INDEX index_vulnerability_reads_common_finder_query_w_namespace_id ON vulnerability_reads USING btree (namespace_id, state, report_type, severity, vulnerability_id DESC, dismissal_reason);
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index ad42824bec2..69bb258d130 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -17269,7 +17269,6 @@ CI/CD variables for a project.
 | <a id="cirunneraccesslevel"></a>`accessLevel` | [`CiRunnerAccessLevel!`](#cirunneraccesslevel) | Access level of the runner. |
 | <a id="cirunneractive"></a>`active` **{warning-solid}** | [`Boolean!`](#boolean) | **Deprecated** in GitLab 14.8. Use paused. |
 | <a id="cirunneradminurl"></a>`adminUrl` | [`String`](#string) | Admin URL of the runner. Only available for administrators. |
-| <a id="cirunnerarchitecturename"></a>`architectureName` **{warning-solid}** | [`String`](#string) | **Deprecated** in GitLab 16.2. Use field in `manager` object instead. |
 | <a id="cirunnercontactedat"></a>`contactedAt` | [`Time`](#time) | Timestamp of last contact from this runner. |
 | <a id="cirunnercreatedat"></a>`createdAt` | [`Time`](#time) | Timestamp of creation of this runner. |
 | <a id="cirunnercreatedby"></a>`createdBy` | [`UserCore`](#usercore) | User that created this runner. |
@@ -17277,10 +17276,8 @@ CI/CD variables for a project.
 | <a id="cirunnereditadminurl"></a>`editAdminUrl` | [`String`](#string) | Admin form URL of the runner. Only available for administrators. |
 | <a id="cirunnerephemeralauthenticationtoken"></a>`ephemeralAuthenticationToken` **{warning-solid}** | [`String`](#string) | **Introduced** in GitLab 15.9. **Status**: Experiment. Ephemeral authentication token used for runner manager registration. Only available for the creator of the runner for a limited time during registration. |
 | <a id="cirunnerephemeralregisterurl"></a>`ephemeralRegisterUrl` **{warning-solid}** | [`String`](#string) | **Introduced** in GitLab 15.11. **Status**: Experiment. URL of the registration page of the runner manager. Only available for the creator of the runner for a limited time during registration. |
-| <a id="cirunnerexecutorname"></a>`executorName` **{warning-solid}** | [`String`](#string) | **Deprecated** in GitLab 16.2. Use field in `manager` object instead. |
 | <a id="cirunnergroups"></a>`groups` | [`GroupConnection`](#groupconnection) | Groups the runner is associated with. For group runners only. (see [Connections](#connections)) |
 | <a id="cirunnerid"></a>`id` | [`CiRunnerID!`](#cirunnerid) | ID of the runner. |
-| <a id="cirunneripaddress"></a>`ipAddress` **{warning-solid}** | [`String`](#string) | **Deprecated** in GitLab 16.2. Use field in `manager` object instead. |
 | <a id="cirunnerjobexecutionstatus"></a>`jobExecutionStatus` **{warning-solid}** | [`CiRunnerJobExecutionStatus`](#cirunnerjobexecutionstatus) | **Introduced** in GitLab 15.7. **Status**: Experiment. Job execution status of the runner. |
 | <a id="cirunnerlocked"></a>`locked` | [`Boolean`](#boolean) | Indicates the runner is locked. |
 | <a id="cirunnermaintenancenote"></a>`maintenanceNote` | [`String`](#string) | Runner's maintenance notes. |
@@ -17288,12 +17285,10 @@ CI/CD variables for a project.
 | <a id="cirunnermaximumtimeout"></a>`maximumTimeout` | [`Int`](#int) | Maximum timeout (in seconds) for jobs processed by the runner. |
 | <a id="cirunnerownerproject"></a>`ownerProject` | [`Project`](#project) | Project that owns the runner. For project runners only. |
 | <a id="cirunnerpaused"></a>`paused` | [`Boolean!`](#boolean) | Indicates the runner is paused and not available to run jobs. |
-| <a id="cirunnerplatformname"></a>`platformName` **{warning-solid}** | [`String`](#string) | **Deprecated** in GitLab 16.2. Use field in `manager` object instead. |
 | <a id="cirunnerprivateprojectsminutescostfactor"></a>`privateProjectsMinutesCostFactor` | [`Float`](#float) | Private projects' "compute cost factor" associated with the runner (GitLab.com only). |
 | <a id="cirunnerprojectcount"></a>`projectCount` | [`Int`](#int) | Number of projects that the runner is associated with. |
 | <a id="cirunnerpublicprojectsminutescostfactor"></a>`publicProjectsMinutesCostFactor` | [`Float`](#float) | Public projects' "compute cost factor" associated with the runner (GitLab.com only). |
 | <a id="cirunnerregisteradminurl"></a>`registerAdminUrl` | [`String`](#string) | URL of the temporary registration page of the runner. Only available before the runner is registered. Only available for administrators. |
-| <a id="cirunnerrevision"></a>`revision` **{warning-solid}** | [`String`](#string) | **Deprecated** in GitLab 16.2. Use field in `manager` object instead. |
 | <a id="cirunnerrununtagged"></a>`runUntagged` | [`Boolean!`](#boolean) | Indicates the runner is able to run untagged jobs. |
 | <a id="cirunnerrunnertype"></a>`runnerType` | [`CiRunnerType!`](#cirunnertype) | Type of the runner. |
 | <a id="cirunnershortsha"></a>`shortSha` | [`String`](#string) | First eight characters of the runner's token used to authenticate new job requests. Used as the runner's unique ID. |
@@ -17301,7 +17296,6 @@ CI/CD variables for a project.
 | <a id="cirunnertokenexpiresat"></a>`tokenExpiresAt` | [`Time`](#time) | Runner token expiration time. |
 | <a id="cirunnerupgradestatus"></a>`upgradeStatus` **{warning-solid}** | [`CiRunnerUpgradeStatus`](#cirunnerupgradestatus) | **Introduced** in GitLab 14.10. **Status**: Experiment. Availability of upgrades for the runner. |
 | <a id="cirunneruserpermissions"></a>`userPermissions` | [`RunnerPermissions!`](#runnerpermissions) | Permissions for the current user on the resource. |
-| <a id="cirunnerversion"></a>`version` **{warning-solid}** | [`String`](#string) | **Deprecated** in GitLab 16.2. Use field in `manager` object instead. |
 
 #### Fields with arguments
 
@@ -26133,6 +26127,7 @@ Represents vulnerability finding of a security report on the pipeline.
 | <a id="pipelinesecurityreportfindingscanner"></a>`scanner` | [`VulnerabilityScanner`](#vulnerabilityscanner) | Scanner metadata for the vulnerability. |
 | <a id="pipelinesecurityreportfindingseverity"></a>`severity` | [`VulnerabilitySeverity`](#vulnerabilityseverity) | Severity of the vulnerability finding. |
 | <a id="pipelinesecurityreportfindingsolution"></a>`solution` | [`String`](#string) | Solution for resolving the security report finding. |
+| <a id="pipelinesecurityreportfindingsolutionhtml"></a>`solutionHtml` | [`String`](#string) | GitLab Flavored Markdown rendering of `solution`. |
 | <a id="pipelinesecurityreportfindingstate"></a>`state` | [`VulnerabilityState`](#vulnerabilitystate) | Finding status. |
 | <a id="pipelinesecurityreportfindingstatecomment"></a>`stateComment` | [`String`](#string) | Comment for the state of the security report finding. |
 | <a id="pipelinesecurityreportfindingtitle"></a>`title` | [`String`](#string) | Title of the vulnerability finding. |
@@ -32010,7 +32005,7 @@ Runner cloud provider.
 
 ### `CiRunnerMembershipFilter`
 
-Values for filtering runners in namespaces. The previous type name `RunnerMembershipFilter` was deprecated in 15.4.
+Values for filtering runners in namespaces.
 
 | Value | Description |
 | ----- | ----------- |
@@ -33156,6 +33151,7 @@ Member role permission.
 | Value | Description |
 | ----- | ----------- |
 | <a id="memberrolepermissionadmin_cicd_variables"></a>`ADMIN_CICD_VARIABLES` | Create, read, update, and delete CI/CD variables. |
+| <a id="memberrolepermissionadmin_compliance_framework"></a>`ADMIN_COMPLIANCE_FRAMEWORK` | Enables administrator access to the compliance framework. |
 | <a id="memberrolepermissionadmin_group_member"></a>`ADMIN_GROUP_MEMBER` | Add or remove users in a group, and assign roles to users. When assigning a role, users with this custom permission must select a role that has the same or fewer permissions as the default role used as the base for their custom role. |
 | <a id="memberrolepermissionadmin_merge_request"></a>`ADMIN_MERGE_REQUEST` | Allows approval of merge requests. |
 | <a id="memberrolepermissionadmin_push_rules"></a>`ADMIN_PUSH_RULES` | Configure push rules for repositories at the group or project level. |
diff --git a/doc/api/graphql/removed_items.md b/doc/api/graphql/removed_items.md
index 57c8458ca20..3f1c464bce7 100644
--- a/doc/api/graphql/removed_items.md
+++ b/doc/api/graphql/removed_items.md
@@ -14,6 +14,21 @@ GraphQL is a versionless API, unlike the REST API.
 Occasionally, items have to be updated or removed from the GraphQL API.
 According to our [process for removing items](index.md#deprecation-and-removal-process), here are the items that have been removed.
 
+## GitLab 17.0
+
+Fields removed in GitLab 17.0.
+
+### GraphQL Fields
+
+| Field name | GraphQL type | Deprecated in | Removal MR | Use instead |
+|---|---|---|---|---|
+| `architectureName` | `CiRunner` | 16.2 | [!124751](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124751) | Use this field in `manager` object instead. |
+| `executorName` | `CiRunner` | 16.2 | [!124751](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124751) | Use this field in `manager` object instead. |
+| `ipAddress` | `CiRunner` | 16.2 | [!124751](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124751) | Use this field in `manager` object instead. |
+| `platformName` | `CiRunner` | 16.2 | [!124751](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124751) | Use this field in `manager` object instead. |
+| `revision` | `CiRunner` | 16.2 | [!124751](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124751) | Use this field in `manager` object instead. |
+| `version` | `CiRunner` | 16.2 | [!124751](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124751) | Use this field in `manager` object instead. |
+
 ## GitLab 16.0
 
 Fields removed in GitLab 16.0.
diff --git a/doc/api/rest/deprecations.md b/doc/api/rest/deprecations.md
index f192f3d4592..ba54ba46ddd 100644
--- a/doc/api/rest/deprecations.md
+++ b/doc/api/rest/deprecations.md
@@ -116,3 +116,11 @@ Breaking change. [Related issue](https://gitlab.com/gitlab-org/gitlab/-/issues/4
 
 In GitLab 17.0, the [Runners API](../runners.md) will return `""` in place of `ip_address` for runners.
 In v5 of the REST API, the field will be removed.
+
+## Runner will not return `version`, `revision`, `platform`, or `architecture`
+
+Breaking change. [Related issue](https://gitlab.com/gitlab-org/gitlab/-/issues/457128).
+
+In GitLab 18.0, the [Runners API](../runners.md) will return `""` in place of `version`, `revision`, `platform`,
+and `architecture` for runners.
+In v5 of the REST API, the fields will be removed.
diff --git a/doc/api/runners.md b/doc/api/runners.md
index 48f1b67b33d..4f6ec49d756 100644
--- a/doc/api/runners.md
+++ b/doc/api/runners.md
@@ -80,6 +80,14 @@ NOTE:
 The `active` attribute in the response was deprecated [in GitLab 14.8](https://gitlab.com/gitlab-org/gitlab/-/issues/347211)
 and will be removed in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109). It is replaced by the `paused` attribute.
 
+NOTE:
+The `ip_address` attribute in the response was deprecated
+[in GitLab 16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/415159) and will be removed in
+[a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
+This attribute will start returning an empty string in GitLab 17.0.
+The `ipAddress` attribute can be found inside the respective runner manager, currently only available through the GraphQL
+[`CiRunnerManager` type](graphql/reference/index.md#cirunnermanager).
+
 Example response:
 
 ```json
@@ -89,7 +97,7 @@ Example response:
         "paused": false,
         "description": "test-1-20150125",
         "id": 6,
-        "ip_address": "127.0.0.1",
+        "ip_address": "",
         "is_shared": false,
         "runner_type": "project_type",
         "name": null,
@@ -101,7 +109,7 @@ Example response:
         "paused": false,
         "description": "test-2-20150125",
         "id": 8,
-        "ip_address": "127.0.0.1",
+        "ip_address": "",
         "is_shared": false,
         "runner_type": "group_type",
         "name": null,
@@ -150,6 +158,14 @@ NOTE:
 The `active` attribute in the response was deprecated [in GitLab 14.8](https://gitlab.com/gitlab-org/gitlab/-/issues/347211)
 and will be removed in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109). It is replaced by the `paused` attribute.
 
+NOTE:
+The `ip_address` attribute in the response was deprecated
+[in GitLab 16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/415159) and will be removed in
+[a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
+This attribute will start returning an empty string in GitLab 17.0.
+The `ipAddress` attribute can be found inside the respective runner manager, currently only available through the GraphQL
+[`CiRunnerManager` type](graphql/reference/index.md#cirunnermanager).
+
 Example response:
 
 ```json
@@ -159,7 +175,7 @@ Example response:
         "paused": false,
         "description": "shared-runner-1",
         "id": 1,
-        "ip_address": "127.0.0.1",
+        "ip_address": "",
         "is_shared": true,
         "runner_type": "instance_type",
         "name": null,
@@ -171,7 +187,7 @@ Example response:
         "paused": false,
         "description": "shared-runner-2",
         "id": 3,
-        "ip_address": "127.0.0.1",
+        "ip_address": "",
         "is_shared": true,
         "runner_type": "instance_type",
         "name": null,
@@ -183,7 +199,7 @@ Example response:
         "paused": false,
         "description": "test-1-20150125",
         "id": 6,
-        "ip_address": "127.0.0.1",
+        "ip_address": "",
         "is_shared": false,
         "runner_type": "project_type",
         "name": null,
@@ -195,7 +211,7 @@ Example response:
         "paused": false,
         "description": "test-2-20150125",
         "id": 8,
-        "ip_address": "127.0.0.1",
+        "ip_address": "",
         "is_shared": false,
         "runner_type": "group_type",
         "name": null,
@@ -236,6 +252,22 @@ NOTE:
 The `active` attribute in the response was deprecated [in GitLab 14.8](https://gitlab.com/gitlab-org/gitlab/-/issues/347211)
 and will be removed in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109). It is replaced by the `paused` attribute.
 
+NOTE:
+The `ip_address` attribute in the response was deprecated
+[in GitLab 16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/415159) and will be removed in
+[a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
+This attribute will start returning an empty string in GitLab 17.0.
+The `ipAddress` attribute can be found inside the respective runner manager, currently only available through the GraphQL
+[`CiRunnerManager` type](graphql/reference/index.md#cirunnermanager).
+
+NOTE:
+The `version`, `revision`, `platform`, and `architecture` attributes in the response were deprecated
+[in GitLab 17.0](https://gitlab.com/gitlab-org/gitlab/-/issues/457128) and will be removed in
+[a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
+These attributes will start returning an empty string in GitLab 18.0.
+The same attributes can be found inside the respective runner manager, currently only available through the GraphQL
+[`CiRunnerManager` type](graphql/reference/index.md#cirunnermanager).
+
 Example response:
 
 ```json
@@ -245,7 +277,7 @@ Example response:
     "architecture": null,
     "description": "test-1-20150125",
     "id": 6,
-    "ip_address": "127.0.0.1",
+    "ip_address": "",
     "is_shared": false,
     "runner_type": "project_type",
     "contacted_at": "2016-01-25T16:39:48.066Z",
@@ -308,6 +340,14 @@ NOTE:
 The `active` query parameter was deprecated [in GitLab 14.8](https://gitlab.com/gitlab-org/gitlab/-/issues/347211)
 and will be removed in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109). It is replaced by the `paused` attribute.
 
+NOTE:
+The `ip_address` attribute in the response was deprecated
+[in GitLab 16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/415159) and will be removed in
+[a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
+This attribute will start returning an empty string in GitLab 17.0.
+The `ipAddress` attribute can be found inside the respective runner manager, currently only available through the GraphQL
+[`CiRunnerManager` type](graphql/reference/index.md#cirunnermanager).
+
 Example response:
 
 ```json
@@ -316,7 +356,7 @@ Example response:
     "architecture": null,
     "description": "test-1-20150125-test",
     "id": 6,
-    "ip_address": "127.0.0.1",
+    "ip_address": "",
     "is_shared": false,
     "runner_type": "group_type",
     "contacted_at": "2016-01-25T16:39:48.066Z",
@@ -507,6 +547,14 @@ NOTE:
 The `active` attribute in the response was deprecated [in GitLab 14.8](https://gitlab.com/gitlab-org/gitlab/-/issues/347211)
 and will be removed in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109). It is replaced by the `paused` attribute.
 
+NOTE:
+The `ip_address` attribute in the response was deprecated
+[in GitLab 16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/415159) and will be removed in
+[a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
+This attribute will start returning an empty string in GitLab 17.0.
+The `ipAddress` attribute can be found inside the respective runner manager, currently only available through the GraphQL
+[`CiRunnerManager` type](graphql/reference/index.md#cirunnermanager).
+
 Example response:
 
 ```json
@@ -516,7 +564,7 @@ Example response:
         "paused": false,
         "description": "test-2-20150125",
         "id": 8,
-        "ip_address": "127.0.0.1",
+        "ip_address": "",
         "is_shared": false,
         "runner_type": "project_type",
         "name": null,
@@ -528,7 +576,7 @@ Example response:
         "paused": false,
         "description": "development_runner",
         "id": 5,
-        "ip_address": "127.0.0.1",
+        "ip_address": "",
         "is_shared": true,
         "runner_type": "instance_type",
         "name": null,
@@ -556,6 +604,14 @@ curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitla
      --form "runner_id=9"
 ```
 
+NOTE:
+The `ip_address` attribute in the response was deprecated
+[in GitLab 16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/415159) and will be removed in
+[a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
+This attribute will start returning an empty string in GitLab 17.0.
+The `ipAddress` attribute can be found inside the respective runner manager, currently only available through the GraphQL
+[`CiRunnerManager` type](graphql/reference/index.md#cirunnermanager).
+
 Example response:
 
 ```json
@@ -563,7 +619,7 @@ Example response:
     "active": true,
     "description": "test-2016-02-01",
     "id": 9,
-    "ip_address": "127.0.0.1",
+    "ip_address": "",
     "is_shared": false,
     "runner_type": "project_type",
     "name": null,
@@ -624,6 +680,14 @@ NOTE:
 The `active` attribute in the response was deprecated [in GitLab 14.8](https://gitlab.com/gitlab-org/gitlab/-/issues/347211)
 and will be removed in [a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109). It is replaced by the `paused` attribute.
 
+NOTE:
+The `ip_address` attribute in the response was deprecated
+[in GitLab 16.1](https://gitlab.com/gitlab-org/gitlab/-/issues/415159) and will be removed in
+[a future version of the REST API](https://gitlab.com/gitlab-org/gitlab/-/issues/351109).
+This attribute will start returning an empty string in GitLab 17.0.
+The `ipAddress` attribute can be found inside the respective runner manager, currently only available through the GraphQL
+[`CiRunnerManager` type](graphql/reference/index.md#cirunnermanager).
+
 Example response:
 
 ```json
@@ -631,7 +695,7 @@ Example response:
   {
     "id": 3,
     "description": "Shared",
-    "ip_address": "127.0.0.1",
+    "ip_address": "",
     "active": true,
     "paused": false,
     "is_shared": true,
@@ -643,7 +707,7 @@ Example response:
   {
     "id": 6,
     "description": "Test",
-    "ip_address": "127.0.0.1",
+    "ip_address": "",
     "active": true,
     "paused": false,
     "is_shared": true,
@@ -655,7 +719,7 @@ Example response:
   {
     "id": 8,
     "description": "Test 2",
-    "ip_address": "127.0.0.1",
+    "ip_address": "",
     "active": true,
     "paused": false,
     "is_shared": false,
diff --git a/doc/ci/yaml/index.md b/doc/ci/yaml/index.md
index 834b825d001..d429cf8b829 100644
--- a/doc/ci/yaml/index.md
+++ b/doc/ci/yaml/index.md
@@ -997,6 +997,7 @@ in a header section.
 
 **Possible inputs**: Can be one of:
 
+- `array`, to accept an [array](../yaml/inputs.md#array-type) of inputs.
 - `string`, to accept string inputs (default when not defined).
 - `number`, to only accept numeric inputs.
 - `boolean`, to only accept `true` or `false` inputs.
@@ -1013,6 +1014,8 @@ spec:
       type: number
     available:
       type: boolean
+    array_input:
+      type: array  
 ---
 
 # The pipeline configuration would follow...
diff --git a/doc/development/sec/analyzer_development_guide.md b/doc/development/sec/analyzer_development_guide.md
index 990e6c7aa5c..ed3012db241 100644
--- a/doc/development/sec/analyzer_development_guide.md
+++ b/doc/development/sec/analyzer_development_guide.md
@@ -396,7 +396,6 @@ This issue will guide you through the whole release process. In general, you hav
 
   - [SAST vendored CI/CD template](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml)
   - [Dependency Scanning vendored CI/CD template](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml)
-  - [License Scanning vendored CI/CD template](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml)
   - [Container Scanning CI/CD template](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Security/Container-Scanning.gitlab-ci.yml)
 
   If needed, go to the pipeline corresponding to the last Git tag,
diff --git a/doc/topics/autodevops/cicd_variables.md b/doc/topics/autodevops/cicd_variables.md
index 4e4c8cf2588..476d7fcd62c 100644
--- a/doc/topics/autodevops/cicd_variables.md
+++ b/doc/topics/autodevops/cicd_variables.md
@@ -111,7 +111,7 @@ Use these variables to disable CI/CD jobs.
 | `gemnasium-python-dependency_scanning` | `DEPENDENCY_SCANNING_DISABLED`  |                       | The job isn't created if the value is `"true"`. |
 | `kubesec-sast`                         | `SAST_DISABLED`                 |                       | The job isn't created if the value is `"true"`. |
 | `license_management`                   | `LICENSE_MANAGEMENT_DISABLED`   | GitLab 12.7 and earlier | If the variable is present, the job isn't created. Job deprecated [from GitLab 12.8](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/22773) |
-| `license_scanning`                     | `LICENSE_MANAGEMENT_DISABLED`   |                       | The job isn't created if the value is `"true"`.|
+| `license_scanning`                     | `LICENSE_MANAGEMENT_DISABLED`   |                       | The job isn't created if the value is `"true"`. Job deprecated [from GitLab 15.9](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/111071) |
 | `load_performance`                     | `LOAD_PERFORMANCE_DISABLED`     |                       | If the variable is present, the job isn't created. |
 | `nodejs-scan-sast`                     | `SAST_DISABLED`                 |                       | The job isn't created if the value is `"true"`. |
 | `performance`                          | `PERFORMANCE_DISABLED`          | GitLab 13.12 and earlier | Browser performance. If the variable is present, the job isn't created. Replaced by `browser_performance`. |
diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md
index eba45fbf0b9..41fb0347497 100644
--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@@ -192,6 +192,22 @@ upgrade to GitLab 16.3 or above, and remove the feature flag configuration.
 
 <div class="deprecation breaking-change" data-milestone="18.0">
 
+### GitLab Runner platforms and setup instructions in GraphQL API
+
+<div class="deprecation-notes">
+- Announced in GitLab <span class="milestone">15.9</span>
+- Removal in GitLab <span class="milestone">18.0</span> ([breaking change](https://docs.gitlab.com/ee/update/terminology.html#breaking-change))
+- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/387937).
+</div>
+
+The `runnerPlatforms` and `runnerSetup` queries to get GitLab Runner platforms and installation instructions
+are deprecated and will be removed from the GraphQL API. For installation instructions, you should use the
+[GitLab Runner documentation](https://docs.gitlab.com/runner/)
+
+</div>
+
+<div class="deprecation breaking-change" data-milestone="18.0">
+
 ### GitLab Runner registration token in Runner Operator
 
 <div class="deprecation-notes">
@@ -1140,22 +1156,6 @@ Because the new values provide a streamlined, comprehensive method to enable TLS
 
 <div class="deprecation breaking-change" data-milestone="17.0">
 
-### GitLab Runner platforms and setup instructions in GraphQL API
-
-<div class="deprecation-notes">
-- Announced in GitLab <span class="milestone">15.9</span>
-- Removal in GitLab <span class="milestone">17.0</span> ([breaking change](https://docs.gitlab.com/ee/update/terminology.html#breaking-change))
-- To discuss this change or learn more, see the [deprecation issue](https://gitlab.com/gitlab-org/gitlab/-/issues/387937).
-</div>
-
-The `runnerPlatforms` and `runnerSetup` queries to get GitLab Runner platforms and installation instructions
-are deprecated and will be removed from the GraphQL API. For installation instructions, you should use the
-[GitLab Runner documentation](https://docs.gitlab.com/runner/)
-
-</div>
-
-<div class="deprecation breaking-change" data-milestone="17.0">
-
 ### GitLab Runner provenance metadata SLSA v0.2 statement
 
 <div class="deprecation-notes">
diff --git a/doc/user/ai_features.md b/doc/user/ai_features.md
index 2606416dc46..37c7ec4b5ca 100644
--- a/doc/user/ai_features.md
+++ b/doc/user/ai_features.md
@@ -33,6 +33,7 @@ GitLab is [transparent](https://handbook.gitlab.com/handbook/values/#transparenc
 | Helps you understand code by explaining it in English language. <br><br><i class="fa fa-youtube-play youtube" aria-hidden="true"></i> [Watch overview](https://www.youtube.com/watch?v=1izKaLmmaCA) | [Code explanation](#explain-code-in-the-web-ui-with-code-explanation) | **Tier:** Ultimate <br>**Offering:** GitLab.com <br>**Status:** Experiment |
 | Assists you in determining the root cause for a pipeline failure and failed CI/CD build. | [Root cause analysis](#root-cause-analysis) | **Tier:** Ultimate <br>**Offering:** GitLab.com <br>**Status:** Experiment |
 | Assists you with predicting productivity metrics and identifying anomalies across your software development lifecycle. | [Value stream forecasting](#forecast-deployment-frequency-with-value-stream-forecasting) | **Tier:** Ultimate <br>**Offering:** GitLab.com, Self-managed, GitLab Dedicated <br>**Status:** Experiment |
+| Processes and responds to your questions about your application's usage data. | [Product Analytics](analytics/analytics_dashboards.md#generate-a-custom-visualization-with-gitlab-duo)             | **Tier:** Ultimate <br>**Offering:** GitLab.com <br>**Status:** Experiment |
 
 ## Controlling GitLab Duo features
 
@@ -317,7 +318,7 @@ language model referenced above.
 | [Git suggestions](https://gitlab.com/gitlab-org/gitlab/-/issues/409636) | Vertex AI Codey [`codechat-bison`](https://cloud.google.com/vertex-ai/generative-ai/docs/model-reference/code-chat) |
 | [Discussion summary](#summarize-issue-discussions-with-discussion-summary) |Anthropic [`Claude-2`](https://docs.anthropic.com/claude/reference/selecting-a-model) |
 | [Issue description generation](#summarize-an-issue-with-issue-description-generation) | Anthropic [`Claude-2`](https://docs.anthropic.com/claude/reference/selecting-a-model) |
-| [Code Suggestions](project/repository/code_suggestions/index.md) | For Code Completion: Vertex AI Codey [`code-gecko`](https://cloud.google.com/vertex-ai/generative-ai/docs/model-reference/code-completion)    For Code Generation: Anthropic [`Claude-2`](https://docs.anthropic.com/claude/reference/selecting-a-model) |
+| [Code Suggestions](project/repository/code_suggestions/index.md) | For Code Completion: Vertex AI Codey [`code-gecko`](https://cloud.google.com/vertex-ai/generative-ai/docs/model-reference/code-completion)    For Code Generation: Anthropic [`Claude-3-Sonnet`](https://docs.anthropic.com/claude/docs/models-overview) |
 | [Test generation](gitlab_duo_chat.md#write-tests-in-the-ide) | Anthropic [`Claude-2`](https://docs.anthropic.com/claude/reference/selecting-a-model) |
 | [Merge request template population](project/merge_requests/ai_in_merge_requests.md#fill-in-merge-request-templates) | Vertex AI Codey [`text-bison`](https://cloud.google.com/vertex-ai/generative-ai/docs/model-reference/text) |
 | [Suggested Reviewers](project/merge_requests/reviews/index.md#gitlab-duo-suggested-reviewers) | GitLab creates a machine learning model for each project, which is used to generate reviewers    [View the issue](https://gitlab.com/gitlab-org/modelops/applied-ml/applied-ml-updates/-/issues/10) |
@@ -329,6 +330,7 @@ language model referenced above.
 | [GitLab Duo Chat](gitlab_duo_chat.md) | Anthropic [`Claude-2`](https://docs.anthropic.com/claude/reference/selecting-a-model)    Vertex AI Codey [`textembedding-gecko`](https://cloud.google.com/vertex-ai/generative-ai/docs/embeddings/get-text-embeddings) |
 | [Root cause analysis](#root-cause-analysis) | Vertex AI Codey [`text-bison`](https://cloud.google.com/vertex-ai/generative-ai/docs/model-reference/text) |
 | [Value stream forecasting](#forecast-deployment-frequency-with-value-stream-forecasting) | Statistical forecasting |
+| [Product analytics](analytics/analytics_dashboards.md#generate-a-custom-visualization-with-gitlab-duo) | Vertex AI Codey [`codechat-bison`](https://cloud.google.com/vertex-ai/generative-ai/docs/model-reference/code-chat) |
 
 ## Data usage
 
diff --git a/doc/user/analytics/analytics_dashboards.md b/doc/user/analytics/analytics_dashboards.md
index 4173c73b262..049abe9cc08 100644
--- a/doc/user/analytics/analytics_dashboards.md
+++ b/doc/user/analytics/analytics_dashboards.md
@@ -88,6 +88,7 @@ This feature is only compatible with the [product analytics](../product_analytic
 You can use the dashboard designer to:
 
 - [Create custom visualizations](#create-a-custom-visualization).
+- [Generate custom visualizations with GitLab Duo](#generate-a-custom-visualization-with-gitlab-duo).
 - Explore available data.
 
 ## View project dashboards
@@ -291,6 +292,38 @@ To create a custom visualization:
 
 After you saved a visualization, you can add it to a new or existing custom dashboard in the same project.
 
+### Generate a custom visualization with GitLab Duo
+
+DETAILS:
+**Tier:** Ultimate
+**Offering:** GitLab.com
+**Status:** Experiment
+
+> - Introduced in GitLab 16.11 as an [Experiment](../../policy/experiment-beta-support.md#experiment) feature [with a flag](../../administration/feature_flags.md) named `generate_cube_query`. Disabled by default.
+
+Prerequisites:
+
+- The parent group of the project must have [experiment and beta features enabled](../group/manage.md#enable-experiment-and-beta-features).
+
+To generate a custom visualization with GitLab Duo using a natural language query:
+
+1. On the left sidebar, select **Search or go to** and find your project.
+1. Select **Analyze > Analytics dashboards**.
+1. Select **Visualization designer**.
+1. In the **Visualization title** field, enter the name of your visualization.
+1. From the **Visualization type** dropdown list, select a visualization type.
+1. In the **Generate with GitLab Duo** section, enter your prompt. For example:
+
+   - _Daily sessions_
+   - _Number of unique users, grouped weekly_
+   - _Which are the most popular pages?_
+   - _How many unique users does each browser have?_
+
+1. Select **Generate with GitLab Duo**.
+1. Select **Save**.
+
+After you saved a visualization, you can add it to a new or existing custom dashboard in the same project.
+
 ## Troubleshooting
 
 ### `Something went wrong while loading the dashboard.`
@@ -311,3 +344,11 @@ If a dashboard panel displays an error message:
 - Check your [Cube query](../product_analytics/index.md#product-analytics-dashboards) and [visualization](../analytics/analytics_dashboards.md#define-a-chart-visualization)
   configurations, and make sure they are set up correctly.
 - For [product analytics](../product_analytics/index.md), also check that your visualization's Cube query is valid.
+
+### Generate visualization with GitLab Duo returns unexpected results
+
+If GitLab Duo doesn't return the expected or a useful result, try editing your query to:
+
+- Specify a date range. For example: _number of unique users in 2023 to 2024, grouped monthly_.
+- Use the same names for metrics and dimensions as shown in the visualization designer.
+For example: _returning users_ instead of _existing customers_.
diff --git a/doc/user/application_security/container_scanning/index.md b/doc/user/application_security/container_scanning/index.md
index 6809cfbcfff..0304f7ba37c 100644
--- a/doc/user/application_security/container_scanning/index.md
+++ b/doc/user/application_security/container_scanning/index.md
@@ -266,7 +266,7 @@ including a large number of false positives.
 | `ADDITIONAL_CA_CERT_BUNDLE`    | `""`          | Bundle of CA certs that you want to trust. See [Using a custom SSL CA certificate authority](#using-a-custom-ssl-ca-certificate-authority) for more details. | All |
 | `CI_APPLICATION_REPOSITORY`    | `$CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG` | Docker repository URL for the image to be scanned. | All |
 | `CI_APPLICATION_TAG`           | `$CI_COMMIT_SHA` | Docker repository tag for the image to be scanned. | All |
-| `CS_ANALYZER_IMAGE`            | `registry.gitlab.com/security-products/container-scanning:6` | Docker image of the analyzer. | All |
+| `CS_ANALYZER_IMAGE`            | `registry.gitlab.com/security-products/container-scanning:7` | Docker image of the analyzer. | All |
 | `CS_DEFAULT_BRANCH_IMAGE`      | `""` | The name of the `CS_IMAGE` on the default branch. See [Setting the default branch image](#setting-the-default-branch-image) for more details. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/338877) in GitLab 14.5. | All |
 | `CS_DISABLE_DEPENDENCY_LIST`   | `"false"`      | Disable Dependency Scanning for packages installed in the scanned image. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/345434) in GitLab 14.6. | All |
 | `CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN` | `"true"` | Disable scanning for language-specific packages installed in the scanned image. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/345434) in GitLab 14.6. | All |
@@ -325,9 +325,9 @@ standard tag plus the `-fips` extension.
 
 | Scanner name    | `CS_ANALYZER_IMAGE` |
 | --------------- | ------------------- |
-| Default (Trivy) | `registry.gitlab.com/security-products/container-scanning:6-fips` |
-| Grype           | `registry.gitlab.com/security-products/container-scanning/grype:6-fips` |
-| Trivy           | `registry.gitlab.com/security-products/container-scanning/trivy:6-fips` |
+| Default (Trivy) | `registry.gitlab.com/security-products/container-scanning:7-fips` |
+| Grype           | `registry.gitlab.com/security-products/container-scanning/grype:7-fips` |
+| Trivy           | `registry.gitlab.com/security-products/container-scanning/trivy:7-fips` |
 
 NOTE:
 Prior to GitLab 15.0, the `-ubi` image extension is also available. GitLab 15.0 and later only
@@ -384,9 +384,9 @@ The following options are available:
 
 | Scanner name                                             | `CS_ANALYZER_IMAGE`                                                |
 |----------------------------------------------------------|--------------------------------------------------------------------|
-| Default ([Trivy](https://github.com/aquasecurity/trivy)) | `registry.gitlab.com/security-products/container-scanning:6`       |
-| [Grype](https://github.com/anchore/grype)                | `registry.gitlab.com/security-products/container-scanning/grype:6` |
-| Trivy                                                    | `registry.gitlab.com/security-products/container-scanning/trivy:6` |
+| Default ([Trivy](https://github.com/aquasecurity/trivy)) | `registry.gitlab.com/security-products/container-scanning:7`       |
+| [Grype](https://github.com/anchore/grype)                | `registry.gitlab.com/security-products/container-scanning/grype:7` |
+| Trivy                                                    | `registry.gitlab.com/security-products/container-scanning/trivy:7` |
 
 WARNING:
 Do not use the `:latest` tag when selecting the scanner image.
@@ -584,9 +584,9 @@ For container scanning, import the following images from `registry.gitlab.com` i
 [local Docker container registry](../../packages/container_registry/index.md):
 
 ```plaintext
-registry.gitlab.com/security-products/container-scanning:6
-registry.gitlab.com/security-products/container-scanning/grype:6
-registry.gitlab.com/security-products/container-scanning/trivy:6
+registry.gitlab.com/security-products/container-scanning:7
+registry.gitlab.com/security-products/container-scanning/grype:7
+registry.gitlab.com/security-products/container-scanning/trivy:7
 ```
 
 The process for importing Docker images into a local offline Docker registry depends on
@@ -626,7 +626,7 @@ following `.gitlab-ci.yml` example as a template.
 
 ```yaml
 variables:
-  SOURCE_IMAGE: registry.gitlab.com/security-products/container-scanning:6
+  SOURCE_IMAGE: registry.gitlab.com/security-products/container-scanning:7
   TARGET_IMAGE: $CI_REGISTRY/namespace/container-scanning
 
 image: docker:latest
diff --git a/doc/user/compliance/license_list.md b/doc/user/compliance/license_list.md
index 3465ed48fca..5ddb3c78939 100644
--- a/doc/user/compliance/license_list.md
+++ b/doc/user/compliance/license_list.md
@@ -25,12 +25,6 @@ requirements must be met:
 1. You must be generating an SBOM file with components from one of our [one of our supported languages](license_scanning_of_cyclonedx_files/index.md#supported-languages-and-package-managers).
 1. If using our [`Dependency-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml) to generate the SBOM file, then your project must use at least one of the [supported languages and package managers](license_scanning_of_cyclonedx_files/index.md#supported-languages-and-package-managers).
 
-Alternatively, licenses will also appear under the license list when using our deprecated [`License-Scanning.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml) as long as the following requirements are met:
-
-1. The Dependency Scanning CI/CD job must be [enabled](license_scanning_of_cyclonedx_files/index.md#configuration) for your project.
-1. Your project must use at least one of the
-   [supported languages and package managers](license_scanning_of_cyclonedx_files/index.md#supported-languages-and-package-managers).
-
 When everything is configured, on the left sidebar, select **Secure > License compliance**.
 
 The licenses are displayed, where:
diff --git a/doc/user/compliance/license_scanning_of_cyclonedx_files/index.md b/doc/user/compliance/license_scanning_of_cyclonedx_files/index.md
index 9e33054f5af..c2c50fcdef2 100644
--- a/doc/user/compliance/license_scanning_of_cyclonedx_files/index.md
+++ b/doc/user/compliance/license_scanning_of_cyclonedx_files/index.md
@@ -12,22 +12,7 @@ DETAILS:
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/384932) in GitLab 15.9 for GitLab SaaS [with two flags](../../../administration/feature_flags.md) named `license_scanning_sbom_scanner` and `package_metadata_synchronization`. Both flags disabled by default.
 > - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/385176) in GitLab 16.4. Feature flags `license_scanning_sbom_scanner` and `package_metadata_synchronization` removed.
-
-NOTE:
-The legacy License Compliance analyzer was deprecated in GitLab 15.9 and removed in GitLab 16.3.
-To continue using GitLab for License Compliance, remove the License Compliance template from your
-CI/CD pipeline and add the [Dependency Scanning template](../../application_security/dependency_scanning/index.md#configuration).
-The Dependency Scanning template is now capable of gathering the required license information so it
-is no longer necessary to run a separate License Compliance job. The License Compliance CI/CD
-template should not be removed prior to verifying that the instance has been upgraded to a version
-that supports the new method of license scanning. To begin using the Dependency Scanner quickly at
-scale, you may set up a [scan execution policy](../../application_security/policies/scan-execution-policies.md)
-at the group level to enforce the SBOM-based license scan for all projects in the group.
-Then, you may remove the inclusion of the `Jobs/License-Scanning.gitlab-ci.yml` template from your
-CI/CD configuration. If you wish to continue using the legacy License Compliance feature, you can do
-so by setting the `LICENSE_MANAGEMENT_VERSION CI` variable to `4`. This variable can be set at the
-[project](../../../ci/variables/index.md#for-a-project), [group](../../../ci/variables/index.md#for-a-group)
-or [instance](../../../ci/variables/index.md#for-an-instance) level.
+> - The legacy License Compliance analyzer (`License-Scanning.gitlab-ci.yml`) was [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/439162) in GitLab 17.0.
 
 To detect the licenses in use, License Compliance relies on running the
 [Dependency Scanning CI Jobs](../../application_security/dependency_scanning/index.md),
diff --git a/doc/user/custom_roles/abilities.md b/doc/user/custom_roles/abilities.md
index e49f3ec807c..7dcede3beab 100644
--- a/doc/user/custom_roles/abilities.md
+++ b/doc/user/custom_roles/abilities.md
@@ -30,6 +30,12 @@ These requirements are documented in the `Required permission` column in the fol
 | [`admin_merge_request`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/128302) |  | Allows approval of merge requests. | GitLab [16.4](https://gitlab.com/gitlab-org/gitlab/-/issues/412708) |  |  |
 | [`read_code`](https://gitlab.com/gitlab-org/gitlab/-/issues/376180) |  | Allows read-only access to the source code. | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/20277) | `customizable_roles` | GitLab [15.9](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/110810) |
 
+## Compliance management
+
+| Name | Required permission | Description | Introduced in | Feature flag | Enabled in |
+|:-----|:------------|:------------------|:---------|:--------------|:---------|
+| [`admin_compliance_framework`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/144183) |  | Enables administrator access to the compliance framework. | GitLab [17.0](https://gitlab.com/gitlab-org/gitlab/-/issues/411502) |  |  |
+
 ## Group and projects
 
 | Name | Required permission | Description | Introduced in | Feature flag | Enabled in |
diff --git a/doc/user/group/saml_sso/index.md b/doc/user/group/saml_sso/index.md
index 616aa2d4d80..4b812e25c52 100644
--- a/doc/user/group/saml_sso/index.md
+++ b/doc/user/group/saml_sso/index.md
@@ -249,7 +249,13 @@ After you set up your identity provider to work with GitLab, you must configure
 1. Complete the fields:
    - In the **Identity provider single sign-on URL** field, enter the SSO URL from your identity provider.
    - In the **Certificate fingerprint** field, enter the fingerprint for the SAML token signing certificate.
-1. In the **Default membership role** field, select the role to assign to new users.
+1. For groups on GitLab.com: in the **Default membership role** field, select:
+   1. The role to assign to new users.
+   1. The role to assign to
+      [users who are not members of a mapped SAML group](../saml_sso/group_sync.md#automatic-member-removal)
+      when SAML Group Links is configured for the group.
+1. For groups on self-managed instances: in the **Default membership role** field,
+   select the role to assign to new users.
    The default role is **Guest**. That role becomes the starting role of all users
    added to the group:
    - In [GitLab 13.3](https://gitlab.com/gitlab-org/gitlab/-/issues/214523) and
diff --git a/doc/user/packages/generic_packages/index.md b/doc/user/packages/generic_packages/index.md
index 2081a979ab5..9b53828f9ec 100644
--- a/doc/user/packages/generic_packages/index.md
+++ b/doc/user/packages/generic_packages/index.md
@@ -163,20 +163,38 @@ GET /projects/:id/packages/generic/:package_name/:package_version/:file_name
 
 The file context is served in the response body. The response content type is `application/octet-stream`.
 
+::Tabs
+
+:::TabTitle Personal access token
+
 Example request that uses a personal access token:
 
