From ab630bb7953a1fcf84945e923a21e537e899a3ee Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Fri, 17 May 2024 10:28:49 +0200
Subject: [PATCH 1/5] Update ESO to 0.9.18

---
 golang-external-secrets/Chart.yaml            |   2 +-
 .../charts/external-secrets-0.9.16.tgz        | Bin 102068 -> 0 bytes
 .../charts/external-secrets-0.9.18.tgz        | Bin 0 -> 76336 bytes
 golang-external-secrets/values.yaml           |   6 +-
 ...rets-industrial-edge-factory.expected.yaml | 159 +++++++++++-------
 ...-secrets-industrial-edge-hub.expected.yaml | 159 +++++++++++-------
 ...ecrets-medical-diagnosis-hub.expected.yaml | 159 +++++++++++-------
 ...olang-external-secrets-naked.expected.yaml | 159 +++++++++++-------
 ...lang-external-secrets-normal.expected.yaml | 159 +++++++++++-------
 9 files changed, 514 insertions(+), 289 deletions(-)
 delete mode 100644 golang-external-secrets/charts/external-secrets-0.9.16.tgz
 create mode 100644 golang-external-secrets/charts/external-secrets-0.9.18.tgz

diff --git a/golang-external-secrets/Chart.yaml b/golang-external-secrets/Chart.yaml
index 961f3b294..4aef19aa0 100644
--- a/golang-external-secrets/Chart.yaml
+++ b/golang-external-secrets/Chart.yaml
@@ -6,6 +6,6 @@ name: golang-external-secrets
 version: 0.0.3
 dependencies:
   - name: external-secrets
-    version: "0.9.16"
+    version: "0.9.18"
     repository: "https://charts.external-secrets.io"
     #"https://external-secrets.github.io/kubernetes-external-secrets"
diff --git a/golang-external-secrets/charts/external-secrets-0.9.16.tgz b/golang-external-secrets/charts/external-secrets-0.9.16.tgz
deleted file mode 100644
index ca268d8459d75ca2b82392618d1bda98327bb264..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 102068
zcmV)UK(N0biwFP!000001ML0lb{j{QC<xbYJw*<DdP$y-07O}qYqX|LH%-bamM-QZ
zX=!Tp>SYChB#~w!6P=kLMZ5i2^8)i^-`+be8F`NY5+GEHSm$(EL}XlcMC|*;|D5?r
z#KK|fPZK{&$A9U+J%#qe_uu3H9{%wCQ~iHs`^(|;7l((>zkB}u;j_OyJ$!!n{QJLn
z-)~_pm9|PVmU!M@7QuAxhkj$fuHV1V=9ka^c+Qe+bk7!HZ*$-Qzj*$<@%(>ydPwL0
z^ci%6yYTez#nTs0|KdIEZ3QjuD?fj>3_kct8pP2{@Alavwp`}_d^-BSMu#sR&HQwl
z1j~&6_)6RtkKY$>!6J6;FZ?L;uHwXdvzoxqe&(l-=JCRR>CLljnZ6v4uY+v9nvACL
zVqCd$<v%<MrZ|=SG+}om{`o5P6Zk2E*~~^7FIW(bS(?(1X*>+$YxqAbx%NlP==#x(
ze}5Mzv-IVop?9N}KCCQg=*j=WUJ62w|M%a#!_ndYHF`RH`uGvfmBIgqUvWGi{vE#b
zZu~F|qQ#Wm#`phmjeo<XKk~eYA$<4`H;?$gDide-OZYRKN*GKTp1`A9Ik`BU4bQ&<
zvCLmALk3Xjj}qA9{}=F|4*&0>wVeO^pD$lsjIz(!rgL=R{}+cZO8EbW?_d1j@c%Aa
z`TV^(OTCHjN8Zd|hVi{W^U~FH>Zj?|Dh%(vAR@$-F4@%g{`kX_*Tox@M;fVq18?O0
z`RD)f=+SB90k-uMFN<N0YZz;l2GO-5Di{3A1Mfawd3Qk=dXWzcfZl+>z17lV9`ACI
z#fkq2=*@8m=jSKdU%dqI{3?OfJwbxxe`c^i|G=Bvd(a1PD9p#a$G2=1W{>sZz8yV!
z^bQ9IBKUAY*w%ypm(6`|7F=EV2@*L($f*}!>0hQEi)P+DzQdIQeYy&+S1=BIxOg;W
z5o{G`;|jXKhGA*mYa(VZ5qu-gZv7o-C4gvCWZuL1Yw!P8xbI7#Hlu90886uW{t@jz
zEx!L}PoIDP+`a!@v_JkB|DTUueO}@X#+#0h7Oyw{_muADqyKXZH}j7_hJX>SfV*jU
z=>u<=cf-de@Ai8farA+OE1&oL8CaMknEBrScv-TFrrwM1=s$zS#p>!R`0Nda15b?Q
z!?NH%AJH<8@%{SndgTlpCH?n`g~3$-hywT|+Q8`1N1u;P{WF{aH-ngM%7BaXQhabZ
zv&y#(V}vt!%<y)@U=d^-^<?uP^_~FwK#-igzrenTMAD@{1)Onu1sEsvSt?+M{3$Sj
zDTf~aTaa;V28aMAhjqdvw0N=FZU|%NB9wzG1yuQ?0<7rL_`3<<!&Hs)zi1OL|7L!&
z`5F~C_#mTm4lDkxTxa2rmWx{^z;$1FgMUkh|CSC)WARDN?^*qS^4oX9&nBmS@Ji^6
z5AaX{#v}kO06xJm@5HGn%15c;LlPvj=A6~9O$XiBK?hg?LVS@OI~VUxyU>U&gdl>K
znJ%?>A-q?}CVpsgv8j8$+wy7Z7mfe75We6f696r)e(?Vrc!OUD_UI&DEMOp7s>$K-
zj(n{^3KpYuKBnapB@d!$xSF+Wal{wV(lLdDnF2%cR!lU~-jUe-k&@5xH^6tJTx=Z$
z@mNWRId7qT@;`tp<E(t%)ls-mKO0W&`9Si<T=>atkl&X(;A7O?n-Vnn(#1}*_@8VM
z=G&;fU(Em?-uaVx9N%mm@M<D=0JU%#E_`@S)8Y$QAD}hc<>SBf2I9lPPPRAolWd3t
zDv86;Pqu&0$`iW#)(Ri{duIgTw)<BapvQX%1m{Am#+>Ao*FUUXKGz+#UQy0FHf$f*
zvy4Skzj*dKho<eQ6I*X#&2sFmt-b5s^s$H19GmSW=gP`LTPmI`n@-~uDlB4T&y4OG
zeR#ybd*38%6uXV4d=(|p?@2R6a!F?NZPTEUzGaPdmBSCje+-NUXy<DCf}eK(jo?_{
zy#bz$vkkh&vj?TgKsy3y^;sH$7C$>~`pOu>Wl~@`ygk4z#%mN!VeJcqA%Z(t04*0l
zJ`lJG6&3&?u5M-CRmg7RRbnEb(P%|5)1O9S3`vx8$?c^S-grL{)8aG$WP0yC5r4|q
zHLxa1n?U?i&b547o}mKG;$)l5)Ckyz*30dxwdjA#+*q#4uyhaT*8hH2(*HjH?(lo3
z|J_9sZyFUk4fsgl%O_EsRcHiueMhoGGV&uf3H{l(oX5<)3V_c^$G3-%Zh~m`(mPR?