 ```shell
+# Header authentication
 curl --header "PRIVATE-TOKEN: <your_access_token>" \
      "https://gitlab.example.com/api/v4/projects/24/packages/generic/my_package/0.0.1/file.txt"
-```
 
-Example request that uses HTTP Basic authentication:
-
-```shell
+# Basic authentication
 curl --user "user:<your_access_token>" \
      "https://gitlab.example.com/api/v4/projects/24/packages/generic/my_package/0.0.1/file.txt"
 ```
 
+:::TabTitle CI_JOB_TOKEN
+
+Example request that uses a `CI_JOB_TOKEN`:
+
+```shell
+# Header authentication
+curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" \
+     "https://gitlab.example.com/api/v4/projects/24/packages/generic/my_package/0.0.1/file.txt"
+
+# Basic authentication
+curl --user "gitlab-ci-token:${CI_JOB_TOKEN}" \
+     "https://gitlab.example.com/api/v4/projects/24/packages/generic/my_package/0.0.1/file.txt"
+```
+
+::EndTabs
+
 ## Publish a generic package by using CI/CD
 
 To work with generic packages in [GitLab CI/CD](../../../ci/index.md), you can use
diff --git a/doc/user/project/issues/index.md b/doc/user/project/issues/index.md
index 5f13e419332..fd74988e668 100644
--- a/doc/user/project/issues/index.md
+++ b/doc/user/project/issues/index.md
@@ -62,3 +62,4 @@ To learn how the GitLab Strategic Marketing department uses GitLab issues with [
 - [Issues API](../../../api/issues.md)
 - [Configure an external issue tracker](../../../integration/external-issue-tracker.md)
 - [Tasks](../../tasks.md)
+- [External participants](../service_desk/external_participants.md)
diff --git a/doc/user/project/service_desk/external_participants.md b/doc/user/project/service_desk/external_participants.md
new file mode 100644
index 00000000000..82da367cee7
--- /dev/null
+++ b/doc/user/project/service_desk/external_participants.md
@@ -0,0 +1,159 @@
+---
+stage: Service Management
+group: Respond
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# External participants
+
+DETAILS:
+**Tier:** Free, Premium, Ultimate
+**Offering:** GitLab.com, Self-managed
+
+> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3758) in GitLab 17.0 [with a flag](../../../administration/feature_flags.md) named `issue_email_participants`. Disabled by default.
+
+FLAG:
+The availability of this feature is controlled by a feature flag.
+For more information, see the history.
+This feature is available for testing, but not ready for production use.
+
+External participants are users without a GitLab account that can interact with an issue or Service Desk ticket only by email.
+They get notified of public comments on an issue or ticket by [Service Desk emails](configure.md#customize-emails-sent-to-the-requester).
+
+The maximum number of external participants on an issue or ticket is 10.
+
+## Service Desk tickets
+
+GitLab adds the external author of a Service Desk ticket as an external participant.
+That usually is the email address from the `From` header of the initial email that created the ticket.
+
+### Add external participants from the `Cc` header
+
+By default GitLab only adds the sender of the email that creates the Service Desk ticket as an external participant.
+
+You can configure GitLab to also add all email addresses from the `Cc` header to the Service Desk ticket.
+This works for the initial email and all replies to the [`thank_you` email](configure.md#customize-emails-sent-to-the-requester).
+
+Prerequisites:
+
+- You must have at least the Maintainer role for the project.
+
+To enable the setting for the project:
+
+1. On the left sidebar, select **Search or go to** and find your project.
+1. Select **Settings > General**.
+1. Expand **Service Desk**.
+1. Select **Add external participants from the `Cc` header**.
+1. Select **Save changes**.
+
+## As an external participant
+
+An external participant receives a notification for each public comment on the issue or ticket
+using [Service Desk emails](configure.md#customize-emails-sent-to-the-requester).
+
+### Replying to notification emails
+
+An external participant can [reply to the received notification email](../../../administration/reply_by_email.md#you-reply-to-the-notification-email).
+It creates a new comment on the issue or ticket and displays the email address of the external participant
+instead of a GitLab username. The email address is followed by `(external participant)`.
+
+![Comment from an external participant on an issue or ticket](img/service_desk_external_participants_comment_v17_0.png)
+
+### Unsubscribing from notification emails
+
+External participants can use the unsubscribe link in the default Service Desk email template to
+unsubscribe from the issue or ticket.
+
+If you [customize your `thank_you` and `new_note` email templates](configure.md#customize-emails-sent-to-the-requester),
+you can use the `%{UNSUBSCRIBE_URL}` placeholder to add the unsubscribe link to the templates.
+
+Your GitLab instance must be reachable (for example, from the public internet) for the external participant to successfully unsubscribe.
+If that's not the case, consider removing the unsubscribe link from your template.
+
+## As a GitLab user
+
+To see the email address of an external participant you must have at least the Reporter role for the project.
+
+The external participant's email address is obfuscated if both these conditions are true:
+
+- You are not a member of the project or have the Guest role.
+- The issue or ticket is public ([non-confidential](../issues/confidential_issues.md#confidential-issues)).
+
+The external participant's email address is then obfuscated in:
+
+- The author field of a Service Desk ticket.
+- All [system notes](../system_notes.md) that mention an external participant.
+- The [REST](../../../api/notes.md) and [GraphQL](../../../api/graphql/index.md) APIs.
+- The warning message below the comment editor.
+
+For example:
+
+![Obfuscated email addresses of external participants in system notes](img/service_desk_external_participants_email_obfuscation_v17_0.png)
+
+### Notifications sent to external participants
+
+External participants get notifications for all public comments on an issue.
+For private communication, use [internal notes](../../discussions/index.md#add-an-internal-note).
+
+External participants don't receive notifications for any other issue or ticket event.
+
+### View all external participants
+
+Get an overview of all external participants that receive a Service Desk email for a new comment.
+
+Prerequisites:
+
+- You must have at least the Reporter role for the project.
+
+To see a list of all external participants:
+
+1. Go to the issue or ticket.
+1. Scroll down to the comment editor.
+1. If the issue or ticket has external participants, you can see a warning under the comment editor
+   that lists all external participants.
+
+![Warning below the comment editor listing external participants](img/service_desk_external_participants_comment_editor_warning_v17_0.png)
+
+### Add an external participant
+
+Add an external participant using the `/invite_email` [quick action](../quick_actions.md) when you want
+to include them in the conversation at any time.
+
+When added, the external participant starts receiving notifications using Service Desk emails.
+GitLab doesn't send a `thank_you` email for manually added external participants.
+
+You should add external participants in a dedicated comment because they don't receive a notification
+email for the comment that contains the `/invite_email` quick action.
+
+Prerequisites:
+
+- You must have at least the Reporter role for the project.
+
+To add an external participant to an issue or ticket:
+
+1. Go to the issue or ticket.
+1. Add a comment that contains only the quick action `/invite_email user@example.com`.
+   You can chain up to 6 email addresses. For example `/invite_email user@example.com user2@example.com`
+
+You should see a success message and a new system note with the email address.
+
+### Remove an external participant
+
+Remove an external participant from an issue or Service Desk ticket using the `/remove_email`
+[quick action](../quick_actions.md) when they should stop receiving notifications.
+
+After removing them from the issue or ticket they don't receive new notifications.
+But they can still reply to emails they received before and create a new comment on the issue or ticket.
+
+Prerequisites:
+
+- You must have at least the Reporter role for the project.
+- There must be at least one external participant on the issue or ticket.
+
+To remove an existing external participant from an issue or ticket:
+
+1. Go to the issue or ticket.
+1. Add a comment that contains only the quick action `/remove_email user@example.com`.
+   You can chain up to 6 email addresses. For example `/remove_email user@example.com user2@example.com`
+
+You should see a success message and a new system note with the email address.
diff --git a/doc/user/project/service_desk/img/service_desk_external_participants_comment_editor_warning_v17_0.png b/doc/user/project/service_desk/img/service_desk_external_participants_comment_editor_warning_v17_0.png
new file mode 100644
index 0000000000000000000000000000000000000000..c956f085c277c6d32f5fb4f3f980d7244a0d2d5d
GIT binary patch
literal 32285
zcmeFYbyQW|);N3sm2Ls0OHjHyL|Q@=kdDKl;n1DZAt@r=-Q7}$l$P%94(a+f`rPN<
z_q*@=`^FvP`~CNBhQqbjT6@m9=9<0M2~v=kL`NY+0f9j1(o$j{Kp=z}5C~2f=?T#D
zv26$p{CDP}q-ys8>_~29V`*q&Za{A5Y-K=h;ACP50y#}X-)nqnCr7&3c<TBn6YrGg
z2X)>w(e4oeUX-<|)Q^l8p`awsW`bLeNV=zrOzO&0)Z?lK>^X-KjXN!6J4{^zR(7q(
zF%5dvSs@(7%lbJ>Hc>XGl;HJu>07@2-+yVE|2(=y@I<Fyi|VGQa$0L^u%Ya3@#$h7
zoKQa=o=*Gz)>+=0@-xl#02-sqnmoY<T2f|5C1|SCo!S*7CjY3^<aJl?kbJvg^%jUI
z!-P{u;fL&-0^KTecUT?f@bw`MSIfEcY<1D(Ool<06O)V6T(evB`MAlM{Js89moN-W
zGJrL3z9yog3euvY|KI?y?nL)UL8-Ra#2q@qVv+fx{DFM>x$+M0v90r!U%v5Eps(E4
zwb>%zFp>J8N&I-i+lTD4G9rPI7K!F#kwb*`saENq;%{$sJ{V)Kv|0<#&$-SvBHV<c
zDE8|TD{%Ho(c-@0s-d%MrVM1cVhvFXin~gDnZ3x{w7;~nqZMN0oN{gZ>y>j9oRAmK
zfL$BqJbChbrQN`FJNCyfPnT_%t$moJZo2KK*0=}618xP__4J2N+OhT0CR=R~E54-R
zyu+5nQ_gVn95?Vg!8fY<04Z`kCh$L=?qQoS2_p{@XAtoPJ?H%T-plV<5#cME;mVZ5
zLrh+eNKLl79^F;d*LZZ)U6^->%?+HWQMeW#Uc%WmPM&qW9BM@6*r~pCH=pUpB|k*d
zG=X|n!S%U)(Y7@ENu{exR9kCdc1&tjhkz!u^@W1>!>8<K1<?H9W`fP@3;azjTUWEa
zm0xh(3MzR-i;Gy#=s%p*cQv^3xn7^k7BrI$2-@@xcuaMGKo}4cKq6J;WceVLP$sax
zrJezk6VwV2RS-x(*vSeEF*C3u*E29Ou@Iy@XlSM+H_;cQRN<6kk+TvtFgB5Lu`y6|
zkynDam_c~;DTRel1f2K)08j%vFu4=d+`^X6Ns#h4Tt1-v(9KLq{(Fj@nINUAoC3M1
zrHuhO2NMSq3!}J`i31y@5DK|~jlLn@2Qi7iKmc!ol*V>;R(#CNj*gB@j_gd9Hb%^>
zyu7^3ENskdY>dDRMq6hKJFpX@g)P+sh(9pI3~V7bCRTPPmKNj>Fu{73_I84ll)yOo
zKj?#6$;tf<-oo}TE&%*sb^=>5vof(TL!r$7`h~5XxB~#>FM|HtFKm?n#b*9sU~6e_
z12GVHFtD(r`d1M8kiWmTvbQn+y&QcAvw^t*6qsrYU}gO;C?8D3-(UO}j1MEfiTqda
zlG1Vte@}nln2`z8>NgT#Z~hBlI}^kI0r11fzX1k5{~PXqA>$vc`b`BeOHPhY%o1Y%
zuo`JGLCOdGeEOCU6MeqlO-@cW0|OQ?CnFCJ7{bWG$qTf=Y^;ntEZlnf?40^+?D~fP
z0!rG#)(&g|F?aw40B14*;PCRWbFp)<>oe*DEk+Jjc0EQt76Uy-PCY{oR&F*{FdIAP
zzkqmWV*&^<*!*9qdH|&lfMVBYVdvuF1~al7^6)TnfLRS0d3iWk7`ZvP4D=uzY^-c-
zdcQ&GL--^tZJ=Oa_f4Q+BLikD3!~oy54*spVB%z8t}12%EZP<jI6+EY9`66wsM^1b
zva|C39(~v>J`n|JK}t3zmVfprn1k&M0c3)dvL+VxPX8QG0uU(Lfgg5)m7A5Flbwr~
zmxqU&i<5`-pOZcs*!-b^jfs_oiJj~B$itTM0gM1P1^l2A0D#~903Y~7Z4AJ6mNrV3
zmga(#4<wO4eEIjV9H6=SU^}oF*v<eTl!c9hkA;Jel~;+Ci;s<$kCTU<g^iEpU*=ot
zn;1I(f6ac-Q*wbn;v!{Y3*dMD-StO#6%DNay#0AKH~Fo#<mA8gj}Hv_vjkhPgMt2U
zIssUJh9JgZ3nK%-Q2iz9|L8aQZ^X!uQx5`RW#M4tg0KL44*?7b4+ofwk%I@q&c@9R
z)?;V+vx$F0x3x61a|GKMh!_EU1b79A_HSO1zx=&Xul_47j>ZN6pC1^;2q5`)hB5!O
zVCDz&^p6z_F#kJG1b)kyvaNxQs3r74ul|KoBIbX+{ex2vwvEpm-~ym8jQR$KV0&{r
zN+CsvjR7E=#+G&hztNeS{44T*01;sR?=b!O;$Q43@admEz)k~ZpZRaQ{|6?(uK%mg
zU$XFj6$knMBKeQ_`@ih^Uv~XR9QcnW|F3lYFT4ID4*W-x|5v*He`6QQKQl)I3m^(}
z1oFb6Nbyx5r+lI(BPj;DfA~vn%!vYekgcTDY(XGY+=qW~p!mdRKqsP|w46BN<|AAT
z625ZmQ+1#V$4*?;?ytxP^v^)%8oK}}E0BYv#YB{xrg!HYRi8R8KRI-anJ?gYoC$#w
z6W3#YY08lu8*A)hL&LfkBO}`=!}KF7AvRH(qmBa-@~T=a6vbip(@Ug4yG);7<t<FR
z2jK<*TB?(e@f8kk1qKBP)MAgJ{0DuGhGI5#ni!OSo?#-^&z}PSJm7@?vGJ@r=+D@{
zHv<0;pFI&W@141q6#M<yF%s3@nC8~VedUBNmq@KbHim+euzx>4s|H)1v9LTw>!)Dj
zn3&NMx2gNC!>T<$4liX!VVM^oHQyQhhu-v^FimRz?nxY$a(^jvfp)M4laJ;HxNbsK
z_P?;)vR8iU?t{ZRwWM?s-k<s=I{%?RRqoFqH-?%I<<8lO_P$U6v`!YDW1^h$&$>1{
zhcyejzl&m5|D5hdA^(jmok&rb-EyI=x-iJ^-CqE*Jq+iC{Gq(7&>{x6KP1&toN}L>
zv6_D-|H5vL`)56&dChSueU#LHF`3yP`lm(te`x4U()^k9FAY-oAWw_eqw$ieGJgnY
zFD)wg(rX>4euCuTHi{@LwC$728BTsQi2i1%sdNWYdl9fzS@`_|p_{KtW98mP?;HV?
zkHT*KVo9N<H<zjBP2U7_dRl(v#I?<fB`kT18-ms2YNB*-w|cyl%ZSG0T@QTX-4;nw
zPc|j@<Htd)2-R|pMJa_N4ewR7Q_t&3&C&5XO!s*2Vc1gJbcpW!m8U7Kg*&aY-*&v3
zI#bMwbTltkWHL!-3(E$ko)nYCPb>F$$z7a;&XipjHIT>D<c*!auE}b(;-r0kNf1_g
z92EGhI)Fz1{vsDMU8o-Mg-O>U4iE0iw?YZ&X;#h2Q`U!75;(YrSj&8*S{+yBV>}t{
zoUmGM*x<N3SUoR*15M>PthCoKpIxlQ;x-_RJ$~LepY#2~SU=?kkMYYDur%uZE0nD+
zuGT5;rxqD7d%A?mjOLZT^_pMR=u<{#lxH!R*P6n#P3{<eKWI<2CwvxkmdB<~mIm+r
z7gA8$mIhP2zC#b?_l<XiuY?qoi&A`{_adD~Nj~+A(U&GX)k}}15(tYgxzbCHHq>_r
zOai#6s0<rA`N;atoEUdzxr;lX+q1>N%pH_>6E(VeV1$xVKdhj3Q~Nm`DBG(rs1w|p
zS`gvPux_oL6}!C0Jz+RoP~ctHa}1Y2MeQ<-#Gr^51&cUC)@yvg@*np7?QqyBoiReo
zG4rzT{rveILIl?s<c9{oOBJ+9(XyjED3XPPb?4MWPUjMiM)(&#TBw|5puaWe2Ia1V
zukQ51Jb}mfMEO?1aUp8==a~TMUY&i%+s%sNfSx3>6mP#I_Ds3ZZoWoDBktzlueWK>
zTu(wB3&c0Be#ixSM>!(hWG@IA&kQNN51G9X#;RUceio;Wrl!`t1_f4?FRXCWER}iw
zn-#r6g2mM-qhkucLgy_MHyo5BW6(gc=P*yOu5sacy#+LylKT!b<QX?=o7<boZ&y6y
zcF$b{12?BJX7WW`?>;XS+@gUr;f?Yi?|tbF1{D!@pDqnAF-qO-m~n6`wb<TJ%HGbn
zVtqzeh_@z16sjYuX~caj)3s!5QrMOkYMDyD1zIioz=PP=@~cb8H?GP(#z6aKM<X+3
zGAxViWp?34691=*1tBqaag4sgSuB^0lf#7UOI@iC8eSC%3nC)JaFuUgloDZkKMybQ
zDoO}nXKt_NYQMijwplq#EvpAP?5D*ZFD6+1BAi(}S@%b&eI(n}-k^fo+fchfq~Epg
zcVF00|5a4(J^r1`1_l5N^r`<{i1_Ak%pwn)RFOG|{IcXA!od!ekj|Es(pV^@Zxlfq
zV$Z8r^F6>j6JZa0i!ZBwL>SUv<ZJLw^^CB%olH!vQ#y904${+h&}u(QO{{hAxSBNc
z;$}V*&$6|1Oan^fqG6HmqA?*jwy{pzsdtQU&}P)b7##6YIXJ0Af_(YDDPSj88uaN`
z?B0XC<)cRF^7dga_3E?*Mm%>nZI;MhM@no&%R}T!XSwvns;(-^U^syvI8e=bX@<yr
zA=ik|S|gDCkyMfN3JG~e*ekOh)aFJD84gy_Js_Qg@`qeQ(T|tU)AOnyVQ5FOoG#UX
zSGLEhzK`Hq>Fyx}YBoNXZ(0F?W^~j*WnL5(o{pHH)R(7d7$w(4_)W(|`os8X9%oIq
znAG;-x%7>Ih|Sfm^$V(BmowdxU#&!!T3L0B1}xxzt2rV2yo6VcMKkUYczbCNY8l^X
zTO#qG%@#fb$J|cew5x_Rue{Jtnh)LfrdDkTlQ>-NTI4iIlfQkfwvYR*DWrXF2W)N<
zz&}6pc{5xE);CQW%Bk}Hi^J20UA<k+k($0{EPr>00z!(tMWQKkQd_xDR7?zAS!fE*
zrzg<W)rU*TbEGi8lmX<=#e65}`Y}kKcp*pz(esVmdz4*)P70@=ki%zWY4!~7$9?hv
z9B-)cA@e6X2q2q*{k9;>lr}&ryShuIKrQp<`vG~;jOzj?yciz!`7$J1bPsE_KJ_ll
zLgqDcY#EwFY2_C7`iV-aWEQjGSS;$iZt^T{3etBYiEVe15izO^-k`T--4EMfb=h}^
z9dub-V%3$oT1`wtKtqu0@H?j$eS1ki0iFF)nGxu8<{E+&H)X&db?y<~D_N7;M2Tnt
zS%;1H6LiGLqtbqM-8O0#=5CZ(D7Ah*Wk51zboT~!R%M*q=NB1-4!<D~c;tAO(rGi2
zB_9p3e1FUuh%Uz>ppRiue?Z2<#yU|eCugs$b;S<4IsWBT8yZ(sR;)bnlMec6CKgH7
z`4>s7+SGaNJLSh)lPBNw7=(`YY<Zej*k|k36=K%TIY>>fJ%(eFJI$Rnh;XX!5x2Uk
zQ^h|Z+s<GkHEfW*5&k*a6w+5@y%=@PdKwuXS-D|0ik}0Uw-qoHZp2uxZsV|MdyxFT
z8`=o>E6h=q)fOr{R+_nUOk$0D_?`;+*2z9nZo$Lq>Dcj+*rB=D>^-MXftwPXxj783
zDAS;N&7bnKRdDag<}xOr5nL0C!>#>D>NnK>i2dScQ&6e-6Gl*~+_?A0yhqR?Hc-nJ
z*}|K<%f{H!T~6Pk3+^7acPkg3I^(so_|k&$X1ySgJ)SsE{T;F@uQRxFMF;l7lT!Y+
zln`(og!gAH(_N9C9?YF{X9C%`d+Zz&DvK?&b2>!=bw}u#q!%d3xE7tGlH+g2hXdUY
z82vJ<%X>G{WOUxxzvnw^bi^byD@K`7*NV+7BWBpu0@%R`tIrlHe?sMLX!k0ivaNY>
zHtd|GkN@e?d1JW$Hrr~uLmzcS6$kiU5;L885A97%lW!U7M~aPIjCQx%4_#x3d5_A3
zn=u-&;gA~lUQ}|7FD_1B{~V`l%XP+Vne5Y^d@}KVNvk@oW-U9P+rFqsNFxhJDuGBD
ze?D8ax>614X^y8G^4UII?9HMiOI2lCnmwlD45?j{%g8Lb=8w_pu=p>UV(w1d)KzP-
zwKqCe$Y@=c!b0tS!c9u_;VTOQ2!qI|EY?%P?^V9}+#Zx{p4}Zr5iPW2`P};*jPkQC
z?Q<*WeEZyZz~ob?HoWFY(%AK8o=*JExkE7IR0Z|DPO{hZ7a8N+kG~RbP68+_qha%q
zuj;q6zgiN4Ti==o=7kq})fGjJHx<eV8|Rn2v2~B0cHkQOnx0ig+SVoOx8Vzz=+cJy
z*DZ-_@jI{SL}o25TW1ZQ!9Ly)NzfPuUS64e)eM`+BYSzyes}J;C~U?{Gk@t_3Y{{l
zX|<U|@?E&bAS_-7cNJ79#FGa6z;u69!-`#Nx7qwso_EgR2JTbi!F*`;bV2O#Vb?Rk
zgZG&vcla^sTqaP!euxiDx${(6b21Rm0$z22g@vOvl9^2OC`+{n5<~-dNQJL9SVhC%
z&Z1O*8k<E?+<#x5-}%<b_thxLJL;WrjeTZ8_7xof5d#R(9>g(rs-E0pXXa(^cMvF-
zv0wC8{8~hn6qd(AgB51bYgpKMq|2sJtlCUl&lI9bKuvCv=G*W~WTp%YZz+cH>AQsO
zf(ZL#g37lVEL-!QZR3KkSArI7XBPZ2RFGf?u4Mh_V^V^Lc=0>*cH2gCr|8NZF$2pN
z+=H+l6KX?&yT@)hbD^KF$0=wXbZQn11jq6KTXro}OD6uK3(M|=?opq**DU*t)nZf^
zg{9d@tz6P|Md*$(*qn_0K8?wK&Y1*v--D#Xgmv=16+!*{2W%d1>AV>cWJSV>xI}+9
zWpFv&DGFV9ca;k5lb<ZZ_;KC*>3o%+W#xz&ytnHE(J6WZv3IW7lTjO>ZPr0w_#uPE
zvVpC%{$g?SYNO$vH1cgk<%Z$|71lLPf%F^ax-+OzU{iz7uP{B)aCg8Dn+*iTc7(Vb
zp(gdjm{{0zxli_bs*hWZC}ck7`B^F_<%9(=sQG=VgaA=lAlA?+`0lfC3vA%ISH(f+
z!C;c8^|aa}X6Ns{2g<8CFb6RfiGFR2Krt)yL?i?%+@jtRlV)Z{ry~fU1#N&E_^Pc9
zN2FpI+AQq8h8R)v!<Rm=Xc#~7?&v`e?Rj@*hE)R!qngR}f1o~d+=&8xT527!UJ5@o
zhDI9SxUF6|Po52P=#wl2rFPI)ee;>f^pg_i!?kfvu;OYc8$pO-x;w?wgg4Y%rxPc+
zl2r>S@=T#|({?)I*?!Bs5_TRA>-nK&Ej|uIIcjctEDe3!S4aW^?XOti7Z1cu@h-JH
z4yMuFvnAfXSrWW-Snb%utxmf$1*i1NB_wax*PKqN!Oq?-@`91GOKw1*MfVX(b9WEE
z4;dax3E3r~g?ZS+>k=GeA1U_^ON<MdULStRu~(Ng{Y4Xq7E*dxl>*kYDEbh-<Ldwq
zf~*S%1@&qhTdJ^^o>cL6ht7n*xBZw4m9d2|mdoFH|G;!Zx{q_LCY$t!Oc0$|uib#1
z7AmFo&e73Amxx&qE`tJCmx`M+$X`97!IzJy8co|=mcEc{Cb=ZQ0E>0Q2exl-fCM`w
zTY7jw^79m?Dk?6fZH-%q@v8i;FrywEAfWP#j3Q{A?JS#Fr~<;j!24?)te{2VTL*Iu
zLBv<@iI#9!-kS+y$(ssZz4~rhuLiCAH~<%WHKeh(VX2ON-rLM#Hl{w=fC#gN379+6
zp=3QrwjyCyyY<ymq*AAjMvAphVVTi$I^<BT(K*`ful-hfi;H%GA=zG`0|MO`F?9^6
ztW#M}xKz=*)raLJ<8Dxz4CcI){@ihxYVz`}(36>^)|XOzXrPy-!p@7l*2&tPE>yTg
zeXdJpfns`2z7o1K+pk_WxM2XHRs>EJHoyhdi|u!SMe)Dy<Nv9u7`7^?1Nk+3jm2a1
zSRSewIz21^tUdkZCAE4M&c$H8#>SbY1wTBh&TZLDUhNN0_c@_34|vdFk_~Eg6HA85
zZDB(bMdIQiM(1wM9qRee6cG6z##dsg<y5CpGZxP@Z{^8<{_-xp_!k>~Q@vJfmfpsG
zI7CM<DERv*>2*Q5@Wi*(rJI3Y7851bByG3vZMGQHvlsy-r+1@}zrVn7%VzR&-P~pB
zo!}#_e#d>VfBgfz8tYLb2ZfyFI-j>fm1>8Y1Dp}T*S+jkocz+Y!LxPlW6|qyAlSim
z4a-S>T@y-O89!c4iXD5Xkk!C~@AD5plJ!zvFogGA34$1<>U15s%bt5~cf%v2W`(4#
zM`Nsv2eWWVVTgf1K6;%-Em+(&=vptSF+uxf2iDS!hVL){YfieMP0v?2Y5N2ya@eHK
zLi>Sd3fy3+-(iwRgFIZXeV_ibxJh!;enBfD61ejt+a>N>uBG|PfkNT{Dq0KS59yw7
zpw?V;Cpb?L`};$+-ay2|mbJM{q)~lS;?$-f$G5>1=RNdV`6(JawJ-}Yq#m}x^E~2u
z-==Rg93KgEchkF+F--fHRtdtk)9pG491L+l<PI{Du}U5vwPIhm)zycf5C}P*k(Ka3
zbP8sos$CT=rhh3-G#0%(EqKD1Thc88WI7n`<FnSoVjqGE>V7m%cM9L}s_ZS?v6G3l
z^flP2ORB9q*FG6g;4l3J>}OmTcSbg~<VD<dt(vLV2+V_;uACX(cC;pojrK9f>T=Vv
zTi8=|uOi=qw0P|~eh_<twulUb1O*4O$Yn^F`Q^z|YLd3Y#VsIm?6}Ap+{t1#+op}b
z@)D{IPoN@h4@M6K!bUC>-0;m&%&)|a^`zft>K$e=z~G%(538aJPbx)QfTOR+XGb}8
z<Kx?)eVUrHH5iWx!doGlk8U<*(Q#1|v_s8$960HY!AnMZWpDy*7828G2iF|m9@Gzr
z^nfBmE36f7c%4x8`_5zHn_ZF7Xo6JoBP1Z>^F=tmvpGg3@D2o$-jM!Xzc}<4F)QSG
z^st}I$va5SuMqvBh^T1$yW-?Z$f*nwX=YCyGszY(a8YT2RPSl08gy>~tZ!8#qA@)i
z*tre=h;g51%D`CfNleSD+IZWv!P~;#nD0T)83NEHVQ2QaJ<TD&##KtuQACfP=2=D?
zXnyjFjKlJVYoStNef`zo1xgM3X+XApZCHFJ{<=%UJJa3?Hd4B4QO~B7tLsKxi@i_z
z<1#$gC$714Qj*FZ!B#LWjcdYnlG(C3IB>U61zu6nutjr)`7Ga6b6pa<Y>}2PYkzqo
zb9EKRmH>?%>4=>mDLJLy<UZn>@^-rx(c*DBrGR6TWJ5)})}Bh6>rpBPv|aC%nJBV5
z^%}%=;KAb(0K~s35$-Ou!x)|cseXeFt|bXpsd~mC1}Vv6)2)o%a)F&w{Uwy(9mLwb
z+f62w?$u+io6C|JAQ*$IVYLNJC32Xyh!p>gRt=(Yun$F)w!4L{emd7!9rxN$-1j2o
zGFgOEgFtk2<!aHRM@H<?CZWOi$xjrcUFSQVNYKrsUTdK@GIAGz8v^S0<=p9NidItd
z)p(qg8Bv?J&fA867OBiU^H{hpwXyO`i+e#V8Rq2`SvIf(ggUyqvsH2+g@iLkE|%R<
zCNbDA5xKp-Swqzrdp-x-u`Vh*i~)1_V8y}I)njW}=S@){l(pWkIrlqcqjd7uzA7)i
zea%dJs5D(#j;3KC$9L*O6J0QK#c^<;14K2#Y+(m29gRB?wMLBVcMB3|n90Q_wd3P-
z%5KtjE}QXbk;toiDW?VuM@UKGu+NgZYs(ny^xSBe@lOC_{gfu<&HH0yC;z#^=A-%2
z>yp}WeCe3_qXds;md@vKv2C`?IQqo*BosBpZ(9A_fg%jMyT!dATJBsJ*_G-$3r&tN
z_bQb2YN|yp2O7;T`Oc0xqO18Db!rwCCC^XE-LH?F3;Z>tuHKCBT{XPhrVX(t!Mr}Z
z%@i~@Bdd6K|BGul9O~WJ<-~I-*V0{j2?&+2z1cb4O07_h#sq8H&bgmO7lN1=+RW`D
z4wnBV^KEc$_`V2Gh+JGI8;1;ibf>#i$fN7?t@A-O6li*4<4lC%dB^Y}eH?N#Y~<>e
zpI4a&r~LT&vxd$0AzHs)=6^0f+}Mfi7HUL=5acc>YAPoBTpgpy>eR`{x;RO%3AGLo
z&!iNpe|5pXW8XKvU$$t?5=~eVbPnnq%#sVurK=7685zEnr5Pg2sH?Z+yFAJc8||#F
z{`l3Py=|zS7__)b6#NS!Olh}O0YiYs6PXTa>Y$q$4SHDm46J3ZxCXf9o0-@`!cSk}
z6VVml4K!(#6?)r&>pIsz2EWE;BT^)FsergYjsdTYHrQB^aVzebDq4;&?GgohXJ#0i
zMI$5Xb-c;}0W}}EmvX|0pqFx=36kgO^9mlSNAP@d6o{a%GkV&2#cy_+g5P@IN5-JI
z4!$R>S?HUF8)wRhz-dG-`he_@DCYx&!A4w--o26@UX5KBq(;=;(eIYVy_jxW+F?)d
z>ZDC?tHnR$nREyi%RqZ7HN%!G*-OvS#`DOYV!ocVh?0Jv?2b)}OSy>Ggf*NkVea_~
z{>S^^(z%t|@w}7-wYoH(wWl{m40s;eUu|%zsl2bhyC>sPMLKU2taj`NTwm1fL0w79
z-`&DVYemjyN0_bblKBtY>Gt^C<8+?XAHxIHJR}v+t<hX);v|XG{58q+wEm$P*}>KD
zT|-C)%{ogBiC1F9HP+;vEXYKW>Me5$cISJoi4nzxZh<mfKp?F)x+HxU?LDp~-I=&)
z7qBwPZsCCB%r9Uw+JH{Gj8k^)t)1mn0n^SyHCoM((k+`|+&!g!>JfBh>Gg;~-vD0~
zo={W_at-0w(+#vsIEYS{ua^*Dx9Y#4ZzBwA!ox=AbBbOW$7qJ_oa{9Ja%q{SYin|h
zp>XM^dO7&^jr6vfl0GeLc0g-qN0cr6prz?NW_j2vMM2r>xf(6ryRmAUT|UlXAfEs!
zL^z>UWjWV=u|nGL@GO}zNSNW#i*@7y3UFQzCGWTt{|ut!uDYUwH`A&UYbReSd5EtD
zqateFHq1)SkO?WqP;z_FGVNbJF^D6uT24?InjJd&L{pQR7o0aiCKR|VQ<ht6gN!&X
z<S%^xJZQaBJ!u>$hdq|o!bV|E#>)0M%brCG=>rlw6#KQuxA|t!Q<DQ;(kY{AN=_Ht
z;{lS*V+-Z`soqHEWh3hQQxZUnB1kJp8t&{X4vBrf^d4Q@)@{MY=9-48F&4IDe$FcR
z$Cl`bnRGg5l3bDmHB7+FhDl6SL<a7Uu*>DEY7z!NiZF2bO6D%#y;jsflu9sr;DF&c
z#<O*ju&9L+2@B1qrok1~S2>=L!RDA$>Y{562?_bw@Z&<oQfm^x-4dxz^0onSKu^UW
z%xu});(lO!3^8lV`lZ~vA*U=Y4WK%Mndsh?0aQngYTQ1-GFNyGfAq-jy<@Fn+i54u
zg*Fp>i2Bmo6;TQy>0x7DTn)E;h!StIna4DQH&26dhXr=;51A6L?(CKDGO2)L1`h78
zt){WAC0$jYc+Vf|#ngLOgg`JCICo3|P@$*P-snCrG{MRZ2LfJEpuK_|@M}{>6!=82
zDa-Gj&5BUZ<LYXr`+de{fI|v#pJVTve1m77KFvw&Os=tztbEIFg&d0n_;l)hZB)q;
z>C#Ha_m#{uV0Y8|q{oaNC<bw~*rz|KfD)DMuE(`}6|PWyp`^w_sRL<H_B75@onUe0
zRs-Vub-X1gt~;w+p&refU(?YqzdONSZiFvR#tgz>9+@oebv3ujGkkA>I_PFam-YVn
zIRy@p@f@uvMDZbL<Q77~t9zyOtz^e(GHSJP0W$L$drs&z4oIKTzMJ3i^`58l;~0Cw
z3PxgybOwHG;N|@{XE@0wx3hR2<K5oa)LtH^!;y#MftTSuL7V;%9wqvZ?u{xY>H=?v
zR}{WD$X>YJ$uyr`M(a?PJsaY%&rgV8!0})*y{~zuhalSLu`NS<dHibE{ow2jAq6}3
zwvS-0uo5zLSFtZ)A_1@G>8^O8rrZ8@DUBvSM7AHh`i8On_LzCK-2xHhBv&uG_hUY(
z-*riYSo@qq-t9UOi_S>k%<r%#ZXhLLCafjVsCmcf#kX;rp^H2PE)Y=SIf+n;p#<kF
zFEM??(0;~y<nYyqem{V-qPz>{c@svZBLq}s@l>EdRK|K<7ixO`<5f&S9)o)}190?0
z!gDd@bC`0<A|W60v|1#_237kP1CFCRJYbL3n=iC#t}}{?tHw4$x+ciCGZ3-QXEa#2
zD!MKjv|&Ibhjh)lKTi8|SRnwlLAaxi<N$dlUm$W+NdvHm*o0;!XN|%pY5_7WVzREk
z*xPTfNRJ2hyj9JS29agz1yZ3(t1CQ5N$GR3syyIvMIB@nQVD;?*VAc?JeB*{v&ZW?
z!47Aa>^x`D%gKsmlUTUl?huOU&UqcypL1bKd%8afw<bAHX$Tk)oldh{WVN=a*<;*X
zZ(f>I8HC&iID*d<@5l1c&2|t)KC7g2u)~=IG>KeAlCjVoTXTGjL6IAtp27v}4i$I<
z(X?c2+hy5=cNoK>y`%XK0l-G_IfZ}}Ewhm<_aNu0DX_r-H~JPguSs2IZNs6>opmW}
z!pfq{wOgn`&RVb4ldp5(G7)1X{_4z^!5LoebWCct5r5<UYb%iOq}4Q|Etu4tIx_&5
z3jJjk8NOzc_{pR$lg=)QDB|6d5l^kbIrl)fX7Bj!HAd*SIpouz3mh>mEPzYLDASn7
z?nH0Erii^AHQHX%J8P7hK6wSt-+wrib!(OYBjRy=j)oQ*fn9;8mUG_{xX5dK`aC>+
zbcL@Z$97@!Mv(n%T~Z;|h8Q^1QJIvKK`bHlze?U29qqwD)w#x#92XAoNfCU>z`k6E
z4l80zs`=5~_crHP!K2uO1P~|H!=6E)Dqp!DB}Luo+n^&p%WRoOZcX;h(?bM$SsxZ4
z=q@~_)h{V(P^`D@#*J$OWWB&iim%I1iUV`D&`tF?t80&s<x0ymV(E?!H>#(KVq$)l
z`)5144GaFqph(q6k+s*NqD2sIf9TMfQ))JkXl%B;m>m`Nk87R@8SR9*o#yvV+cJBn
z+DY>jB<1?i^9u!YI-z50EG%sJq%4{AYBIRg_R*!4wp%u!DK(7(G@xY1QsX$j)v6K9
zOh!M~|Bt%>$M`_aq-AzMZRJ=ai_ti8)Xa^!wyCm59SCnm_V@+hI(})Y$tb3fc~e3y
ze7(}jI_WW{d*qxuWHc^!K1@t+D^AZMWt?rL#Pf#|qes7Bsj}WIF9OaT+x;bOOCm_e
z)9S;sKRTGMskv=2qzh|%%`EVvp}ML(V1>0R+iL7pKFp@(Q~_HY6i!?taGF>Y`US;B
zk59b-N+w0+_<`+D2p3R`W}C-9=5^NJ9=#{?T{tI&H=OgkDiANVv)j4zQoY?pY_vdu
zLUT*#yyBwWV_X?r`HO$7L4iWhgcDJl?#Srf)r=!`6<%;bS~kA>baGR*C%_^?y5Lb#
zg@=<Ku&#da3rmZgF_+3ybf7l13WW-WjWzCvqgP=OJ%e?RYFgeZkMOA*FcPMOr$JMI
z97O5`y5M|rx{1K9na1dKEMrVYQ#w-T`uN1`b?!AEjU6|}*;zw;ps@l%MU~^iy#q^I
z^|AI|T0Eh=SbUy8bY3)v-(V8MyjdqDms_vN1KIh=69_JQORdjf(d`-C0!`0XEZngv
zWRi8^v~n=q%5lW=0@SeFb<Oubt)+C8lLv14BhUEog=(f8^w3b=vT|_w1^Gn{RM1Ja
zw!`v9px9#dsLl5&0Qux569m9PLrY%|y2$4{OyGR26IK@nSW_Z=cx>!f-dDQXQx7)-
z<aF|nJ>+VDW;z^7-)(Jqe*y%!yx@P6kSGG&+}M<8EB))5L;L^S03!N77YY8G#^0ZD
zJViULN`-xSo0&~OUb0DNYPt>9(}NEZgW>$SqL6MD78mzCJ|O`Nfgr!*mJB%~^IBp$
zoA@{>gcaqxd&AZjFNn&%?$R<k`jzvq>mL)}v$JVd*R@-dMJ1Q^_I;h%y-&+EBQ=>~
z&et&4s-{4niaeA2cB~v_6NK<6BLg|b{}4JsQl}Y)ODmsVOHSs<h@$ey(Ck2nxkTsO
zoGeh<dk4u;Hib3xfdLOsu?A%%(n!ub9{>(<p!D|n@fC43stjFZl8(R0NOt+hKhrk-
zS)f-+`WrE6rI|LyFb7i?IK%$r4*KaoDDB#?g2ZAuUGYDRp!(C8Z{TTlbVrgFBLBIb
zQJ)q<yyf*hy+9PV+RSwOa@6{-{-xOX`1I^-4`Wz$P!O`&U)O3Zq@YkJF!covvP{Y!
z^inB*-<kRM`!vt0^Hj>qZB&s85h%|n0MO|~5fq<46(bUjdyaVMri6BPBZ&>9^uBpM
z{3$wgGgtJD`^AMzTUS@YV_S69TUfz_I9X5_U*P7ZXya9a*EI9k+3v~;IvH7sM~S3;
zT>atEk;LjvpwM}SS)KrJtEbp+cj%J;V&&cZ{Q}C&+L}saVj|_u3~ZLzD+68^P_)#Y
zx$-q`RW-HcZyNYo6QQ{cJ_P^`9ru`vBBR>`+9Z`eHJiCUFcB+#{YU8;m=yH%hy}@-
zKO)7}Qawt0M5p$Zb`X9BpXy+GX-qi;=(Q+Uu6bED{QMb!MdB`1By4D4fJ$3bkLr4b
z6xTQ<vBqa_w!s_hK74YP_w93dICpt@Io^t#@H=vGNs<pl;r96zFLlSF=H2(B>WgKn
z1Q4$pyaNM`UtU}|wRUx(s;TkvrCc;E!5nOCP_#8~-^QdYxXdtKbOFXqRe+^pwgx%_
zXGEK`BW&(yizj+{;`MzxS0GoBOLwi=-K`N(UwBMZRK5%D2+Owt9kAo5FX9Ih?J-yp
zo)>>bJoR~Ask}pFbEj#pdN1d?c)o8N_dq_Jsz%&dj;8S4s(V$Gczt1k@Qz~j$bgqI
z`FWY`=G{fqxnC5O4~b!wJN9<H(3*6O7t(Z(&BxKP9*-KMwQ^V2<FXo+Z2pwmP3Rml
z^vi>ESg=H%Y+!Vkwb|oUN1sXV`DbKMQR5(ok%qSJ+`HjIB*HsMWGsmyPN8%4YyPIP
zNhL$CFjKEwOLL3h=n>jp%Zn>HV2xps@e0EejT>Q3DJylr)x}Jo=^MD9_tZz*7pQOK
z(~>-~K`F~lEh3D+vOOq1-d$1ny7jt5hBaE%dQGWnm+zpW(`IYqN5O#om}0}TVCKxi
zLSivVlF>^?L^fmknVRF(&ez}kY*J3A-q|NnycQGt)tq`F9@dmR)I<TR{sPzte5S;3
zsD>js6BDT;LnFFIjYZdzs3bN%7aS4yo$vL&j#n3{>(jivn9{ATejfX6G~xhWy^i39
zGP|uk9#<}W%kOviO;=YkPOgr`ZUU#P_pKdc&r6!`2=7iiXRK@-U=@Qxk3qSGg|G=7
zPamp)aCi_tLt;2>vMMqa71eB=9WSZVqBcY0i36x5M#sFxvKiV|JU0V2Gy4pfqgm^&
zIj7~IXw`E4qbge(+N+^dVjf3~<g4sh!|fu6<(954SE+1}*-U3EDTfk*$m$Ieg(iCY
z=uonEwUD>M#G#PW`6tX@^<QZNTyWj48wYk)wKdn!qSI7MvQy_+A+!xDisi0zDK5Ng
z4ct#4osY1wf1cu0Qf&+>uSQe2r0#HDeyZ&3lmH9|-CaW(wzc(9ZgFv^t*0k2IYi<;
z7(3bN#w3J{EZFnz1TQl?d&%c~qNTn4(aE}aYF^%R#B|K%Big5kxOH{T58NX2xL^XM
zW@kU4$)*8)`t}X~d+imTlCsLmR!)kTyC_1_^r6n^_~>$fjdnoHgcPx$i!9O%pol}0
zlYzdzsIlxu_+N0C(+exnAYCC%*@UsjpIlkS*|8M68vLUzOTo9?_Z5hN(=dw-5I2^W
z2CrPz$(a2b-cK(J%PWppTC*qDs}bAvN|w%>Oupy_hr^@E(dX|R=d+sxK!r6TGhGuJ
zs`syx3ZHFS+p-w>VPRuyeFjV&Uq8(+($cA>3Gqn_Q&R~=Mcn)Xv(obt_wMfQc2P{h
z)HD7aZZ`~mehpA?K`#^2fa=N7H47Wto7EfV+`@d=y9AF;#u^4#x;X05MzNsN?oqP{
zHO^9tmnaK2cUR?>VnZRnkPuu@ko07u5v`_{76|kWAK&SE&+%w>A*HoXZRBX5pA6t9
zax`A_O9lop)k(4Tj!wuxq8bko5hAS-trO;wPg=dJ>XdHd7bEgw6go2MtS$1oovTLw
zUv$aY(7mR@?^hl=S^l~>B=)(z(NkVXv-#H>D?8|7WH|C3cBDgB_TEx;dwgH>nzpqj
zu0|aBi9+0!lAK{!*)H(u8>xcNXvv<Ka*2P;UN4w-gMhHHZ%b;wF%4+pg0HJJ4wSCX
zslo*UFHzT#?;UI$aJ;!dnza$WySv2SfvY31!Lz$6OwiEubg=km0==E_z1rBXA*qXH
zlNGMa7HZ{4G&D3?<4NBfo`Vh-N}Bh0RDXOVE?nIp&^=yF0D+`~2;P5CN5OoD$)N4V
z-lTbtr|n_D8P=89GFxX`{Ih}&;To&VD-mUC&MVIflN*x|agW-2Td<I%MB=!K29aY}
z(D#<vpLtE11S;Z6-fNKB)xV!yza16Lu5WY-IG8(?hgB>bd`G6u0RuY{5FU;h5*q4q
z;~pdi53;hd!t%)ejx#?#?#~L5Xlolm`1unNY-}6|gS}y>cTVdx;51SF=Hr7v<LB2p
zJxvJg|KZ7rxTdDS+uj~l==4+BSRPV?ECVTdc@YN(jE~J1Hxb`bvR~yR+(uM-H4T<G
z6gc<fmEJm&?dd`bnqn3%-&V2RIB?HZ3#%mXFSONf|A>BYo83Kq_}bx_gDpeO{D`*M
zFopi$XS=5k7~qLF7axQewW9V7cQ>gvF_ec$L#{`hk3Rz|o6t8fprU8Lj(5}U=ftjV
zgVD77{P})kflSx~C`sn!q<oU1h6jE9`V}@iODrJ~oa)g<QlmE#o&Yv9d|-G8Df`=%
za*5E7H#c602YB-bS}H2x_4RzUb#?Hdb+NwAyr`V_s;Yt93oZx`>puL|f+=hc4+<e7
zu<2LceJxBa=NxTbN_3h}dwQatyc1fi*mjCt8QofVQsAp}@UtoTmFTR3fS7sde1&_X
zFN@s4)cy@$>%KhxFV4-Y3m3;(kDsrMjST24l%MCi?gp67?&hTcS6H<yxeD(kY7euw
z;9x)rn1k7dsoMM!-E6$DV>qiOqqrF3-eqOs@bH<}VDkkUh{e-`TIl+h?ag5ujlliQ
zy?sL=GVYtD)m>i#mFD1_6t%~wwzh>DHKfSM8)cUFOscA?x;<YL4o_7Uav$GLRTwRI
zg$je`zatf?EC+ZWVkN_Uf6K0_@=c}rFn=14b`4>~e_L>7F1o6dZFogVYpkWnNnt9D
z=`=MwwFr$S{t2VI-{pRf!f7(JXs;yPpaAVdfsT{1(_(`BUSs&q&c5JGPep0{_;sk%
zh~QR_Ykq@JN~&iGjbaf$85y&fBpJ;Abjno3m8Gc=QSY*+2J5B#7iVOsvc^o)JgK>q
znAoT_+S&^@M>9SP-N}z>-}#Dmj6_5rM?YxEmW6kk+7Ftc2q52pcQ9d{gIEV1^H?ex
z*=OOl8#o;JO{&ySK&l!VkT(Cpqce?z<)wh9DjxorWMTFxC4PQ>k3qVlxvxR50gJQr
zYKwc016kPO26@Ctmgx9+$D}?>NT)Z85aTPlEBQRZjB`>j!d@8tR1fr7ernNo%JH($
zIUVbfbEUcNOWU!YdfVrlJHd&1`A!3=kDy~`nKE%_HRcWe+H=LRXYTIt3l&8db!RFZ
zr_GpKXG~^m=Ke%+;o&uhy3JD2xGxc=su5S(gSLZe3k%J~s>7qEljl7ezf*<<21<>T
zWgIu$syF$)rH<)cbH8j07t;J3qwV3*?U-6$PuST>1E}@Rc{w4`3u6-#|DvKj@}%e=
zTPn}?x0HE;*#)i|OX_k?(N_yXeXlF2s7AA6w|8F6AY3LNdS&wY8IsG}AeFo({A5G+
zHlH@<$x5_lPdRaq$xgjC_I@wdSrulH$C7gBNOv@?c71~Od<x&lXmPaggyZeYi43!;
zm*)-5h-mqH3E+4jY7$Fo-udLkpEkG9=Q<a#w=;E0{Od^q+a|qFR?~oP8HOFIDT4K}
z|6NU2S<`oJ4V|U;_Hzhh)fMIC_VJCWnI(JAdW>)Y$As=M`OzZ)V{{Da5B%woV3lD;
zT2XpYJS1AvNHco)OG8U=bUU8{-2;CGJ!Bu7)2;t=*7bL0_1|P&e<x&rPx|-9KR-k0
zD;4%kjE-)@`N!RIqsg<QBRyoCKR4;^VJ55pV}kdeq56CF-;IAK?B9C;QVFZ7s>&pS
ziV<w;68(UnP)v-Qqb*I{T3MNMc$kSwKmg6Aj<~Gs=$X(gIw|RX_rQRcER9cdbIL%k
zOmm`_@ZDr+%WF@DI{UItAJ@1-JP8T^!c!5-=$_(&<Klt>Q5ze&&QMgZxVTsJrDVq^
zs0s=SNT6q|dOWjpl1M3>TyIP7dP~5jrhw&f2J(>{qtx{D4;M8+z*AexgE=+H;c>$g
z8yi~++_MJu?FwavbBvRR)E39f>n`Gl{zD6(>hRD?vabx6g_U(nd6J8h-LI?+yRW~W
z)5GIp=zSu;BPny^jewau*6Ny8t7WrATe*P@>u~Q${p9*_c>w^UT!tre{?hrR1PCa+
zAG`oyvkN~a`}_N|aB>2g?>D`W^jVnsksa_`43p1xQZNUw2nFDDeN$4H+qfP!Q_B-P
zGvA5<QqWRHkXFP6rB+wtgNBBNkT$eQ^<AB6SL&LDNA@-ntNChIp$rH2;*9-_0J1k$
zQdsy5u{lSMfRi09Hl}CPDU-c8093XY_FHEB_nJz9lQZAFc*4<%v9{6Cr=g*tpik@T
zhLba|U>A{8T@hd0km2Awq~5;ukBr2okwxnm&5MEq1qBgUUkqV`>nK*<uow-<E-lPd
z?}^<-yLIaqfj+&PD8?0X{bh-XJX7X+uB~sV|AxlQuc!#!qIu;b4<Fy=cVV_TG}rs-
z@Wey`sjLsR_4T^bzg`{w`ZeVIyuZJHvfdu?txOL&PSE1oT2NetVaxoy{6$jp*{-C7
z1dTr1^WEJ&s~KobOKU4B=y2p+b81%BW94XND?7VSjg2HsIs>nbjgi&|5`1oM;LT_1
z5vr@JfxO_&WM&W#fhPuFq-w8|`TcG~!{4=RDH@SSa<l?Yxx#R;WwI;-51cO^%-lQ)
z5*F53C3u?NR7^^mydM~nhzdlV?Hx&NK`XRBr}Jw)J+9A$$?@rntp<W(Ln9){lX^39
z-23}~v<)PA>dn?-QPbw6W{C%X0tt&r4EU7=mC5&7nwr8|5dtE=eZx>xRJ^#ncHk8`
znaW9N6K)|B_Y(&K{?<V3Hdbb~H!tb6wr^K|i~#hK0=!yzBO38F*7rx0<(msRuzF2d
zZSJ$?yL#oK-BlajrkiDYC#PD}8ri4#_}~Mb>-Sn(2)MYoA?Sn|<Csm?4pfPWNmjj#
z+z6oH;NYW~5)JDOEytEQcVF!uTu>(4b5KiJW3tlN`1o>zB{#~wgOyba0_Ob8PFY6I
z8S+a*Wnz98;;gJ-kJasU@5iW=e$^QTzP1~Y@$vrE)m)FlP+kMsJ{mf|e_wJZnpTe@
zr3q|&p(X=J5P=Geg+;Nd%f=oH7uPcP!!KffqU%bLMHuSq2X1ehDk&+!ptbbs>Y2u7
zW<IhsxW#VVqui;0egU^&V)>wK42+Cc$L%JgqoW{DVp0+oF;2*0gf1Xt5tWDzFFZYk
z9|b%@^-{iUXr*X{J^h)R>r?wR-oNF&S1hj?AN3cSn_6qz64KggOUtLj!^7B5Ii8GU
z%XN+w-~sWlPDu~s1dyHD+(&@ABOxQdad2R|n;t0(0l-K}OZz1x&;!Or0xE~jbz7@;
z@ja~x4#)}u6NL#34A#2)`XpYb3gh4~y{3y!tE+qdArB1$<E*rzq9bm^h}BbsIzB!g
zi@*^B6cHB}+7=K7n{OpOp`_9UgTop<_av>~m$7-hp^K*A<V3&oXhI?p#!xvv29)YO
z=+o!V?B1f@OKY4spvA2%im#5A*^kU-RMwi>yJ*Qd?1<gm-6H_zXJ&rpE1^0w7x<t!
z!eVMi-uWa{V%aZ~39JEteZh;jPr4t=Lh<zRV?Q3d!@z-4ZFP13C|dcpo*tAa+5oC7
zK_}^WYCdR2K?1!PCAQvRC$eyFcefZM<581G6HMAir}`$$-(NyD77GOt(Y3uRsV$DZ
z47M;j0qjs(h9#i5Qdw->nQV<;ja*!wjNcjwHr=ix0>T8LE!`L1DFgml3#?OvfGkza
z81=~$|6EJs&C}SlDtGt`$cBZI$^^OIzIk6fCrQ=|1Jhe66~L-sdni5=5SWd0V}1PU
zN1o|kMGmWI%<+xM$Y8BY6+E|GvhUGKS6XQ)QuA$n^upWU9wm^%-6c9Mj@Q&|TR~ab
z?|lYBWK_~;7>p7GSc5C&Ts-=3t(~1uAYEatSIo^4AN1I=2V+qP2#hG&lit-18IZKL
zLf}A%n8Xs|;x8yE4ebR#4R(9`WFX)(g**bqCeULnqN1QIEiDy~G=-p|x7H3}EzK)I
zaB+zRte&ZqeB8A2)1-+?OHaqSgY!_WbfN&Y3=iX!m025GSoj0wKQ{JqT?i!9z>yis
zOvO(u;Pj|Nyu-@g_Hk;gJQ=Y7{?GS_td8@<las1cd&34wDk{i3@w{eFn6zajL`4xK
z!ZF$bBV|=}LkC*?u>B%XjFLg82~Dr;864c*#qtTdRHL1mDscAZ94^*AI~Dv|?L+YF
ztN`d!!!^><Ta%9;xoG5x7jj&y?Wa^anq<2&rGXzM?%Y+7=H;2hKI0O}u?LC?0DlNS
z<1=Ex>@|1mn3^}1mY8INiu3a&<mHP8PCb^~C;<uCZ#*D<Mnu%wHbNq7c~_-k0O%9`
z#z2xJ;LUe;%_FV$;nC30SWK0GBMVwuOrX}O>ekzTczXH-<aV}2Ak|>^90+UkRCcz_
zoTn!zTP7xm0Mlk-vQ=7B6Hsx&(t-R;#fZY3{#r-G1CEd{>Dh>1_1P4V3<CZr<T*Rx
zN>?}n=;G=!H7)IYCpea0L$!1I-8jXoSI;R{yj?jB?NpK(85tjpXnQGgEEg07sDD)B
zKi`Ur=v{-|?mx&%d+8kQ`1r@%q9SoEEkR-u5?y`$huj(TDJiMw&=p`R7Z=wa+$j9r
zorh`4d5jpPml9n^Cz%I)YV9^6Xl#s=F92$0M!!2l6k4ECl3pYiHvTcL)LiRj+o$bc
zD~AcN(QHB)YMe)p>;yP0GAE=!uP?`f!$A2qAxt<y9Hf=!cEmc$%IJ|&zH-8Mg=Z)6
z+k{n~;m=q#FDwCpT%ryV+7a7nszwB70cq3E+1c68_8j@qH30z)ouzwRvqdYba^0$x
z)z#aY2LLgERmIPKf~lhRtr%t*57^{^mE9?xz9fF4%ge_|NWTcStCvmvmLCQ7NTUN8
zcW!R(=4t(vdh)=4e690Ocn%JZYMm{zq7&)x`Jr*44n0<&A`<cCOK?btEKuZy4K83R
zX8WEOFqoSc{v5qC51J2oJ{N5SY&U4}c+F1pN5k-4%^1Ml2SLw!mE!;K(@22Dm|WFd
zwKgxv09Ov=^q+v-=GdmBWoQUX&-$Ew*0SLiztQqDU@~Ww-X!MaAZlvar<{F13g|b6
zLOa@nR=_4EUSGa^pe~T*A4?FaT{h4q|45I@%{`$#=PIOh&1XNodRK&zZs9TCIygw+
z;nBo5(ct9;H$BY<bC$7{DXHll9)<^U<l3(;$iPYg`j9X&M-()-XBHNW;LmCV0`lGG
z9q(-tg;N6Qoi72dv;ZbMGATMVfV9a|stZkS&BW4(Hjzh(N#?Z4>Y=0$T$ICgb>+{@
z*7Vk73IHM*fFqG9Iv{r23XwSsTwDlHwxa}U!Jyz*bDW%2d^&<9Ky+$r%T6Op9R8d=
z2M(kMS#hmG?>XlqAc!I7;CKXj;PYg~QLWk32UT@-z(zg;yb5gLDFOYyVpUn$xP}_A
z1?k^!=+?z0kd}(d%Te(0*L}2U5gJP*Bsz0H)amJ{e;hApp2(WNy>W|3O7i(WOMeI)
zN5sbBx=)WE9<tnAZjci5x}o9Y<6Aj6;0RTeDfe9gVIfX-h04c|`D1ZF)I>+eKM&SY
z&!1E=6a1Fb^h3!IYjaviLp>AlZ{8&(H7t+a?(Yz!-hK}RVkpvg%joN|X>KeTfNOlP
zp|7nE8pVbmiHeE>o&Z4gbR_$oxUw>yjqM4G{kDF4a%e!*Na@bHy~~60q0NZmRqySR
z$Mk~r^^qc_9%*P0t*)=P_Vm2nFwm^~!YupaYwy}idU{E{^koXM49Rfs$Vfc`LBJhE
zSixPNlYJ^EKn0P%G)8OJW1SV8jr8C}U}dFU64K*&sD%Sw9jNz7`flwAA}Y}XhHB-5
zDWQO%;E;k&I7Bl1Jf8uGg25&RL8D(~0E^=jm-i}+nD>dIBD<<O-MnPs?0_g@c+0>%
zMvi>4zZCWG4u9J1&22<vq+b&MUHipRnv`^%@7J$N464sw&E6NIs&I=x?`ltcEq6^n
z_x-yBY+Ajho+QK_-Q3e@c8cA)w3LN_bT#Wb2zl>R$feJiSjg>Z^KCWylP6Eyn+Ukc
zhsY#c@hA#Ul%dQek)WsVEK>xWaZo-7|D1f;y2(oNZj+RN&>Nr#36p@|eVd`MsL1u!
zcmEEM)~E9sb3;Rc-@X~9mAJUnw*dyNNLW+$t$%109$ILKu7L@%B^h(ko+1N2cyPb5
zw5m!(e^s+v-JrX#+q<kRa^Abz^m=zE_M!3wh-iCPicfSEUZ1R7nWfHCz=9w4RlHm7
ziKef$qIl4s?(V)f4j(bH<&#1H(Xz6(H~jtUWWC98oa&hr9t-gQ)81D{McH+IqbMj6
z0wN76DM)vYD1wrTN_XdwLo+ByNq2{YfOHKl;z%el(lK<yFbv%c--X=wy`Hu1_j}g*
z-oL;3XU@9j)V0sq@!NZ!GoNn6{$dM6j*qW2UDRObSa&CL^f-Deiw6B>cp_<Jnp@|$
zz&L{sObVE#oZ871Y{9Gdyux=)w&nsx)n11R<Rj*kPTo5#oYsre3v%|Pi{J;5(6>dP
zeQ|K)JUt$Wu$5^nRv5SOpEezd{GfZSd*<Tc^3Csv9>byE<bEGoSOTwiUJiKdbRgwM
zaR15RD%9@ngJ|pDE7F_c^b$0HW&K>KDY(1amWqbvfhcnUlVvTB2IMH^YHmnK$ee<%
zZQ4u5(7Qa}sN!)($?Z<Y2O1zk4<!koJ!=znT^9v5o40pUbbS1z*_c$xQ=Mj7YU()v
zaQQ1H_WvIJ9o%OkHy?@+*<EeMz=KHS!C;1V)f;b5>H+Rbc%=2g=Op_!1>`nh3QtMv
zCrNn)Zc4Pa%5=7<y#w6r7iMox4lV#y2F&Pjj|@w9yQoE>x@R8(EA6^Nk^(}=JKP4(
zxkOA58{k(yxPRvYG>Z;m<Gh@moh8q@$+eOBpFZ6;?@77f{KK;YG<wk_B;eNafv4BA
zHTo}#Cxd3)D}|C86J8{+(^Jmu9Abj`sgl}<;AlRP*WDX@wY)*eg~`7+h=_>XK_V9>
zI^+p+;sLt1_b=ZLHjslbSqad>2~g$a(z2qU`T&oX((H$f*}2|AS{8twk5b5+gqHHu
z)Ih`yLKxWnE6S9Wl`rtJ#_z$Jsn@Ru$}JA`9|7*?_h?n}ks&~98;$bHPn>`I2=<kK
zVC7e6b#RjHuI(1;fc(Cvq;paX4D$Zd?7NL3>2|`9+?#lK##FRLEr_O1pGW~Ic%gBu
ztpfqne-U>!&7CgVy^t@0yvd2GbFa7vpTeP_w9futmD9*iT$&%-=B|*8;{-}tk_>-c
zn^!PW-Ggq<kml+sJhib&-OOE`!b5jitpa#oJ9D$-Pkq`4mZ*N|y*^5OlkSyL>9{NU
zK)kI*fa)ycB5J$qQr!9A9*yROZV?oI^5`ynWCS0}Q6@O>)<%c6J&gXsXK|PP0=Sa`
z`2G6zaG96Clb~ECyDN{w80b4Mv3G;YW;^IIT>Srf6~JGY1N<+W{d1?l|FZr6vf2M1
z_For2{6ms|7ycWO|G7Bg-_8Dc^55G3Q|aG@|JLk(J#6;5Jw_Tgr{Jz|#Cg@&u7W2E
z^ZS=iRu=nnDP>;CJbU#6@5VlXK9ZuD!1L|K+n23@g4Z7!e^SJM*ssX`>GRbW&!6)&
zVuAt!9zS^!qcOg764TwgzMdvvA?)!vjp>qu2#|kq(!UGY<y@D){g=W60;C$GJ~M)~
zxs)FGQa8I`^Wb21TgA7F=e!|Jh^Z^(*gJn1nl!+!FgH7#^QVW+2go>f|K#n%zo(!U
zpXFozQUp~Uo-d-p)bYjmLMX|~-ht(b`w728<%5hjiQX*!-E~(yf4b5G)an%$edpB5
zJ0?XDU+DfBA#9?8i7!*-?eDvP9=#e(Sc^J`GZR3QjnZAAUVeVC%Wl5I-mq92OzhOb
zeV)GI`)4B5lq6ebwi60ckw9n)_*}e*-+tRu@A|Ow7yt3lEN*zGF7WWuVGInyaSgrB
zhEYe%|I?G6Q%6Lu<%t}s+LM9u@40ZW+XeINNpk<G1&}q~#St-2GxyiMBt|-4sH%B3
zJanIWU)~f0j4pKD?&W{<YL!Q{m6y?Rnbrf)hd@T>KP&g&Huz@(;etOB|9Mv?qAdWR
z10P_}A-Zazzkceh>C%iB>1d-@C&KouyV`!U8_XgrGmD^+w>D=mwf4PiuX|u5!OyQN
zbSQE`c;{~CBp&x3yI*S71y2S4yjir(M=(=M#6kpp;r*}wtlhZZetr(ms)w$O&gC;B
zonHR@jG1mJyBB3P^7}g^agE+slGx6Zb$V3w{A>GyWye3=0XyX(X@+lxTwjDT&Ye?f
z@`0bZ{E1uu>GJcZ->`iAGb?u6t^fjaUmYjUjW~XP*ng}A0k4Hcd{S>F_F26Q?YF%F
zM!rM5FIWF2+2WJWu`iNhA`-p1Rz;uDY9wf~UTmd=SN}ofz)CPR!o#F)&+TurIr#{D
zA;9V%3AAwR?aeXa^8$o84|?(U(k+O)DeI02r}mgySZJ&@v&M!1J`)q+)Ur?l5qgmB
zQd3%OX8otYLxtzhbF;E$J}zIbuP&x^E#5Bn=MTgV)a>k-C`pMmOpZy)3zF}=ti#b1
z;g3I;B)UbL;X7;P=kGsSXCy$BjhbCs^Bg<yIq5m5^Qs$YIZt1N$~_y=%JBOzpO|h?
zXPU8hFxk3iCFb&`9;Kw9z{<qr@42_8?%4?B0F5<!k(B7v7H><_gRqL<;WmBEI+W5!
zhp#;kR$nA?rw4~m1~oQH$jH3EbN5a{65F3Gqn6PYnm|VBR;Pvu4<pQ%M}S3CNA+94
zxU|By#w+C=H*Rd2ob0D}rwe2PNY#2IqTsjqn(WY0TVe(aFE7r!WC4qvh1c+3MC}?*
zEKS*{M+Xbv?FBesSvlk=CY@K&D~-;};Qft|617oj$l9GM^WMUQa-WFwX8N))?<+iI
zG!`UbW`iX<L0MVf6qhb37YCde;DyV-+31}{uqhoQYY)BzqJQKv`}tihX>HJJ6#j4x
ze|~ngHAAXGDRZAGXW9eTzZHnZ?~H9Ov$luTOqfgAjYm?2!(33q$>$NY2xQLmOnM&%
zmls>bV>SJW%WcX-Lc(?3xD^vB>al$X@EA#M&iD))W~9gW_;!S|-M=3l6=fJm=yQ#Y
zEuRc|cx+>zSl>H1DEJ)?r*fE<%ERlR9<Wfe<#$}@e1(&tzXfUIVC6~d&`@U0?=w|P
zn|#PCZnyyviAFSO8?TfN6%ALq_o?B?g?szgV)s-D@pR0)lU}S(`HYU!tPD4Erb|qJ
z?@ez!GHO@S_dN2j9^5qj83P(EHzFsI5{yDfpM7tLkn!JOYcTRBON~uS`(CW&EDC+Z
zAR;1yN4TQ;W>Opn$W#f-H1A<ySp-sOYS@8ehc<_a2HrhV2UBegHNH;kqmB{u61^Lf
zULLb;7R5V&v-EJ&-*LCTgfjH5_Ae)|>8atF%-C3X+(Ut23HKX7*EH>d_rxA1&oTwB
zA>}TZe1X+vgW#Zk#s}OWk0_OulhZW7#qJl4Q8s)**w%t4V*tL`+0%#(37=GTbmTLt
zv7TF9m64Sd_3-eZlX4<_moDM@>dhNjHML5J_ybA0*q=(TUPZHXOPj3ros>d-R>y0|
zZ*GNngFI;X!fCeGomGMMKbJFAznk)3DL3ih9<R3R0bKC%#>Ql!y&F-t^uX!x40poV
zv2Ke@s0xr9#DW2wD`v=Hw9DGy`;Ltj$k=jC*IYtuh}+T&Z*!=M+(}CANDY%)cNdPJ
z{Zw2a5pZj^A;K8}3ILMFUVqJ0QE(!NB=Puw1fzQFTeuAo8Jfn%*;@w(7E6&JAU@HX
z9iX^^tR(?>Xjo@8(+m61dL-o0))C-WQcB__RaI4$lN5{d+{-y!E5e96FA;ip94Vb{
z+gz;Z;pTmJPtTaBD0gg{j6OF2qjphl_<(a<(DG$uD+%bO@l^d;Er19ZeAe%;4Tl;J
zcZ&@#*S8!kd8w)9@tbxsxvcg_*Vqilrl#iGQ(Xwt=+rm56Gn4$#9C$QJo-&xb#+gF
z&`Y}X@duTyx#|y<>s6VvBU&~EJ&ruQg;sU+>GxO_6M;(>0Bi+-t@SZlMRRl3<YbHB
zFhVwASKv_ji#rq)efJvlL-vkNPOjX(b0;`8l~$+Lj*Xc)X{y<ajE3fWR?vn;XOuiI
z)uXmjjWX^M?V2pdd8!m4`|n%xTZy*wi^J5^)U7#@#H<24gg}pZ2^B_4f@oxIUi<O0
zA$5C?=?L6!V{OS<GxttUPXY1LVaiWR+ZgG!ftGi0xTl;VoUQIog@l3e4Szqy4GER#
z#y0_d)^BE~5wZ^Mvt;J&bjkzW`^JcmA4HZ3SzqDXcG_7PDdPcLle?<}x89wdkT?Nc
zNpLIF-EtH6gZ!ZJHy^k88AIQn`<}y_Kc=TMXJ+m-H8(4A4Wzs60eUkHdUkv@!J_Zh
zEdnv8Lv~z7s>kUC<JC6Pfq{H|$F6^rRy5iB6K$8FAS?kf@!U_gpy<@pj!a+hLahPi
z3>y7xz+5@lYA_0obe+L0%Rhh4+ebuuf$exxw{~{g+S&rr(kA#v(vy;8pFb~$jJLMF
z2V^PAg@^~S(=t*Z^TgY@9_h6uo}NbM=<3M&kgxtn1H#d{N^)6`*LVEfOD{vzk?h^g
zdA0=i=7RDSTWYC_+FCXqo=D`$e&KI%^4J)@WTmFPrA8KgRb^!+l+s-w#z7UHU~Xz+
z;vX5Qng^R47^vjY)zy83)P3`#aB#4S?aI~SuIq;<(FrM^?f+O)(W#n1yec|+_7Sj=
z0G^M#F`22FB&$1dABBnc={;#6MgrL_OziAY!NCq`X>_X-M|WX%lf6JR^pTMSYf8Ya
zyHz#^4B0uT*DX*f=$Y9SoN$_sxJD==qrFOoq*=OfvJ&9d(#F*@i-Yy10f|{YP24Ba
z&YnZK**^zpb5bQ#cp@J{u=UIB2GB*1(^GGr<jfc+zosThz#)CKmv~)r|8Qoz3xy8o
zvs^gi%Ta6so0tGm#m1lFu>oVY?LaK!-R?ksQHhVcht`@Pi&#Lpw$PR5Dq^25Uy$?@
zpxk7KBg&=oeXx6_-qN$Tf!M7EmnHn|*YMNL*&IObh~K;!0;GMFLr|_{WMqXD40xL0
zSyxv_^O4?3!Qj%!vNDngl?WhK5uC&iW^;8YXA=_(n42@E5iCHwKf@oZu^|DL`_Z8f
zDJG2J_1ex*;_G4Yo$c*p2{&oE96+f=RX*MR$*hzg!`Tw+2TvL|$H~txgPW{E*S+?u
zdYv5|FElz3r=X*w16adiYT{^NX(1*)z6W3ebM*LLQja;SuSopL%5l@?oWS}dZ5PZ=
zqPG<8v^_gm_y)DJzWiZ`0B*`(;l9QHF*GzJQgtSLMBe$-U9!e{D7T;>c-mLzITU(@
zQ=^!bO(K7g9|$r>#W;OG_V#&(k}6hL{;ZVV8bRNviS1BuMNgF2Q(VfKBr~eAQVZYO
zYiI_k1~L!WJlgsGi8Y>G-7gK;$sVf9ZCZITHWF0xLBaohM7sFz+!stJexe-Oa>sdd
zz`DUH&=C2^r32H-=NWF67g_2}MgR*(Ex!8-jGpwzu&Gu>%u5~4;sZ`OuD#~v(q8?a
z;(B^|)Y9J13lSWduX)`R^42<7i-}7y(1?n+@)2JTIUH8^h3xv1;yKlK+EMm9bBYLl
zm(d(R+R{#W5A@r30kLl7RAKYB?YFskc>;4kjeu8mu)#2#@|xUz1+kt74nMlM__Q~j
zGlDV5pa^<o;*FnA1Eqh(Jsi-gbf?AvBwP6uKWOFC`|c#^*u^dlAk-!E@}*&++3IK^
z?le>&V8p-+IiBM!mWMyH)xl`Auj-sEaAE=MYs;aA>suY<yF`C*m{TlANzhiPLF1wI
z!H}WJ*O)8$Je#efksf9Xw}vW7feiyB$<1zT=$p?p_wOb5n4_wGm{%otcMAYnZrT#^
zMG+8li{+U$Z7kO+^<;Kw0h?10zWmJLj{-8dcRU*i)FQiV4yd4{o`i@cjxSkRI5~Zq
z=JaMjrwa=%KYtQbjVY<C!}gALD}n7pKtRB~`T^}kMjit=E!*L6+;<`5Ev<$oGh6pb
zP&$7pdM9vj*{^b4qLxadZ(mY8!bhIujg60M!{0zk%6?E^r=<m=kwre~6gS5o2l&Cl
zgD4{+TY}H@{7czQb#RZLUD;Q-iWb}7-%m`(tZ92D!73^qidbgqY$(*CmNR|tOH02u
z?@4vq{_%pCLGs5;5aXao_=Vx$sk~$zk?b=Wh^Ez=vPf((8^2BU5&n&hgTB(<1yJ>A
zT)uYmD-|Xm0s{IPRe7w33E#F|!kF*-%JeWc=u6K|Vq&;i_Xw2^<PD2nV5?!)vo7;$
z%Q2<+i<1JtA3`9Fjpmm^#Lm4{7hpAOGpD`F1Y>`Gc_31*KyqfrOT|sis=&RtyCh0@
z<^HJq32+YwWgX9WPSz!0b|Ml;R*K)yJxNnA7~9`;VBzAT2Sgk?q^le=#(0u(_LlUr
zyOEIUY8OdK-J<FU1^K=5dyIgdw&J;*Z6^^6_r`4_8EFkRTajP_BUD03L%i-KkOETy
z2%|&?)_;#<VeJEY28ZXtlQYdq_rm?a%f=J86CUX+$QCfRUeO2I<GQruky5V~KGLq!
z)Tp~eLJJLM{K=Zt4t&6K;OAHIBNhN)>52Eq5!*T48CO(C&-~sZ7qlCW1I{TlHCex@
zU;dL(1DF)&n0M(32`Yfxhk?g{Q4B(|?B*F9A#mZxPn>AH_B)&fx9(6=Yc=%$<v<t_
z^lyC^6vPR<jbJcA{lf5;%>&y@fE_&X{0kWjQdWC8@#jLXM=y~(>8t;H0RV`9bS~-t
zP<S=^Rf`#|j|lNcf>XA^sUjItiuqTgG902zbP}|d^(1|ohlc{pu8GE`bXGbtC7mgV
z%nhG?U;QDf?sLRHw)!w08#c()7&86!%P%`jtsBN-zd%1tC2XLT{bJFasshmdHcJ(U
zpr=Vky7;W1yFXQV+{}(F5HWO(s|`HJ&svNXHmxHf$~oa@CLH+cJ$N&}8w@mehPsA5
zC{+zeAn~q}3GtaN&yDn53(c-+Vpj#2+e#m>e<s%#$`OUQQwE9j&bpkw|1~oIG5J(%
z53SJBQgAP_jS=)*f9b^&WAV8q+AsElMJvBETdEw}HQ#;!DAy_U-93krmu>!zBFMup
z>_hq>Mmnw`9n;pv8Py$U!n~o?kxhchQ3;Z%_Bk~0J#SC$F*I@RQ)IQZEuDA1=le8y
z<IHrACDT!=OGSCEbIGHc?vTSZf;%sPkI9H_&x<gpO^OHSB~vbUjrQ)hl^K^In1sOM
z4IDcLXkr%Ld7af)K^`lFdDWtYmfg0!c&}<Zz=NN!S2y_PVk<8Y+k}#l*K%3xXp6b<
zS;wR5uQ2RMpD8na_DClNNA!4vO!!<hp?DB3T7SK7cZ0HE0LzWqKGEng$MhGbsf@la
zvZvRcK39E0Gkx{j+&N+ESXbuyAajg~#_zpk`x{mh(KQAwa#O2!HfS2jG|F(4+MeB^
zq?jR}iVF7KWnD{X)Y^pldfSM=pb2B9K<Y4~lgkcf!HjjDe(IxZWLP^BZ`#7B@+10#
z8zqe19Sx`3hzyp!74D7G1N%`L^ceq1%esMBy5EFgn$%NEk7=7h>oK@CiKA~Xo9Jhz
z3PrZrnK}8!jwv<?sem5PY3lb=!mDepxm{J6M$0owzuuQTI<mZN$B2E$RRwx*;3E08
z2Kn21hP~+tDjwT%W(I3{gs+Y;!}LGQ?Xd3{6Zl|$X7HdAjZW-FJfBbwPf@lUv|txX
zg_OKW=7s_LuAGl*1^Yb_hi<C;osfZ)e9)&%Z4~<80B?3>=|y5b$ZVAj?zlyqJIR#8
zIdnJl)-BDw#V)!@Nk;htoCnC=oUutn21v&Fn3*=eMgBB`1!vIOQKAG7OYUV+t2QFC
z7ZNDga*#=fY>FetAD+`?ii1Tq$s3-jFAh&nfj(C`j??0FdwvokEx~+-|E?J3_Y4@C
zFH6Q4@l#ZI&AJ;W`oK$apt%L*?^qa#=6c;IXV=JeH@2>nqiV}S^!U=(tC>Fh*!|J_
zbFp$SE;adAU?C=^&V~gK036|so00ei@ZQ#B3i6EQ6@#5Cn%jN2qY@sD=N2p&GBKDL
zbrGwyB4z~2(WkzAjsoj8<F0P+<|iq$3L{Q~nNp!FAc^>Q4fK|LGc1z+4@&Ij=X|6N
zYLGYVJvfy&ykpW^ROWuSPv86qmS69GAq#<i7{-;?gFR{s7`yh&Ee~yinOj(T3)Vu|
z1;sW}ic#l3kI<6||NYs8Ve6&@^!(#f8(*9(@Upy>kb`MnWXSgT<l^{Pz=_EkIgypn
zrd>98wXEe&*juA-+Vy75J(1AUZgLibu3l!5ojZmetdO=3Yz{lOmJ^KTw?eI38|)1p
zpxujw-j!sY66k+|SP2~B(&^chulq)7E-#zqk=MH7wFO+S_MD-Ye2R*xc4G=@Ozg*Q
z@zr@=FLylF{47P<vrEd??SmHnOjxKG{+pd<-}58U>*;dv$T()o6w@Cv2zC?c!Ebso
z9Kv*p#dtmZg<#3jSG-E=GKct?)7d57)7PUY3ft32nLZ<v^OA>kA2BxGh04jMLMQlb
zB{#6q#iz!iV)?4tsQXM-By7Z|Z6LhJ*1mzvym>s}k^>#VMvFUqwbD<wzsB2U9*E(5
z&c6Ebma~@Bs@3<DgY35EGUufqMt8r0q9z2a@`m>oVJ(6|B99Cw-FRl_=w(kj+Gi>5
z!c)pJnV=`X6qjo04vArM_z97W3jI^z@f-tf-b}QybzTnvDp;sCJZd-Pm^)POsv5a2
zW+6&lOWe}=dDtgCGhTlcmITx)?AY($#`=;{O}<aRh3$Z4vf(7?<WNF+lNLrnR^#Us
zH2XBYvqa7SLvSYE#MIlS?c)hOS?k~J)nM=ZX}H?q&r3lWujAX=hrVGmMfon_py|aV
z_dz1NiGz#8xYY4|oQ*4cRtGCVb;p6)$hLq?$NG7u{YdIlp=Bv=rj-8U)`OqYK7Mf8
z<v6X+*?y9D!>DEFO5=a*GN??d;EHW8s{)dM$~-pYc#<(&=70^SU>d@1#|Xv5K(5Kv
zw(9D3zJI$6Vv~Y`Ry%6ds;o3@bSA47ZUL11Y;~?7nqHTA9WyDf(q71a0MVBtxGttO
z4097V!j~7uJ{iC=g;@I7)SFpJ&k)5JYg9ONKc(P6)uTnLXW4Xpo?4!LYc$Oi|COd8
z5nbs^ZpVOqm$g#5t|uIwJBi|iD80#@)GJLN!eDRjt0a))qZ!Vkz8#nBja(duUEpXm
z2Qwi=Pu8t+kbz_`%UEi(_wSiaKbE}8gfq&2!UW7P4<5ybBYT=dQl-E0E#q0N)%oEG
zj;L3l1F9&tq}GB#SB#de_MRUN%;fxw*u}8KPq9JrkGY1S2X|RxSqfxfsIJn0%;@wC
zzrNOxx*7q?o!^?-;!}1viS~2^&U-TGkjMC>=POT7I<P&(lp5tmza*H^dh#z_M7|@i
zu?8(C{?~@=l?`2J6{Es}jrKcrL?M<zdkVadBNM-V@9n!j9V~ZxDo2tsaddT0eEQb6
zEqc!9V&(O+XR-%$GNE1u*Y4Hzadn?rP)68lKR@HfReY3~8LPFiZ(!TC9=REAsXSsK
zT{S3=M2_vkgQyTw{oY%r1rcY-5?|Pm%c|^-d;1DqE-IR#;Pt~j@)#2lGP;3`A9|cy
zgkagz2vBd}{GLT3N?*z%iBJyg1L24$%}BT%o7qu%o!ru?;|7^)>5|ef>Eq^>t0JH-
zflgO$uq}4h&Pm|4qtgL5B>j`Jr%su*_|T?F&j=zK>diP+lg*>!+bjo_H${G>JF}6l
z8Q*OkgXjP7oIHa&9FUmwFf-L4CuH1<bQI4{w<99cTYO|5Pe!=VVKb{v4u#F7roXO}
zlQj-Iv6?Z~eif%}8CS+BAf;*h#UmHx=|X~qq!_z6m?C0$f-MK|GdBYhi!TIoN)MO`
zj8?5?IOG@|bub*#CB$O_Hbd^cWkN?Ai{EvaP{DeWYdAG2kmY=haq?PEZoXQg!cA%P
z&eFQ#+D4_>&4>pc7`%_SZvEmy)mPRZjpR+j6D%f_KN}18xQD91LG7H?3`RYT0%t#;
z<<gBBOYN5}Bo$aTau%f@jaVtjrZ$Q;Sji;Y{jr3>{pIvjlXw#NBzJw>8D)qX$i|Cl
zA>tDuC4Cul->+7xk;KM(CYjA|mtY=tD$fr_kAlkcaBv7MF8(7xZ`cZ>9j+jWpPb>2
z6PX1#NGF?u$LSfW1ACUvGEG+NT8AIwMkRaSQEJ0k*V$s~sKvfArX4_J+;(u-%7RC!
zYVx%@nU$SI9h7v5HhRVCHzg7cOi6fA*w>orIQQz_ej-_nSQ7U*zB)5Uq4~hj>@!_6
zdpCrGZ@R7MZeft?lf;<4Bv*I0dZh0sXNXQq2NR1v;QQ(_>lLB0y=gO+I%+okrci0w
zJzy9<^)qxHsXjMH|J(?Q$F<=R4TxXoB~!^QWa9k7T~ng_Z{OyaliU2pD;R5{l@~^^
z0Hz=t$p((${O-=luFD*>3-O_jAMX0?x(3-<PRf<2#ANl^<D!qiz5wKulS;=xIij3Q
zX0%Mj#%7EgIJ7Bji%u(^CC@T{t!N@aTH8G6pqEmhf-73-!SJGj_Ga<O$2tgzba;+9
zj96v3=-X_Gr&gjHV06emH&LOR(4O5!in+&8S9ftJ0+z!t`7;WxA`8QXBlPYr$jcA0
zJ<!`n4XoP7?Hvw4^i)sA5B2_8P@~3cRrRCCjllYOfwUCY`&a44DwBv_8<=$!^GzIK
zjl*1t6U^4r9JY6>zUBk=Y~As-_<HO_*c-qU!08n8xjMZmw|q|O>QsXTb8tvDLcO;6
zUvr(ydL8O-Yf0B+mkb<@EyJsbmL)*iATz-e4QM1_W*!b%sgxv0jq#%QI7Z@IVGE^|
z6&0Tf?qOmU33i-0s?UZiDRq8<tKA;$Id`SlS37_6cGZUzj8(JUlt`Svd;4Ro&h1t{
zbcOTgJ);qEGPjcZ#by}mlSlp~J|R{*Iq7-D0Y`V1EHa7Ymr=djUS4#Q&D>Qgjkos0
zXYET`=DweHF)%Jwu|?VPaMZSH?#~)%MunDCm@eB0!(a&r&UwcVYO2{oHX;6@jQARe
z)^<Zh888h*Vp=1+WIRLaYsm?~n&M^Raq0=@k(KIJw49?GzpO3(;1%*9JA4rmf*pa*
zpQ2{X1o57>WkRxdm&{@reBTB7Fyt6zc8I1^bs+3_XMP_a39j!Iu)Gu6(9Is%+&%QE
zI|_(DN@jRJn@f+p_0Fxw^9M%zS!`p*wV5BST*F!Eu^EK#itK}HstSW)J_rLxfz%gL
z4fti{$2g|>`GABjl7)B&=cH0rdd@v>Xb~lSR|lyIwskJs8{QAgg%7FuKCDRH3b(Zt
z3vpl#2kigB=9RlnIGMq6i{SHsbviu<r&|xK4jRblInX*{x2A)sE^KCTkmG^2<Wrir
zIwv=5`uzP-<_<3NPoAVgaPL*Wa3d~BmETDIVci%&cMm<P{*hq2_=>3GK_(TUoUV`G
zR?%eK87JF7^|`=sZ`F2{Kqo@nt{HbuA?|HU-tct2eo0wWa~0Aok|d{@iI^M8j6NDT
zwtWBdO?L=xDqljs5&b&@bo;u&7ME5&S#ie?0A*g;Y@Q)-sJFE(aPGp{=RPCQ@nTDx
z@GI6Z_34Ez|B#{$ZpfP+!@Q^KpLgre>Ui085EzPIDDRp^lIJmYXF-1~exm=ElQ>@l
zIesnq*gkBH(}v=WTjNE_e{>PXzEN<F*61i7vX@wPyTykEmEWW|{Bx&Ph*4K6=sM=W
z0uuwk1`HFpB+o)mgt4mx{wf`_Jd<LzevGzJVQa7O9kN|&8A?TieD#+shHr#1Gg<Mp
zJ-a@L*}qpPFI?rY4lm9Sjj`L2#xsNux@qm~q3VuC+Q#7c7ODo`OxjiZsfnVMR;1J~
zf;2&k^iZGtGKkU!#e61wWkx0R3eNzxf)9X~?X5yPI1XE-Z6QyQFCwQq0J>;OW0S25
zTS|7M?|~<Im^;A6V|BB@D%h~SR@s;WHWa)N-UzUkB8a*-n}o5dv=N+$e<5EamV94$
zo=UrRpT~e&7|n?2D0@NFwdvsl9ZuW7@z&gYvc|{d4Xe#o3SxtVHM=Ort2u$3>2HR-
za|ZcZg&61E-Os!r|3fq<U#e1~QsU=2-b7%&Y>VI2_aCLVf2EjyiDFE+O><|UcUu%b
z+RBWce7;uE{OHJ?9n>=Af11{<5MR=CEHT0(Gm+w9Hf3#)0Z7SC*E6w74{izH^oupu
z6tKE;G{*Kz*TCUvSNio(5W|!2y+U-;4QcW7nXQ0$|4ORi8j}ak_hRSnUi`N9P!{ra
z`naJgh~z72$(ZPw^4xHy9rB$1eSO{U<GLVUwE03>gav$;k9l3QCnhpb*Ktx;HzDp!
zM^hL~<=f-UNb7G`lTcInC1=v(T41afYxIY78-SsoL0wrv%@gtTElPt1;(vC`jD2Gz
znsF#BusOpRF~{?Ksx}4yL?IVUmy7}=IAHSxgo94Ijx#*<f;1&4Yyjhfpb}AzPE<X#
ziO5@?-&8-d^zLv#ZBtIGQ;%0lq?(7Dckqx~d5*l^b+;17S3i?|CBrajaF{V@;w4&V
z&cJ{*5=6U6-*NNZ;=~^ATB$>gR;zy+^7c2K+guyAS6<&{6oa@kO=g@COW<2Pp>fMK
zA3$n?JeXzp&{h)ef{N16;3Io2uvh6M_6mQ@zC){A!f5+WZ5C3uyfbfpZy3WDCS(A@
ze+Njv^o-N*o^6~B9Z!o-=fv(djbzHi?(4ap0PTo1?d|a_Ck}3ISE^K<B}R@N@8IJI
zuJEOKrf+bWK}lh*DuT^6%r(eqtvr6c&S6W{$IU9t9i{iOG8VPQXOdhKGQ&L$P1x)0
z5onY)mltWHt#}vqfW7t{Rjc?}k(Pn0&WNOPAXZCs35;@SY)x=oURY`?DeEykI<(L{
zWmM#?cH7QII#18etV5H@;?%xYnQ@n4C(hu(wr(JurHF@ol2eQJ<gkYoN**2ZfW>+5
zz=c3(Nn8A-^B!@&dT67lN5QT|4*jIH0}AA8c=Tb%hj#FWmD0$vbjNTn_G5&PMyBD!
zDeA&tgK*PCd^rg<*y=dXFz(Sv0J4LrpCnp*g%O`oI3sVX5rgl$jxq1^oF^Ph1x7oI
zFM2~X44d})f6cAYtCYPO;H9$V)Ey=}$%#YM@{Ot=i<Y@JayF(vgQ2_L4>@a!gLz-2
zGkof^d)g^Qui74xbF6rg3*baCn$#2D=r)w*QJ}_XDV%%(mySrhfc;Q!(eF?~>hR)Q
zW$`y9S8e_XhN)4SuJe3fB!YZY`kX1{;DoKOR$A>?yvvY-gIQ$$POm;zW8XU$a6DT-
z*zesii|EmP^}<V}{1Aj&k7@=vY!NW?2vAUBzNvu*OgXr>Y~8ewz8fDgZ4e{j)J_G(
z_OZ$Q!85>T321$?L>laf?o(k33S-{!crm?{_1!ykX_I{7aac)vBYoj#*FDT!Kf1Qr
zwWJ*jP*AAp>T0fOE@<@cbGvy1o}#GC`1d<w#El#eKoaEsC8QD^zwAdQM!@javGl1j
zWgZCB(df$cdM(lTEnRQNS677bbO<T&#uYjdy}5M-S>41#Uvi4yz8!MaNXqmt>0|IO
zsd&=y{=%cF%gWm*uM09d!I%ptkJil4!g@|_OR(_(&ZrJ1Ucc-nT{U7`);c3ERFw8e