z=n-(;Y{oM7QW?WrSt*TisAH$RTr>C5&M*a^a)uli;&}uSV+kWvlEwdc5$q6cM9=x4
zRnegc*!(>mMF3nfIHmkkmj5ANloB&)XA*b|wbJ+rD#wB;OF1uDzW~wan20hBl=!y+
zp4#7o6w&Bg)PlE<Q0>o0k{mQ&{(@!G`CARhwqULbaybxQ@EPTSiy5`cC8ujUjAcBl
zoC3DWNwl2CU-Qqj6XAad3!CrbmT9vYZ7&yDJ<oh2m95ANW-=?$;4^r)!myhUTmEGu
z*jCxXc2r`-SB|thu*%{E{&G?1cNyRKQQPY%adK*y;#NA24FI%Cg6tmu3LDXPUHD-m
z2+rd)d+%p=adOkPA+1~ft+4Qr*OOerP$2Xwk~Y1tY16h_x8Ab-!)Mj2Ux0zSmK}6R
zFvL%0!4$ap5=S|xQNj(x7j2K^TVb-OSq{FEvltNdecRD+c6X`z76)R<b*e*YNGDT!
zFhg%RoF=nj;{W%`U-?5|wBZ`F@NaEYfV!TFp2ewgJn<07EcQ1WA}{qm&BGBL|C=qn
zFOG)2`dgbCZS$oGz2uP1X35`PHXne}lL8s`BfuI-Rvm2avoM?g&IfBdOa{`TpQdL?
zJn=`^8~y>qwaj1oraC{u^~%#ZNVsCDU@dEWc!rhL<CP>}{Y}D9g0T8P<Hm1A7joL^
z_)y}9VFha>ECTuZf8F@^2j2g>#qFSNya6;YNy3ic`4s^o7=SA|KxMxGF`NN@z_Y6B
zC6*|J;-;^wACz%k?H}<7(;{9S=9vC0PFmT*&ihDHByko`<M5?-d3;v-P58$0VYJ_h
z7p=HHbQgZ@mxux1NjnSMad&ADmd#&!W9)nXd*Qbr3bKHOCw|E8;ReUi3|Q`GPYZpP
zei9HN=f8e$K?dpiyozp%OY)=J{%Bs;5~M#}=?1Gm_q&p2H6DTDLmaLa{yXHNO6$4R
zetG$*enF-KTddo7&DwJLQVWuh@d{Hzj;`xeqj=^kdz7Xj6TPp)c*4SBFEzIQ*NxcD
zu0^t|D|}z~%?ngLa%NrpWvdIzV)(y8RBT+E-bszD{c+1HT*hI1eSfh;qy;~uaD@VX
zxf|Ep^oh3mhAtcLrTGml0eKR$AF?!+#xVY2<)=18-!jfutOB;s|AH_&3({mokwBBx
z?AkX}1b6uVAAbM*SxNu<;@NlKIsNZ0nz8=3SwnH6F2#@hQV31(`YPikiLklS_^dif
zzuM#BayHpJ4YJg<b)d(Z16Tyn(Jc!?gf3s6{+CuHX*5~^gRikX_W75Hl@?g|oAnZF
zMl39H*XrmmhKyL?|760ZYXt^(;Q#NwJ1pD(zIzHJ!QuZMv`z6pT?%Ux;jo18X%x1~
z=D?x-PTcY6=C9npQPKdRB{~QGxp&Lq7La$c3b}+g^kAc}lX$fh6AZlp`~^pjaPz6y
z>41JLN!8GI3fqns^6%uP5s>)6Ke+XiN!}T7;XwX3Dqqw;?hxatf321PJzxEEDSxb8
z>ueFExX{GE4v^i~PN!+jw=4{16ly1KfeeacyIgtG>Hse<V-#BI)=`*SU)0@NQ{DOv
z^YACL*+#^r+z~jZah%M8$mIOVaj|n<B@ooFWjGvefGK{2Kfo>gA`k{F_uRk2F(vF<
zb_>0#Xt9sIrK`zrz}g7Z)jgh_Ep-D1TW+{$gZ*+CtvziP{GT{kdls-u{{P`wIsW&%
z?|*Re|4!Pb{GT-S$jh;@?61(cc<4O~`ngSM7s9@kdsrEitbeaCo=!&4jMKBK^e*QP
zmOrsY5Z>#~1jWA<MD(`L+LQ&Q?*eHh$^YFpO+eNV0f2n_&uZpX_RL|YL9l!bx<#;R
zv&=A;P{s|Sy1lY&!7M5u`qMT%-%#6NkN<@izXciS!vD_>%lQBMLnr_5rfrJ<>w_!S
z*94T&zvT1msDKSux?f6PIaIrETmj}}9WHuzwiAXLoNO^&k7UU)?+@PE@P9JvCkdQ=
z{<j~V{_w)(f7?atI)64z7^VNp(A#;vyrAv$|Jirn{ZPvP_Usv67f1hh&`JzBg&>FF
z@%c$wjpL~*tu>_^sj1I}D)2<9sSAX=mQoZ+54wd`C`>a+siS8~$|x{3<Zl{BB42`%
zQw^Au);?@DJB@xL_Pi#3gvkCvbfpMy>^hvX;Z+hZs&U>j9nW}ON8}P9H17QxUN455
zPgX%V<Ey#VGQA!?A3as9Rq@fMBls4bmg1z|X;w;?*Ia4Y(OYm_`~qNtuIo4na&Nd{
zX?9KZcXWJyL_b`rA5gdbrsl`D@OLh;g{y>xl`YY4=^Vti_iWKIImXPcLY9;VL8)#U