z_ANLpV=@k<d?8DaFuya-uX#x4*qaenWeS%umIt=9_J_atsDf8_L`m)J*^D}@`^kx8
z05~9r&-OjVjji}uq>bkZ0s?*;U3B<hBqhDY_nEmGUC#zh-lcO|MB`;kU)kTz*Ebxz
z8neG(c-DVnIHaV7=JA9`^KN0-7pY4JYyJJVLObgGw#YcTr9Xau01V=(4Rz}rAv?n(
zzWDrAi|;Mpj=HohQoLyUFYj{uo3?J9)p9!%m#g@0Xy7h}i%)%pXq^r}X6Ode&_BGH
zjY_YY>C&OS&~E5bVX9~Qr8-3+vdSl7><vypa?-8Ja=z4RlfSAon85f9O)vzm8>3X~
zMNMBhg6vR%6pN2v5#L#saeTiYcR_D};wQG~)?w1H-chQeGW$yFTYo3G85_N%xU2$X
zb^Yah{&ykx`(FuS|3l&5wf}kY@7kS^#dDlj6xnfMbFagIKP|&~@k~Xw^ogP0{{cSW
BuZREu

literal 0
HcmV?d00001

diff --git a/doc/user/project/service_desk/img/service_desk_external_participants_comment_v17_0.png b/doc/user/project/service_desk/img/service_desk_external_participants_comment_v17_0.png
new file mode 100644
index 0000000000000000000000000000000000000000..9033a960fe64abb9a9bb5796abe35cc610772e7f
GIT binary patch
literal 19911
zcmd3N1zTLnwl)^r0>NE_yL*6O!6Csdjk~)9f(Do1?he6SgG=M?)>z}NU(d|B=bo8!
zf56wz-n*--YL%?2Rl91vZ-*%>N~0kYB11tzp~=cfszO1*&OyR{i13gnGL|+H<XLPX
zA)zcQAwjO}XlH6+Z2|=)6ZSI+K|OvE>)YvTQAi*z;zzlC1y2-mnm}B!gIOsVm_RIX
zaxNl<aK<KFbxAR;2^`Ef8U=&em@3xcU!flZn2?8CG@)>Q-ol1dx1P4$j;FoKpWG_#
zjb}7B-=-r$8Dr_t$p@Q2%e*xX4QOArh*g>7T457|g}D$DOB$2K<A8yEhNisSUN_0b
zJD1q0JdiK<dwuErL7bE{4h@AY$(NWmF8kq*E0>i|Tm>Gg82NW){7;JXP1isiNtpn|
z^|Z}9e$vd%1^yR~BW%J^IH*YVp!dHPbKRk2EJHIAhr*<{ViL)%DK;+NAOd%e;^N|l
zKi=W@1cydrZl>H_Ep+}4d(|1$l$GZZ)bDYsA4OjKp2Z?>3VO;~KJTQV(Guzm7Rk+r
zi&bLdkfZXtA*Y{J>Iqmdfxa9CjXwY#0~X#}XYwD6?tARj2tQFf#V6eZoru@NX~N>W
zku%KnTg(Q9!d1W1SoMV^M|hZq<Idr{50X7b5=x}@wG}u2Eo64ln>6O+sT#T-fT8vk
zFYG(b{UzMm3CfYDtfi9d>!)__L}Obi@#5%w*BkK{A!q=Fsb@YlFAK2Osr$YB7VD^e
zQaO!0dcxghTszIp)hOoB3hIs+%P3mHu@U7muYKkRE<~8ju6Jzyf?}==-;*-f)!;Zk
zCsS<=yf>b}9|UhrYQjV<eog%u^b-w=)6M0CuB~W%?L(-iPj`b90TjZHuJ}Dl!vrmq
zB1I?in^r?ka`Mwqus63f({Orij+qGCH$>xaFv`$`VhH$@&05fc8*nQzLOvg$5Z|a6
z;%t0_i-D0OM=5_p^Z}X<MzC978J?k=LK!9Mdwlkr^f!3jIQFnB@VDK735?(_D>iuA
zu6J-B_(D-t$Z=$_r@qURGlrr!i)F@$zC-=^fn8aM`rGdbZF5d_I2;KRWgK;cXVeUT
z7V-IP(tQdps7SHXY#<vlZ8vhYKsiQQuX8f=V|UJ(93QFTcc)EncR^ibjoyI`(>qFU
z*ba=_-l|Q9cVe<R#dORG^gp7$=E5jX7V{+_){}k?W%%$pk5JjBm}N#!UDWd3HB#h9
zwF#~|`XwarcXSD-35)&feVcs_XXX}y)v%6mQnBcqPNPA5?g*s*x4k`*U$@w`l40bL
z_7Dq^oCuuAI0I9<zW!1#hn^!n`X1Rs`*q&1(Fntk=off_^qAb0IHb2^L*9P835u8~
z$)B+cJV4T`*R|S>wkfhzaF*)M*oG%U$l7Jsle7`N1>8Q}FxV<Wtbr2_prZKJMYDtH
ziiwWBgxH8E5lEj)Jo#;39+id`ix=xt7~1cV-|v6ls;a6ksiLcXQ1vbmDp4)LR@Eqg
z&lic^k?p6ZwRj^dzob}7Q6Enlw-!HS>{CO;pPK$*O|g>7fKrsoFQHH-O|~|_d5S21
zq#&)}RHieQVsL+m&G^gE&TztDdR#LNC&Q<h*(8(U8k6~v#F5Nca6Cy;-k{d-o56xX
zn|MJ6Hw9Zw()U%Yr}V&|z$8&>KUv?HfZToM<ag*MoV#qh940c*Wro>Zsxs<ys(h6b
z6>NocRpxp4mB|&FmF|kavVP<qs%gy_AEF=1TC!f(#<gHcgca3&F8Oc}HI;usX~Jug
z>6qh~cj2=OWZ=S4`bqs$kAay%>GNc1f9Z!(tx|-~tYuLws+v1>p|!>KlS3b)XAHRk
z^@jD_mLW5?rIBS;#a?A7v$tgis${d-mQ5DamdBHPRqVO4lg^VnRwt8f+4nyRWdIX#
z76o;ROUa3;iP4FgWpZUYR&vW?g7RMRu6Z|VB)RB%?-k9W6+_08D+^ClSL<7@TcWQJ
zJ)PU(+I>9rJmVkWAKpIbT<Khepe3Mb!Z*WT!z-Z<1y=@J1kVQFMpR2V=TYauN;O6r
z0d%(EwjH;1Xsg3Akk)s;$pXKQehujh=$j3Hl$R|;otB^WoQCEsP3c^ut;Mb7-D}yK
z+-n_e9qrUw(5BWQZg97zw>z+E9;z9;$oTmSXP|WDFq3<6X~grpOWCy!5jIig*oQQP
zhIh*a4La6>)}2d>%VEca$5O{GV8Ais@#8-7mDmH%!)Jtu@2$P?A+_jP#9(4hVkLo>
z1LMPl9p@Pf_polPwYc6-@EP?Pi{qcipINw)@RP{&9`x#U7b|Bgfve6dO}5f2`WzAX
zVG)1`-V@vt%3Io7*+MEOlG;_+-A%B{{v??GlweP5?|$^tGUHm=n$_s?oL8h<D@OkS
z&@4%b>{CXc(d@5&Z?Mn&z3W5lllar{Q|2SlWBAi@V$Ua^q!axI<CHay?wUj>%r4{w
zk~6LeayI6(BywwILuHSNaKn*}`ffdngqT?hX$e~KRSCC15p+&e>=2j0k-#d%DwM2<
zvrxLI{b;UeT|5seIqn~1vxJf1=+Por!W}D4_iMWnjMf_O%J=mwsyV!N>pz#4#c5>d
zFxRHGKd7V9(o*i3kK(yPwWbP_j{K+yCD~@<f8?ubwp|fkd7H^um3+%F&R@xA%eThw
z>-HoQU?ncwLzgwgy4|U8C0j0^E{`lzDx0bpC1We!UGzIY{p}!199%{TVaZ~NusF7n
zf3@fsyN%sa@}QD4HHn--%35m9H?EJoeZgC&zhP5YQg&0wYI|xGO-4*mYV7v#LDpj)
zDMvparwOkJ$5W%~wXJw7Ni+vEHR?&V$yz%A-^YWW&?G$8JnD(Uh~jx(T86%=ofl%H
zQSmhHmVrRK7`~uqJs*E(|Ke=B@ae?i)5-PA&eJu^c9+*VyP%bxqmQ^BX+9b>I5g<J
zc3*@{krg%$*qp8zHEwSx9xHZ_ujy5`T88iba0*9oV_jWs3u!2_2Zpql-Rd*`qAyvI
zUU|PZZ*XX^)MDWFI{s`hj5U0c)SATmrTDXTMY2$rustYyxjR_ydN_9&D0<=Nt-Px@
zt6O29=ZNS<cR3N>yBX5zoBOKnCV4G08C%62kovN;u{195*wT_`DeX4Xd%g7#3t)^|
z6*+NetM9JMDUDsybcRXC%yPeW8U?n$e^zu&&&{&rt8i<{4VzM5K;;H;Mb}f;T{TM8
z-=v=lPfza6%w2^qvT~c%k0)lS2{mpDoqNCBAD}ej^)Cm3^YFG=(Ot_=+`Z{9rrO7|
z$4^FlldAO3TO3QmCtWs6FK27#iK{Z26+71)drzb;6_(Q!I+tFSW^CqHy+>ZY9NB~{
z+X#R19A9^6cRH^eSY^D`ytQ31aP2JOEx-M+{-fgsVFjTVBc80oC*j`w&|wXGG`^>(
zM(I;#iE!D=*nVTbZ|jQ_EGaB+R)~<F&>(^Lv)99^LGXn^j6p)%jJFoAHMh6xZ>yb~
zvfZj+eG~(wNZcoiTj@TcUf!Zt=f}%E&7Fk_oyp|`x8=36wyJx>%N&4^{nMi4@b4Mp
zP3fP}^;!E_Eh5t1zWhJ0-`o~ll}*k!*!iw!$`{Eip)69~STlYTe-{-FyP<~$wL_P$
z(S!!&aIecM%s8R@D*9<d^jx=7n9&uA*a?;#Q^iga16Wt%F=*iL`kQAuuL*i#Njvw_
z=hQk{glY*Jiu$k-q+l-koS231LgDoMXmIfYLZnuC<#|ED9fOTdl%r&YY+b*YXv&%@
zC_phl!iZ4NAr??@kPtNFCWPFOU2a@36awTM3vx?l!~9Pw>|8eN|Ae9Z{>b=2O+r={
z@~sANG%>MtGPiTaAIxrn6g6j|uIa3)ATI#0vtcnZw)<+r;%;OAhX|CAy8t9;W8!Q?
z?rvjk>m=YVO!;RH0Z90dXjV${KeISn2~%n+D3eRrIhv63u&}YPQHmgwlamWM8k-8J
zN=p4p9P&$;(%jkEUVxR=&CQL)jg!UB(TtUypP!$Vjf0hggBg;8*~!D!*~p#Q)`{w`
zLjI>5NfRf4qlLY*g`F+=ALSZ-wR3S6rlkC%qJMw>YNv_2#sAi1>-4W~K|09#M+z%D
z3mfad%Z7*w{ShmmY~gNVttDw;15pp84iR<^UZFqp|5wWY*7zTin*S@w&&TnflK+wN
zPsz_tCXNzzHjpZvMgDhW{w4gMiT@H5V*R7%|DlP$)cj{GM9(6~LahHDGZAE2HY!vo
zC^0Bm$q(x8(BKTD^vGGFfh;53kp;>hxN*#q$jpi2+SWg5DCIsj;2IBAepHvUprNGD
zam6ag6~E!8k-gBk`4vgP`FiP9>D2DDD(D1S6O2e%-v*rcG+t(2`mB4MJ_-VzGO-iQ
z<ypRw@Y!nu<3#<|Q0#d!1K?!7{qtf$^=HD{;}Swaih=s)Wh@W#ZjRuxrRFoW7|cH|
zyilm1>o+iC)Bk^qiQT;s0KO4au(mEI7I4;7Oy{Ey3k$<LZWDU@&)&v#6-bjaG08jb
z46@u`?EWk+F8)RslM~1-d7UZjRUqa+l5f~OLh}h%U<bB^(H--j^2S&&NJvPI#|!MU
zaUXx^62vr(D-UC5T8193G&`xOo5f*3r^)_Pjop~vByb6_w6Rh-Fh`Vo2shU!Cnx>w
zH`xE7ZphD+WT-l7E)()ZNR#^2IiCb$mcI@BQ~P3jv{1|h=9!gT1c1ol-+g^4ujh_?
zs4wqjG?N))@pX^1YE9W+dub?PUa3YKsz-g^EP7&*L;wBq|CA^u6Lg)zX|^*{qWJ;q
z*We%`5=Jx|Y$sJ@==dQn5OZ~bRpcciUBqVz6-%`8dvC2t_|!9tR$MvXKeZAgR!EIm
zqkP6rg)ual$4>Yol500qDMS+;1H&!c5;NG1@TeN?(a@l2#er!!JNCckAY@b|$<2*?
zm}vDMgj<zx<)eSLd0fie952Qp9wZownQ!A0hjS?74(I=$vSQ@L%4c_X?qR|{@-66t
zfPOguC75lohC+Xo%TTo;plrW_D4xYmpUh5ZhSFrXwLvgxV4TIc-y}`hQO&gB&ivZi
z02xzD`tJ&Y=*xff6S<)g37(tO`^oX2j3ER{BqeZ4nKB7>c)y3v0b#1g59JKm86yi8
zFIUrXoC5NV65j-q@|-Bbw0Jmg1j2v+Cg#l9YK|}jmYQ5*{9S8edo<s4734kBJ*xaX
z?L4}AJXcxS9RUT$wknaqCl6E~=APcMo;y%3^JJ(%gLV5w(&p3O#!t&z&VN#dKG9{-
z8>h*om^tt6=4V(>#0#1Hht;!?LrWHA@;QhrW=3$U6cj~XGO}!xgo>-!?3f^906lrm
z9e79-e-H$lQ^$}Z!cmvU8e1O~x;O96<>$K1?P&6oZl`{+dI;1Uisxk-;vgjUVwilw
z>+X<7-+pf1oni&qbB0Ak#L;g@4foH6<lBI}Pp-Ws{yy_#8sMTxg&Cxye(zs3@jLBt
zg@s&ZD9EKZfD|g7x7|27QTo!fLKTP3w+FcI9Zpu7sWmFiJ!|4&2W;>H#gflaTNA3Y
zih9+x1~(#&0UhG(iUU8Gl3kYE^Re^KsZ_9jG9L)dVop!L?<b6Q#ci%q$;U?n&nnmV
zhD0NZuqD?p(k%Z16uo2BXDV22%J}=D*o6X(I1kBK>OPkB%5jbCwaBbjF5q#IK+I=9
zk%72K){ZID=XQK2;re9zLR8^@TfNm+rM9Yan<?P`ZU_KF4s{dWp`9x|*Iv}1{~hXw
z?0JkBw@In+Tyl|s4$pc@CwqtIWIA8U<Hz#1Ym{1}ubz>4)Ec%)O;P-*beHlsr*@+v
zF;_@tl7~E@6V(pDFXBzxx_oBi>7cg7%twcmzqgj$9R_pu+*H>rmNMvCOXLn~x)N@b
zDbVv|xlsw7M1W}@@oe`Fr4AR;B&KlO=HKa`<Xhpmf8)(<`>nRr({LhNzfVKyhRR)X
zwPt#d%a<59f@v?eaMUdg<Q5wI_3M|wZC&G1ml~Q%yZM*$8J@2MnTLI*1UH5#NjikN
z53N;OyB)N#gz!;5M%SblC(Zrd^LN=hgR#OpWbcF>1YY6|Yg(UA{T@g8ZV>5}v&94|
zEe^|WwxdOl+SMzTz_h>jr^tvnt@rJlYtDXN?B_A7Vo+s}{(7EY=L!*@{5r2cL%79x
zc0Io?^Bw-yDqr65C%?}_oqWbafqI2!xUQei`HrhXt<7@7Gee%V4+HC!yFM}w1O9}^
zczs@th4jP2Bx3Ogq0m2dwh>2ezY{v5=0hK9iSjP0O*{yBC{y^=T-_#9s2N<CZBSt!
zn0+#FPG7aV=u^$k8D_O?d(_;RfsqpC4?>G&fS5a85hYMV3A3kjvn06Kw+qoizU++-
z8@P@-9gQ!fh%mQBe_JLa5oOsy9vAyywK#>bm2Xa~x0#$t4<zE(y2_f@mU{`qdkDgQ
zKa@D8vpO~$OBJGC>KyNUJfkm{$h4{NSJFYiXIM=v<Sx^p-_~U&JytN)u-@>>^7`_a
z#btXTCQ~Y8w<bOv8@C?XJ4`{(Iw8I{u9q#|0LHd~VW!O97FzCntm-s*Zb5S#Vg9N5
zZjPOuy~cG+U<ilAr#tYP(5a*IWr-O>XhLjRr&L`wvaTCLKAVKOfdn5O8`%gv#FdTG
z`~9yKgM-VzsmUFu&>h}i^V*b%$2#t<U1t%@#byYR*Ya+gOY(skc<EX-ub-p^oMzV%
zUo~d86EhE=)o7Q^sBGX~_7*qld_%?_w_Iy8Iqv-&@=zUaVuOfX8$b0z;TxZ}3KZlT
zip9C_b{=p(Sgdb0bkEd#&qUf6wGNI9>d*WieRPtowehNqRuFgl+h$z}0HqFqUdTku
z=wp)n7$lqQ5sm5aG~iX<%X9qQ#{o6!qX!*|$yU2wKfl9CgzbB!%mlL*Ay%J<tEA^g
z44I=j<^rX4{fn(|;oa^K!l6`dtKC@K3X`WMBm$B?n%RylUu_EhQRO#R3qd_RsbtI%
z+e77hi!Z~UZ4)&@P~$jE<O)Km{a&70?0TiHRabb`1)uIgELx4O-&^^d;n!TfK7&!k
z6n}_~Ho)pXC?~(4R!$h=_?IGap^aaoLJ^f*<*zZ;S$WZ8y#qA-rn$h&w^b33TnDvQ
z0oP4Im=rxd6vayEe57%zYS>$7>|r1=Vt~X?3DvOLAWaICSifImbA2MWzGp9VHkUzz
zPC-tTj!>`QdsZF{(0wgB*Pd?d$|F^X(%_SYQH_g4z=}GJ?%C+wE~v<4<bktAw^F<*
zJ&Myw3m83b)9OmSFErb@jzht`WXd`16qI&ff^Blp!*{K0x9Tn>(PuRq9up!T$BAvi
zf-T)QoY{$$-?lg}>2i1>+KOGE-t0aN`;)o(&|>h;B<W4kho_3hwOHt91X%}cDbMR!
zjf4A#TQVjIeG&#<qUgolBm)-2Yhtc56AzogBMyrxyqa02b$5WrE#H~n7~Wv$TPg*m
zm7~4z9nSW};h(HlJ&R7}=C=|UJn?8mJi~U&e(@)(p0YWN$g*Kr^CJUfk%^F(#;41@
zv7NC^iQT#7(nEIM&!xp{Bf)4#Bb9os3dKjxCAzz~%@@Orb-qIxc6VoQ3x&V$Cir_@
zj`1EmZ7^#KF=R!MGR|75bCPzoU93)>7Ia!%GO~8kP8W{F_`NJzwQb{YOL`4$+3g(M
zWKfS&*W7)*P(PS0t9rUwK2_~Yf2{@54qpOYG~j=k5<>|cvW>7QWeNpcc8XXxmFqR?
zS2pii(rcbMu7YZTBD`w6=^Pmd6)OfCPJ5&Ajq9Eo@aXQc9nUv{Lm7-o`Ut{ZBV^R`
z_`;SEnWvwfe8}yq*qEwXhFw<Em)CtC_3p3d!H$b2Nfv`VKTz^*^h+t!3gwd=cWv2T
zM_PDapDyK6ge*!&li5G{-kU`3@V0j*8R(1o@&*tXZ8tlC5-Bxs=AH+l2w0s!Ofk!2
z*S;2KR;kr?r)#fBp3ZjV-yRu?j-R%bQuxkMQcQc&{WNd#!fs?@zV`h%JPYj$@BB$H
zZDwIM`aUZn9zgqvR?@sG^O-vBJ~qWn2&h&x8iT{=7u!RtOM+@h2b(#1zD+y)bZ>xk
z7?B@nhzP5+!`Jl;8dDbOx$8`4*Lkfn=v1jmqaeEJ_|0CXQN?|`#FxV9mFa!Eijm5i
zV?1<J&u4f2^7W$baw*#U8?U~f4nxW#uh-47_UU3_8@+-2G;pL)K_`LcgjX{Q58=>9
zuW9h-SD-%yQ!#??nY~{Um%fRRP}c@Yrg0@s<$O<&!AO5(+HT9y581kN&)&H0yAls&
z&F2yAOFb9uDvi1!InUY8AE~G8wJh8XG|G$hy_o56{LZSU8iC|)f+7$0bw^&mSIp*u
zJ8lXOVuVg^Mtj5AEN3)Rgsn24?(z<f+1GiS1|Z|PD^%E2ly1sTLrpta1Q3mXgMvHs
zI(mzLVnvi=%&)+G`{=gL9RCVlEt=$X57n|3zaB__Y}(71RS2=bjsJKPdUbjmN6dL$
zOG1gFkg`4I)}P@vXP<OX4!a)z=hj$P7X}elS~0Jf?(}W$9dn<XPmv<nIK=~({&Q)d
z)I!eONa8c~okF=*Z41xW`O40#TWlaZYv)yJr4E~4><bG;9xpNC0z&Tb<7wijk|~-i
z0yx2~W{aJ{=qopm<vD|~hPa2cV35D9p4W)OG&EF|$0lRdyQeupG(~>C(%iiGmvR2v
zbCB?FDxqo;frd*nx78xY-Lz}|ZI0=4Wud^{rt%ntA*U0!kKY$2wUYLjQ!NGkwCbhK
z$l8<#lpBOYOW|GUf+-Mk=_7#)evejWZRI+#*-k2e%tJlDroD=O-5Jf`TY|7*%QfuE
z&GlN^KDk-K%?q(hy2~z-!q;<B$Z3IMYXNUyLo>m@hV7PnxM76v{kRXsaq+$ChfogE
zgbES?cjb8sViE)R3T=_X-0dhqTh4%{KqT2aZO^s|9XIKwPoQxi!3S=&N*<Wg!?LPG
zh<$uY8V4R-L1B8)k@YwnFPtwOA)MEk0ZH}xVV^JcvL-_=T2IOu6$p8gEZtUU6w-t!
zR}J=Qd>*f-F55V_ggeLQOJ}J(JEBF13qaqpUq-xRSM?gB-Z6Vtl(Y8~=`>~%y6Sg|
z^jGhF-b80dmDu8&xqZGBNdQYJZyS-g*xjm2-&;R{7<#IodoiSjN<Vk*vnOtDbXS>6
z!+7%e>Au7}ySIeXCQW1ry^LlGYX~yB9xqV1t$tP;7;3xw>W9-w+ImPCI55JB78@=4
zBH3$i$C>NA-LEj!Jni&w*i1r#7mnvg1zvJV7)xt3C-AQut7S3wvOcz;w+T$;4y2TT
z0*t!E7h;sMkpkdOMZIn;HCYciY?hJ)6ySdEn_^!WbiTA>83hY1*gJ;Choteojlg~Y
zKE-$&-u0(6Q;~TW=d36f)@=+}EMkae+6>U|wv9XMuecfLl{m+LLfqC*yWb_Ia;{47
zI&IfcOo@t!79|7-wCn26ypfV;eZKJm+gr?*HY2|RMbeCWx}uf}sULq_OukJRasEb*
zN_YwM6EUhm79+k}wi7g-`b}TB@-#J-V9<QQd{J@0B*ur2nne?l<vO>l^SHeY+&3GT
zBO)Q#r<XRH>&4)m1Rf5$iOwieC4_tC<RO>>{jChjz9>)~mZAjSnP2jE3BwRwpKG?i
zo;DXnZAimRyLmrNzHdSEi`&+$HRT3-clkEy)5yIW&}rUVD!axJ<?v6fB^ij$Qhp0&
zLRshDPY>7>Ar?JxYF=^P*wFr}E5v8imcm;&?s&H5*dzS8bzDz%N$7Vu=e$MOL7o5R
znio)LC!6!EQrm6Vrt!<{Q7Dj1z`T;PmOVQ{R2~7-y37N!$J4o3OUJC|zKSb@=S%VO
zwKvV5r*s)IxU=JMGgX7&aYyIkB%X}heXi$|N0SphhvRd=`;`&1Q9Ituw5qn67@?(>
zpvu$v&ZO2_m)DnP0qZiWd6vC&l?R=OjPiwG&SI}yv+Kr(Sq=Spvn0vO)&LGaULYPY
zZCe>bN#glj7q@)#c6pkrG<OQo)+%#EGa3+Z4{kJB)?hUL72!DfcJnD3j5lnpmkvV)
z?&BD37O6N4G>2M#sS8C#Y*=GSip(k)%?S1=jWr*ZPuexfJWR7gn?GKcQ4dDM2=wK(
z+Qyo_dFOEvbRgi~;3O4dp~@L*i9hT-ZUs&U5rR6JOPP1K+D}&Qi!$4?W#zc+l|^x|
z&+7CY`fwh|o1G8b_BI`hJO*tUSlcE(-v-$SY21ObH1OGV)aN&W3rf<m5GRf^0me)9
z0I6LC#*ki?U$-$o6Qz>qbAsm}2xwrw_Xb!YJ9;=%Qb74uoT}jRbD3+%)$yzzWR(v-
z*KM~Z4W75akPktxByED}5C38B6tT>ra|2KH@)8@2Ml^D<%Q9K`lf#ev?!Cf`{E_Q=
zJ6c^Npx?Wkbhg6>9$#sl66Zap(p>463d++c?@wg;6z&@3nkD)premoKdMi~_>plkS
z(L|zB!kMAS<|YDc6Zgu?b@S6NFJ95EnqvFFOin#PI8*s7dWapzh>qf62p~@6_=BDH
z#@S%FqdmPtI`11?5!-mKaNJ@c22JXHcV^^+5?xpCAyrK&o?|i+;xaqdA1`V?QMRY;
z!y29J!W`jFB;+0{pT(o*%WHs1qYzznjhw_gfWv0e-Rd{3fOB<M&_5mS>U?rhH%=C&
z7?=k+I~WhCV!Lb*Rt1t|d3A&<Dik4PJUjKG73}&W=mGpTX|jYoN<FRLM*4@o3H44V
za~-RnA1tdvoi0Y4=_UK__7L`dd7rz|)5_$!31a97&qmF2p(8xe^^RV`lcZPTc}YtR
zXrQz5MzhC^>u)iVRr{-ZpNPfrzw8C8Ud;CNJphhY=I=Wc(!QLy?s2LxpKZL}uKPx2
zo1e>YJ|9!6pr8iel2GyC^$Z(!@ZmCknQ@<D91gxti>pH-p*nM4euOn~C-huCCpcLG
z695%T^k1^V?7wZ+2Cy&UFsv1ecFAN0yV4BIcyI)Mfy63GxVQMd`h?W1ndS<!2^Bbj
ziaytECo`fLP+-eTql$$0{lJ;^!p``zuPf$@C@GS?4cFc=81KJrmFyKI^{0~~Mg&Q$
zE;!^d5kB-w&l!_*%$G9PRw>zfn`MDT0Qqkl>YV3{k4L{qNv7DG$9w&ubegyDnj7}H
zr<xq7^iD41rMJ@$8Cu<5nHPaSUT%~cXF*1*-P;(4(XMb-m^NS73LDB%=<hJYLS8MH
zE!)E^?a%8)>PMeeMI}t$oK6Y0zBK`HfV(%H4vlj?lgt!cJwl=2$@oT9YyuQkkw(+I
zMmdXqSRQX*>F*2?(ZWjaBv@6Ad==N!15|+>5HMQWtX=QFwo|gdmE`WJI<0i-47So}
z-F7X}{1p%^X1i3URTf-*AnJB9b&Hw67V5}YPLWzs+~1&QnofJHO=W9M@ZI2$6^CJ^
zxZUN<TAT4pd2z?brs~!C`FrwmB3@tRAZ|(S<35r06{AW_``72&EYDzRA0ep*YX=Xf
zO=u_WpA0`;SR4X5skmU4E6631F(8hJFN&@6?n)GFhPUf}RmfI|rb@7%yhPk{GJ>Bs
z?`w7!Y;+o%uv%v;eUg5dm-`i;!#<FmzWoT*>q<l!!AgQ?74g|ko7|>$fNBN@zKR(&
z_qh5k)?M`I#9S9V3|#Q}0_MUQTMsFF4-3D9boVd7fPCl)+^y~40vaq4eosTp{_r$;
zdPR2`qJ&npF0Hi(#54&jqr5CmMOhqzF&X?StQR>>fNXnFfrG0peJ+uk-Q#vW;~=08
zopuKj34BO=)Z=fBcApHtTZ2{?wU1Q96(72^tIG92_nz%<z2-32P>mu30r;ukjNju^
zJ-2%piX{`YwXp@ZX&Ge@OY2mE7%LG3#JmZH8|Q)ZA}^H#W^b9^@~h_VT&s5IYL$HD
z$lHeQHR$cQsSN;ZT(6l0vL7p5t_Fd}QO_GL->kjyj_w*k`w)qc4_@|53L&-3zs2pj
zqXY)y<o1UBHD~P)-ijr>6Y6VyebB*738e_QL({4C%y?PLZ}>RAPGmL+K3Vnqq;kn*
zjaCcuQ5vLfq*oJol+rKawCFQ+I6HlLoRTo&L~z~3x2=q9<%J$<mSB^VVbidMOR;c9
z9<pS8pSiU<|Dc@ps>%R-En=B2t*&On@o*2aS@xFdNO9AaXpBz#HC=7E_e<YOysI(I
z{!Feh=u?GftZJd|7iMgVw43ynEtn@+J|dQIH5xuFCb12LbUwuaHx?fKJ-bBjvezQ{
z6k2SN*BO#jB#b-~rIqXt!WHcO0h*V@osMTQp9Z(WO-HmQLrY){%>_H0#|@|K07(0j
zY{3%*M98Tt_n2}=b)0)66NGJT_*tmmc}t9X;Y}k(-CGx*Q)$XRk+*8xox_Wdr22G;
zf@y>hwmU1dOf?%;lwSu2^Fh(v6w+*uU6m+NqH7I#ZtsFI?TO$ccEy&0w+&r=T|%if
zb<@L{m(m1*{5dGG-`RQR6f^CAXv~9#Y%jfqZF=mDGIx#i<a$OId4RwPF6^j|Ezsw~
z$w0$Wa{-5rCr6$i*URbi_y{K42hWquP!hCufr%1^U%l0luyKC<_SO$z_tFE`Uo|qB
zE!Ud5_<(aVn=sgXmtEg&N*^3rRdPt+`6{Y9I}*nq?`w*^4<M;J(FFT0=M^#L_O(-n
z@;0r*qaNq=!tz)z<OjH}wY?#%*sAF5TP~^b^zM%}oFY8=@JP^bWNn7m^J<7Ak3iIO
zd@csvfH?VmK?<a4te)UG_FNGzj9?)9C%(i&4E@xw^(aWW<?V4c9bLKpac8Q!6J4j#
zdfHq_XnVs0N}{B^k9zu-_3il$GUz9Grq5Lf)D@;OvBP&UpnL5me0pEoS>@A)r2f=F
zaX9`%Cy<(ov);+Tj$)@{eDl=POC;1PS+8LLKmZEj<(;_{c*FvB%q<HP%rd$cfyy^P
zevWYz{s^prEK3MX`>pZ)0H3{bMHE+3t8_w>oYC4P6|3(~o+4K?YGc_vyF37GBm7&f
zvKzg_)!qd?t26To{dOq{x8-_2)m}>?9(Nfs(pVDwwd(sl{|1why{WZ8hu#L;)k2si
z=L6L}=$C9}hM}X+8aR_C)L$6>Snmd!jNOekCqI(NrGrZzU6x(Z(E1m46UIXVM2JK`
zjI=(UESZXI&~P~K6VWCV)gWh9jeELEN4|6g)_hT~D&;k*c$0qtgm{Y7l(^9!H$zN3
zx!@9~$CFW_8u9>8i*)QA#1tcUUnTE^e&hGZ7@b8>)ZuKKbz$9HDlyL1;+v4JBr)q$
z0z8ShOHW-Me`M*!!phX_z0=lK{^l1miVklS+|u2Pgux)xIF_1`77R0geF5{vc^%^O
z9(110@t?4u9)5Vb9GdEQ#%>vVad63KO5Csro^P?34q3StvETT1u1xu8QYzBZ;O_Hr
zikZ6P`z>*Bc}5905ktf_x#}<P*~NV8vM&{LUgZX_YbTxn-A2(p>rN*>N#`!MK7zY$
z`zpgx?l_bOEL;3_+xWhmD7L`fys;)%M1%o%7JRIlz@8}5$jSXg<%A$oFQW5r7ZdzD
z5t!W^J>6Eb9cr&sa6}~VWeWSxdZyO=qj+ko$vtF&yA&xTnp!}Zj#I<IStv#)2?C#w
zlx=PI7l-w9W<nrNv+>EtcNqFye?mF_SD&C_P48^NLhWfzo#&iO!VXLIpV8x&cUEfA
z;*#1g#}OF3t9XEpq3#k*?jDy+LLL`fx0}ro0|dcl=BNsC;|!^aON}wnCS#u9?7j&m
zL|;BAOtj><oR`e;vV^Gf29h-+M&pd-U*o&N{hF4D;IE`T0%w?xAP=E+9rj44<=f21
zz$vw;8lNyTgCpUic-)cw--s@t4|GQ<rA3bJo*Tk-7?)>s20Bcw*6Wr%vSWAqhM-?8
zM#EmkpA!<8;%5U#mR{I|_#`xoN=u<RYc>}LyCUF(?y$aX)ZUzSzRGoWz<x#)S!yZx
zovv^NXB7I2YPL)xKK9htus<VWQXYb$?Wt@Aa<EAeXhpU!*3UP=_4cC?DdZO6GURT`
zN?~yYmiNR&wuZ|_1S71>nU2zVBB%+Fbx@1mZ2&4*`?aayNP0Yehq@IQbmDP;x;mUS
z^=>`a7jL6rbT3AwT=Sfv@HBEuuJ*u>>!6S%O`&A(C)%!5sk#9R$Yu!C8@F$Mi+a;G
z;J*Kp@r&$06wv%msJ{@P%OwDVx%M)nMlwn~z?<gqi}OmG+ivo>4Qw(@zM1rCM)=N9
zqC$f1MQpI!DP$Zy?HON<*~nK4@qkFam<tZk7yqQKELc|6H7nxLIUs7xZlSs(f%_{Q
z0gp!I(?`yVJjJu6ZEbRFJ^>QQ#=P8#Q;99CJH{Jj?c{v>eQ6hxskf~Nm9M?shbyW$
zsG-XAVAOf92=YD=#OrI*eTtx%9(?17@E$(x#~_2QIx>oGM3NB;U-eGzuqpBYH4fm7
z;4OmP%$v;X@=YynDmo6$yi4SAA0#U_DN6oyvXp_h1Oexp4i1&(P**JmfIuD&BPt0m
z%W~!JfF)=Ip!H@?P(8Zg52u`3ns;C7G*!mvqFsAYp00E4;@-77?lO$QuT`rEk6}eM
z*Bd3Ju(>6_SEC;O6q!SXg25njI5!yRnOBQ_%f+`ejxIT|;k$YbGEl8(IdVd;x-J<~
zyH@9M7UBl&cKn4c<3&Mr3~ajeE3+4EYT@he43OFF>N4-zF%<#D>~*sNw{tpW`)s_3
zM$U)g-@4fz(Sq%-Pi75*Jen3yM%auICBoMHUIEu%w%wkCNP#Kq*>naW)LPLGd7J{8
z)1z~HTIl)~J7oSJW+;dWgF$3K`YdZNuv5$levc^KyvAY<`UmOy&%e`d1b`mwA6*bt
z3bj;9RLc<29D<%RTAL#a*}k&N=Q;(Yu$}FIen~N=Uuu3zlpKSP3YGW^@O9Sq_D)BB
z3u>wJG+1^oA!A?L3+oRLJxF2m<LZwaWk(twEw<aHU?~$ntJpk6<gn@8koEngqy$#!
z?G<S2><#WHS*-s>LYfH;`>^jj_yQgqPD35Q1YvexAFkU4o~AK4#<I6))s{ZcTn;5G
zao2JQZAPb2n^h-_Bjg}^-7Jm^;5I{07vq~_evT3M*qAqMVC-m%MC*vy{#R2BUKQvn
zgcQ*xo|n`jyrwZgbgD(-UTG3aK!;AF+2^xdA?o-51oQx+?E*npOFJRUuohALuERB_
z#;g5J<fNd%?~9p=&J3u2M=qQn7cdoef`4Uf%;%Z$f>ruDGM8i1QC2Kd4}1-~>l9G<
z9uWd;zaJo0%l5>mqio?B$Y5r$QOCCw*^<P+J9$s?J}}S#lYtL+JAp!#T>lI<zzehI
zzWr8YYR3SR`mA_7m0P2?Oog=4D{Vk~tD>3Fhv;PSa;zSm^g231neb&#umuGxZew7Y
zFc_YkABV#h!|NHRRbc3d`6uI$<M!sW>5%HPLxqzY^K}5ANW0$Z&<qjuEoc19So`t|
zr}d?ECke><wCYAllwz<Z>fo2*{=P&mUs0$_15x^?1UlQo<p=fK0pXd-XKZbQCuOQ0
zXzSQ|!eFZ)HrFEl5y8f_Ss3@>N%jEtYZ<1H^EC(#HFXjDj_uu-0pr7dKG3eIKz!Dy
zx;D4`lz@ErSJqQ-<9aDUGy7~}y<q98sX*@VVeWgi*0qzPBW=yS$w_{Ni#BwQlW8Q|
zsHRLMq5I_4JRFnH#mf4k^LLqnn|z_C$;tS)S3xcQet)4iQzXzr(j>x!d5Uizm&4_9
zoo?dU$<j3p_;95neSz&SC9csU+cspM2QYj^)7QW(K<5cWiBMbOkQ9M(3J#!_uP~?D
z@bmSFic*u>jzqTLZSBCa2A|VL#7Hbvksi)j8P248;`ijbt*H)A+~arYnado*HMNl)
zeEBXqn?I!o1xGniMJs?{rF$b<@99&-563@HtInJ^VQXh2LR_PMk@B)8d0P}tKAe=f
zmrRrQAcnAI3=mFRQ3&!`4>xIQo%^({tn*EIcVW4ZTFEyD$#2;l_Q@zxRb~Lng@Gx$
zdAi$#KWG}m*Oxb9{XL>6TyVct%LLLq9ui3KA@{Fsbx)D?CWG~bAI<N~qe)ktS;QU<
z!?$ChkTGgInCd}JiQkWqp#xZF4bhyu^Qg8Wc|$CT*nHx7;hP%H4mUr|Ss*&~zwmJM
z*h)NhEl=B5pr^1OCT9^C%w-0HWfpcT&@&(5YudbS*9Ee+rb#lLf%FlM6C!~=+tS^&
z%rEH(6ratjE=j+Mg@uN49RXcz@6{5ke2zgVvG2yoR9ZzF0N(M9zz?^!?Jf_jp#rE5
zP=025HU!0-!yiKZEJt-7GX}QT!os>;#=zGtfc0imbh`)?uie=Xjy>{PK~Hd)UYUC>
zA?Ru2MVF_7Kp!7wfM@jCS@|%O6W_XeNq{Wz-M6aMc)jS5@4h|=7I&R!9s|(koF@);
zxBLwN?Q(plsyvdl8`&`WVVNOJpYM;|2B#n7b{z!&<aCHVP<&I=d1|0U=Hx~X4PS-1
zysR9OJ|7JN1t_P8e#O$aK@@SXWlh|uyY}85qsXyr+2F5occ7M(5O2u9YmYQfHi^6~
zPK%`Na-?HcR!Cup<|a)&XA3&_c1IjgI3@<zK-R`yHfip*>DfccCeW{b&rtwcuh3i=
z5~T~F)SnSR_BlSh@dL0w$z#z^4{WSVPz?Z0cz)R=l+sRo!uHnt;{s<-{kjjx$BFZH
zX6)>%IOfUIr4osiu+<G08t6s{ccer(s}|KcF+XUt<sPeUVUNC4CFJS8J-YL}4{N?u
z40`^~#LlM6)xhPf!OwEusGOz$#gMT0sEYMOgcytxT-Im=n=>95CP3>(2Jn*0dUL#e
zlnO1C?Q%2c%d2|{pMg`d8E$>tG3tWh(Ru1kvfWHdqQ+)y9Rk(wee91f0H96Dp<@gD
zBFJ2TP8jI^-c4BT>!DCm)osqc_vL4v`F~?0m<2MwTkO_Fu#vv($6?M-P!+SLqjv-c
zzLA?nHo4X%I;~eT&y^Rfy#M;caz=tPfasjaQsQyy6OqJfLmeIK=N>|wE`@Nmw{4zL
zzxr=<oAsR35ICaiLHJhg%^L-%*CBA%@>O$n762b|X~gp^DS1FTbDKZSShBG-O5b+}
z?M4zcM~Y*Ckm&Or3!j&86_LH$F>Cmo)U_%HXXiT4Db}6(?ir0LG#~m6HA;Sz4gis`
z@_L3n^G1(5`M)?o`Eg=vZOsb5S5>Z|0CIA6Z*5ALIL2J11Lyr=5$dBt=futYiqW<R
zUpH}r-(yn}!N;O~$oMj?TTn>Catd}S;ivBNkvMo(JU8||iCL=+C}McG(%>;VC{bhR
zSssz0Co}MI`8u;||HDN(s3rDX(<`lL>2d*J`cOGQbQ1qaC@s4@4l1O-SOGQ@7cZ}A
z!T$?+`WMqo%=G=Y9B=6;LqzSS6n(BDDJe=v2DG}e_2L|6OdR+DBCMZA^4!Gsh|o$X
zDqy$1CO|MHW^ti>{Q%(%xwD(~vYGhDuVYj90DWdHyGz|aYCk#k{<ugp5`52GnlW%8
z{0}bF23!o$n_j;do$Wx`Vb7hxxADLE6fX<m^eyeBP1!x9Vt{bHk}ACJ)9q-Cs3%N9
zsc<k<m@(D;C7vB|23uRvDHxi#Sp=<<Wjn;*Be#VHlmQt<6qoMeTlB&qARd;#rp~`<
zbos*2?!^?<YAJqPV8(vV7%>5A%<Ag#3<M`_X{$Z4h@hK9in(QcYr9Kz!DjMs9?!mu
z9VDjsnp&og_y1tg{Xr6|qqTooku2e(^8A&X=QL!utT;R(eCvgV#{QOwR=$@TSYPE)
z>L3^D1Oc;@P30Et)KnBs<o-^T`jdKTAw_N&U0<OhDfxw7gQBYZX)|Vg@hJ6Th+8;O
z6i}|0(h1;3`mkB1XR=sx|9=&5kRdkFv&4gmG&Y{jpXa1Y#xdO|nR>4d0MsT&_?V40
zS#mBsly5$tZ=aj$<Pr-eX3Jt?N<~HZ+6bD}x1Rs}JL%}JV?GiL1@@e|&0M*bf`Bh)
zqfOK?Ex<iJfewc?NRVdmw6lL?RJQ2dAS`pu&~-sfgJ_wgq?F}@Z{a{E^$E_Gxc@4$
z3&lSM*-A$w&@un**j*N<cD^A+?6TED#lNtRzws3PBP7U+cT5NnV0Fa*4~6-^&8|j|
zAd05^?@@uK5i=Si^8c^uzrh8Niy4u?36cI^3bcr8J67#~*uKc3zPYlfQV0!2OtPFk
ziP39)iEH<|9j<8na@}G;_k~68p*?{`Pp-15$JqB%i0cv?;r03ZixF0<e7V`-sT_&c
zm>G^4>u3o34FY}tT(&J^NCvD<`@VPtm21~)3%Gb{*BB%Dh)zQsZX@}!1~SVHHu+-y
zFquV4@w;KzoiV!2xdk7-ds?W9p!@|1{aY<Ea^HFc=rITct`rt)&7udi=eJCfcH=)9
z0Fw&Vecu~E9AuXu;Kd)UbUmF@gYV=LJL!B~Q+|hc!9lB(N(mT<N|M&*NkZmL#L&9W
zF?|G$>s^T7>T`IFqtff%4PPEMABT{c+#EMEctc1G9&0y-8cz++yeSubTqSC)i3UBM
zpmEXN@FBI`6f?o2Iv4+Rzoj|?)ndaBICD94tT6&-_<ti(4$8yPl?zwilrK)NSb1K#
zt3;6rvYfVy_OwUY>B2QUx9I(Wp6IoTc*#;7%sul{eHA>IvA39v(XKy@+ZAPjaCGT9
zf4rWqzryu2Jx?pWVJa_D%-9#vpc{6=>*xIkhgKgcP~>Lz$bw^U`2G@CCVVeiZngC^
z2|_RU1hI*2+kH3Mgx1d^13QUncAWYkDGuK!&<Vt|Y&#7|WY%FJ$vmOtE}c)T1a^`m
zV30bVZhK>sk+HINEEoV?HoBlewET`cp^2hq<89PO(vgHz7{XW8)YR1b4-oo9tRhL)
ztdsDqwc7{8y805eqLJ-rVH3RT>pxIn$kvKlE96a}WnO!D$Ak742ugHn223q`BoXn}
z3`Qj=yzXvZ_dFuucR5UGjevklgMw62mO5P~v!w<r%iirDo<#|S=f*rXz9qqJ&MGc9
zfHe+Q%c>gCz{y{8k-QiEUcvK60S!6UIKRLG&2G}mdt-VVELAQ?4K)tiw70HpDeOLl
zhQdn|ov(%!WDB00x<~NWWC?z^&t+-d8+jPgLxQJmMaNwhd!vgjXt!#R)B65n>(NTl
z?K@o6tx^QO7gRPEPoS=-!7jh+uFl_vnA{%|6Jm*&lz~&uRMn(5tEwk$wT1GTLLUp2
z9#uarSNrBUAI+&%Hs26>9D#Xvx)F#<vY$3Xc3Xr`oYQ~ocYoK9ZMmI^owLzC)ZC@0
zLKm*$!92o@9~u3Hhz86O^^5bl*cqbgt74?(>~s#}v<@^(xBR^evBpV<-gUoD`Hzke
z){xvOo|lZVdcO0?Rk{vaCZDhP&GQkKZ^Kz~GQe@8>qG0lZ~M~)%v9AYe|O|9@492W
z;iyYvrSKaY@2B%QsTtllR<qGK$o{XTPgnqYq8rofhJ>rQ^BuGHj9z6G?;lW}2*fSo
z4{CG*MO{3e3f7&3pp(o=U^c9ultc~JYE+%59_*zVCnJFd_y9`Z#lX&Anr;r3br#(l
zNHU0E;ZYNhei*z5rrIA<g+yD11cJHzHGO7vi-?93Vw3bq>7=8HXCFv}+(j7E*Y%I?
zYBN|2zbRs@hysP@KT0$h_*#TMSyDnVtf{LI@_Hzjtu`9iSxi)C8t7g_4Unb7zPA4a
zEkxS=<(~cPR0Da6OMc7Q`0$PR=An$inH}A8wdK0T6)a$JV~<V$xg|fs`_!gHwV>ul
z<KgUSOtaJ82*f}1=CtB^e^Kub)HEE^9O6`q{ry`K2?fOo{B^C9XU9dW$v*aNJ|JH*
z><FAAt53vL&dPdo^8WSsUK$yXzWn-|Sh>Ne@2cI^KD+AWIAMS5A=Yn~qdE4iTl#zN
z9%>JpeMZ?~ISUHuDB`8y*3-%gmwK>2g7@<S8pr0P688b&FunGbw!fSAK$Pf;i!@O%
zy4P%#q|tlDbY+StdoV6D>0Ifm>tlr@1dcU6-=dj<Y}Qgtl1)Z%X?oWQX~)^8$Ozfj
zazAnk!~1>x`Za$5rQL;K9)76ZTPqKNa8OODes(Nrw^M$={1w9PqqqHiW0s}xuC86<
z6wleKLfcKQwvhR{z0(gFm!UX=S|;(!th4WmT4RUxQj^w47qGUQ1%kp@DmS%3M;oEm
z28M<ms6W{ec+mzPaQVk_)crPlKtRk_#(3|F6mrnWJzhUWp6+*F`h%4UN7b`oBPGKp
zR5lPrrsUY5S|HbwH1d;?5i<_)u_2gko3%5&U_054PN%<8<g{KY($ZAO7XAL=h^7Tx
z7GzM?NIZ}(Lh@dR$BtY7n($=1#&nFK-g1@RYOdU+3gu=jk$D+TK4xeobu2YX*~Y3k
zzH_m$(e70NLxR@T>MR*x&ASA*Yz}uo;<l10sXkw>qNnxpd`s$;T<4u1nN5m$4RId2
zRNdYbe(gg(nKiMqcL-@DG6Hu#-?XapwpDCuYm_*K>s=ky%kAo{pxR^L(5p(KlM3uy
zYx*^N3MVuEV<NI3LL(nRv4==YQuA|sTHsGet|_yK$E`8!)_{pNt2I?n->2p8f<Qjn
zBU|ov^NaIHSxQ*)M7twwk?-2}YUN#z78W$G?RhPZk?9-6g&8<FhBjkkRix<pX|+JQ
zGBVDQW3H8-PK3wPguSAuTQ#90ZTyo-vcOumblAhb7dx`dSdZj&s}^r#E3LM{ZB){}
z8|Vsdq}$%7Z7fFpW$AGRiJ#}roaTiKYNi9M<Ul*F|5)Q@-pXik=T{1y*dQ`#*J(;*
ziDvOBW_lFHb6Kk!M5QS2%xEidn%<41sEz#^$gcvF*EBjF&UPxjaD?@-jT2?sMXUzz
z4#w(LassO7%e9hrs%OjQli8bCfYy~O&Ca7$B#jXyjjx9nxbOMtQi32{)H01V+Jl}-
zd|p&1&tEP<S$=Xq9X&edQ!t&ZFlW+uY!YjBZ6`ke;mx~LUS^-rY<2~Eu0q}{Dn5N#
z^t5U>Y}*x5s?9*+u$>h_2(U$hk7#0GIb0q5@Kj?NsfW7A7!21X-Zz_wSA$$b{`cNO
z^FkwA@&1@-r+57PmWtzb(xDbVP4H=~(Z}>j@uVD|(;LG792%)Y#d7Z!z28yGYNbjb
z9-0cqAj{b<L3u~FvDWzOT%YQZdrvKR;o}7p;;59VHP0yWx{<{Cg#4-u?p_MgvR-mD
z?@xwRYJ9<!<%nzjS_qL!_m^Bu2BAq3lLyPr>cHm7EQH{p78@P0>2a|$*U)zUV2@K<
zJe}>&T2@4Yv~7sb8igKY)Vuc1cta`y${kSNI(><%5&>skq0^Y)rXbGc#}U`cxa&UM
zqQH1>I@FlT?cEa?mMVj0^paCkHrfuWQ?o;K56WuCV$uL!DD%{$0^G$NRWKK#|AI{a
z{g<c>GRW*T<}+cJ{as_spC&W<D@(9B89=hOG+~CQ6_I7T+>pU#v9dyax<n6Ie~ipV
zu0BUG&)E*(A2!%5?{g_&mam~cicA#y+geU!>&NMl+ODZDLBJ<W_{d-VgZOI@uV0B?
zQR0c)cLM2^f=|*~w!Z}nUjvkV@=cuFyyD*N0Vo>JJ^jwQTU+Y&TB8JPX8z#Y+C{tf
zj=uF_v0fwKIISqQoV823*d4JDo}fR!7=hj0OJkJ1wH0=eW0SwVz6s^6?}Z-7li0lG
z)mN*!&Z{6zg1l>|sSQ_KghR%*hFSncMZ2`|K12kgx2NlVEGp?I;0Hjn;1}8CdxX~0
z4ll0F<%1?ZttP`*b)M}4oqEsT%~o-@nV<nFJJiu#HHi!U(AS)*b_yT;W7Zc(7ZRV7
zD&Y__j|IT#TD!p7)69?>2z^8F?-R}c8&Y5jri#X>Mc2ptELaM|a6HyTTZX_u4J4$n
z)R`l3b>vL*Kz>&J8n&?HdQd-?ZZhuh!C1rc*$?pfxmg?O(F$w9?LZWXnw<mW4?}88