zqd={WZuZENd6AUPn}hWBkcG=RI}{V8fJ_!DILY&1nCR&2^uu=-r5`-6kbd`nhT1P)
zY11Bnc$Gw$T<qv~%s_Z79d^BQZoIko@@>hM%~|G&G=-GN3Da0DSLqzKJ;s0niXF!A
zf^<~)@O_-Y#wPd5pG>AX<I8~OhwFo>uM$6<dwhxX+9~xJhh$;ICo>=5K*7o)@nV3_
zJjm|9Elz!jIoZUT=?rGxEWV3)x;9J!sRDsR|JDyh-17)8>WKOmhdYg6uv84?!O%P!
zde*Qb4syPs(W6I&p)PzMmV&uNYBC?wsUS%mPr`V@lM`d-@zK%A@aLmdHXki!+HlJR
z){|sG*~wNz%Z0zUUlzJBaK}Vg3g2T&026l>lYP?t<B|IS2!JFU9-M(lhlxnli^)VV
zstk@I8w`Z+Y8B2rj%_m-V;Wya!S8DHRGt&@8E|hRkyDzy+z$|MSH@njdl(4k^;VHK
z;w?wbmHsM|XW<|u*}^0)EA$c_6NU^XD@0f08D5rg8e9)qGMxt*%ti;c42HCsh>$y+
z(KpKGRhpP9*x;q1)k*(>Fqq|GA!5VZ$i#qrv-z3epAd}auP!e0w5N1#{D|_dH4u`g
zg^&e6VOCcB5(yKHD$S%kt6LZ#y-in>MUdgO_-}xEh6h<4_?YN7p%XIc&8l7C!5sry
z43ClU?fUE}h3gOx#Q5~e(WJ!>IIs&p=~0rV$6Z9`7chc)qawGgpsYO21IM2=2pyY0
zx*o}|(0+*9=gBbPO5M$Ym-UjIBp}|e9z*Ka=WjQ{V&BBKs5bELO2amxG;Fxg>R;Qx
z!6vd-oeEk}->C%ucg1fI0;!;y;wMl2R)!(bFzQ<cn%Ro6Nz!&&!3&LxKE2}kC6{5%
zDiKknaQ`Ejw$%5Q@r>tEMpDVO$n^I(@_7noBKR${H$I4RmzpOan@}H}!5GtE3A~ue
z@m!QX($7aGCCh&V-jble!gNcA#raoZpKoei4_t4@x<?G>yP8)n_?Hx^@U(SU9TF7g
zMoFg`k&?gh2)iaQn1X_)A#%`ubFmd5atSw&Z%2M!P7t)@CmL#us0I-f+dAemT|c%P
zzY$Y3ZlU8)Wy76f_?_4utUsa5>G%(R2#Q=kPQ6b^Sw8XX!`ibPc^8<ZSSAHa6;H-H
zBH5n!M#~ZWxj#Fg4CJs1Ap1ckh9F`dBz0uE+6)jv-bnJX1@UDmc~l8ruwZ-&i4P1*
zLXT!E%jO1wEnSaX(ieMd*_?NJ9r0&;#s7|M7+eD6u%_IOJLD43sPu1n>}4jWz6pvE
zRhP!+>>0|PR6{n7D)=Q>6WbhXLpY4%FplRij>9+`bd$HY`LKpLzql^fj5$`qnAr(6
zA4?zUT(kUb+hR@8THGVYd{G{lglt~;p(e{@>sX}o6lyA|_Phf~6p%l>3j#?Qs(mof
zY&8R-REeIiHrv;JBnDQ%;R?P_FySY7t}Iv(k*iP3S*J-Tx6}HZo^;cgcjt%U@FqfC
zY;MJ&8A&5?dVX=_!9QLfpH(kp=hS#KoFFOisk$0$iJIeF^bMr}pt%K^zc8TM);NYG
z32Wbs37P63QTkihfK(Z8&X`2mUf6vjO`DP>Lx^@05p3Lgv>CbT=+gSLAKeB?9AS>a
zOYB$ky#VY>?`$;*gXwV?uj({PCfDLsakdf)ld1z4UtgEfQ>Q|aiP)xg_-PzPut~~*
z8_jA_J*R%&j|H1nK04{tXq#dkM@J`W{`!l7FZU`A!}ty-$=8ZShE%}nfycrWi=6o$
zaLR33*XwwQY2@IIWSaI>{fSX04La%QI{xPE;rGvK7pEQBf%nVBYt-4&XW~!C^B`j4
zzhC>wf<;Zo>qo0a{Z$@zTny|{nYy80zMh5-?Tc)Eno=EJf5*EoFO`Xl@i+>Y8tsL0
z=-TgyE?&j)1a1VcRX3tjoF>J5R7RWN_UJWtAPO82btglpWE6Bu!vS9~+J(nxB$hvt
z<g6K9>tBON0tQ^tZ7{2`uOgNuV=>Le*)%LjNCx8?!>w%G6pfm0Suk)3=K!O(S%nYq
zuZhnI2(Du`Wyvgmm1WbeIx&7s4Xi^x%ge?6Q2Q5x>;OS#|5?LAQekT*;LrRF)~(r{
z@s|<&pBwby1q32*;TX{>qKx^NAUd|aWSJkaCgpFDYvCPF@|uV`Cg;EM;*Nlhb(5lZ
zE~q2ztYQnmwbK&oE<?-Gn`!Ql#;o~s!_#dbnl*n$J{e}j(o~X;qh6lUOzMAIO==Qq
zp~8QKArRFR_YLk$<oA>RoexD(yZ-e(2#A`ikZ>E4v*jP1`)IfOP;g`6(72WED_kqb
zZ5Y~e`9bO6wGY^-rd2FDXxI2lX;p6WuSCi=;e_y&XL)aKUH+efjV>l#>@)xSAv%Co
z^1nZS`oj5t?xJa~l22-!K)=oZTFuy5EZbX?_}w{-ekBg0wOGQ)S#&KA(b7Eh_d+;)
z@n+KRxu<AtpNhk1{gyaAt??U`u3)*dXzc)xl+UPG#iOdjDBKWw2`ogG2l^ai=Eou>
z{w<B8Goo<ZsnIWN=7Rhj^L)DJ{?(|YNZ{wj>u8r5m=g0;olS7*mqE>t(%n;LgSH!;
z7#@6f90ciq{`-^v7~yw+``h3gv#$=m{V&n0W@h-keLCrjI{_TCsVi>nH9}#66m;B;
zQc6(umkGTwbr#mSd#dK#J)OJfzmmIWEwU)Mc#{6ePf6-U1V<XA+Rw@mY_mBP>B75)
zeN~o=T1yE8<x?Pr@+9`+jsu({tW&pj*}`f|tCYHEq_Eqt)`z!ZxlYT&uBTl&UpU+M
z4K}4#J5u|ZDx-;R6p^1cb6OTasIo0aTfpb0Xlro=n_tVO2U1zd2|f<}`AP#rjBzR1
zo$qu1n>VV+r*tj3@$XX-Ht^>&t_)3R;)Z!UOqGRY72&bbBE2WX?%~2l|2O>me}7xQ
z>SmjmnLRx57jfoy_zKvX7SH9NB?AthOx$?dj{r}{c-(7VeD*}JP-C&d`|)V>EzWS|
zXVZDRjnLd>EEhj7qzbR&3(X#P!vDkI0}ZOb2uEa54w7k0@Z=ggM{G6*72D8wjbtQ>
zf@wVK_CK?**Ux~l#AvfMp!*)!=M6zCXWs^3kAO=u>i8qDWG|jubp7T0tx<0y09l-s
zk@I8$;BWkUDUKm7BPSo>5-G9Q0mhEZFjm#T`^0>$l64Z9lD2uPM5ZMqhJ<=ZNMP6L
zm@_h*zh6pZEy(-<pu{u{FjaEA<oYMHNB@Ka9MB?0@@W#<G+LJV<un=&JJN#sJQ#_s
zEpL*1x*~*zNza6-8c=dYiY#*3?FlLs;f^i8JwW|px>{m3sn(Di>pk7ps|MEIl0^5l
zJKEMZ%-mt{PQX)c?PKWY$zQ^oE~H||a$Lwk3mg|BAHX}De-JE~P_ptEoi5IUR5l3x
z5f6M03gZ&@mWTHk0H^ajxN4zie(XXH>M?YONy%IfHxNBP61ZX9@qjvYj6^ss2Pc1O
z<VS$Ua<m#lhjt!p!9HseoOjsT*_>fhsSi3~ht1xT`?WT{#@4cYVvpyGR{EhPCx&7>
zLB$bj+GkwA()S@9>;iOpKo1>GMoB98&;K&=(#A_G9W{~tzD0LiwBp<zc7JaZVbP{5
zt#69-wr8yvm-07s4XTGS5@NmQo-}H8620aJCr`|12CMLbdUd4b(n&j6a?updKxZsX
z@8V>3P|imI<lE$aSZ~KP%%f#Hx+-HAXJAU;unp<Fj5>C>hw2M82)5$BDcy)4TPa*u
zw>2s1$8oe?*ilNzHJY0aO@eH8=wQu@Zx~kN6<&qDPo<uJqW=|cShd*Yw}w;c4EZPR
z`%ioH!roWHsEXit=y%ocb1~{@vcO@k0c-80nAQ%Jvw=T&bC3c)!=KREz(fby@=#91
zILJT9_;&vG8FFgs8FO|{6F^K9qFx~v0){){NGQarpr8Xin2&2*6SQh1*SQ`bk01i_
z<=4B7cWPhFFcM|yoOZ;p+94q+!-=7Dc))JQoGV_kAQ2G8qz`Ggh#;M5Ux`6yvCsKG
zA@$|L!ANnVh}dfWjQ?<&P^Ss?oF>$1LY*eG(wrvLX+kS)=bF%~P7!H6t^~(begzYT
zf5oJZ@FG2uw8>2pco%e8BL7Dtw&W)q)$t^bC#nC!@gxt!lbGoX3J}MaoYo)+p`7bm
z69fncaLpPzjp{o4*J4;`=qRqq4$?<n5@XaQ!?3v+y$ciW=1C|Tfylk^x<PJ}3jq*)
z_d4wy>egCF&2iR~CDZNqr5VCId6xuP$HQ5V`ih~YztS7he_Un2y<Gd5bR}No?!Tg+
z<Z(J?c_%du=VF@t63Mj8GR7BemLPLby!&z)1~MaI$nO0_Dqg%NS3#0eFlflqtX(B)
zl()kMIhdn{b(F;A6CuM_4f|teDY@k47lc2YAxd-7utteJSJ`q!NzRzq)#%(`hHUB|
zK__)cCR5pAS7|dg>)TFyxrM0=AGxW~alBXtSeM3dDof3`Ea}zPPWWhue9_p!cd_o7
ztg#&%{Wz(Z&Gqy{u{UFMZA9OobHbt&#CRiSYLgd<_~>2+Tc}w@=u4!b#h%|LT?<)f
zN+QJxw@YsIjmk;ay4%J!F|YO+$o(p~7a(lN^2zpT#I*{aID}Kpu&a$HbzE}pJ$Yhs