zvmn<9Gz<*Uq&iaB1;tDuqqYSPZ_@Ab`)7`V!m}c7==QLMILl^*!{XHb^+lP-*(pQo
zB=-$^I9H5I(XVH9IuKWenMbBKnE&qYM}(9VvFy}~bjP95tEplzy-61Oti@)ZUbEv*
z&pJV8bC4Q-Z{Eo#^*ojZQUU^RObO?@(~|Nhn_4yXZG89k|2Jjj+U~43&1;@y<|@1O
zOtIYj{ABU@@`<Z`%-)N(SucyMe%QKB(bn|V`;!V1>*hVJoF;qe)Mf*eusV?fY)Km*
zVEzB``23VlOI9{bcpujPi_iNUgYVuKzAtWU+*@_Ty<cv1^1+D`?`}S~^1htbt6z0D
z0<Cw{*zF8#5{S23pP$9Zks#8#{o@VE1(`WaD1Gu2FQ&$}CU*Jnvo#AhUsOpDT70u7
zxy2E+6E<NbXFx>ytJCL?q4ltVU2PU`U_T|I$z~o#7fc~oc)^BqSEkSJ#q3RUOk-#*
z-M~_5gW?!a&)s2}nnU8;mHPJ5{-}-sW>EnhVCGEV{8WJwT%ayfqmM7p8Nu;&W?0-2
z0o?g`Q0U1=v^pEeojD8WjAi@&<X~~f24EyKtDbm_R=ok6T1KWoXZY0qyotpf3BZtI
z_nvSZGoVtkfX<lt>(gc|?l>p}Y*tTG=*JAG6IVcK;p@|MEbeFm_I+h_9OW<rYKTPG
zt-_zz*G9jOc!bu?04HRRnGCI4n=hUcU7g|pJP_dgyn31JpVKf>Sp!QAFqwTzFwVcn
zlzC-EXOEoev1D#>%vkeyPy>vB=f<Em?#~a013z78KAZCJkZatx2U-~EiBYHkIOgE@
z%<sqR^>=|Q#~CWW&0M#s^7FKmZ%@=PR5zXhcGhq8Ywxf5>3?Z=c>GNB@<#dUVsR`A
zT@-ALP0cQBv-_D6oq7GA=gCQ`Iv12GWH9pq8!&d~o@w3t{NAoh_c(wHKXzKp+`FR_
zBLEbPg%dP(OkW+pEk{!F<GF&$r&AqQ3SBi`c795juKeW1?)_OS=bZ+%BGP>2Cw_fx
zUSX*nj=8@wri<mp#&0{afJ>pZ&dxUf8u9x6qkDU+Q*UpJe+n$nCs~*0eT=cI`LW^8
z$K!sMB`-GAvli)Nda%S_;f#;&)EV!xU#7E`zqz4#v|Idh@%t?|b?xlp4jn%KHGIjI
zIc8fER$^wxm8!t8#T1Q-EYIZ|_6LU~U!O89Sfg(?W=vkP1m?ezy2c1wO#8op%7NN=
z`D=Zc0W}wxQ2d^YcU)CQD=8U;JnjRt+2!wF6W_u+RB*;{x2};#b<N>Jhg1|573V6a
ze}(%S&bTDanBkdm%0b7O^R<lSrqjSRbxaQrB*W$53?oB?!kV9-PW}7K{`AGg#b09B
zi_FnRi-3hTu$p_YvaPLUTFWw?BZq`~S&I^?Y}L%n!azG6fqlR!JlD2->6-Huebf)Q
zqnQD+XRoiTi))3fq+bNPOCvjGlAhoIEUQB_DjIkyBrx(9u;%gsCY6K|n+X^xrGdpo
zV@;(vd>|RYa1a313Ju4d(Nm>b)sMBnBOSUxX90i)R1eMi4y?>D5Q`(wPL2wjDOl_T
lTFH;8V**Yq@mllXzrx<>D<+(}+z2{p!qe5yWt~$(69C9j$zK2f

literal 0
HcmV?d00001

diff --git a/doc/user/project/service_desk/img/service_desk_external_participants_email_obfuscation_v17_0.png b/doc/user/project/service_desk/img/service_desk_external_participants_email_obfuscation_v17_0.png
new file mode 100644
index 0000000000000000000000000000000000000000..a39f6b662e393c2e6b14684643248e983fd7757f
GIT binary patch
literal 27676
zcmdqIbyQqS)96hC1lJ(JJ-E9&1PJb~gS)#WI0SchcXxMpm*DQM-{d?;^1jcx>#p_v
zd0A_iJ=5K_yQ_M3SJ$sANJdH&4jL001Ox<5?2C{b2ngs9@Y)^n1Mq((idZKI2y~H&
zprDMHpdh}Ct(BpPIRFIYOHgb)go3>4NAEK?+SKo8f!;9_$=7In;*iwdQ^jEsV2~u=
z`D7{ysv6##@e6~^psJ$CS}O*ZfFt#G5oRnn@S}k{Xj19$?|5|(9G`l<zVW`LFrIl@
zF*u!$c-*BizVjB?4HP1;-~uV^`f3vx4#7>q;r|2g10o;DJ7W+^cvit4SZHXFf{`Cy
z@fVy0tQ7Sld3rBTXK#uq&d;zkATo$UHZ8E06hry49(|}mjPLj;WSUQhzD}alXO$3(
zd=z@PMIjwIKS${wJ&!j@uRuft`BX#kKCv5#6ogMn^yHe#@;zoi3nD;*KpJ1jg+hCN
zW`+rOs9%Ofz(a^ky4R@Zg+!`rU9V3}-<AzZF0Bxt2ASpyD+_IO^VW#-rY<K>Ty6F#
zLtF~w$v-2Ts>$dsYWg{sDpVbtZTS6K%^MS`xO=xzVsdA2A^^94TAPCvVADa>57V+Z
z#g=$np}K42>^D}$MlIB&)RNGf0{G!<sVQdLFq1Z5B(Y^g>MuNI8;7rVL1jc7@HqZZ
zk>glNER@8ny}w0YUshjpI}_SIL#ZRNXZYFwLELO_WM>?mVNcIcNX%~Qg1dFsy({-M
z>np;6T2>5xAun&QsOk6sbnMuu5W@D#3jP7^XPakVLyR78oel625Ey3=`+SCnVut)+
zo!lU$5OAoVMElRK&G+_o5oT@PmKG)!FdZ|RsqD~a#?wxSS(@q9rLyljkhtSz)>5cT
z-g(RKD`#%*n)?e~<J6{>Z;SV+GO~=!fWmy?gC~2Zm;q()gOrraTmdoGfipUd0Om`F
z2p0!R^98Js4_3*yR)=T+!cT{D0dA<{oi!x(yZ%nG39vEWkPYaDcTN0w&XA9th|W+V
zooor-_>c&)_!K$NCj5^P<OXo`_{sw?(B1+W#$;&X-rpm@)L<-pp)>UgU^yUX`FI75
zGD0Sp3m}>h;P{9p)b|-fI}B8y=Dgu_U=rRj>Uy!kYJDK>IIw0(fw1zE_$hw>X$4aI
zyH$sWHSaSrt{@2Ew+Tdx9#~y`Dq_SS{!JwMDqM0t@d)u8coTk(2=y<#m(UO2J9P^_
zarD7%g<kZ2*KbI$A94MPlm}}EHXUfvztRP(BSODkfl|UThjR2Cpr2g<wGg}DZVpw4
zx$NB<deRNA+i$~$4QCW+*YU8KWh2(W+(5X(qrqK<I{yu;C+z2ivtkSR8aQ6y-Uj2v
z!+q<${yogS)-&QO5x;+iaK&fmk9v>-0yLT5tz)dyCM2At67YvU-ULbY@DYYLBsGMo
z2%8hE5yK;qet{+yjDjH#jS*V<LP0VcNfV75xi&a3us^^y1U3w5U~3=_kQ&g4#fW$i
zQX)={P~FZofO4UHplghEPk;U)koiewg`7U->yVN-+z#>%)J`^);+#et^>FkmzB<h^
z*)rvm+7GgP+Wr`Ins{nuLMQRlycJ59tQH?Gi8P{itu~F<&}YpDdhjCOSb+?IB7w**
zSwA!A?qFwOP+?l(G`+M<f?kQ>ZwlXwBmlCFGm<kDhk(NfWT`=!pwgHeg#vqxLJ1QE
zRoO))b^(`I+r~@w9ZyUF#*9i6@*0bp=o-$N@hhfX`n`)ii$rDCa;G(j*awPJ3isIe
zv97T^vExPdinOx^vp7YPMd7n_rk_naO(|z@i#3(pn6*vXuG~+beIH2ocx3`+C1(U@
z<_qxT&J^&bCuYtk5lxO~8*(nhqw@~R5_1|Qu3B~j(G-UjB{FIyj(q1}nix{Wq%-5E
zmJhO*4wu@NkWaoXX)b-_@aOo+(a3Sb5$+(?1iR|Is@Y`Gl<lhK8ge~%ID5!FL3+q|
z{qg2*-)Y~Aj*cmiX~BHLfX=)?Z-8ZlrG(ktK#1O!QJl4ismUUg(eM)~)*0g|i;v{-
zS7gZ{Nz0_JyxY9@(;j);FcmP^=#c0NG!14VEc!`+#Mvacgy|8`5xddk5pDH-)gG1O
ziv5avLldJ!JypQNg!tspIK_NX?_p_e5c7P~%3~c|Z{M=vH_7TzEOmMHwiC}~H%EnL
zVaMc?rQ^0G&V`VZqhnF*YivCn3hYycm{0tngnf#lCD{R6ANs3*q^BIGGNejzyd0SC
zrX0J^xHxD26nO0_^7}@^L4zItjpn7yeqLoBPxEQDW|hq{)>3-aVb$ey_H;b4Z-jW4
ze%A~^0-;j$TR%kHM>Cw_*^d|37gXoRmvYz8cNAByo26T+8=6Plhx&WfefhKKM@MJP
z-FGzV-$nuR6{0WL&vOs8Pth-eFT>C29}>U<LDkSYL!Qx2G_H*+U-f=&=J6p8z^`E3
zvklOZaqq|LXjscwyPQ`e7Dv<);AGBBpk|5+_IGo2)%kJ5vO>pyuNNK=rV1+vx<@>~
zP{m%v10dDX9E#Ma)!;X=f57{QB#*;b*JCz#N+Kw661Pj+T0LUDSOl1lE2frK^|bU`
zfgTH%uUuFdSjeu_X7foAA5+2REF-jx8Qwho*|yzy<#-`-PxGwzdgUB{zj^-?EdF~c
z6j6|65J^xu7!`lwhGdl0lur)ApwD1HG^sqH{GmKlVP&Dw_uwuAUAH8|rJ@?#$U-vh
zne@|`Hck(PW7@JYZ-zJklMzLxq-=iAm&;TG{9)!|uA{A?z}S2x@)G2-Lk){6*Wtsx
z#kED=($12fWhUyyt&UquJ`N)e5c7gZTXXdm6RQ#Rx@7&Ndjld<ecNH}yK1{=du{6|
zjfEuAM6{$<=bY(hrdNQg-UlaEPAi^s?p?ReJ56=-y5rT$Qg3DJ)`_Z$oO21J`u#@)
zCEl1<x<+PCvw4;$i>LanI+*(P#h-OsUn&J`94|J;ggLRCCY?}^UEAGyPt8c`NFZ(_
zZok}K$A5@nIh$Q>_Be~L>Zxk84ZnPZz6qvA#k;+@y*YJS*LLFD;``|{&I|3?;xw_R
zqo2zU7$jK9ED;<pA}r$Y)O%KtFICc1dAX@Lw|<L^AUa`&XJ!_i4Yw@zGb5=b>W{-c
z;yHC`X&fs#)!{B}I|pMUV87VhTSz}kx#nGT47Mpct$95N{$MJ|Pc+leWK%<4S=i3r
z)VLSAo>+&r7w4}%;>GT+^kn|PzGJsM7Cp9?n%)xOp<ALj^LVJ&)!SKzYJos2tl6}R
zyRzo6_;xu<xu#6xK*vd=;n3)Mn>1a^IFB)(Y`L&*d|Y#6em{FU?@#ko)|U*=n%s=j
ztnP|-n{wuG)apEZH5a>lyv+KDc6YM^)oyooI@SDg=X~dXmcQb4g@4r9)14x^APOG7
zgBQ;w>m~P)d|`F-a{IFPfeV5o-Ji#UZ2-sp!L9F1+y636HZ7KG-c^gyoZH>8$1Ufn
zHws;lR+yGlYv(QVT(s9Ldp`fo{;k@M$<%&7?0$56Im@Z&48FbIW1R(!>DGYD!F^M(
z6R1T|9(o=J_aD#C?s_}u&+${`ecI}64_<Cei5%?Yn}O`pr69f(*mwvX%iSO{S(93s
zSRhkTiCV5|8Hul6NgZCBiJoq1$M4v7;rS4YcnXvxYpdAzwSAOkSZ1>uKo|N%imE-%
z?8A9TIJQ8DF=}>0kGNjr;z3^t7+;>WFJJc{b7bFGUSaZKK+BM%9BP5is}ev(%urGi
zgaUXC3Gyz$1OyCt^$z&L1ipZNZj?U=1n?ah_!7!^|5qvKPzLB<*C6h{D)P$<iirW=
z<@Id=082Y#D|>xNS~H-iITHmHdlkvA9QsxkG`a>>dH@<{3+rD^K)9SafR`2kdtH2I
z3v)|54rgw{KWcCQuYY|_ONjqR6?-#oLKR6Fd_gN)06q&19St2J4>UeLK9{Y5A%~oh
z$e+!DpSTH)?d`2OXlb3CoM@aFX{>CGXzAJ6*=gw*Xc-u&fi<Y@TrBN%ovAJDi2ftw
zFF8U0JAGRdYkLzbOZ;DQb@i+q?70aEf8FTszyI_T;B4~Goh<GC92RhZw7*Jd>1pU_
z|CSAG%Ju784jB_?fVrxWi3LzSz<cn}Gca-eQUAY6{<-6CEmi($$<9jmd&}QS{&!17
zJAkdAl?CvY_B{Vs=Fi5z7yj9hi}u&Zf78T&)cnV{Kt1z7bJ6~7Gal#-4sat75Iztw
zA$|qtcPFV3?r6Q!{Sc6uckr1XldjitoWKw8@uyH<nZUuo!I8jngWeNT1W&o0wcf3{
zouwi|iVbkKyHrW1adElGeZ`H6$Kc^|s&B4uzH5z2PF-wNc}IoPz5V(kI<=)x7}Z~q
zX66*@jV$wCoDYiZ9Z3dQ%pV`{n?45Ota28-$p5c`KWc4=zb_(dj;gE6{j>V-Z70*b
zDTXFrQA{BIMQ%qdn1ZY$iG_v4?|1vNc^3CO#hC0D@+o+Ve|qw_XiBJptYh(|rMUm<
zEFYAR8?Zy7Px3i93jfkyWn>xQ#n_r!>c5Bgw@~E3TVRKN+~$AbEclnPlo4kHS5can
zssB&y{Lvio1lS?$6X{4tnSU9Jh8Q0zKzVAe?mznc=Y~K{<1c-b5oX8E-{0sItg+cL
zT&lBhOSt85yG@B{cezqZ7+OYmy*<XbIb00*Ed4soL)mkZ-XE6V=J7Z^9N$I|=Yqu`
zmBJ>hT&@LkA%n;3`Ss}*7vIb44RQE;oX_Lr56a#*MUYZn=lF^mbmhIpdOVEfyY!YE
z?tEO1lA&1_c+SqC{q@Bot<I|PRp&mFao^lTI3t(5(3i{8)Mh5HHNvLu;Rvwt*lf}8
zfSA&Q|1tJAAHGnzn3w10gM;aec-a!7QPj<?Ex}X{M<f!Ip`)E)WdRGv#VS-e&-J#K
z%s2-H5ZXbRp?F&L1G1;u8eo@^mcBE*ZFGK{zdZRUmBuAZ<R6}cN~yGH<mZMp#C7O;
zxoy&L7Z!|@VQ{=s$=OpxtJ(6k+HjO49i4|D4vHG|CL2c?3Wc8c4djshf~@u01NAGt
zokJS??#KA_srt9HET!%{Ssy8^f?H+I!n5tI8rw4qXlKoM*5=l_>)VTbtUGPQm?0aO
z@oCDn2d;8Kjnq4}y<=pNQEt&;$JIE6Ym685>Noh(O?}U?qj`3?O)6>V@8{n-lf|N6
zb5c2-rYrRcD7&8S@N!fc_rA-7e5U+;u0Er`w|oN_DWAgl-4A}G^?ZPLee$23nV%1j
z`Yid?($XfYhSS-kHkR3JPBvfa#3Gu|gWK)aoXM-xTs)0SHR13F4kycK5_ecjYr6d7
z^?|_Z-s24xlhxXLUti67%M+PlPD&8K>*LMQOr0hc51v>Gst4s&#(nP()M3}-+vT}X
zM5VHIH>pz5<LtxUDe<68#<7V_99EN^J3ynBt%=qy6O>S-U)TNkQt?bx5kzfyYAi!u
zuylCZ!_+~s7SnyYe2x7)^<!o?XAH6Ket6<ZKi-5<J8rJ2@bpA!0MGSBIK+NXJsvf-
zLa;_EIu>6y*;`q&_^{J@UJAy?3l9{&ko%O4Pi>EMtn9;fN-s;bSk8QOuCQ$ENBO(t
z|7dFCjnQXfT_<~RlGp21AZDAnczz1cOGP7+)A5*(*=!bnn?x*%Ox&%>br!Sm?P{&n
zcw|4_cyS7Krc$3X7?Ay3qS2USIF=$=p`=u-<hR)uhE*bMu~d_<eoVuz!{>#`Vh+}5
z<2jDIO6G(sjrq80&Eb9ziAts7?eESS$Y6Avp<ZuUjrt^id3~J&^|60)p^|r6yzbTW
zL6KLj-4fJdu`29xdr;D&{XWHZ?>45+_2!VsVkDVY9c4~FUuydMMZ4{)D7ojevqF{u
z)Z=kAZjIBp*5ht6LDje~c!=?I-YApP+SeooKvB))L-dat<DbZ`=jR0KDd-<p21rBG
zg&^RuV?4xT$V9l^9P&$4t7WS5sD;Hu`kv01GsaRm5pVCVuCmF!Ua4PNY<DPPDV6<`
zn9T%wgVAF-MlKfWNfKFj7o0kud+oRSB*jLPSy^jMUkG|b_Gp%kjZRa*^*p*e#Bztu
zmX0k{{X(t}70nvcS;-`mW)x~vB6R?CDisEUwj5n4EiGxXyHvO<^L;TislxQaKjDs8
zCvQ)hAuX3(u68q>M;M8Ha&M+>0uHV|vzv^xT*;M~y&NmBiOOLz-Jqm4T*g2fNQm<~
zx&~C`Na8;jmAOnxn@g^G?M9l<Q$+qirI8Lk!wq1_mEsF&qm~>EIE`*86+N3iMA{+y
zNSTkQyhpueBN4Nms2!W(yBIBw*OK-m+eRf;VBQvU&A$jcqdUU?2)F>3#gyGxgz>`U
zKEp2Mw2pUoe<`&6IdcsNS&8AY(I}Fof_r&&K{{mGjhKn0))Yu$tRUt$ad1ep$3Nf8
zU8lsX-*{iT<dkgfp5B(e%98xZe3xSov^nL>BLz8TGw&M5Fm~yys8{_i{>Y((tX;dj
zj7#6VN<d?^&LTh~`4c{+%sGzfViks6H5&~7&$RKou|-BB@*l}qJ6lI}vRfbK-15EJ
z%L~P#{hu|+KHqFD;l93*9WE47?+nF8dnR8)kZk!hi6Y=lHrk;Vcs#MhyrsI^Zx7Hn
zYDc88+34XK7YpZ#$6GJ-Pn@p1-JMPYr_jO5;??%)sZ<!27hko}_?}w}I4{C_B*(?q
z-m4ozT6$}hDg~$_+3ce3TPE4x7NAJ}j!PC)3}#^)92swXnWzhffHx6c78luB@DWt4
zX2({A^$dQGp&0ULGXMVY^a_?nvw6!$*9{#Gn`dIcU{vB<`T78@SLdp2CNZz`d4%iT
zsc4~GZWd?#Szy<**j||)zjy*2!8kjY$TtWN(woPpC$WcSC+aJdbS_WA<%DmcjX`T`
zYu{a_S6}DlOS%>YYc39Bd0U+?eAVhrDQQx6hT~EFut4FouV13HS)$dSe#Cb9!N{ht
z*$mXYV>NBrFuXlSoWoi2BDCCa=BL(Z$RKOiY_gAcyxJW$E2R|uaa^L27tIex_GUdO
z!kw1ZXpBR7m-?Ur$0}-}N(rrTae0{)^zkzz9<AwA4Z*BF_~uL@V~zDsJ+n!#JSozK
z%s6WGq{BAlWXH2LN)HzBGVSJ0=qH5(vu=?aa{au}8p9ioXzF2hyWQ!!QqBTm1mc-u
z?RcPF_}ZVJDaUU-$sd;MPqyEEo8_X5NW^4*^lrsUoA@ax>N~63{0{u6b2>hY7{NF(
z`7q|IgkXMpUf%jiE=TUv<b>lx4>P*ua74d((8+-KW~(UeL37>1zC_)ZGQ%D7uBebG
zuai?dQ#xZ-)B(%NIsHZBbIT^%J@!Tpgt9&&!_-V%INQLemWy-lqT60aifMhA+D~=i
z;!f)$G&5S)l1E%j`rXV;LmmO4sa`)y%j*lIr!}sb_fEJjBK+;R5l5Q+qck|Ipv4n=
zQZ1_$AF`3205o;QS2=<{yuf~D7Mhh$1SoRthZv?Yc^$!FY|{by#(1T@O53Qu;Xb%T
z=o}_dGTDx?4?4yf-PUVMC9{Oc<x2_2QYco8+cunRUCEU#o6Z)WZ%A5l*q_rOWLd;i
zwH@0q>ONa#5i1v}B@V@rkB*0Q+e+){K>G53PLJoGM$kbOO)4)Z>FcaET4RV`kDtb5
zDiOtCG>kApJZ)rJ8J{Z|F&s{dwSLn<9MTeK_R>C|3Akwgnnf93E|<!|T&VHDz_q}}
zs)9!c4%ieLX3ThnI173o&QJTSEc=fu$ftl5NRPHt@E$SFRkzVEhDI|O`SaI~xy_;L
zao%aD(|K@c6)N0{Hi0JlgReLXQ?SBqCea8xxpEBVo_(PYkrYa<@ghI41*?rlb5q#u
zCSuw@54Y@n4pR>VEUHEnQYcbP4#*PiPiBiMw5s8lfcoU>tk%YcpwkW-s?`O<zuuZv
z&QWPLrL0y>f28Un^86(7@&u>TTmH_2IV1g~OrcT_+yr!p@dsd|<2CDxa<OIQ=1l36
z582~<nPxtLU>i~{QrSH38-vnH+a%sdy#Hmp{o;G^I4X?M1bX$7i#G<&8jGGf>S)8b
zAY>A~G>gWunqy`iS>$o;2C_No7@r&TIX#t{qDvPa=PDBO;{|O49A0&oG}e;w)h4f@
zVdwAsptN;0sk~OQ0_nV7G(&t_pW%cS`*<qy!f=_TJ`e|2gJXl@vD+Euv*6VWu%H@w
z3bw&<d=Rrg2Mw`FbSLkjXtF)Skp)|xtxCyn4tICvIR#G~hPm5Le^ZXAsv=<qS63kr
zrQynK&8MCNsKkhR$a#zJi1GI}TV_qB!c4qYhYt`*x(D~ZX(T#bR>i9XBrA;&i(B7a
zh!!Ykr)=7`80<-MI37SfRCXyc7%|AYN>@^{tkg<Z_qM2%Z7Y<2b-nGur-<Rk=nXN$
zC>DG?en--%#haMTl`BopVgE|ss~b{Pd^KY7{piluf>r3Jl@fV0G5W54m$zSJ6W9J^
zQBnZe1Z3V^i>+?c-9nZ#$1vm5G7Wtz=+N$7`W@tMp`Lo*q-%Ux>h^1w1Gn=8T^s9|
zd|1-#{>%X*n3+YrWqL3}hzFy=SLx~3RIvst`V4fmP6g;0-4-LdPmrC}_{wG23JqTf
z8sp7dX}`8+uC|j(r);||gtTfj$$t(Hty16Y2{Ins+{uGps&YwI8EC%S7l1-mX`zj1
z^nCezOIBog67K+^`TLwEMhv76wq0qkL>|OAo$HGVb%4CglG`wZ6H6yZZNSeTkI<?!
z`kF4x?dJFq{1Q^#m%ti4fRCO^yA7M4z81YfRN!)Nm{fvn!x?Hcj=I=<t6#;w1d4@{
z*;FZ>TE!1Id;8{QK(m;ZDTl0w{i9%q9l{PB3SreXD6P|jQOM05Mr#UL7EDi;n0Fc?
z0`&*GX_7yEQW*}u!Eo#rNkt?}`~gPW5n(!8H1MiYK1h3Jt<HM7{N>w19Y74~5j@`h
zU}|Em^=Xm8BkXjwm6YZH>LW>vfXo1aKl$86*U2uLy<~@4ERiU@Y*ZvdCrE&7Ou21q
zgeK?R#D#vGr^NfW4grK=Y~L6RVQd$f7T^*o!fLhFXBZg8K2eHE)05Dh%mavMW{J^;
z++8KYqggOxCqqFQ9<FaSVHH*Ohhg|mKhX>>Cq`GkCTSa~o}!}QQy<pAaCV7fC62-i
zpZf(lo&~2-6iB#A^cx+UE0!<LC~1-{BaQNe>|=)oF%<{CXuo+xVOEf|7+%yU6bq>p
zFS8$Zd5!d1YAp()7^}n+l#NA;JV2D4N7z2d4<Yk5I@2&vt%+P3NKqA&xPXA}(MvKo
zJ%kGxxfps?fA8<<0+%Qd@UuO>i0C8^XzFqJ@iYxt(p>K{^kEwrA%+0YL?o1w(HF^I
zQTFzH0Oc!2uL6?BTeRm(Dwo|}majW)=gHD-8smwd<D1s5+eZfs5{##v@pRgREcb&c
z07gTVVpIqk^;fss<LH8oA1L<IZ8X1a&=F<d^DhYrnORSILLv9WcWBB8g)s!@T@d=W
z6hsAZL0H|La?8DJ3QIt}Spd$~JQVyjF<;(mqU!oE>+y;%=JW@nu596m%Q%Bw-G??b
ztCxfuE;|Of1Tz|b&1J9N3tGPVP#3)Umco8zymZ}e5z<z7Iu@r)l)uO@TeQ<(rCMW*
z<dUe}Z@DU>%Cch~&*MWgeEN)R-gEBVOcDc4RA-UMRNdnB#`8j_7fN>faJ7e8e+Fhg
z+m2IE&@G9AOe$raSGP>|v7cr^-8}g+ue?HqR1ys(5SI20mrHqtcS3UZb|p)a5dr1s
zP0^CanILY+*=DN(IZ>pfI-xnFL#6IL_@YXV#dPIqQH!WnTM4XM8G?%RbRJ}r(#ooD
zIz&T8GlW_gR@^wg_>Ftr6yd~txdbh8jOX%J=Y|gkUj;9Z@*WU6|1@2WZ?G(1uOP97
zNFUNsUsFvZuMbS8v<~pUaXgwk`J7l<xJ)h_i~`m>5xJnXH&74vDL^OScBr_~a5U!q
z6Nkl_#1mI_7zYF#E<VkALUHIr?{Iv1j_1o$3)%o}%@eD)ZyIQx=MzsxxuxT`Ohe9`
zEjot-x!)W>Boah@6o62zh`kxuDZ@IXe-tDMI|Y#z(Lih@t~oc0?-{Bfoiu!~?d$Uc
z0RC(Yr@6o;+Mj{fdHEJ6?;cB4&l0a>6jH;_TNTn@v0aNOZObi5CzpP+-!3zCu&x9B
zu1u3R^A=}m2!?wXixYXI*dKoZ6--IZT@8k2yxB?h19mVfCFY0#3Ao@ryUlY<4eR;Q
z>s-9GN@l2mp&2@uk3ZcRmaof3LbC}mV{-!GCkzy%Y_gQSOA)%WPjXp8vJ}V#5gP!U
z)55-_4=}fjjC&<ziv>r>>N}fFeq1uThX}*SbNXP-YBwJ2l^J??U|=CXHamxoN$Q;S
zdCY#m2JMH(#^;_@FeFQJJUo8*^18D;PA(`u%r}>-z7~^2T^0zr+Aa(Nw>hv79jBR7
z$6OuQ%hiNqMpNf62wx53{@9`4(0zKDz>Bl!TL>b<H(yfOBS3f4P3^MfKT1F`l$VkX
zm@`);=6QD-5JOHq=VG^xb%wfvuqi9MCf7aM;qCI{kkRDRzHdG_7u7i)KZI!5bI|P>
zC!b=G5<{;6#?ni2Sbm7kD=*bbAJOhYWyS(R0hos$7JFWHLT3?U{<!!{0%K{`KhY?k
z0{mYV#pXiUBo;%Se0hokE)e0Ss<pOZOq0#hw2$ZAyK}q2*5}2yC!8T>H|Q^}!y4@F
zSI+n6cn9Z^+4eu5!Sm6S&4gteZ1=`+py>Qvy6|dEgr(U*P{EcH*)mW|E)azl!|-@{
z#s!ZFmv4C!rePN=bU)^Pjg8VacWQAoPsk5sAL4zcOFEqQN~a6QoHGK$I+`hj+1c{e
zreyzwmZRJKSOq&QeaM8ia|g*NY+yAa>Yrt$Q68QDg~l%HXC1VJn_k*<3!QaaLm}Q(
zC6Y6Y9V0#7V^?noa_#&!sbrGEij2`{5-HCZ#zL*<QQS#Q2<nqG&&hz#fUO*qqs@91
z084$Bb*N>e6#ITS85C!+sWs`5u!?E2xE{B8+|D*SXqlOZ*+8S5NX|&%M1N&)eEmAF
z>NpPe$TnaS0`Pic>WCBY-26&$!g0fwrH+2}m4?3&5gbdL1qA>G){T99eDF~iiv&Zq
zbUB>k3mm0E#D=CxbbquyW?%Xya0{!RrLHgKqVNUi0%#Z4NuSZOv*C=lma9F~wp0**
zF>t)yPk3HVzvlnunq@qe+$>Y3njN#rZoSb#(8ZkY8++h#h32nzlg91V%e(|O*Y%3X
zg>_5<{5j(_t9A#!9`&rdbX3NGjW72@*O$i7$jd$6)2_Ee+B#nKQNx!t@b8LX^)A-6
zl>HWL!e@Z&Aroe2fM?@!SZQ^Wrm9-Vm+N)<b`s29Suxe221?1$CJ1XbGE+Eh4BkwD
zMy0~1C3T`%D;s1}3$LbzqO|-W6d8*uY_C$lT%sTP85Z_E2mkpXIZ;9Yr}sDOFq|t!
zuiYIdvD@nr5})Rc4`J~;bEWFy_LdDsTc7mUjX{y@bXC_IY^vS+ppmLZSB$5}<EWFX
z0f!VP3vKdCg<7o?VHliI{%|-nmg~rHDa&U4>#Ai6jae}^GjRqB&wT7O3I!luMMImH
z@P4@bwU!^ox`kxPs%1Xp+4bl^YSidnFh|j9;|9gGMnQ0IP(Tmk@DS9xOe@KMKicQ>
zl6(-2F(K}n`al9M&Hxr!fp^9C4TH_c_lM`AT79n0M)*%Xx3UPp6!nphpUXQymGI8j
z>sgc#=FxB8v~}UjTaO$jaIGw<DaUjBTDB`;#wL4C{SNB2{2r3W>h}rNLwUC{v<?<f
zpUP*IdoDSAt|YCiB2(8h+oHqew+PV2eOGXUOg@Re{h+zr+@b7xJ~DICR%vER0xh_C
zd0~4wizkZmcbW5i<)4qM)j=sucv_OZxt)(A*Ds?7>ph%ng^_%5!+d$@Uyp+G`_y@1
zjlieoHRGE-^fm_SNoi1V%>4rs7#SlRgDP5`A>}+r;JI@A*_Eqv6*#O+X7&;jO&$O+
zzN6()ov)sMb4IiX0~?cwBBrmkSWe=VzYDKT0`5{|LeL~lp!(g|`X*m(tdhocRACN+
ze+!-yCh}1^(tCJBsSvXwFV13w*cK@ejKhQ;vvjNBp)d*Q`NtA-K%uyjB?c~8&?a=l
z#5=a+aC~(C48z}tC`3ifFGCo@=|1rZR^#(efk*9<a_jZJd{em!U(>fu%SYc1y@nKB
zdMDxmx99yzcXXB<jtOP3)2@0ooY;4i?r|_m`vnnu<|e{5J4}PC-$q%(g6m!-QmtXE
zSnO$Qiw^l$9~fnWK7ys5O&s<bRc~Hm+Xy}Wu-x3k!?$Zac>*_MB<AWj(e6)P>0^dD
zqRiuCL;kABCsTS3>AS+c^MrW^9iwctdHmXH^O6T9&g9Tx29|F3R3jk@wFywC<r((>
zvScb&mz#C;cX*pm0TCFMrzkK@72lx7uQ=Kk#2i`ox!rA?CAlKbPr*i73gbpT#~{Ol
z|IXZ|o>}khi@WJX;H{(G-Hs<5IHFlN)qF|b1dN{z>TI1O2`Ui0(po!c|IHjWc#&j;
zA9#OGr^a?HOM*aO+-@Q4Pn8;BZyYs(o%=4cq3mrQOO<7T2@qMQd~@o&!CH6sSHyVN
zlvHm_c$Fu(tbFymzoz($TToP~mH)@0-xERdMA(u}5qF_$GJZF5r1w=2AaWr>=`U7;
zPyD`!I6z2b`fq7Ito(eaJFNVg%l|@8e2gW4g~o2CHTr*R>K|To{u#0$>-lqmS@ORW
zB3k?+Bo@+Pj$eQCPyVX71_q=(>tGHR^8ZqpMg0o}ofJ;~_$_Gs7ewhu#?J`8OwK5?
z_!myZS3{B!Y+J+4yhQ)E>i=r!jqLmps5Z}!GqsZcQW#kGOQ&`DBAj{utiFH8tgU>3
zT+7P0sjl!}3Mb=!L9g2x<Nkl)JsXn1iS-~UGtct3%Kw%Mgh4<$#lDn=d6Mv(+5VE!
z0tEzH?NEnHdH+%<r2dO~Ez4)){0pV~f6%CGQlp*U0*tr%Mr$mVZ|P1PZjaf?y{>jk
z>0;|?ua6fQ4`-_pB-5VrJ(L2MdBd@!J)W-f<7qtvsjgTIfbqrPGObp$%}gH8=Y-o6
zZob#o*T0C8=;eJP?Jr`c)e`FbQZWCf=soi-x3z&|yzOORq3vy(<b?fZLRYbD%x(cn
zO6YA&>kc~3<Ft=a$_<Tb)SPXY5ioK&mfBon*Kg^Wcbu_Yf0kenFbs6&rgB5#adu6z
zem5WAHgceBa8-IbFSiHgwQaCNPNRUkyL*9rKTXzm0hd<y2l0YY8udDXp|j<B-kGW&
z&>JL};t!VqN*q9Y-0k5kr9iUGE*_Wjxmue?*I;zManE^Vjb1OsQ;D^eV4|od5dOm5
zwaHd?Kf8noy@M*WB*Xp-p`k)C<3PhN*$|^!xyX+Pi5|R82O_BOAzfV|M7U}_wn675
zG;)k%Zv_oYA1r%G%NGB9D&Wh9Q+O&)opHLfQER+o0dFZAPF~egcYV5_4tt`76yIs^
z+dDu#b5ENGZh75G?Hr-9chj-~&6W}rkD;%ni(Uar7xcV)H%BQSY~o14k3Hu~SNV8f
z>HN`XGz28jX!9d^f8>rP*DuCGFKP6R`@mtbfRpSe{STGJAX$f0B@s31k@ZNYIbRGr
zPb{;Q<h8YV#xR-a+1iDC9HjnGZn-zM+KD_@qAHroQHv0VwurS@ZIt~0V<-<~Ib8}4
z#|xDvbH^szCod^e`O@fzJoDx289>hr5#_ka!7M;+P4ykw)qJ^je%;B^`NNmZl7d}7
zpN<>1@xq%x4~140HF9qIJ`A;%t<R;;ZB)HKglR^HQ$G8URmpsMQ+10~Q@Y8xt*w^p
zQ@A)lQXiAnzRBu*OUcS@wwy%3S<57b67(uD=Y93&dAcD}q)hU+<i5@f_u}G{Zh0~O
znIX4**s=hEDe~a7s;JiX#IiGz5O|ghqSmtq)_*=5&^V}?=5cdwtWs-At>|2j?Q!1u
z6vb`VhppCRz#dC3AH3OXSHCV?|34lv8ej0QS=G=T`&8w})7ueATt*LTulw=Pl(&JL
zQD#()8PY{8irBX9$!ko#)iiA8!sSeh$?#gb#{2;KaG?^XHyHIgs?~PKG>P4=u0ix~
z)V9iEu{2HX*o{k<!3(sO?+RPHQMhFcXE-U`izOQlkNbCMG%7y9HY}k;Mz@Jl_4>u&
z7jhR@*QxJ8TgJx==_VxVUhU6Cc%|C)K6U1cA}*KPd2QP6QjK<Q;_9ugH<2v6qv_Pp
zM}_kFCSCX1ji=ctyq;VXvQ=Onx2gzB%|^5ySEGoFMxDOGH73)BNt{-nB@-DGm-e5<
zMAdrY${-N%s(M}MJHy<&?#1jkI`|j!g@W{Es+FCFl9*wb&6eb13=CS{v_KD68bNiv
zczJn~F89`_#wnG{<Qi=O1*+Ab6-u0C3%jwyJ=CL2uD*Gok7$2owOomrX>qZWFP_6w
zi-oFTbQ*il;dtBto1#$kTsFEEr`YhN+^`qy8>q=tPF_}TFc{^xPG6Fe9Bf@FEv<1f
zJ2Zq-Gkx*+v8;lubN`!U<EL9qFcMO$H7=BJ7yr+|_-LNhE00(|4R>agi`+y+_?6rc
zF&fGK2s7<tP-)@QI9HUZY3!GN=y=jzr*OeUInoT_^|-uU!8@_Fx$HZWn?T!`pji39
z;w!YX1`_ehk#cdF&SSA$1g-HGGVM5G1r}}b#|-lihjhF6FID%xWMO3I$9}wFX-+@p
za2h0d+FlhJtxX@Rge}F>*l1?S;`}||S|A-T?Y<li#nBLqVyHxA)HHEOb0FSdO`V~J
zsayLfoit0bwMnm!TP91sB)Q2|3E7x%;gRM58R1NAT5f1{i%#sh2=Lik;1Li`4h(|M
z8GU(uc6oT^=$T)aZ>y7EJR@BGM4H0whKs{xov@;sSf*CXpjg+qmd@iLe)XWm?zT(S
zYh#z~?w-nGy3*lVetmYw%xp3hkq+9M!=o|$%lE?Jtleqb&RPHb!awM&b2`~AYJa){
zZo1wEx3lG0s@53ic)BFHHr_&RvBWg9*_{_dB4JqA{YqN%bOQ`P*64KVaX8&_H8wZP
zZ}s7w(~s`CHG%WKtwkOJ36aEdo!ZJIqu~hOY>{&1?qYrZ@?Q=NaE%Uxeox<bgBhm}
z8Dr40^0QqwK~hTrL?AVRvc>VlwXlu<+hYv5{AXF%a6DdJ3tRMdAx~~=x>Pn#IW2tP
zvuA+z+kbO5E>a}uE7H{FDv1aAU!)C(+coq9!lTsT&D~w}rPJA3><MXj`T)x=J|4Gg
z3U&WKsEy2E$@yj|U8}{Jzf`@JM5TK;o|Y1t^#f+x{u7CMVYEc*Zoc(Tfy+zFC2uTd
zEoVkIXUHS?6J8|N^Qc^LnV((Y!Vf1?xy?1ntlC=ga61E$sj<WM3<d9Y@Msnb`llJu
zOZ9i!81agK?iNs+3HwlLX=yRpbQ$b!2}>ri<Ny)*RH3}lf~G@d?LM!3{`Bh$M4|cO
zl)_!>()W0C4Lp(mGin<SaS_A)QlQ*Uv)X>=?fLMaoObjgcUf<>JP7)s*hL4Qk=gY6
zof|7xW_Q33u;T8?4^*WN;<?$5wN+Dj-FFKX4>c&=*t<VUh}Yb%quR`p!`lo(woR4B
zK2tT4J<Ol-<bU|)DDQKOcElAI_Tem#(kU&v_-ezHOK%S2a1uX&Y!K^#t;nM?b?ACQ
zfZG2gduo-n8m1QAW10hDbiq2T%yykXe=lAC=!p7onhD)w)P+-;E9a*M0@zi3CUN{&
zvcL!UKbcyoU6p1cDGu~A2FDAmq^6r6Pst{~Hq%wkgSyp35GDUK)Sp!CD|i)2?ladH
zI)_nIO!mE$;}fd!I=B*2sg#6_PlB>NTn||DRzo-7R<K-H0?1$Ey^)_hTRCEw#E>y6
zn(Ys&Q0@Q-$xvHfA4wX;XNMH(zM6RQV8^*3g7PE6QarT4CRu_MvrV~sP|Jg*RT73a
zKDDLHW$1GIMl~6Y^K@O6upwC2n$Kz+`Ur%*{E9`~fJ-}kdK)HgvVEYKEtHQQily!T
z7Gn49=I4fwAj7$zk;1nRH_m*MVR^6IVW@Xkx1$Gjzpc?(p?sm0WTF^8bPBM;)H(JC
zawQ|5GfZbGrg`7Kk~V0glj&4?cRWHLOyx2<=twZ4)aFU@p!6#JZ^Y)3W<Hj}ZakzN
z4Op{_?xXIhI;I*>h^2@%-Y!78-k&5Y(klH?<I^Emak@0r8xn88NUbgm;q_G85<~lc
zLu_%h*uxz@FT#;!O07jP#p-vUve)IB%~FE??nL558s%QEfRYA}Y~BP~xE-&9D)1O8
zRfZ&b{W_JcH-Mw@a-fC!=TWMUB;q|>%eJW|i)I~JOlj@bvL%{iphvVNy$(lnSw-$z
z_-W=CSe&=$s{P|iX?t+WbC#>TI{+>Wrt?jopsPJ<@q??qabb4jl^h?k<pqej+R5y`
zL2ob=Ff!<WLu`x<l3GRbQ=1<UcAPuwuo&XePX~G5%JBgJ2~+603V|OQ&H`@I>LtS!
zWZ{oFAhCLs_7`Qz#`b&fYu=8DF28(C*Sp|V-c4;eCYk%0hsqd)yyEeUbT~_v-+)cK
z=ptXT<5^-IJCgV{W=;M$7|!Wr+MJ#?j*@+rGCHj^Psp!|G~3yRTHo$VI(G)~{1K^L
zO#U^wNWd6x9-FzWBk<^zh4o9{gHP9biQH!~nvwqR?_h`=Tqd#=nGs|&kiM3>>~z_m
zRSI9&|ACFWuy&7p*2Nj}r0mZod)vNLSZMU8@*dzT8LMcwV=?&BoI9jYt1EFhJi>OW
zEtf9m$56W|Ez%11T{E4mCw_loB8IW9_}~mW#BoTs#&EvPw{ALLMt&!Iy3)8$KzZcM
zvLIo6cQp8s^dap=uRQKFW{@cR7<kBnFfrTWP;CrUZr?262cCpnVpZ<`)0ya$Deg*_
zN8xYb)_2N4u7<YLV6N!hv5F~<{;H3ocWFQb?fGA14G@;({++rLvB6hxqWyAbc(Cb3
z+K2D1>-phQ3=PG)C1w*aA6R*wV6hCWIScrR7Qfj`O%o%NbOLU<C=;dISSH&_bEBV|
z@IDa8)2L|MZg(u|FXYU%zS~f_Ecji$r(8qpZEBnex|CtSfzk>ju;%Z7jYwiH9-L~h
z8vgJGBxzG4$Qo0*5`w@(Bl+!%MNFpK()OXH2Ypj8e%N{mdN{NjmX>ix;L8<Sz^A!j
zjDfk}2nfVnxmM*&rP&_t<JMjK&f6uRID!PtRpk&dr$i_7eUv{Q85PiP-eTUnlu`;w
zW)Mdmic~<6;(b%*8fQZTh$VZ^*~%0UOiRfFBdaE3yGNU+Ayp}oXJ}tYg7wcnHx5us
zQ5AJ8FO1K+#Gg6KXWiS72}d>5gs=AKik+yCQUavYBbvaPaI(h{$G-;cQ^W@_6-7kW
z;WkUdEg-{7u&*Rd=T<ZnXO}ruk?5jd-ItiV2EK<oV(6K5nIe1ZK*g1#@e)_vBt;(=
zW+}T|7>j17&y~cLUfG{qXBu4Tec`I%+U7*o5VctL5ISqs7X1*bgXG`KMm(6tovi57
z>w(Ja>23znD&g+6*~BW&a7b4+q6@_nc!`J*{&kL}B8;C|B?rRe3P%!nz=1}yiBMk9
z+G^?7qyn^|+l+{a^}Rk^si%EY35dn)*RD~~H4o+!qwUh7+T~$BX!<RJ!l!@?IrTZK
zD)vhOC%^AK!y8I)fvkuuwbn=ky5jrc!P8Z@oX6gfIONymA)p_^b}wae31hFxG(<AA
zFfPmT1a!XL-Mc!U^2iUZp`0X%PEXOyau(|}H^J@tLJOG!_L#a(TtL-@FTBQ5T$n5#
z*Xx9})t!unizBDa3r%OI^j68$Y9JL0WPZ$5s<Wb;NA!?R05Gn|!am_zx7WZ887{|>
zo5kIot>@#3gd+9gmK9k)Np&cBT#@5!y<+^Ih+2ul0rGaIUGEF%s*=Sx^&>=ErWm%8
zbr|0uv+Y$UOr=6!2v&e8nl#az>d30F4wbr(?@F1Hwe-8_v;UAaM71&qAX)oB(Yznf
ztZw~5#(x#Gv=46B2r<`{N8JQz|7boJ9ZJ0Y<f6m&$J-B})dQ*E-zlpH9ih2nx%}d4
zO@DAT3-*#NObQwNcH($4*_bw*XYP}q`~-{z+XXEiNsA)Zg3Ip+bCS(wV5t(T3{Bkd
zl9--IHc4Qgo7#n@dB@}>;43+uKBu*vFYc|Lgvc4+nSqEL9{1EC>{5Q%Rn-mFTW$zX
zX43pE!h}x&)$>UhNC=QtG0TE?u{vdtGl_|4i@^BHLa+B1M@x{~lwtY3$;gI)cru>7
zh12Oct4|Vh=y}6p*-2%%Jt&sb>GX1C6%@Gv`d#&gfa;%ctyCbsRP%DHabnD1dF~`?
zwf2Y<+q<B&r9$AskvKsaj=zEuvZUs|22CT)>8uKt4TVyPDWO*!+W*{c^Pb!UffhJD
z{5mKA#Ek0g_>f!%yN-Ie4dLMcOZrQOYAjOU$e+T?Wbk{9El4Ar{(Q3Jax;2^UBjF!
zieV1ax>?`3?ygd1nXw!+H>JP#I>5MObj_R@Hzv1_hUh34x6zWKDa3T<$7f|bR}i`#
z)UjT{WME?;PvTM1O04SwSkmn;Z{Q-HhwIbj{bS;MiY1<dN@mP$goXBBsoxtTj?bsn
z923@-Ci;zgU2{%pn8O8N8=~J|`}AAyMIz|F+8YeFc|aJ$ctICQ%u7APR>PtI;qeEe
zXQKPT=90y#FI?|6-pJ+EO0IT!Sl1{TUV9nT*KCDYK|#0KIeEUedhdPd_P^PAo1<Pf
zx!43Ce?ow+F8%J<Zn$+okZ^_oQ=dp-d#oZ;0s)5I^K9YHh&kCFma=;S>yyUySu*~2
zPhR{zy@>1wFtVONOOLm<US^~tS?Xe?vdGV_cL&0Fo(n5W8c6V-vuz$mT`B9dk2i*t
zP7bm$0SIrA@ObP)S08BEY8%ujgS&ni`HMIG$j8?LNlMqp?VuWei<S+{c`^5KRGO64
zCI_1ZtPvCc4XiS9`P^;vRh)7h^`C@(#2t$WyrFrIH|wM$+5R^eoqZe*hXN058}s66
zZjhZYPAVi0m=ZeKL?bAXt@L;p!8|C+UoKGw0aDk%a{~tOjzGK?dN#ELts(jgt}*`y
zuGwz~_A27;0M8y%*b)B0*T$U*0vIa(6|RZrY?fk2q9b{SsW)1<>8i3$7XM7rpi*Y=
z-3*n6BY3p4j~+QDglG4fP9CaKXDAuAMh!T+`2WGxtPA_-;kKl0fSXwA$<lsmSWKBn
z(6Ai56|YYXj}}wu3e8e*7Zob4rl~Vp4PQDTYY8J47Qg9VT6s-DV1vQf!0(P~lFb*$
ziciuInr&f9cMe^*xWEWnz#tVOWj1L(g+tm!NP|fgTVF3WO`OiV9~*|fE7vA{r3t2^
zTK&XSfeLmnP|;dzHaE;2?ri`GxlrPwzpU3(_D@{bhl~U<8)b)#<Y&fZv(s6SFq&#C
zMH^NL*ltgkDd-Vg$-q54eF-D*BycwBu=0>m+If}fSy7mHC^NP3LzBxWS!G>VAN2ED
zvBiOk&uKg4IanuYey9%aDF}QQv*XD4v%qUJv775|REMTDpl8_bXpWkMgLS3a2KL8N
zfm|&^XH^?8FW?~*mC!)nlBr}iFP&PQ#YkdSajDWHzeYawo9F)xt@YS_L#M83Xc5d5
zl_^brKA<9!G0epNy7v%`*kHWeWU@OPFPa4?-{wak8?ct{CCy>6S~4xt@oNBmVcx-$
z&5MK_R$sj{4T=i25bE+A0fjT%0E6au1emRguoL-*oHR1Hs0bvQ%d&s;VD8nEyxQ1M
zt`*Pm7`<6?OlPf4i$w*DNZ>YaU`rlrC3qewCbS>8htO2@-ZR1<`nmK2&lD2I%|oSF
z`9_BwKf~Xox~E_wR5~MX-+uYpy|m*dA8?`8OsmyKIMUwcc<0A##RMU9^z>x&xK1ld
z40lyRpU+hV9!$Z5z#I@OGZGTO=X1Q$*eaA12L{2r+XNkl>KsWxrc{5bX-qM`^L7>9
zo(s9ePsgQk6)}fbyFqr@eg(1)je+eJp4|hCiv`;GmMJ{3Bvk~AoJHqbr^@HT&-jfC
z@|)DfPn;^Ngu2~6;vpoJM)Lg%mgUu1s9zZ!yjChHRvXrK(88HVfM^+)JDy-F1QVSW
z|CU43p$Mi|8FFwG-KR0@3bqXNDHRF@(nvpb7QJ0r%1j^zEjB>C?LiY2z9+kuVL+-~
z)}jkQr#W#park`y70ox4AW-GY<#nNQ#vhQ4N<GjXOZJFz$@htcM>E<NRpANUWg5L9
zVAIyWcO?@4>>|7WGIb&1kWU+_0cMUt6wm>kzT=C^!LZG)u7+g6E@|roHG_)bAR>(O
z-;iy6V#)3NnxuD!{b%4c&T7v%??x^A;672wXv8^o{xPBt-pFEq21XvKP}~M)Z^~oD
zVb2U0*erB-hLn3St!mXoxrfmmC6Aw9N1!1lSc}m4L!ET9JuKR++Nts@aT?LEgY#o4
z;J4T$BGNB*@jdA@8*EMBeX|r#PUl-1p;el?CWEx?&>&Lg>ca55bf3$gd@5VbsID-D
z`vd_2Aif@OZ=NUw3{JV?XG8gWEG6s2-$J@YVJk(J5TsMplzt;gvcH&CK}L}Sh0j|)
zSO%gMFz`yV>e~0NElmQ1wjoT=hGy(^n?f9)>3u)DGrC6m#i)@=?5{x2s5;Z6j%KFM
zwEN$Ts3R9hh8)Q)E&c>qd?01BKk`_~aQ?0V%t3;9-^uHXiQ}5%@t<repSL?O1+iBz
zuizVyzee6;3><d<{&aq-@;|3j|H5fL1D}ED%HZSd<6rpax7ma*@+)abB%SA^<+n}u
zUloN|fV_+-xnM5;pNH7rjEO!82&d>DuTA#;>c;PKtA0VcMWI@r-^TJ+dEn$PA~u;X
z%~}30aw8>yDjxV;bn`EajxY4rSVDO`mR$Z#uK6$Pv&fc8|7NkjR%1OT;8^sp52nX{
zJMHin!s9derG}~?Q;)x@|D^(8pAoZvjU`(;-BIgb<Ps(W)etGEaP)7q?9;EYeDZj#
zx%xM`i@(%ho~4%lFRK54&!pCf+|K8S7Ap;jbr#FGd97n<+@w2JYb~gGm$!bvBP=4V
zuD6+k(Qh^5&^AwdHd}>O>95z9xmJMyCL&iv=jVI+lVvyW=a&~8N8^{yW_#eaAizae
z^4bfPuK+^A&Bh_k<0-Q8<WS#wPU}m5_1=sihubQp%Iym&E!4q}9@Vt$OWDZX5`?kK
zl#3u^Ed^}6LoTN+jP!UT_+lrAv~DT3FZO-FlXc&UvWN#&@ltk#ua~Urv=y*3s`afM
z(z3T0xlVaJF{n7R=ItuPvy4H#-p-xQC$sxyXMA&)0@LuiQ6$`gjMF^0BP($xw?cwn
zuyMk5Q5ENRf$3|&)SXiM^9|ju=4!^p`ZJK#cCU3+q*3|zO7H2#WpA&p^7Ey?S%Unp
z#5YRIp$UV()80@W61?`tG-dzDd!t+DxtJ|h{?3v)0?eoA;CZS&i6)hv4E#xC(i^N;
zzT?OG?$5k8XD1J{VeKa8M8nY}2_9N^Y=(VcirWeA)qt*+3UVgc{R0Hzq07M&MS|SM
zA=k9_b0jwB8<zv7TOcq8;43Qcx`?J1`&W4-&ChtJ`p!MG{Tn6RMlZO`ci7a+4(h?q
z|KW8)Vp#R(T&>WM8CNA0{3$zP@6eywj=oiM*^gqR2ks^c^4L6(dpw<yn=-rOq3+lC
zn0nPlKT7dPQQob67WqW;&I@}u>BY$y_3SNWzT6HIxIxoBX<)n^yX;bX^P=ASWw!}S
zp>jB*r^KzGlB2#wdLT!|PR=GN18|*5U%tE#+P^t2I4uzGZbp5D*J`q77f%Y@f8aMt
z(bPv8WrQf4H|$C4_D@&+aE|Al$hbQ}%ljs7HeZr`Fl{*LBq%a*W5)V5az3uwa4c6o
zf2<|03`)EM$%pNmDmFl<p6L%j2wvUx@YIexY_if|L+*H7F#Aw%vCMCF|CuR@P#Bs*
ztEFJkzG0=-j1`C5Hk3lS><f@UIjZ!j>II_=7Al=2UF!}T0+ExukuV9ZQi;m-+LHtD
zl%z-uy}rN9FdmR^dA_>5|EaQ8szNYxIR*{;aO<|z>W08<F_!>5i+WsAFno264~|8&
z;J=WU$fZnUwcaEtdjD7;my6u%5dNe#{V`rE2biEIV;O#a)#7=^&Wu+VU$*AKpI`1e
znJP*vJXxU3!tKI+XJ?{SB^0NxUU!7%!EuV%*c&8#Gn|{xGFvTk5@kXT&~r+vzxgn_
zVjU*FE5=_K)zseC#Y4b>o9=-(db>i+N@kY?roiGQzGT16Q;S=fp4NJv4^!XLyVU-@
zk*Pc;hy@Rhowj720>x^%>UKF#nt+;UiMJ&}^!CR8=)()%ASfK@+y7V2S${><Hf);?
zX+gSM=?0~{OQm5zTDloJ1f;uVkQV8XP625Nk!EN{B!;dbzRmr;@3)?{p8G%e=GQ%I
z*50%0x~}s$PDvF7ch(|5>*?1~i-zUuT_m?-i3;Q&M1Al1-g0K;Yz*Knts*V!hnGSM
zVLYIzbAKMY=@YfH{-s1HSJtB@I1R4VO8f(^>m=RZYg}pS*4%G)8hvS$X!r1L#EW=p
z)5BX!NpNC8EO7TS=H39D4duv#)R(G}ukS5Pi6wj$1c5-b%d4^xPsoaa*Mfqd0Fi``
zpOfO@YWbHoVIGqfd9@7AGE%ObX(cD4lXge&OW!p@K-Gi*mecl;pHYL21Rxzn)mshk
z^MZ)eL%2c>Dg{4yh(o=7=BoPqaD6uZOF#6{<4<8$At}kbu78j=YWJ21gtn8#Q``|-
zkEBJDazUu}OFXwnehYf+IEIzf8hv|#h8_fjk%D$d(qHxA67PSNO02vS*+)jb`BiJd
zG!%d8fAL4L_0)HI5*|rRG8cx9GnoX((AgQI^^AR1E=>20NlQyBhu4ido(3UMWwi&-
z1f3V1?+H(4a4pFr!x00pv{%h#)ZO-$(Axzd@_tGy^h$&H$HRyhowfBV+H`iqFiAuu
z=D|usX4kdN$8<yB(CrR8vIVV2-q;tNveDR2eP=maTbFAR<za0})*_dR#-|o#N2Iaq
z#Q9zP)ii9dDX`Hno{qpFtMc+XTn?@6&d;aQxIT5+g#qqixk)SkOr;_53sTV@^Mt{!
zf6|{jM4$%1w5CL@cKTo1UmY=!400uiQzss|fx!|*V}{}_hk#UQYP7J|tP-rvs5jpU
zk=(}IL8lP4J9Xn&tPLXWJ-`UN7qm0bnmrCbjr8zM&Kyo<D|*bL;wj&<1fP9zLsL9h
zY_7|Y@;hsZGXvtd2!60tv1$9oB%o$(brd*;N1g+YWXJ3YkeU?!u9%%Z-}_(7k*EtY
zH<iQydi`A<yJ~yv38!sf?sg#)8Dz4_^76U=jr`emRBO3wLb2{vK_<^#{U4M^vyfIi
z@OjL9k6!C@2O~98*Cl63&-|?t^$kq{%(Tzy<(#P8)jz|3pM}e`+nZO2&lI||?n;qd
z$RDp<(K4QFlXWos(i*M%`B0k1{>zvDG5y)8D+KR0HM38FnvNRrsatNyKYg?PNnwWZ
zgR4cl;$kHOIU0yhfrsmIhR3Pl<|kc8*f8dd{TPEGPadsrfDIB7?aE^pfC#$AzRvvD
zEwNDnr+IFR^efM0i<=G=O-ccHhm}`VzG*cPdpKLQcnQiv%5-8Lw1Cr|SouEN!R(CK
zxFNn-w(9Bbp9%tr=Ux8P!#=Z^w&0&v@`5hw7rAFb9K!<LFJ#agjH~@kM52jXR6ul+
z=Oy@-_`1={!`I|t7)%!SKfD@pSC-tm&m6N-Rrws40Cc+WIF@IK)z_;kbHysT;#9qF
zCkPs_1u=Og6jPFpSj80-vxIX_%(%4A?CqTIVT9`!!SYgJ<%u;?Z@E9^bU7yHrm!{P
zo{3rR{}uP(UdImYMy4WIDIvLyga78mJh#w_jb6cdJs?|NY#?7_`z!L`shI<ZUS;W{
z0s_b>TQr;D1kkeY3Qtt(y!M2r8N7j{t10ca>ii-|6a7h-92dBDm0aKu+BpbUh}{)`
zF!lEFf%z1*3HltOyuX`@dc#~xyCjUbbNiHUiaoGtM<hj%!s_`LDQa)}2pGk#i(Rr2
z5U#<ks^g;n1k!3FYGa~=qzYkdg%e!12!*Ze(m9(W+s5<$lP6F&f_*7w3>JZpjdoMI
zt%^#wM|n;<dw%&)knZ{4w^yd{lnywHMn>AR1J*Q-%xxFJC%}H`Lt)OVT}<%A-z@<$
zT^S55KQCSH^-;T$oNmW*+moDETjd@Qt8BV(7eGC4ga1yc$0la}d=I){m_gsWjHePY
zlyWV4$`bPn6A#)9rJ5b_Woh)svleljmj^WJQouKjrVYJZ^{}0I4VRQCc`;Mxx%=d0
zz#pu2v$1pz%+85R<2Sg<D&Y@W!QX|^=<x8Nb8}jL$Sf2duZ~yQ$5?s3wnbm#Yo{>a
zQO=ODTm#a%=j|1?LuxH;@c*RPisgVU%C1`f4XH+2CFp34;rwtVQMW`@!RM+p^dDPv
zU-v!@Q0<hJ5^0Ni!#PEoySww#y8SP!-<)n86EFOrwqmyjbWw4-O+qgONUOD6d+5;@
z?Y?DjSoz9zu-uvp45I#Dh|Li;T%vjUy2X_thL{aMTX;<oZ(Fz_DysHy@}AfYHR{A5
zODU+J*k^azba6bFN10+Qnducr#qK-}zjRt~i&YV=)`ZDz&%E^i_@deO^V|ilHQPiz
zjtlj=fB>qX0uiw767N^7-vHGFnYIPPLtCI70ruIs=lj{sx4oL#{47FN5zm&DaOqf{
z1pX?Gw=zdIL$TG&PcL2Dk#yUzk|Z#D^ALWy6^dO#`oI7NpB;<l8}o|PTOu^w6Jgw{
z{EEECpT~MKZdo;`0NWwjH_80PN=wk|m_9tLC12Nda(<f;;2$mLDBd0tgKZH61BuF?
zDFM)5@r%!1U2efap$1(DQZJXJ@E=}W%2^I)3pInqUmbk%U!&@&<5+1iE*S_@cH~ws
zgEgyv%3%h5^2qp1BCDcEXN0??WbNlzpxW82Q{-|v396`>B-4=CCFQu(=45b<j~F1-
zI|8*Cn)SEc24sDXYkPcBvE|`C=GbxUm%b{9!fdv2TQxDWjX3iz(KM^tp0$Akpb~({
zIBWd2D(PhG{z9#`haNj^3z^H~HBHkb!8UT#f6A|SPaoyi06ed)3wT{ruaDE|aL?#_
zy}xXnb-11ijlqvkBm(Z#e@xeaKsgnt?-lJ^#JhGAk(Qvfw&26a{~O1fyL_k!7?%@v
z6Kk>VBet}H`N)UbN!`$!w%EJ5MeRL+DtJbbWbZju>;Pf)0|IyBueg0$Fz><V!4FJm
zEUm9s9No>DYNKQlv6V`c<tJjxSA)vu#`osN=dWQ~;Ked~?wg#N@;o-$Y1giMdZKN*
zXNYW%Xhac*6ai2OrT_|>?cuPVl*&LXrvW2bM?i(GwqgMj8wamz%(Z#pP#oP|u4eBa
zT*}ADf`1@MVZ;>}Y>np{-{aTV4xpTbl~HJrKTw%=y2t;WsZy{WO)tGZB~vj|mP+)M
zzS6%yX}vo_Ki~F9<yH_E`<WU#@m3tP7%$#4Ap@eE=O-Y@Dfw&xbUJkJRjZ~GNnjEM
zI*Tpw6ix_s3Wr0cF6LCA9pEq46+3!G&!BY)v|`+F>kDhA=7N2jp`=hCDV5=YbblW1
z)~NHV+z50AiULj`%b#T=gx|ML&2*PVr&D^Zy=>0MjQ5e_2@3wugGvgo8qKICsSp;I
zU~nZEe8n2~@@QlECp;-v#3fZ6kw1AT)X`mS(3MkPt5c;@L@<=Q3T}2@psfV?YAG5O
z$f9otwS!NE;~%V3G?N>nXcmPz1o>nSSA$7h;n2R2uW#R@lkn&%0wJsYP^{{@SjV*4
z9JfSqwwu%)<5H2*gOyX$Dj7&+k*-@Sxe<7XpwE0UQ<~1;G-S26@jor)s=wPzEMn<C
z7^FeH+QDC&;#&A|e5^t03RsB?&Wl@e&nKQVI$rLsXf*+&b~~<#Q~$7Up&i6*nyNv0
zFV9i0eq;!f@|aQfFj*s0OEZO}2M^N;dw$rDrTg{6w(~}rE-BK|u=Bk}&r5C>G_S&Z
zaed>IzjF?pOVlmuO@?9_2R<Bc((jT*18+E0P&qypH8J-cmR-W`P;J!noiw&Fb&;mM
z_vfuOHi=%USUS`d*P)A=UtKa)T^kF#q~1ErRjX0@eolDHF*hVEMS^-0$j6K1MU^e#
zU?#mP3Bqm$YDSd7LC8stw0WscLE6I?KCAIqS9>+V<JHJKfo2%ESMObsCNh&7vjt#i
z0q5Hy?zHL!(ZoTiFCkzF0hQhixTgsn?-87Mw$Tgo5RE>bD=fwPc&8!6V~%T2*`N-V
zvDGjTkDw;3-Tu=VLdJ8)GLDD<_2@w_V7U6Q0*y1OJEbK!-aN%5tl83?y7G@2lqdG*
zC|{t^wtUZ}fad7U2Np6ERj(zIqvb*1F9vsR1wvG5swFXO4^&`Rz~Zb}#zHPoPl$xS
z!D4T@lb70vsbz*i-G0SvemRVZ%+<Zh0kb8mk$aqmVoG67NTl5OKx$`tf9aq=?;I<R
zga+7ny4kH=aYf1IqtYExX?j#WrB4g|t(P9>{bHNMQ{t}Qy~4d~mX9;eSM^Pvm`8}L
zm7&9|{0E~E(=OBk1eHTC6VL~(&@QE`czn=qc@c5Ud2J_xA)q!?)|2yyy~CeO`5{1e
zOh>Z#ufc=C!_i}Ef_=<sLuBBmBtxolHGzpNY+%Nv`=3!vDFA{Z=ihrOLwMG_uA6+2
z2$r#5+QymY+5X%v?ep2r;R_~6O0Xq3%pQ+|tJHlo+bhLGY;O)~p=jpUFDnfR1d}CF
zi?J#!_^|~4I{ImDH7O#8den^X4v0d-gNV>%VEn2|iD|(PoI7z*YVB`uVX!yDCiiNM
zsN(6TJNsTRct_&=;@e>qjO*TeZGm{|lz0l3(QwCjqyEc5;17k9#4tnU7(@d8&0(yI
z9eQ_vb?4%60+m37AB11Fx=Cr&?ra89*aLf%B4`5h&2M<7SByGO&ZJ`d^Hb{01zgIG
z>m5`qlgrp%!;<GmND}lxwtcRPMtsZ<R3Ho4<AHxtj>__xd0R0%A{;bt&U^<<j>3gB
z^kv!1k3l#Zxd|B8uCGJ(gqEw~St#}hw-ib^E$7gcZ*X_}(ZvEI&*~*CZ#e%hG~^n*
zORQxfN6~jx2Igh+F~$iiv>BsK2LvX`^w+1`sn!4{WF?48`kE=LnK)(Ui=k<~`7>^_
z4)TN5#E;2|{dkMsbYroaqt)cKCUalRGFJ*zU!xzsPG*dtY4e*uG|q)7_I=0gt=n4H
zc{Mg=w&a48XCdM^gAKl4em9Vemz$r;ra3}tGFc~8Y%~6Tqse)>nI$>caf#plVwBS`
zY$wHBkP_vxW^<79AnT;|3zbT)aJ(T)%dE6IXk#E&>3E*fk#iD@IVE<*`DtxzTymiT
z&M$}r0&CW$rP1mg2k)}mh(0?<(H6UYhUpluJJuZ8Ei9^L!BmmPkT3J#vArOHTC8Q<
zclH(q9a;cDK^fu>g)6FV6ZE4}CUy*!yeBS<BR$SDwGgg(?^N#9<5EDK*Gc1hpT{0V
z?bj^*0(%GDL2w6Mf6a-hdMuoZ67A4K|Ija%>Kxa*BmyT7(3C%jbtu-?`yT;vy%lkF
z8S%ojVZ(!FQ$p!8{h|76-JHUyoh$XIwQ1bvgC5E8J$Qr}mQ2r6`mJ$nO(0aG9zz`d
zA4i2MM+pHx`5`GI8+GL?pNj|+h-~*YhN*3~u5q>fy$AiN-+EYQM%8(l@8L@h)D6g|
zc$k3fr}JJz+GQ9MBImnM{2uv%^E)+;%5IuH14y#z{M(z$XPH%^t~93GC$(v`?Pv1$
zOd)wh24GFIx=;Dy*<2p?d~~$x)65>35A1uuI+v7Q()P<<KFZM1mTa4K2y>H}h($o8
z!d4sdsp2#KnA~90i;i+bajxGll4oC<_AY#b1M`W%HNPJX=yP4k{K6AT#R_MB!siP-
zsmv;4ucK}UyeL7ZE#SVB%h?Nwp7HVV8y`}HEzmMSn1~ui|7B=!hMx(D@QFvW7Q7q#
z-3EThMY0I3*3eR)BGbM}Vj?3fqEGjFi81|^L`5UmJw(|zdkq}rK?1dP_5_!%`<^Z0
z`YDDhDWm9bNwi-^lNB5Y?R*IU_@v5VF?XX<s4p07xC(pm_N)2$U}GrbzDldplBR=^
zfgZoVL1}gYC-jbY+#PUDJ^yam`;|!tW#7Z>7HLLawa*0vn8my$H=|PIjb~t^8~k07
zak*KsKa5?M_cNqLiNYYbS5Pj!me>`?e@eudA7D<<$Q;-U6)6-FdD)P`IxGZ+*D^^j
zhTcIgLmryyeR$fFGM;M$g~n9raO+@rq|vBU8uUs)QS%=XVqU8E;aQ-aHpo3)Uj7e<
z+Z%K60cb{<YTONuYRoNeUt;$x)5<T<<C4laD^!Tpj(D<dN7D`=w_eau037Z~R}JBJ
zzCCwOc)ln;-di<Xmgpr}ZNPc>{={`M*1CL}WvFk5z;%+gphm_b(m%c`%c)4cFOa61
z^C}LV#D*XUixq}B;o-d$x`y7<CG}iPn-XnAaOdrk>b_`i4eFA3!{LvZM53j=511q6
zcVAFFvtT@ZLalbyR%wZ#`t?E^4(%kq{L$o=7X;NFgk$IJBQgBUDr?lQNBs!N<adQ-
zvX4+&+}@z;71#VC#Saq-yc5#-5p-Z^@V6(iBB59CPo+drRzX}<zZXtdyf}M}V(2$6
zDkDhX!jZG(BntQS@x~7eYkE9@=2!fQgVMF2DvyB0Y5AVIt`w`-=v=`iE(#j=-R=8V
zxUM=;(HHW<!Phs25DsnnBUvZ3C&DJePUxpOa!>VPoohYsu)*5&g3*7#*j3QUlZS4Q
zi0FOfw!o12*sYU@-E++Oz6O%;xTcATk0*&ScZ74j_c_s)m-~D$p~AU_g;h@2xUq7(
z&q2D3C3}y8@5rodg7rHNxBdHS3Uo5-+Xa?q!E8<g7kR_NE8Y?b<Et`Do|O%QAD0nL
zyF1q*tvia0e)!)J%lrpoi#&`If-_}vr3I8HPxHycIryPk7Gqc%j;q~c%QpL#UB#AA
zeGQ5ENMj%6FrWIl{)>`$fmdGd*%V31%?WvIR~GSR3N{C+4LI#?3d@-|FDVy<>=9;8
z(A0xO)XV${wLy>(pVJ<{Xy}?&<r;YE{b+o8T(JsqtnRxV=DrkM77E~6%@uZP(pw3y
z8dN;$e22ADE35M}U#fd-eWlfsOexQqeYPK<YO*$5tgzMC0biZ+(O0L}29O%;AalfX
z3@HfCfqIkE3ipC(dywqGtH$)GftL`MeP!Mn$}lh!p+VsBHD+At0o0npm0hp$i<e|H
z$rG5?Y$fTQd-PL<axCLO24CqOKb&nLMihtp=d^@9A~fT4&H}*;@`OCPjfCs#1Kg|A
zq=lTau6V2fvU{>U!Q`Q(j#$fM^?JWBHb&}(Cf^r6izXz)oBDA?D8UAg<r?<ztnjP2
zAHHF|z)%kDlwZ+1sgBRmNA-CUc>_1d6?8j!@0@qs@RcK^tqBdn&ACFBH?>qGHhVO%
z8b3V5dIP*@a9-NP^KC0NC(l%q&<vVSnP<<r!hQB<IZl&`)IdbbPeLv90zsOUoPWqr
zUMVOYukB&TEYGJWyIUzUPX$c*7-WyLeG3RgWqvq0fTe|IGZD-wmdKWu10^f7eQiTT
zKP>DMt5c*Lp58cJv$X2P$tJem?my)Yr*J#Kz%U7<eps!cI_l`3!@|%fB&iOLMasr}
zWxt^C-dF(Vq0?RHcyg(aIsoAiY3eVxdMuST-wmgKwt0y?h8;mKs^g2MC)uxVL8gtJ
z5FN;4f+g8P1-a2~;#KM!lzy=xP9Cx7%d*}|l*bHQerKQ>4VW!a{>wZehw2W3MGQNy
zuFOpnw9WwpHT1!;$R>Zs$-t5!S`?C0_m|O*dkX{8UI?C$VtyI!qvlIW%K1hbI(%#<
z?l_;=nB9H1udL(kUDHeT^ng~}bN(fJ$PFR#GWi6d9hv*ZnAi)`(&EY@TydEfiw2`C
za>1XT0?jJ?2`Eq8Qkbg)kB+JJkmvsq?d3-4FqzGnzXc+GZW!GubVD7ttGQ!Nj@G57
z*O`=dzhC2Ma#icvlRPZ1V+COGM$%jSBif^)I-65D_uG)*6&YRKzG-$grM_Sf^c(F%
zcIE;opyC5+`5tIa+?Px&*NZ-aqVk}-%k5O9T1lpPgECFiEt!xtG(xnw8=e$FdtK}-
zVTW1q7LuVp9Aq3qubWh@SMF=IpUJjro5C@%C-NE5SVKqgOh$ZZqvTHo38V~8j+6S7
z>C;TngapDqGh>Nj42V9wy2e5!!a980s;c0Zk19s5D#}Qpxp~9kP8fwl#xqh@Fm}Ig
z`rVY|yNBuXL?uS=f<W%jn(xMm93y=LluvLcGK*v@sryi%dvir6*r|QgA2D>|GTpTK
z4L)VUyEK9WoUiv6?eMD`Lc>AvFln=ox1*=7CGGYpn9aCt8|1R@Es;15Ynhqs-WVN{
zEq@_WX6^EK+&yiHAfm(NbK*8?N#l+G3^Y5jKL4&pd>+7|6vg$!3`;wN7s&z;{7u|Q
z_U--={4>6+*K+%;eKs-g$T1ycc&P4HZP%1oLnaFb7OFK0><8kg(e^pP#R*y^*8;la
zSkkUM@-%~GC57SC77-Xz9hkvs`W-TB82IR|6I+%~3tk~B(LW@F*E58G@VrqIKK}6{
zzSzT1B`qwIOAalJ+vT`gM8Y^Kj7^DySs`>V%Pk^spH8(}LAEyh?grq4<+erC{78|u
z6Tw7il;7V7pdHA6F!2xFV-53oN0_zg`Y|d!kir(|)!QbGJpo9QA%7&3CNgd;=Vb4u
z?xK!GmS0m+4mBel&BN^!*A4y?f1(y_%dOuMRBY_qb&DjECfnwi<^G%?sUDPi$a(><
z{iqr*-K=<o&F)WtkqUE+?*4Yghz;F6QlNlH@yrD_?8IA(2xz$92zKyvsj)4jQ-(`j
z<)|p5^!@&T-5t#jsxq=}jUo)efzKo`H~Lrkoqy#=-_XaG%>`hi>-YF!aTE#^F@mL>
z-#1aAaamtm{mzZ}X3cBWSoYE0r4>?N^u>Hi0elqVSkCtqZ;n^Y)89e(B#}SlqUvn{
zI$eXiS8Azd-j72%j%@)gI@d;Ve|@Jn@9vK<xIlE(!m5={MRh1Ei9q+jy9kZH%xW(r
z#jJ~^Lw)RedhP`QM(S*-c$H-VkWQi+;cU+9<Zka*+DhbMk^aI7y*gAt@W5&?3m93P
z$(2M5OJniEcfb;!m{NU*>PIxZUJY@ZePv2v&z6=zH9=Qrfbkc86Wz^$_gFn3dKLZ5
zH-L2yxN{~!ukVQli0!pah+<atRD=WNx(r3exa?&PbAeG#68wm3U2J>sN+$MZ%$7@g
z7MP2N$gU6cgd8*{Ivh(6d*F8`!cW&vDG1Zb-!`;WZidEBm{)FvlHmt162Mi{SJS8D
zpA$|e9t`7ihFhu-@+8O$Mn-tORJx5=8$g;0E-DhN%8Hf(hTnhPnRjZgiFK~ze;`9*
z<Fsl6Rwe0-6}f-W>MeF5MDqif$Ob24rFK2SyFHc?K==%<WeT1y?9eF%^MwyfHOW)?
zB%ix(H*UH?3Cd4*GOmv=p-eAa7nD5JOh5_!ex^&-IiAc*W~bV$MBq>1rNgwfP)qL8
z&b@D@UM^O|r@#4ZefGmVPFizU{hpN$ymBV0?8~qFMjpdbSi<Cfg?3M^8PhXy)mWX8
z4LR{icI(8;_BOgn@JHR9QlNGFU}o~_qXB-e&>gT|9w>3n{B0Yni?E+Lt3MxKK#yMq
zcQesUWWC#&cRm6+{f8VUM5}flfAh=nl)@T>Ad$+KSmsFl(`08-fMv%xL52fHGW;R7
z9=C=QUz*v2jfO^~@cjN_DWBS5%XXOC@M}x|5wA7PZEFhWsrYw#pR%6^yQ{%AlU8~e
z3?E;PAxBwB6w@g|=1MhjyEfn`i~$o10j3z%xo&7jLE{o~Uk~F;l+GTP?uW{7G4Qd{
z<W2OO_|46w!oKe+@2@`RvgXux9nbmA>?at<QekKjSs%aGNJ2m_Qx6+rRV2iJ%Hd|i
zD?&a}7Oi4=zmwxYg6N?%&1CA_yd%ul4*v|fgjR6vT}TzIIB4$_AX&aZlLY5H<aMB-
z-;ZTC%zizB#MM-d<%sD|e->|sPbx|gShJ8crIVl1Y}eBK%;iC!GYXg^BeU{+%6?W$
z$);}S=J4%+%Ique1ZgkoC+zR*h?|?P3;X9wfxL`PZczlfHf!!-^w_LP8BW&^Z3%7p
z;^2`$Rhzew4-R=(Gw70VE6(BdasuwPtUla~1V#Sjhpf|71>Io2MO+1B(jAcl$Zi~Q
zC4(2{eoBu(_<W2_*Y2JpU20U|dSTuR`^itQQ!h(1U2!7&oBUJd@)>sgyX%QU=?t8Y
zbZ-D|dH{zR<*n%QwwUo4q?SLMwY6PHIiWAiMU-fE%|`B0mqX9<n4<CMXv;Vr0H1Bx
zC#Q~~Jpln@mW^a4ud*ECk>rV<bviQ!t(YG%a!)j9JdMZL8uKEY77CZ#gz|cLXj~t0
zi_}s5iP^6B6Gayld38w=+(+1s9?EmvELj-V-EidWapuEc=oN<Ak;us3LNX=X*S;DI
zF6|tjv+)&EQUrrRn-ldLchkvhfpiaj9(Y9^9ZdE9%~f>+I(I)0g+Tbuw?HV0E$DD@
zXVGuR7Y4+<Q7S3c2CK*62gOu+0HtKC^XIWNLq`S4gF9+mRAVVoicrm66C#ztnVcJ-
z4<<8CCBuKgl5z57UrxP(YSja9871-P_?Y|2=CZui*AL*;sRZ`C!I+DP2&vu`5|1RJ
ztwTX2ib13&CZ})1h$r_VH!Xn|&21r8A1S96`OM*vOw^mggb=e_oxuyIa*AJ9Yk9yh
zKtr|fb;H`XR>0lL#&{CjqPhjtNr;^oyw?DLr4OM!T>^<8yLmXd8*AT}ZnkztT)h^(
z>R0k?yp32-Dy$s(T`~8u`z_@@F@eskfnYWH6Fv+B?&I4&HE}w+jDSZRuIcWBk)R}6
zrng276^?VK^LL*Giy*d+b#?mBM+a3UeR9$@<42Rz^%rPkxA(yMk+L}-8hu|T=(Ffj
zTfh>$Y-ybhAil1$cWM8Npb8aHMdDukO0Bf=94p3##LLNU{J*{f&|A>}E|(ymh5uDo
zVF8&$L-$_@x#rBr5(aqd9Miw>bI6#Flpc~o>VF_%|66Fjb^z2uoGketo)7&C1lNNM
zAZIkvQ_TOus`>f@P}%JT#9zYwU$(kR13llE+JY+o0-Qn3fa|Bb6K0lZ@-JJdfl`S7
d?+>%*0a-51{0&|6RV)(lQBly8ua-3r`#(+$i|POX

literal 0
HcmV?d00001

diff --git a/doc/user/project/service_desk/index.md b/doc/user/project/service_desk/index.md
index 27e3817ba5a..6dc1a67aabc 100644
--- a/doc/user/project/service_desk/index.md
+++ b/doc/user/project/service_desk/index.md
@@ -64,6 +64,10 @@ Meanwhile:
   - [Email contents and formatting](using_service_desk.md#email-contents-and-formatting)
   - [Convert a regular issue to a Service Desk ticket](using_service_desk.md#convert-a-regular-issue-to-a-service-desk-ticket)
   - [Privacy considerations](using_service_desk.md#privacy-considerations)
+- [External Participants](external_participants.md)
+  - [Service Desk tickets](external_participants.md#service-desk-tickets)
+  - [As an external participant](external_participants.md#as-an-external-participant)
+  - [As a GitLab user](external_participants.md#as-a-gitlab-user)
 
 ## Troubleshooting Service Desk
 
diff --git a/doc/user/project/service_desk/using_service_desk.md b/doc/user/project/service_desk/using_service_desk.md
index 054918343cc..5271e442707 100644
--- a/doc/user/project/service_desk/using_service_desk.md
+++ b/doc/user/project/service_desk/using_service_desk.md
@@ -39,8 +39,8 @@ are sent as emails:
 
 Any responses they send via email are displayed in the issue itself.
 
-For information about headers used for treating email, see
-[the incoming email documentation](../../../administration/incoming_email.md#accepted-headers).
+For additional information see [External participants](external_participants.md) and the
+[headers used for treating email](../../../administration/incoming_email.md#accepted-headers).
 
 ### Create a Service Desk ticket in GitLab UI
 
diff --git a/lib/api/entities/ci/runner.rb b/lib/api/entities/ci/runner.rb
index 441e1dc1117..821c7dc1256 100644
--- a/lib/api/entities/ci/runner.rb
+++ b/lib/api/entities/ci/runner.rb
@@ -6,8 +6,8 @@ module API
       class Runner < Grape::Entity
         expose :id, documentation: { type: 'integer', example: 8 }
         expose :description, documentation: { type: 'string', example: 'test-1-20150125' }
-        # TODO: return null in 17.0 and remove in v5 https://gitlab.com/gitlab-org/gitlab/-/issues/415159
-        expose :ip_address, documentation: { type: 'string', example: '127.0.0.1' }
+        # TODO: remove in v5 https://gitlab.com/gitlab-org/gitlab/-/issues/415159
+        expose(:ip_address, documentation: { type: 'string', example: '127.0.0.1' }) { |_runner, _options| nil }
         # TODO Remove in v5 in favor of `paused` for REST calls, see https://gitlab.com/gitlab-org/gitlab/-/issues/375709
         expose :active, documentation: { type: 'boolean', example: true }
         expose :paused, documentation: { type: 'boolean', example: false } do |runner|
diff --git a/lib/api/entities/ci/runner_details.rb b/lib/api/entities/ci/runner_details.rb
index a26e3afb4c7..40b4d3fa1a0 100644
--- a/lib/api/entities/ci/runner_details.rb
+++ b/lib/api/entities/ci/runner_details.rb
@@ -4,12 +4,18 @@ module API
   module Entities
     module Ci
       class RunnerDetails < Runner
+        include Gitlab::Utils::StrongMemoize
+
         expose :tag_list
         expose :run_untagged
         expose :locked
         expose :maximum_timeout
         expose :access_level
-        expose :version, :revision, :platform, :architecture
+        # TODO: return nil in 18.0 and remove in v5 https://gitlab.com/gitlab-org/gitlab/-/issues/457128
+        expose(:version) { |runner, _options| latest_runner_manager(runner)&.version }
+        expose(:revision) { |runner, _options| latest_runner_manager(runner)&.revision }
+        expose(:platform) { |runner, _options| latest_runner_manager(runner)&.platform }
+        expose(:architecture) { |runner, _options| latest_runner_manager(runner)&.architecture }
         expose :contacted_at
         expose :maintenance_note
 
@@ -31,6 +37,12 @@ module API
           end
         end
         # rubocop: enable CodeReuse/ActiveRecord
+
+        def latest_runner_manager(runner)
+          strong_memoize_with(:latest_runner_manager, runner) do
+            runner.runner_managers.order_contacted_at_desc.first
+          end
+        end
       end
     end
   end
diff --git a/lib/api/generic_packages.rb b/lib/api/generic_packages.rb
index 8d1e9e55f24..56188392288 100644
--- a/lib/api/generic_packages.rb
+++ b/lib/api/generic_packages.rb
@@ -119,7 +119,7 @@ module API
             requires :file_name, type: String, desc: 'Package file name', regexp: Gitlab::Regex.generic_package_file_name_regex, file_path: true
           end
 
-          route_setting :authentication, job_token_allowed: true, basic_auth_personal_access_token: true, deploy_token_allowed: true
+          route_setting :authentication, job_token_allowed: %i[request basic_auth], basic_auth_personal_access_token: true, deploy_token_allowed: true
 
           get do
             project = authorized_user_project(action: :read_package)
diff --git a/lib/api/helpers/packages/maven/basic_auth_helpers.rb b/lib/api/helpers/packages/maven/basic_auth_helpers.rb
index c9ef95adc33..0b0082dc7af 100644
--- a/lib/api/helpers/packages/maven/basic_auth_helpers.rb
+++ b/lib/api/helpers/packages/maven/basic_auth_helpers.rb
@@ -12,7 +12,7 @@ module API
           # basic auth.
           override :find_user_from_job_token
           def find_user_from_job_token
-            super || find_user_from_basic_auth_job
+            super || find_user_from_job_token_basic_auth
           end
         end
       end
diff --git a/lib/gitlab/auth/auth_finders.rb b/lib/gitlab/auth/auth_finders.rb
index 319d1121ec8..f753db5076b 100644
--- a/lib/gitlab/auth/auth_finders.rb
+++ b/lib/gitlab/auth/auth_finders.rb
@@ -76,30 +76,11 @@ module Gitlab
 
       def find_user_from_job_token
         return unless route_authentication_setting[:job_token_allowed]
-        return find_user_from_basic_auth_job if route_authentication_setting[:job_token_allowed] == :basic_auth
 
-        token = current_request.params[JOB_TOKEN_PARAM].presence ||
-          current_request.params[RUNNER_JOB_TOKEN_PARAM].presence ||
-          current_request.env[JOB_TOKEN_HEADER].presence
-        return unless token
+        user = find_user_from_job_token_basic_auth if can_authenticate_job_token_basic_auth?
+        return user if user
 
-        job = find_valid_running_job_by_token!(token.to_s)
-        @current_authenticated_job = job # rubocop:disable Gitlab/ModuleWithInstanceVariables
-
-        job.user
-      end
-
-      def find_user_from_basic_auth_job
-        return unless has_basic_credentials?(current_request)
-
-        login, password = user_name_and_password(current_request)
-        return unless login.present? && password.present?
-        return unless ::Gitlab::Auth::CI_JOB_USER == login
-
-        job = find_valid_running_job_by_token!(password.to_s)
-        @current_authenticated_job = job # rubocop:disable Gitlab/ModuleWithInstanceVariables
-
-        job.user
+        find_user_from_job_token_query_params_or_header if can_authenticate_job_token_request?
       end
 
       def find_user_from_basic_auth_password
@@ -322,6 +303,41 @@ module Gitlab
         user
       end
 
+      def can_authenticate_job_token_basic_auth?
+        setting = route_authentication_setting[:job_token_allowed]
+        Array.wrap(setting).include?(:basic_auth)
+      end
+
+      def can_authenticate_job_token_request?
+        setting = route_authentication_setting[:job_token_allowed]
+        setting == true || Array.wrap(setting).include?(:request)
+      end
+
+      def find_user_from_job_token_query_params_or_header
+        token = current_request.params[JOB_TOKEN_PARAM].presence ||
+          current_request.params[RUNNER_JOB_TOKEN_PARAM].presence ||
+          current_request.env[JOB_TOKEN_HEADER].presence
+        return unless token
+
+        job = find_valid_running_job_by_token!(token.to_s)
+        @current_authenticated_job = job # rubocop:disable Gitlab/ModuleWithInstanceVariables
+
+        job.user
+      end
+
+      def find_user_from_job_token_basic_auth
+        return unless has_basic_credentials?(current_request)
+
+        login, password = user_name_and_password(current_request)
+        return unless login.present? && password.present?
+        return unless ::Gitlab::Auth::CI_JOB_USER == login
+
+        job = find_valid_running_job_by_token!(password.to_s)
+        @current_authenticated_job = job # rubocop:disable Gitlab/ModuleWithInstanceVariables
+
+        job.user
+      end
+
       def parsed_oauth_token
         Doorkeeper::OAuth::Token.from_request(current_request, *Doorkeeper.configuration.access_token_methods)
       end
diff --git a/lib/gitlab/auth/request_authenticator.rb b/lib/gitlab/auth/request_authenticator.rb
index c33ae1ce901..da13d8e382f 100644
--- a/lib/gitlab/auth/request_authenticator.rb
+++ b/lib/gitlab/auth/request_authenticator.rb
@@ -38,7 +38,7 @@ module Gitlab
           find_user_from_web_access_token(request_format, scopes: [:api, :read_api]) ||
           find_user_from_feed_token(request_format) ||
           find_user_from_static_object_token(request_format) ||
-          find_user_from_basic_auth_job ||
+          find_user_from_job_token_basic_auth ||
           find_user_from_job_token ||
           find_user_from_personal_access_token_for_api_or_git ||
           find_user_for_git_or_lfs_request
diff --git a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml
index fa1d8bec7e6..2a07530c00d 100644
--- a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml
@@ -65,10 +65,6 @@ variables:
 
   DOCKER_TLS_CERTDIR: ""  # https://gitlab.com/gitlab-org/gitlab-runner/issues/4501
 
-  # License-Scanning job is removed from GitLab 16.3
-  # This is the fix for https://gitlab.com/gitlab-org/gitlab/-/issues/422791
-  LICENSE_MANAGEMENT_DISABLED: "true"
-
 stages:
   - build
   - test
@@ -182,7 +178,6 @@ include:
   - template: Jobs/Container-Scanning.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml
   - template: Jobs/Dependency-Scanning.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Dependency-Scanning.gitlab-ci.yml
   - template: Jobs/SAST.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml
-  - template: Jobs/License-Scanning.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml
   - template: Jobs/Secret-Detection.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml
 
 # The latest build job generates a dotenv report artifact with a CI_APPLICATION_TAG
diff --git a/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml
index 5cee19a746c..fe8f3be11b4 100644
--- a/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Container-Scanning.gitlab-ci.yml
@@ -22,7 +22,7 @@
 # List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables
 
 variables:
-  CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:6"
+  CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:7"
   CS_SCHEMA_MODEL: 15
 
 container_scanning:
diff --git a/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml
index ade4be99f18..30c6a30f2fb 100644
--- a/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Container-Scanning.latest.gitlab-ci.yml
@@ -22,7 +22,7 @@
 # List of available variables: https://docs.gitlab.com/ee/user/application_security/container_scanning/#available-variables
 
 variables:
-  CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:6"
+  CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:7"
   CS_SCHEMA_MODEL: 15
 
 container_scanning:
diff --git a/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml
deleted file mode 100644
index 58846d31e2f..00000000000
--- a/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml
+++ /dev/null
@@ -1,38 +0,0 @@
-# To contribute improvements to CI/CD templates, please follow the Development guide at:
-# https://docs.gitlab.com/ee/development/cicd/templates.html
-# This specific template is located at:
-# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml
-
-# Read more about this feature here: https://docs.gitlab.com/ee/user/compliance/license_compliance/index.html
-#
-# Configure license scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
-# List of available variables: https://docs.gitlab.com/ee/user/compliance/license_compliance/#available-variables
-
-variables:
-  # Setting this variable will affect all Security templates
-  # (SAST, Dependency Scanning, ...)
-  SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
-
-  LICENSE_MANAGEMENT_SETUP_CMD: ''  # If needed, specify a command to setup your environment with a custom package manager.
-  LICENSE_MANAGEMENT_VERSION: 'removed'
-
-license_scanning:
-  stage: test
-  image:
-    name: "$SECURE_ANALYZERS_PREFIX/license-finder:$LICENSE_MANAGEMENT_VERSION"
-    entrypoint: [""]
-  variables:
-    LM_REPORT_VERSION: '2.1'
-    SETUP_CMD: $LICENSE_MANAGEMENT_SETUP_CMD
-  allow_failure: true
-  script:
-    - /run.sh analyze .
-  artifacts:
-    reports:
-      license_scanning: gl-license-scanning-report.json
-  dependencies: []
-  rules:
-    - if: $LICENSE_MANAGEMENT_DISABLED == 'true' || $LICENSE_MANAGEMENT_DISABLED == '1'
-      when: never
-    - if: $CI_COMMIT_BRANCH &&
-          $GITLAB_FEATURES =~ /\blicense_scanning\b/
diff --git a/lib/gitlab/ci/templates/Jobs/License-Scanning.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/License-Scanning.latest.gitlab-ci.yml
deleted file mode 100644
index 8e1b0159cb0..00000000000
--- a/lib/gitlab/ci/templates/Jobs/License-Scanning.latest.gitlab-ci.yml
+++ /dev/null
@@ -1,48 +0,0 @@
-# To contribute improvements to CI/CD templates, please follow the Development guide at:
-# https://docs.gitlab.com/ee/development/cicd/templates.html
-# This specific template is located at:
-# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml
-
-# Read more about this feature here: https://docs.gitlab.com/ee/user/compliance/license_compliance/index.html
-#
-# Configure license scanning with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
-# List of available variables: https://docs.gitlab.com/ee/user/compliance/license_compliance/#available-variables
-
-variables:
-  # Setting this variable will affect all Security templates
-  # (SAST, Dependency Scanning, ...)
-  SECURE_ANALYZERS_PREFIX: "$CI_TEMPLATE_REGISTRY_HOST/security-products"
-
-  LICENSE_MANAGEMENT_SETUP_CMD: ''  # If needed, specify a command to setup your environment with a custom package manager.
-  LICENSE_MANAGEMENT_VERSION: 4
-
-license_scanning:
-  stage: test
-  image:
-    name: "$SECURE_ANALYZERS_PREFIX/license-finder:$LICENSE_MANAGEMENT_VERSION"
-    entrypoint: [""]
-  variables:
-    LM_REPORT_VERSION: '2.1'
-    SETUP_CMD: $LICENSE_MANAGEMENT_SETUP_CMD
-  allow_failure: true
-  script:
-    - /run.sh analyze .
-  artifacts:
-    reports:
-      license_scanning: gl-license-scanning-report.json
-  dependencies: []
-  rules:
-    - if: $LICENSE_MANAGEMENT_DISABLED == 'true' || $LICENSE_MANAGEMENT_DISABLED == '1'
-      when: never
-
-    # Add the job to merge request pipelines if there's an open merge request.
-    - if: $CI_PIPELINE_SOURCE == "merge_request_event" &&
-          $GITLAB_FEATURES =~ /\blicense_scanning\b/
-
-    # Don't add it to a *branch* pipeline if it's already in a merge request pipeline.
-    - if: $CI_OPEN_MERGE_REQUESTS
-      when: never
-
-    # Add the job to branch pipelines.
-    - if: $CI_COMMIT_BRANCH &&
-          $GITLAB_FEATURES =~ /\blicense_scanning\b/
diff --git a/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml
deleted file mode 100644
index 0fe544b2c84..00000000000
--- a/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-# This template moved to Jobs/License-Scanning.gitlab-ci.yml in GitLab 14.8
-# Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/292977
-
-include:
-  - template: Jobs/License-Scanning.gitlab-ci.yml
diff --git a/lib/gitlab/graphql/type_name_deprecations.rb b/lib/gitlab/graphql/type_name_deprecations.rb
index b06749df269..34f7e16e515 100644
--- a/lib/gitlab/graphql/type_name_deprecations.rb
+++ b/lib/gitlab/graphql/type_name_deprecations.rb
@@ -11,11 +11,7 @@ module Gitlab
       #       old_name: 'RunnerMembershipFilter', new_name: 'CiRunnerMembershipFilter', milestone: '15.4'
       #     )
       #   ].freeze
-      DEPRECATIONS = [
-        Gitlab::Graphql::DeprecationsBase::NameDeprecation.new(
-          old_name: 'RunnerMembershipFilter', new_name: 'CiRunnerMembershipFilter', milestone: '15.4'
-        )
-      ].freeze
+      DEPRECATIONS = [].freeze
 
       def self.map_graphql_name(name)
         name
diff --git a/lib/tasks/gitlab/graphql.rake b/lib/tasks/gitlab/graphql.rake
index 8a677ff4677..686abe0900b 100644
--- a/lib/tasks/gitlab/graphql.rake
+++ b/lib/tasks/gitlab/graphql.rake
@@ -20,13 +20,18 @@ namespace :gitlab do
     end
   end
 
+  task generous_gitlab_schema: :environment do
+    GitlabSchema.validate_timeout 1.second
+    puts "Validation timeout set to #{GitlabSchema.validate_timeout} second(s)"
+  end
+
   # Defines tasks for dumping the GraphQL schema:
   # - gitlab:graphql:schema:dump
   # - gitlab:graphql:schema:idl
   # - gitlab:graphql:schema:json
   GraphQL::RakeTask.new(
     schema_name: 'GitlabSchema',
-    dependencies: [:environment, :enable_feature_flags],
+    dependencies: [:environment, :enable_feature_flags, :generous_gitlab_schema],
     directory: TEMP_SCHEMA_DIR,
     idl_outfile: "gitlab_schema.graphql",
     json_outfile: "gitlab_schema.json"
@@ -70,13 +75,7 @@ namespace :gitlab do
     end
 
     desc 'GitLab | GraphQL | Validate queries'
-    task validate: [:environment, :enable_feature_flags] do |t, args|
-      class GenerousTimeoutSchema < GitlabSchema # rubocop:disable Gitlab/NamespacedClass
-        validate_timeout 1.second
-      end
-
-      puts "Validating GraphQL queries. Validation timeout set to #{GenerousTimeoutSchema.validate_timeout} second(s)"
-
+    task validate: [:environment, :enable_feature_flags, :generous_gitlab_schema] do |t, args|
       queries = if args.to_a.present?
                   args.to_a.flat_map { |path| Gitlab::Graphql::Queries.find(path) }
                 else
@@ -84,7 +83,7 @@ namespace :gitlab do
                 end
 
       failed = queries.flat_map do |defn|
-        summary, errs = defn.validate(GenerousTimeoutSchema)
+        summary, errs = defn.validate(GitlabSchema)
 
         case summary
         when :client_query
diff --git a/lib/unnested_in_filters/rewriter.rb b/lib/unnested_in_filters/rewriter.rb
index 2e334eb147b..386dd548127 100644
--- a/lib/unnested_in_filters/rewriter.rb
+++ b/lib/unnested_in_filters/rewriter.rb
@@ -69,6 +69,90 @@ module UnnestedInFilters
       end
     end
 
+    # A naive query planner implementation.
+    # Checks if a database-level index can be utilized by given filtering and ordering predicates.
+    #
+    # Partial index support:
+    #     - Supports partial indices if the partial index predicate contains only one column.
+    #     - Supports only the `=` operator in partial index predicate.
+    class IndexCoverage
+      PARTIAL_INDEX_REGEX = /(?<!\s)(?>\(*(?<column_name>\b\w+)\s*=\s*(?<column_value>\w+)\)*)(?!\s)/
+
+      def initialize(index, where_hash, order_attributes)
+        @index = index
+        @where_hash = where_hash
+        @order_attributes = order_attributes
+      end
+
+      def covers?
+        filter_attributes_covered? &&
+          can_be_used_for_sorting? &&
+          does_not_contain_any_other_column?
+      end
+
+      private
+
+      attr_reader :index, :where_hash, :order_attributes
+
+      def filter_attributes_covered?
+        partial? ? partial_index_coverage? : full_index_coverage?
+      end
+
+      def can_be_used_for_sorting?
+        index.columns.last(order_attributes.length) == order_attributes
+      end
+
+      def does_not_contain_any_other_column?
+        (index.columns - combined_attributes).empty?
+      end
+
+      def partial?
+        index.where.present?
+      end
+
+      def full_index_coverage?
+        (filter_attributes - Array(index.columns)).empty?
+      end
+
+      def partial_index_coverage?
+        return false unless partial_column
+
+        full_index_coverage_with_partial_column? && partial_filter_matches?
+      end
+
+      def full_index_coverage_with_partial_column?
+        (filter_attributes - Array(index.columns) - Array(partial_column)).empty?
+      end
+
+      def combined_attributes
+        filter_attributes + order_attributes
+      end
+
+      def filter_attributes
+        @filter_attributes ||= where_hash.keys
+      end
+
+      def partial_filter_matches?
+        partial_filter == partial_value
+      end
+
+      def partial_filter
+        where_hash[partial_column].to_s
+      end
+
+      def partial_column
+        index_filter['column_name']
+      end
+
+      def partial_value
+        index_filter['column_value']
+      end
+
+      def index_filter
+        @index_filter ||= index.where.match(PARTIAL_INDEX_REGEX)&.named_captures.to_h
+      end
+    end
+
     def initialize(relation)
       @relation = relation
     end
@@ -252,11 +336,7 @@ module UnnestedInFilters
     end
 
     def has_index_coverage?
-      indices.any? do |index|
-        (filter_attributes - Array(index.columns)).empty? && # all the filter attributes are indexed
-          index.columns.last(order_attributes.length) == order_attributes && # index can be used in sorting
-          (index.columns - combined_attributes).empty? # there is no other columns in the index
-      end
+      indices.any?(&:covers?)
     end
 
     def primary_key_present?
@@ -285,7 +365,9 @@ module UnnestedInFilters
     end
 
     def indices
-      model.connection.schema_cache.indexes(model.table_name)
+      model.connection.schema_cache.indexes(model.table_name).map do |index|
+        IndexCoverage.new(index, where_clause.to_h, order_attributes)
+      end
     end
 
     def value_tables
diff --git a/qa/qa/specs/features/browser_ui/7_configure/auto_devops/auto_devops_templates_spec.rb b/qa/qa/specs/features/browser_ui/7_configure/auto_devops/auto_devops_templates_spec.rb
index 2e64987f605..88e1487df34 100644
--- a/qa/qa/specs/features/browser_ui/7_configure/auto_devops/auto_devops_templates_spec.rb
+++ b/qa/qa/specs/features/browser_ui/7_configure/auto_devops/auto_devops_templates_spec.rb
@@ -15,7 +15,6 @@ module QA
       # during the production run
       let(:optional_jobs) do
         %w[
-          LICENSE_MANAGEMENT_DISABLED
           SAST_DISABLED DAST_DISABLED
           DEPENDENCY_SCANNING_DISABLED
           CONTAINER_SCANNING_DISABLED
diff --git a/qa/qa/specs/features/browser_ui/7_configure/auto_devops/create_project_with_auto_devops_spec.rb b/qa/qa/specs/features/browser_ui/7_configure/auto_devops/create_project_with_auto_devops_spec.rb
index b0eea1e5553..12e37f2742d 100644
--- a/qa/qa/specs/features/browser_ui/7_configure/auto_devops/create_project_with_auto_devops_spec.rb
+++ b/qa/qa/specs/features/browser_ui/7_configure/auto_devops/create_project_with_auto_devops_spec.rb
@@ -80,7 +80,7 @@ module QA
 
     def disable_optional_jobs(project)
       %w[
-        TEST_DISABLED CODE_QUALITY_DISABLED LICENSE_MANAGEMENT_DISABLED
+        TEST_DISABLED CODE_QUALITY_DISABLED
         BROWSER_PERFORMANCE_DISABLED LOAD_PERFORMANCE_DISABLED
         SAST_DISABLED SECRET_DETECTION_DISABLED DEPENDENCY_SCANNING_DISABLED
         CONTAINER_SCANNING_DISABLED DAST_DISABLED REVIEW_DISABLED
diff --git a/spec/frontend/environments/environment_details/components/kubernetes/kubernetes_status_bar_spec.js b/spec/frontend/environments/environment_details/components/kubernetes/kubernetes_status_bar_spec.js
index 0bed741a21e..df6f5cfd725 100644
--- a/spec/frontend/environments/environment_details/components/kubernetes/kubernetes_status_bar_spec.js
+++ b/spec/frontend/environments/environment_details/components/kubernetes/kubernetes_status_bar_spec.js
@@ -28,7 +28,7 @@ const configuration = {
 };
 const environmentName = 'environment_name';
 const kustomizationResourcePath =
-  'kustomize.toolkit.fluxcd.io/v1beta1/namespaces/my-namespace/kustomizations/app';
+  'kustomize.toolkit.fluxcd.io/v1/namespaces/my-namespace/kustomizations/app';
 
 describe('~/environments/environment_details/components/kubernetes/kubernetes_status_bar.vue', () => {
   let wrapper;
@@ -280,7 +280,7 @@ describe('~/environments/environment_details/components/kubernetes/kubernetes_st
           createWrapper({
             apolloProvider: createApolloProviderWithErrors(),
             fluxResourcePath:
-              'kustomize.toolkit.fluxcd.io/v1beta1/namespaces/my-namespace/kustomizations/app',
+              'kustomize.toolkit.fluxcd.io/v1/namespaces/my-namespace/kustomizations/app',
           });
           await waitForPromises();
         });
diff --git a/spec/frontend/environments/environment_flux_resource_selector_spec.js b/spec/frontend/environments/environment_flux_resource_selector_spec.js
index 8dab8fdd96a..a05deb52463 100644
--- a/spec/frontend/environments/environment_flux_resource_selector_spec.js
+++ b/spec/frontend/environments/environment_flux_resource_selector_spec.js
@@ -29,7 +29,7 @@ describe('~/environments/components/flux_resource_selector.vue', () => {
   let wrapper;
 
   const kustomizationItem = {
-    apiVersion: 'kustomize.toolkit.fluxcd.io/v1beta1',
+    apiVersion: 'kustomize.toolkit.fluxcd.io/v1',
     metadata: { name: 'kustomization', namespace },
   };
   const helmReleaseItem = {
diff --git a/spec/frontend/environments/graphql/mock_data.js b/spec/frontend/environments/graphql/mock_data.js
index 4754d1c15a8..9501887b10c 100644
--- a/spec/frontend/environments/graphql/mock_data.js
+++ b/spec/frontend/environments/graphql/mock_data.js
@@ -822,7 +822,7 @@ export const fluxKustomizationsMock = [
   },
 ];
 
-export const fluxResourcePathMock = 'path/to/flux/resource';
+export const fluxResourcePathMock = 'kustomize.toolkit.fluxcd.io/v1/path/to/flux/resource';
 
 export const resolvedEnvironmentToDelete = {
   __typename: 'LocalEnvironment',
diff --git a/spec/frontend/environments/graphql/resolvers/flux_spec.js b/spec/frontend/environments/graphql/resolvers/flux_spec.js
index 526c98b55b3..ff808032205 100644
--- a/spec/frontend/environments/graphql/resolvers/flux_spec.js
+++ b/spec/frontend/environments/graphql/resolvers/flux_spec.js
@@ -28,7 +28,7 @@ describe('~/frontend/environments/graphql/resolvers', () => {
   describe('fluxKustomizationStatus', () => {
     const client = { writeQuery: jest.fn() };
     const fluxResourcePath =
-      'kustomize.toolkit.fluxcd.io/v1beta1/namespaces/my-namespace/kustomizations/app';
+      'kustomize.toolkit.fluxcd.io/v1/namespaces/my-namespace/kustomizations/app';
     const endpoint = `${configuration.basePath}/apis/${fluxResourcePath}`;
 
     describe('when k8sWatchApi feature is disabled', () => {
@@ -84,7 +84,7 @@ describe('~/frontend/environments/graphql/resolvers', () => {
       });
       const resourceName = 'custom-resource';
       const resourceNamespace = 'custom-namespace';
-      const apiVersion = 'kustomize.toolkit.fluxcd.io/v1beta1';
+      const apiVersion = 'kustomize.toolkit.fluxcd.io/v1';
 
       beforeEach(() => {
         gon.features = { k8sWatchApi: true };
diff --git a/spec/frontend/issues/list/components/empty_state_without_any_issues_spec.js b/spec/frontend/issues/list/components/empty_state_without_any_issues_spec.js
index 004e5fd9356..ab3e90e40ab 100644
--- a/spec/frontend/issues/list/components/empty_state_without_any_issues_spec.js
+++ b/spec/frontend/issues/list/components/empty_state_without_any_issues_spec.js
@@ -184,7 +184,7 @@ describe('EmptyStateWithoutAnyIssues component', () => {
         const experimentTracking = { 'data-track-experiment': 'issues_mrs_empty_state' };
 
         const emptyStateBlockTracking = {
-          'data-track-action': 'render_project_issues_empty_list_page',
+          'data-track-action': 'render',
           'data-track-label': 'project_issues_empty_list',
         };
 
diff --git a/spec/graphql/types/ci/runner_type_spec.rb b/spec/graphql/types/ci/runner_type_spec.rb
index dc664f281b7..cbfea04e71d 100644
--- a/spec/graphql/types/ci/runner_type_spec.rb
+++ b/spec/graphql/types/ci/runner_type_spec.rb
@@ -10,9 +10,9 @@ RSpec.describe GitlabSchema.types['CiRunner'], feature_category: :runner do
   it 'contains attributes related to a runner' do
     expected_fields = %w[
       id description created_by created_at contacted_at managers maximum_timeout access_level active paused status
-      version short_sha revision locked run_untagged ip_address runner_type tag_list
-      project_count job_count admin_url edit_admin_url register_admin_url user_permissions executor_name
-      architecture_name platform_name maintenance_note maintenance_note_html groups projects jobs token_expires_at
+      short_sha locked run_untagged runner_type tag_list
+      project_count job_count admin_url edit_admin_url register_admin_url user_permissions
+      maintenance_note maintenance_note_html groups projects jobs token_expires_at
       owner_project job_execution_status ephemeral_authentication_token ephemeral_register_url
     ]
 
diff --git a/spec/lib/gitlab/auth/auth_finders_spec.rb b/spec/lib/gitlab/auth/auth_finders_spec.rb
index 26e6cd36615..914d675452c 100644
--- a/spec/lib/gitlab/auth/auth_finders_spec.rb
+++ b/spec/lib/gitlab/auth/auth_finders_spec.rb
@@ -786,8 +786,8 @@ RSpec.describe Gitlab::Auth::AuthFinders, feature_category: :system_access do
     end
   end
 
-  describe '#find_user_from_basic_auth_job' do
-    subject { find_user_from_basic_auth_job }
+  describe '#find_user_from_job_token_basic_auth' do
+    subject { find_user_from_job_token_basic_auth }
 
     context 'when the request does not have AUTHORIZATION header' do
       it { is_expected.to be_nil }
@@ -1037,6 +1037,60 @@ RSpec.describe Gitlab::Auth::AuthFinders, feature_category: :system_access do
       end
     end
 
+    context 'for route_authentication_setting[job_token_allowed]' do
+      using RSpec::Parameterized::TableSyntax
+
+      where(:route_setting, :expect_user_via_request, :expect_user_via_basic_auth) do
+        true                    | true  | false
+        :request                | true  | false
+        [:request]              | true  | false
+        :basic_auth             | false | true
+        [:basic_auth]           | false | true
+        [:request, :basic_auth] | true  | true
+
+        # unexpected values
+        :foo                    | false | false
+        [:foo]                  | false | false
+        [:foo, :bar]            | false | false
+      end
+
+      with_them do
+        let(:route_authentication_setting) { { job_token_allowed: route_setting } }
+
+        context 'when the token is in the headers' do
+          before do
+            set_header(described_class::JOB_TOKEN_HEADER, token)
+          end
+
+          it { is_expected.to eq(expect_user_via_request ? user : nil) }
+        end
+
+        context 'when the token is in the job_token param' do
+          before do
+            set_param(described_class::JOB_TOKEN_PARAM, token)
+          end
+
+          it { is_expected.to eq(expect_user_via_request ? user : nil) }
+        end
+
+        context 'when the token is in the token param' do
+          before do
+            set_param(described_class::RUNNER_JOB_TOKEN_PARAM, token)
+          end
+
+          it { is_expected.to eq(expect_user_via_request ? user : nil) }
+        end
+
+        context 'when the token is in basic auth header' do
+          before do
+            set_basic_auth_header(::Gitlab::Auth::CI_JOB_USER, token)
+          end
+
+          it { is_expected.to eq(expect_user_via_basic_auth ? user : nil) }
+        end
+      end
+    end
+
     context 'when route setting allows job_token' do
       let(:route_authentication_setting) { { job_token_allowed: true } }
 
diff --git a/spec/lib/unnested_in_filters/rewriter_spec.rb b/spec/lib/unnested_in_filters/rewriter_spec.rb
index 945a50ce2e8..24ee4c16b52 100644
--- a/spec/lib/unnested_in_filters/rewriter_spec.rb
+++ b/spec/lib/unnested_in_filters/rewriter_spec.rb
@@ -62,6 +62,44 @@ RSpec.describe UnnestedInFilters::Rewriter do
           end