zIsLvHOWvd_N!6BJfOOxLRN6+B9lm22ZdRW1;uexM7olNr8f?~_)4bT=o^t0DxG2+j
zF%i|RIf<4A5Lg)TjObe=CyD7HcZ{xSk~CXr*P1?JlC!iHP`RH%d2K;K9nzgx^Rndi
zAj^jE4AZElLp;Sd+d9<#`BAOoBGom4b3v+U&IQT2AUPMLuD;F%Nj2w!^gu31Jvar4
zj1MxYL$hy?AZ3S5#!AyWeqNkVny=Y{5}xAu1`A9PdPPrKdVzE6EwX?fyT(*}O24IF
zg=LqL>jMje8J__|&-ti>C><PlgH<~4p1>;_{D1#%I`|g;u%JKF|5@PwnGYJreaF+E
zr#@-Ae)p4DbBcmjEUG65u)%0rvOFI)Miq8m)?y|QBfqY#V^b3x+J!l7@a5LA<T|*~
z2+efi!M?Dc!D37@pSR$*PCV4Ed6UScadLV-00!Y~;{ALVwLJ2fANqRlb4;Mvl>gfF
zsuf?rCD;Aw!9dkG>#lfp-YzLsrO>U%5$R8I<)WW>?KvW3GkJC;Ft%Pjf$rNOZCM$q
zFuej^vI<e~j$~Ccfh)6u&dneMN`I%1Y2A-o`ghxOhn<_JJ_$%}?a9@L-aGV7?da2C
zxHZBkrJHYZz^#vi_cTA@lfwLsCrr!S^o04sH$7rnao5q99A76KjSetaELIt&nlq*g
zr}7I0?chq9fK~brrLI=vcP?}i$D!YHv8{+#$F(8arsLAKqAeV&ipqek!(QeUZcr0w
zu=U~<!`VmD&vB%$sl*QTLxat<_@z9&Lia9#$GizJ%UJs;%TttzoG+!t_EGGjEu)HT
z>p22!qvDhwT?3E|HFyd^-qvSW*L&It_pkJ2lv3d<V+voZbX4pHS54UyB&FP<I`%*N
z(-p_K-9yPG<RKI?D3qtslpQbxq&rO1%y&x5K-}7?>nx0~4MmHX`7Udul8n1OZP;uy
zGxB4#@#aindTYr%B(aW6I;OCXN-Rc5H&qx&U>=2<`YgR>kZY{aeNDF{YbBSJVZ1#z
z*}kveT&JaBj;=);*6^{@*z$Ds@0g*tpsf|&c-3omUuQ+U85Stio3(e1`cRzmk>wgS
zO#7kRK3Q$1Ub@9LTyHY`5MA$%qS;#CuL)f{kA!@wT@eL!i!;Ps#gDp6WaZ7=4v>#;
z0Wn)x4f%64?ro&+$7Tu65SEcNYvSw1Hik-SRBn|why5J(Yx&S&zv@R0`&FAIIBk4%
z^O&o)d;)s2c_l;hVJY+{7etJ|c}skM|A^k2dGEfsSwoe;HP*Q0(uS(4&;`YP#!20>
zO_Vm5l-Zs_jPoec$-N4JMA252>PSnbi*oYfpuz7~Ptb*4i|@;;PpNFT&uU%&x+vm;
zWz+eqJQTsmL|p!er>@5`8>s&zhzMwqR}<kGUXoBaO6Pwe`})!QlV-<7n*_+M%C)1G
zm5Jp0@)y#UDKAs*UvK~&fKD9n3X+j<*A|^yrcHb*exO3|@$;ry2C|v)F`ZmX0X8>z
zCIAix`~z*2`%a6kbEowBeE)hge996^efknB$mc~5_}M&8IkfRk&V!}!G4`|EqqR%1
z#N9vS1pIcMMwkvD!~c2pIlx*7c!VdhpTb}1FTFsDFR)KI3BMS;+7U<K2nfBx1UyJl
z)LFq4dY?w<1;Mx6h0t~P8=PRVN~s`36h}i~bhG=~83Y{RA37M<o=i+c<{bVDFKB}5
z)0sD0(T15Uh8Ijb<{{NDhV68v^EQ%CjOnrop*2e>)y~ci)loEd>cMS{XvEvymQ*l(
z9@^SC;ul`;e;|IR8}=tppELrZfn}XSzwny~F42Z*nQDns;IYBSKCgNS&(Y@zHF4H5
zH9hd|=5fl2g)&YK;9rA-R{M<pzy_z$;6P>UFFYDW*2tA)K)(&vA<UbwV4nARc%%Gb
zh5)6ZxKLTVsCl3jmaX=pltP~i3`tKc8ZSbjI4=a!&*$|pYQYX>7q!B$a5jtn_TMW%
zxu*oWIf+xHibh&Inz~`)zSosp;;q8f<u?Fi7mj4hE23}kYGFJh9W}j~2rJjt&(bhJ
z6szxRKkVj+OgY(y<Yf&=h7E~-AdYrDp4MDDXP}MSCTD9wvdy?#dk=sua=6>!aV=nG
z!spsUYzMsVj=A04@w*lrudz<v+C8UB!DObc>{jI(aKBcu6>aM_;DPN8_J)3*rq5@G
zyzoxB;obAYCSLAc9qhQ`_B*I}=5Aj3cpf8+^DmG^rnvl)k0kQCJVu&D_Zd&Lh=jJH
zl*FQvskd5sQyd!lS#ro7x4doNT8Y}ujpHd(uuo%^4(>9Cbx5OW5MqRmthvc)B>Xb>
zr#Cw6(5s2d9Ce#+*;zA=8`jjzD|KqFP)Rj&%VQeUsHE=-ZnyCy#ag0$mZ{7O{?;8<
z%MCG*2mpn!>lUMg0V=Hrp4AZThLO$zx(MIUs}w~p{){uMgN@qW*ct^WUsXPlOnbBA
zbgF!lMUIqSN>5%fc*wK&=IHS!`apl;OoSe4e<D1{ht4yd0B!4BtErx#cJFEzxW-lD
z7bS+P(!ycDWf<QRtwrP&WF%0qv?=LK_ajqd8_L^x>3Z$-`5$x$-eE3`EV(BNV*^dz
zj3U}_+lH$?r_Q+KyZL>chkyCtwX&(Sxoy7x_DME)<rFQ;%Y|FKmb1FA>R!wp1-3Ol
zYj4g}^2Hr74-K%Y`7@`3FX4)=B-k-~0g{`--&PZ)mCM&Eh>G{epO60dV~FuMBkm<L
znkF;&KPt8B$d51}W#;|)=OaDqEFUVB*-^cZ{sh>p8~W=V|8F^4{?WOA8~Ar3tUz0h
z=338-e;<<*thQX(YfyaP<eTFC@dxlt({MHOy+I{y$<-<hvD?5K!SaW9+7k0IIOf2C
zM(4meVv+D1LHv*R-z%)wN}HFBl3;pcQF5N(2dpOc(f;!<u64KaiH)UaS~|vSIG*xH
zDSo8{M)zzHTFvnk+KcDU@qZ70`2MN>zfYh3@cr}ep1=6Z;qw=VPoF`zr||b@-~I6X
z@GsueE$z9`R+tXe^Zo*&)f_HgW52H7ztAR75Ap#|B>q895*CKX=O^j6`CmC!B2KI(
zHXa|GmiP$M4B^#^cxua=zlsb-k0_?!JEjaw=K?97pm0I#|06x_q!P1%YbCL>uq3UU
zL=xCBi~kAt6wuE9coEEr%+7P|XMrQ+KLrT7FtGex;IYvZu+KY+F-(m5u-WW1`i*4c
zqw2D;=Wrpq0=NR|I-Ig0rm<*3kbnL;UKa(I0Fg_)!)repp%P-U3c?v*jifr>?bFfW
z^U>2sk^oduL~Z`6N2w_9ex1at<x8)wi=YSmxY6C|I!-jUGZ%n$jzC<g%AKSi(T4M;
zp~GAFjXEuXX=Y*VPB@L7#|dY$^Oa0f@f)xgn5wkyYv_<pV`Lk|<d0O50x{CCp!o|h
z+sSbpt`<eo{2Q>HXGHSyKvNl|j~Whmu8U=bFdw~sRbgLddfvgpz?>Z!<&yY+{`-^v
z7~xlc``h3glj;q={jU+{mn&0Ul!eb4=4+<8uxZQ@AE1=mECpP<(1OnZhSAa4>4)zw
zN<Y*~N5#w+nkWQkgW{3AMP3+BdB#7~*5Hw$q@hZKh&+Ql=R)FN0iznBZXGz%C8p2@
zY4wxLR`p3lv*{94libvtAg)Vei!cxop}Iy!+$mJa5PY~C&CLOP^CGF~6<PR*g{_Ku
z7s$;fsnm7}=8Cjl*HQ4h8eK&_6Pu8EbZZfsqAo_Aae2Y+VIZ8>TSeN4P3Ee1cyvK@
z6~FZ6S+-1Hj>p$QCh5pDUMw&%&;6KCRxnwi4Qo8}Z~btb2G>KDOy?jPOfxv`F@SqW
zn~8Xq^Tq5N#g5mq{xvc~T`HQc!+Ik!GqQpODnApEgxfoRb#bW$uH(7!Bhv0}^JyVu
z0Z@Lzzf=j20IyT_L$1ptmL3I>1*$Gln)K7G-U@n51eM~0mxwNERNbc$^ji4gF{{h5
zx#hFNGfIbeAjYTH6wTVKEfu7y@whb%gId_aYlMy{s^{v_mh7J$N>M?M*L6)UmA2tp
z?Igkfes%G)uHk-yYW$m*aBSCTa~X;MJq}r#BH^pgeT0hh(m(-sL}qYaq_X2?f;<zd
z)|E7V$aP%>A<|74N-qNeBgvXVwz@r;;HwjEzo-a!6n0la5g|Vxc|XfUJF0HfLZ$Gk
z8QUNm>LQ4`x^$`A*o}W5!r>TsX&;Hs`4&?S+f=6SO7EkoDu}Q`b|(Mm0|riX<x4a1
z=#XoE{qblS{Br)**!e{*<@HCTe%>!hSg!vq*UnRZP&P7y8sJ72RJO|I{PlJuq%5u(
zzS7}M`D}D|02~%E+LZif=!wXE_ToCDtcSRgzMU+z3|1}sKwbS3kcT947hHXGG@W7s
zzs^ZAO5RF$RF$ejd|{QJ1e;Zo0LmMCdSVj#Q-B(-PHnsdpCJ&Rc{~$?4+E2=s#Z}v
zKvz*$*JOTaU3k9MA=57{XBTA-b-A_SYdGgSqtG?09i%2Ntakl|Nm74aatTZ3IpUUV
zVe{v1GKIWs`c?J*@$r%}r5Me0ReaqzcJX<mYY-EVO||4H*bB3Yb7wrGxjxY&`6Nv!
zBFv3uK$0bMf*0%I;x7}}7m_`rSxTmGnIZ}yvW*f27D2e{RwuX={))obh{c2NC5|a!