         end
       end
+
+      context 'with partial indices' do
+        let(:relation) { Vulnerability.where(state: [:detected, :confirmed], resolved_on_default_branch: false) }
+
+        before do
+          Vulnerability.reset_column_information
+        end
+
+        context 'when there is a partial index coverage for the used columns' do
+          before do
+            ApplicationRecord.connection.execute(<<~SQL)
+              CREATE INDEX on vulnerabilities USING btree(state) WHERE (resolved_on_default_branch = false)
+            SQL
+          end
+
+          it { is_expected.to be_truthy }
+        end
+
+        context 'when there is no partial index coverage for the used columns' do
+          before do
+            ApplicationRecord.connection.execute(<<~SQL)
+              CREATE INDEX on vulnerabilities USING btree(state) WHERE (id = 100)
+            SQL
+          end
+
+          it { is_expected.to be_falsey }
+        end
+
+        context 'when the partial index definition has more columns' do
+          before do
+            ApplicationRecord.connection.execute(<<~SQL)
+              CREATE INDEX on vulnerabilities USING btree(state) WHERE (resolved_on_default_branch = false AND id = 100)
+            SQL
+          end
+
+          it { is_expected.to be_falsey }
+        end
+      end
     end
   end
 
diff --git a/spec/models/ci/runner_manager_spec.rb b/spec/models/ci/runner_manager_spec.rb
index bc479036b00..eca02c01796 100644
--- a/spec/models/ci/runner_manager_spec.rb
+++ b/spec/models/ci/runner_manager_spec.rb
@@ -226,6 +226,16 @@ RSpec.describe Ci::RunnerManager, feature_category: :fleet_visibility, type: :mo
     it { is_expected.to eq([runner_manager2, runner_manager1]) }
   end
 
+  describe '.order_contacted_at_desc', :freeze_time do
+    subject(:scope) { described_class.order_contacted_at_desc }
+
+    let_it_be(:runner_manager1) { create(:ci_runner_machine, contacted_at: 1.second.ago) }
+    let_it_be(:runner_manager2) { create(:ci_runner_machine, contacted_at: 3.seconds.ago) }
+    let_it_be(:runner_manager3) { create(:ci_runner_machine, contacted_at: 2.seconds.ago) }
+
+    it { is_expected.to eq([runner_manager1, runner_manager3, runner_manager2]) }
+  end
+
   describe '.with_upgrade_status' do
     subject(:scope) { described_class.with_upgrade_status(upgrade_status) }
 
diff --git a/spec/models/repository_spec.rb b/spec/models/repository_spec.rb
index dd9ecdf993c..485e400eb26 100644
--- a/spec/models/repository_spec.rb
+++ b/spec/models/repository_spec.rb
@@ -386,26 +386,6 @@ RSpec.describe Repository, feature_category: :source_code_management do
       end
     end
 
-    context 'when Gitaly raises a CommandError error' do
-      let(:error_message) { 'Boom' }
-
-      before do
-        expect(Gitlab::Git::Commit).to receive(:where).and_raise(Gitlab::Git::CommandError, error_message)
-      end
-
-      it 're-raises an error' do
-        expect { repository.commits('master', limit: 60) }.to raise_error(Gitlab::Git::CommandError, error_message)
-      end
-
-      context 'when error contains "listing commits failed" message' do
-        let(:error_message) { 'listing commits failed' }
-
-        it 'returns an empty collection' do
-          expect(repository.commits('master', limit: 60).to_a).to eq([])
-        end
-      end
-    end
-
     context 'when ref is passed' do
       it 'returns every commit from the specified ref' do
         expect(repository.commits('master', limit: 60).size).to eq(37)
diff --git a/spec/requests/api/commits_spec.rb b/spec/requests/api/commits_spec.rb
index 85a07d85174..db76b03090a 100644
--- a/spec/requests/api/commits_spec.rb
+++ b/spec/requests/api/commits_spec.rb
@@ -277,6 +277,29 @@ RSpec.describe API::Commits, feature_category: :source_code_management do
             end
           end
 
+          context 'with ref_name + path params' do
+            let(:params) { { ref_name: ref_name, path: 'files/ruby/popen.rb' } }
+            let(:ref_name) { 'master' }
+
+            it 'returns project commits matching provided path parameter' do
+              get api("/projects/#{project_id}/repository/commits", user), params: params
+
+              expect(json_response.size).to eq(3)
+              expect(json_response.first["id"]).to eq("570e7b2abdd848b95f2f578043fc23bd6f6fd24d")
+              expect(response).to include_limited_pagination_headers
+            end
+
+            context 'when ref_name does not exist' do
+              let(:ref_name) { 'does-not-exist' }
+
+              it 'returns an empty response' do
+                get api("/projects/#{project_id}/repository/commits", user), params: params
+
+                expect(json_response).to eq([])
+              end
+            end
+          end
+
           context 'with pagination params' do
             let(:page) { 1 }
             let(:per_page) { 5 }
diff --git a/spec/requests/api/generic_packages_spec.rb b/spec/requests/api/generic_packages_spec.rb
index cf9912ba906..eadd0817fb6 100644
--- a/spec/requests/api/generic_packages_spec.rb
+++ b/spec/requests/api/generic_packages_spec.rb
@@ -29,6 +29,8 @@ RSpec.describe API::GenericPackages, feature_category: :package_registry do
       personal_access_token_header
     when :job_token
       job_token_header
+    when :job_basic_auth
+      job_basic_auth_header
     when :invalid_personal_access_token
       personal_access_token_header('wrong token')
     when :invalid_job_token
@@ -61,6 +63,10 @@ RSpec.describe API::GenericPackages, feature_category: :package_registry do
     { Gitlab::Auth::AuthFinders::JOB_TOKEN_HEADER => value || ci_build.token }
   end
 
+  def job_basic_auth_header(value = nil)
+    basic_auth_header(Gitlab::Auth::CI_JOB_USER, value || ci_build.token)
+  end
+
   def deploy_token_header(value)
     { Gitlab::Auth::AuthFinders::DEPLOY_TOKEN_HEADER => value }
   end
@@ -564,12 +570,16 @@ RSpec.describe API::GenericPackages, feature_category: :package_registry do
         'PRIVATE' | :guest     | false | :invalid_user_basic_auth       | :unauthorized
         'PRIVATE' | :anonymous | false | :none                          | :unauthorized
         'PUBLIC'  | :developer | true  | :job_token                     | :success
+        'PUBLIC'  | :developer | true  | :job_basic_auth                | :success
         'PUBLIC'  | :developer | true  | :invalid_job_token             | :unauthorized
         'PUBLIC'  | :developer | false | :job_token                     | :success
+        'PUBLIC'  | :developer | false | :job_basic_auth                | :success
         'PUBLIC'  | :developer | false | :invalid_job_token             | :unauthorized
         'PRIVATE' | :developer | true  | :job_token                     | :success
+        'PRIVATE' | :developer | true  | :job_basic_auth                | :success
         'PRIVATE' | :developer | true  | :invalid_job_token             | :unauthorized
         'PRIVATE' | :developer | false | :job_token                     | :not_found
+        'PRIVATE' | :developer | false | :job_basic_auth                | :not_found
         'PRIVATE' | :developer | false | :invalid_job_token             | :unauthorized
       end
 
diff --git a/spec/requests/api/graphql/ci/runner_spec.rb b/spec/requests/api/graphql/ci/runner_spec.rb
index a2fb646769b..ec30c6fb71c 100644
--- a/spec/requests/api/graphql/ci/runner_spec.rb
+++ b/spec/requests/api/graphql/ci/runner_spec.rb
@@ -89,9 +89,7 @@ RSpec.describe 'Query.runner(id)', :freeze_time, feature_category: :fleet_visibi
         created_by: runner.creator ? a_graphql_entity_for(runner.creator) : nil,
         created_at: runner.created_at&.iso8601,
         contacted_at: runner.contacted_at&.iso8601,
-        version: runner.version,
         short_sha: runner.short_sha,
-        revision: runner.revision,
         locked: false,
         active: runner.active,
         paused: !runner.active,
@@ -100,12 +98,8 @@ RSpec.describe 'Query.runner(id)', :freeze_time, feature_category: :fleet_visibi
         maximum_timeout: runner.maximum_timeout,
         access_level: runner.access_level.to_s.upcase,
         run_untagged: runner.run_untagged,
-        ip_address: runner.ip_address,
         runner_type: runner.instance_type? ? 'INSTANCE_TYPE' : 'PROJECT_TYPE',
         ephemeral_authentication_token: nil,
-        executor_name: runner.executor_type&.dasherize,
-        architecture_name: runner.architecture,
-        platform_name: runner.platform,
         maintenance_note: runner.maintenance_note,
         maintenance_note_html:
           runner.maintainer_note.present? ? a_string_including('<strong>Test maintenance note</strong>') : '',
diff --git a/spec/views/devise/shared/_signup_box.html.haml_spec.rb b/spec/views/devise/shared/_signup_box.html.haml_spec.rb
index e4ca48f1623..d620449672d 100644
--- a/spec/views/devise/shared/_signup_box.html.haml_spec.rb
+++ b/spec/views/devise/shared/_signup_box.html.haml_spec.rb
@@ -110,10 +110,22 @@ RSpec.describe 'devise/shared/_signup_box', feature_category: :system_access do
       expect(rendered).to include(s_('SignUp|Contribute to a public project on GitLab'))
 
       expect(rendered).to have_css('select[name="signup_intent"]')
-      expect(rendered).to have_css('option[value="new_team"]')
-      expect(rendered).to have_css('option[value="new_personal_account"]')
-      expect(rendered).to have_css('option[value="join_existing_team"]')
-      expect(rendered).to have_css('option[value="contribute_public_project"]')
+
+      expect(rendered).to have_css(
+        'option[value="select_signup_intent_dropdown_new_team_registration_step_one"]'
+      )
+
+      expect(rendered).to have_css(
+        'option[value="select_signup_intent_dropdown_new_personal_account_registration_step_one"]'
+      )
+
+      expect(rendered).to have_css(
+        'option[value="select_signup_intent_dropdown_join_existing_team_registration_step_one"]'
+      )
+
+      expect(rendered).to have_css(
+        'option[value="select_signup_intent_dropdown_contribute_public_project_registration_step_one"]'
+      )
     end
   end
 
diff --git a/workhorse/go.mod b/workhorse/go.mod
index 833670fdd90..93174b7b34e 100644
--- a/workhorse/go.mod
+++ b/workhorse/go.mod
@@ -1,6 +1,8 @@
 module gitlab.com/gitlab-org/gitlab/workhorse
 
-go 1.20
+go 1.21
+
+toolchain go1.21.9
 
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.1
diff --git a/workhorse/go.sum b/workhorse/go.sum
index 7d31ec736c7..b2b44637324 100644
--- a/workhorse/go.sum
+++ b/workhorse/go.sum
@@ -67,6 +67,7 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1/go.mod h1:h8hyGFDsU5HMiv
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aMclParm9/5Vgp+TY51uBQ=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2/go.mod h1:yInRyqWXAuaPrgI7p70+lDDgh3mlBohis29jGMISnmc=
 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.5.0 h1:AifHbc4mg0x9zW52WOpKbsHaDKuRhlI7TVl47thgQ70=
+github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.5.0/go.mod h1:T5RfihdXtBDxt1Ch2wobif3TvzTdumDy29kahv6AV9A=
 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.1 h1:fXPMAmuh0gDuRDey0atC8cXBuKIlqCzCkL8sm1n9Ov0=
 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.1/go.mod h1:SUZc9YRRHfx2+FAQKNDGrssXehqLpxmwRv2mC/5ntj4=
 github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
@@ -85,36 +86,58 @@ github.com/DataDog/gostackparse v0.5.0/go.mod h1:lTfqcJKqS9KnXQGnyQMCugq3u1FP6UZ
 github.com/DataDog/sketches-go v1.0.0 h1:chm5KSXO7kO+ywGWJ0Zs6tdmWU8PBXSbywFVciL6BG4=
 github.com/DataDog/sketches-go v1.0.0/go.mod h1:O+XkJHWk9w4hDwY2ZUDU31ZC9sNYlYo8DiFsxjYeo1k=
 github.com/HdrHistogram/hdrhistogram-go v1.1.1 h1:cJXY5VLMHgejurPjZH6Fo9rIwRGLefBGdiaENZALqrg=
+github.com/HdrHistogram/hdrhistogram-go v1.1.1/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo=
 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
 github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
 github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
 github.com/alecthomas/assert/v2 v2.6.0 h1:o3WJwILtexrEUk3cUVal3oiQY2tfgr/FHWiz/v2n4FU=
+github.com/alecthomas/assert/v2 v2.6.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k=
 github.com/alecthomas/chroma/v2 v2.13.0 h1:VP72+99Fb2zEcYM0MeaWJmV+xQvz5v5cxRHd+ooU1lI=
 github.com/alecthomas/chroma/v2 v2.13.0/go.mod h1:BUGjjsD+ndS6eX37YgTchSEG+Jg9Jv1GiZs9sqPqztk=
 github.com/alecthomas/repr v0.4.0 h1:GhI2A8MACjfegCPVq9f1FLvIBS+DrQ2KQBFZP1iFzXc=
+github.com/alecthomas/repr v0.4.0/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/aws/aws-sdk-go v1.44.256/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/aws/aws-sdk-go v1.51.14 h1:qedX6zZEO1a+5kra+D4ythOYR3TgaROC0hTPxhTFh8I=
 github.com/aws/aws-sdk-go v1.51.14/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
 github.com/aws/aws-sdk-go-v2 v1.25.3 h1:xYiLpZTQs1mzvz5PaI6uR0Wh57ippuEthxS4iK5v0n0=
+github.com/aws/aws-sdk-go-v2 v1.25.3/go.mod h1:35hUlJVYd+M++iLI3ALmVwMOyRYMmRqUXpTtRGW+K9I=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.1 h1:gTK2uhtAPtFcdRRJilZPx8uJLL2J85xK11nKtWL0wfU=
+github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.1/go.mod h1:sxpLb+nZk7tIfCWChfd+h4QwHNUR57d8hA1cleTkjJo=
 github.com/aws/aws-sdk-go-v2/config v1.27.7 h1:JSfb5nOQF01iOgxFI5OIKWwDiEXWTyTgg1Mm1mHi0A4=
+github.com/aws/aws-sdk-go-v2/config v1.27.7/go.mod h1:PH0/cNpoMO+B04qET699o5W92Ca79fVtbUnvMIZro4I=
 github.com/aws/aws-sdk-go-v2/credentials v1.17.7 h1:WJd+ubWKoBeRh7A5iNMnxEOs982SyVKOJD+K8HIezu4=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.7/go.mod h1:UQi7LMR0Vhvs+44w5ec8Q+VS+cd10cjwgHwiVkE0YGU=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.3 h1:p+y7FvkK2dxS+FEwRIDHDe//ZX+jDhP8HHE50ppj4iI=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.3/go.mod h1:/fYB+FZbDlwlAiynK9KDXlzZl3ANI9JkD0Uhz5FjNT4=
 github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.16.9 h1:vXY/Hq1XdxHBIYgBUmug/AbMyIe1AKulPYS2/VE1X70=
+github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.16.9/go.mod h1:GyJJTZoHVuENM4TeJEl5Ffs4W9m19u+4wKJcDi/GZ4A=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3 h1:ifbIbHZyGl1alsAhPIYsHOg5MuApgqOvVeI8wIugXfs=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3/go.mod h1:oQZXg3c6SNeY6OZrDY+xHcF4VGIEoNotX2B4PrDeoJI=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3 h1:Qvodo9gHG9F3E8SfYOspPeBt0bjSbsevK8WhRAUHcoY=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3/go.mod h1:vCKrdLXtybdf/uQd/YfVR2r5pcbNuEYKzMQpcxmeSJw=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.3 h1:mDnFOE2sVkyphMWtTH+stv0eW3k0OTx94K63xpxHty4=
+github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.3/go.mod h1:V8MuRVcCRt5h1S+Fwu8KbC7l/gBGo3yBAyUbJM2IJOk=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 h1:EyBZibRTVAs6ECHZOw5/wlylS9OcTzwyjeQMudmREjE=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1/go.mod h1:JKpmtYhhPs7D97NL/ltqz7yCkERFW5dOlHyVl66ZYF8=
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.5 h1:mbWNpfRUTT6bnacmvOTKXZjR/HycibdWzNpfbrbLDIs=
+github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.5/go.mod h1:FCOPWGjsshkkICJIn9hq9xr6dLKtyaWpuUojiN3W1/8=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.5 h1:K/NXvIftOlX+oGgWGIa3jDyYLDNsdVhsjHmsBH2GLAQ=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.5/go.mod h1:cl9HGLV66EnCmMNzq4sYOti+/xo8w34CsgzVtm2GgsY=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.3 h1:4t+QEX7BsXz98W8W1lNvMAG+NX8qHz2CjLBxQKku40g=
+github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.3/go.mod h1:oFcjjUq5Hm09N9rpxTdeMeLeQcxS7mIkBkL8qUKng+A=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.51.4 h1:lW5xUzOPGAMY7HPuNF4FdyBwRc3UJ/e8KsapbesVeNU=
+github.com/aws/aws-sdk-go-v2/service/s3 v1.51.4/go.mod h1:MGTaf3x/+z7ZGugCGvepnx2DS6+caCYYqKhzVoLNYPk=
 github.com/aws/aws-sdk-go-v2/service/sso v1.20.2 h1:XOPfar83RIRPEzfihnp+U6udOveKZJvPQ76SKWrLRHc=
+github.com/aws/aws-sdk-go-v2/service/sso v1.20.2/go.mod h1:Vv9Xyk1KMHXrR3vNQe8W5LMFdTjSeWk0gBZBzvf3Qa0=
 github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.2 h1:pi0Skl6mNl2w8qWZXcdOyg197Zsf4G97U7Sso9JXGZE=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.2/go.mod h1:JYzLoEVeLXk+L4tn1+rrkfhkxl6mLDEVaDSvGq9og90=
 github.com/aws/aws-sdk-go-v2/service/sts v1.28.4 h1:Ppup1nVNAOWbBOrcoOxaxPeEnSFB2RnnQdguhXpmeQk=
+github.com/aws/aws-sdk-go-v2/service/sts v1.28.4/go.mod h1:+K1rNPVyGxkRuv9NNiaZ4YhBFuyw2MMA9SlIJ1Zlpz8=
 github.com/aws/smithy-go v1.20.1 h1:4SZlSlMr36UEqC7XOyRVb27XMeZubNcBNN+9IgEPIQw=
+github.com/aws/smithy-go v1.20.1/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/beevik/ntp v1.3.0 h1:/w5VhpW5BGKS37vFm1p9oVk/t4HnnkKZAZIubHM6F7Q=
 github.com/beevik/ntp v1.3.0/go.mod h1:vD6h1um4kzXpqmLTuu0cCLcC+NfvC0IC+ltmEDA8E78=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
@@ -122,7 +145,9 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bradfitz/gomemcache v0.0.0-20170208213004-1952afaa557d/go.mod h1:PmM6Mmwb0LSuEubjR8N7PtNe1KxZLtOUHtbeikc5h60=
 github.com/bsm/ginkgo/v2 v2.12.0 h1:Ny8MWAHyOepLGlLKYmXG4IEkioBysk6GpaRTLC8zwWs=
+github.com/bsm/ginkgo/v2 v2.12.0/go.mod h1:SwYbGRRDovPVboqFv0tPTcG1sN61LM1Z4ARdbAV9g4c=
 github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
+github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g=
 github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=
@@ -137,6 +162,7 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk
 github.com/client9/reopen v1.0.0 h1:8tpLVR74DLpLObrn2KvsyxJY++2iORGR17WLUdSzUws=
 github.com/client9/reopen v1.0.0/go.mod h1:caXVCEr+lUtoN1FlsRiOWdfQtdRHIYfcb0ai8qKWtkQ=
 github.com/cloudflare/tableflip v1.2.3 h1:8I+B99QnnEWPHOY3fWipwVKxS70LGgUsslG7CSfmHMw=
+github.com/cloudflare/tableflip v1.2.3/go.mod h1:P4gRehmV6Z2bY5ao5ml9Pd8u6kuEnlB37pUFMmv7j2E=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
@@ -152,6 +178,7 @@ github.com/disintegration/imaging v1.6.2/go.mod h1:44/5580QXChDfwIclfc/PCwrr44am
 github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxKI=
 github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
 github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
+github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@@ -243,8 +270,11 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-replayers/grpcreplay v1.1.0 h1:S5+I3zYyZ+GQz68OfbURDdt/+cSMqCK1wrvNx7WBzTE=
+github.com/google/go-replayers/grpcreplay v1.1.0/go.mod h1:qzAvJ8/wi57zq7gWqaE6AwLM6miiXUQwP1S+I9icmhk=
 github.com/google/go-replayers/httpreplay v1.2.0 h1:VM1wEyyjaoU53BwrOnaf9VhAyQQEEioJvFYxYcLRKzk=
+github.com/google/go-replayers/httpreplay v1.2.0/go.mod h1:WahEFFZZ7a1P4VM1qEeHy+tME4bwyqPcwWbNlUI1Mcg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no=
@@ -253,6 +283,7 @@ github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIG
 github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
 github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw=
+github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
@@ -305,6 +336,7 @@ github.com/hashicorp/hcl v0.0.0-20170914154624-68e816d1c783/go.mod h1:oZtUIOe8dh
 github.com/hashicorp/yamux v0.1.2-0.20220728231024-8f49b6f63f18 h1:IVujPV6DRIu1fYF4zUHrfhkngJzmYjelXa+iSUiFZSI=
 github.com/hashicorp/yamux v0.1.2-0.20220728231024-8f49b6f63f18/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
+github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
 github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
@@ -328,6 +360,7 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxv
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
@@ -343,6 +376,7 @@ github.com/magiconair/properties v1.7.4-0.20170902060319-8d7837e64d3c/go.mod h1:
 github.com/mattn/go-colorable v0.0.10-0.20170816031813-ad5389df28cd/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-isatty v0.0.2/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4=
+github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY=
 github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
 github.com/mitchellh/mapstructure v0.0.0-20170523030023-d0303fe80992/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
@@ -353,8 +387,10 @@ github.com/oklog/ulid/v2 v2.0.2/go.mod h1:mtBL0Qe/0HAx6/a4Z30qxVIAL1eQDweXq5lxOE
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.10.3 h1:OoxbjfXVZyod1fmWYhI7SEyaD8B00ynP3T+D5GiyHOY=
+github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1 h1:K0jcRCwNQM3vFGh1ppMtDh/+7ApJrjldlX8fA0jDTLQ=
+github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
 github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
@@ -389,6 +425,7 @@ github.com/redis/go-redis/v9 v9.5.1/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
 github.com/ryszard/goskiplist v0.0.0-20150312221310-2dfbae5fcf46 h1:GHRpF1pTW19a8tTFrMLUcfWwyC0pnifVo2ClaLq+hP8=
 github.com/ryszard/goskiplist v0.0.0-20150312221310-2dfbae5fcf46/go.mod h1:uAQ5PCi+MFsC7HjREoAz1BU+Mq60+05gifQSsHSDG/8=
 github.com/sebest/xff v0.0.0-20210106013422-671bd2870b3a h1:iLcLb5Fwwz7g/DLK89F+uQBDeAhHhwdzB5fSlVdhGcM=
@@ -416,6 +453,7 @@ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -471,6 +509,7 @@ go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi
 go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI=
 go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco=
 go.opentelemetry.io/otel/sdk v1.22.0 h1:6coWHw9xw7EfClIC/+O31R8IY3/+EiRFHevmHafB2Gw=
+go.opentelemetry.io/otel/sdk v1.22.0/go.mod h1:iu7luyVGYovrRpe2fmj3CVKouQNdTOkxtLzPvPz1DOc=
 go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI=
 go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
@@ -479,6 +518,7 @@ go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
 go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/zap v1.18.1/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI=
 gocloud.dev v0.37.0 h1:XF1rN6R0qZI/9DYjN16Uy0durAmSlf58DHOcb28GPro=
@@ -505,6 +545,7 @@ golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
 golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA=
+golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08=
 golang.org/x/exp/typeparams v0.0.0-20221208152030-732eee02a75a h1:Jw5wfR+h9mnIYH+OtGT2im5wV1YGGDora5vTv/aa5bE=
 golang.org/x/exp/typeparams v0.0.0-20221208152030-732eee02a75a/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
@@ -935,6 +976,7 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
@@ -946,6 +988,7 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=