zm&d912^mKr-3byyd-pD4dL78?pdCYsT)ZP^6O5N6&JGU=781isFrX`w+=jINY^~&p
zO_XWHb)qc|*TlysK(cc}tkzby&|!jX*@wmT$u)1KROB_A^-ixNPQtFF0wI$RQ>crE
zq#=U)RQ$KR66P_}Wn*K$JU;K1Aa518n-);(ZZJO0h~$^Bc?I?Bz6VTWol0cD40^)v
zvplJe=?`jqq%s#MvOP#~bUfQ1<*A=K4=j*HB(Nfl84=1EaLf~|uevQDwcKo}1Y6Al
z)WsQRPgwV{ABl-d3D`ct0zScuWx+zFuPVcp&eC|IhQk3sq5|p855wV26yHUfRfJ}y
z>IbLi7f0w>{QCIJ`xqxTVa#UUDcU@OTH(3AW#nx^?!*$j>Ok3Y=|?jzER*U_s?NKc
zW&Vyel0MjGRp^o06*xsl^}ZUaXIt~hFb{?WF*RSoPzkmMT{UU4qqp%|jm10LyLm26
zGCTrC=F=_&IdRDd{@Wmd29Ba>G|Uw<*mk05xKu3mkr)Es6;azV{WnMl>ZCK%tvKnd
zhb=fdwdc|qM@yFmDSWW4b3#YC8C^szO1scwjB6x}OVxo(H`PoQImN<x`m;aqKEbe`
zxDi%9Q;q|i?#f|DhaDYuTn9Uzv4m}{II%;KqB#`V)EtVm-G@Vw`8W@q;N7U(l>NAh
zW)=l*I!^fP)w?nJ7QJ{52w@tdCiD2no6sDp4#q9!#6ZD6cRJw)Z}QAW9E?T8xl>T5
zUS8DKIVw56c=-PV>1gx!%geJ1M50+djYCq=lM3D!SxfHW$}GGj#`}~nq5aZej8$bv
zINIgg3)G850QaE1zWi03ELir^o7}e+Ju<pVQ+C$kjU`(J>nMjSsb0^Ii`VuxKd_c*
zx0Q@W(jb**04WJ<M?PA$I|QNF&;idqKu1TKrvb;dgXY-Xycxf06H?Gh0)%TSc}}A*
zbXMI^Z&_lDk$&xpWjv|xofW_xG^bfzV~r*mZ>!k`a2){99Blkfrz@-knyRBeK&#H+
zSk|K$^i@X3po$vrsHW}*T&DS3I@RSZ0qy#NTB(dlHOsQ!Vp~_;SFoX9=c)jqP1vNd
z>`u|mkoUFo>=fS|hw*CGi(_Yphhg1{rGF&X&@;_`jL07Tn=F^CK68f6;;<!2YFEYR
zNH+mc72z~faN|%sKfgHY(;g59v#G>UM@eVVF>F?B9FBj9=IEb-(5HBxzGq0{(BH<&
zQ=S0G)Va}OY#aMo>3j^oC_voc8v#Ruo*Gmh)<~y4XodQ`d5l%PQYk75Wd_fPqi~kl
zBgbZMSbO8&pPm@GZP#uJ3G`7ukh8Ek1xazOPC?=nB&F_FI%GgAA|$LI93?KD!&44V
z71rwTl*3b{?pty#D{@>mpOp~d4pq#Fe+^fv-3hB!-ae-fH5{XKlpXSPzO;^<WCnVP
zRf|Y5RC`-n4RL1}UHb9DPW=G=1?mwgQFg9_=*p&!x(Pj+8w1%<8%_anKHgfE+*e!$
zm7d_^MVD1TD)<4$UOKzsF4jDPUz3V>kn24lEFgThK@vxpudhRd^Ye)NSv*ZgFvW;1
z*za*Pn#PMU%r=D046iX050AJ<;0~`>Z~$X@j&M#x=sB8ai|`w6e8vQPLv3+AsAYb;
z>#W{ppp}8^#4lE@^L?+P<>sL)70Z5u`?w33FljDeLaxFEOgQ#)@7d3X514rPcm*I=
z7MfCIt&B)6Z<82<6*RRaW>(Q-1>mo$b_8c|D6>MG2>T-^DVShaBehOBt2d|ga7vH0
zx8SJGUMoE$-Y;oY*Tqp~%<J%!!&8N|Iy~j@RH^&Uy==Lf&|CouEa|qDpWKzicuD7R
z==0bG`mdw&_gZ2&{*KCuMlPbWG+nhy7)EQYNs8aPTp|A|1tVXp)M1FktCQS+my+4(
zN$y%E>h}GUet)R|Nk?Z2bMY~quF9rd-+Iz%^V`_cLBMHkrS|Wu#J{;UQ*2}3Hy`Yj
z+xU%##J<0@iMz``h>IV=^Og}n&`sP{%u78DmMo<2Iz4<%nH8Rs_Ow$YP!<0O&hm4K
zq2(i5^3{fZ6Tj7`NNdPwtwSaEjKS)Wxw4{-rcBlL87k{#8#7YtT#tQZp!#5*tV@O(
zFijj)@Jp~JwmH^@a2Us79M54KhjBLQhA5&d)rNq@%L*rE$_bh{J5Vf=6iA3wEcrGF
zAOmW+CB9bRy>{60`r@j_ZpW=0V#HH%iv#b8*#5Ver(G1YE}~puNuOkX#E=g>P#obw
z0pZtYuGc2!!q7}we+P0l@pokwMv*bNj&hUkGM;%)Qs4I&n+@R~!$9<Go6<~5Gd^wX
zUfMuMZ)xr}=x+2f<fhvh`NFL{z48`tu0%2`P)1?C3g`oLg`rX`S}g<2Wt>x<o@9A5
z2M?Q9c2OQ!OZ!~o!q7SvB{wVS38+eDUFy&BQTHLW89S0#8%MY8IP!oFBRxBc7&?ep
z6Si)Lkd32<dvgHUatyJ-h21xPXj5Kjw;{YnJd&jC=9vTd2PZ|nofP8uue=}*6>ZO}
zAoZd6G6Ep6P`@Oh@s_wQahGLJOmww!8|&&~uh>oFgDh3uzVY?bWI_c?1P&`K1ykfq
z$2`lzk_AcAOEIBvbw#4|W`KFkg?S@U-U5je2>KuK9a|ds_GncMZEV$6BCds%?6$tX
z-UbUWbzmFfxwi9gHd168O*VO`c%#>Sq}S7B+9<3PUMa9e7w@c$C9mW7I`l;zg0qli
z=w<)Vu>l)8{{s|y;INI|5AD3yoo|cbS9_-j<y&#SEj?_(`L_Hk__lc7T}iXiC#n=+
zek)1?_s+$L@wbrDM2!tR7=q9&!MtTY78eC&&|DOhi-K}dP@bcOrS|YqP&TpsB}!=i
zg+XE}&7UtPCjGDnM%|VsB(iYp6;YMnqTwZxdN{nOA}8i%+P7}0Jjg;eF%!#!>@Azv
z$>sc$4=f4TB=pmVk-<yOi+qX0g-{FBxGyrfa4B!~Ve2xMlI^45C^wuv@05SrB6PdF
z?M~`;QukNRY4k63n;QO1a`|kXMCWoBt0mXulOzfD#zwuBg*^}Rzn83&CDMgmM&60I
zXn28SQWsA8DVNI*Y<w*_hC0tLn3x$3PJgsB8({wj%3Zt`UxLSrYnHnZUHjlpwrM9=
z2F^&((Hy%{X^vfS?1~!aOJP^izStF^&9L$95sE-j5(dHiDw-|h0FD>`M$Vpj?f9uY
z91+E-%;Zx0E78b)vj#V-iJwG%){M&wFnXi9TQLf(@F9N`UkJ}oSh|TmW5GUaUN_!h
zTh|~m?P?sy37xEbE9Wfb*^0QE{xN({$%^<tkyl_cDH3rZ=<gl32P@lJ_~g9Xij{Fi
z{6uryRa0}^mF+$pca@K`#WY9?4LjtB%^^p#tvKY^!xkKJ+-u}$kwR3rY+G^1B>trW
zF_wLUYNG$F^=a!Ty>`A{b<O#DIbSd5>*YDRQfd$H>t)<EGx0_#Tnj2z%cJk;<4Q~n
zGVwhUqKVHEKUvRf#)&1K6HA;}vcVP{`S@25OAJ%OF5=98Z*u4=JCXPgQ>(~1O`(@)
zuSs-Df$W<Zvbgx-C&uQQl3R{uh2aBvN3$9H*h^XJDf@91&Dt~FRu*`C#6RLhW5QDZ
z#q%K$tQgtu<0CS~AjJX#+%YT<YklcW?mN30-`gpZHIl71^|(;C%Kr>+HDcjV+=EdN
zk8hujo{tX4NRP+g)OI*z;d0InN5@BU36FbZKGw;(Cy60mB%Yf9NE$3mVh@##n9^^-
z3jpGG;KfmRFOvG8C2+ve{-CSay==SBbH}lXbfoiGR^8klWxBg8;Bj2(S>YH0w72%Y
z-mD|bTjNq`O#tW|oH1v-SAZ*7s;<WY3ig9z!d~y#a$vH9?mT3&Nsms$&T1L`g3%^!
z#YmDGnmj6FBHZBticOKr+yP?LO*#3OJrk*XYn`w+fWWpLM&g7`n+atBI6qTYD@PIW
zNv|op`^p@*zR#(?tM;34dgb|xWp;m%`yc1o6@}C0$oqN8v%7@Q563U1o6EoGd{iu&
zjR9T3un8q6k+N92S}wytt0#b%4v?P=^;U@n$ybCvSF`Taownq`C2M(M1ud51g-hbq
zH74~3dY=Wig(M<<W&*wf!21cpz+N%`Q~s^=Jky4g#Qo^(6k&Xe`W)b8oLa)EC7fEq
zsU^%^Nd)p(M}9ivpNhx<K@Spmpoo+%g6jxjPrpXq*{gR#pgnLgkq&q1YjwEG;jU8m
z-qR##oRdNC94Gc>y~DJo(@tDeO_VxSxK#|{{d|0SBH|>8!_Jc$^p=ko$F*AOFJd7q
z60!4qmF1ua;SRCmEVm}nBcyBK0Pg68u-R0BKaCelmShXRT`aIcDaZMc^1|>+0NPx1
zDDA*6q}V-MrSnd`lF?!L(KNZIjdb{|+HCoiKB(L@-8)5!Wd|bA!Z@rz^B|B=@^E)u
z33Esk6_HBJ=bFeGMhg`Rp?{TmlaNI>Tw6eT3|RaMqp*Xpy`aGiOU^BV$QP<)U9&KP
z<-lRYLK`7D7*W+aPpc0!jI=wg6IC<|ZHH!3w_z~o=zyrqw5r3YVAo9hOQ)_)FOg+U
zNKp?`yb%7epdcJan2``yp}|#Xa1|OlySfSuu0q3JRcIg_Z;XaNNQ$8Nq{nH2t5Qro
zryUIm)^?Elq_Y<7ZHwKm6LM%M0PbTp^OtcW^opJz)d~n@bC!r5J`-bmCpdU#{P5ny
zJX@~YbnV!-k|_m-B;vwCBXwa#q$Qj?&bRIIxjEfsaji~wxlhDfw*A*#?rVY+eBtP`
zXiQ2@#0OH_fN3G<3T!G!&g0aaX{kxr)<CN$aohHJlNMhZS@8v-*3t#{zb^06%JJ23
zdp5o}e`o1D_(HO@;63=D>Y?_N(hVfd^VrfS*hFyW!`AJB?|?&}G<D0Rr}}yee>!JT
zkS@AoTog<a`Z}6Pww=y<=27H~=B!qtV0}8qELr>E%cdOi0PMJGTQ1I!n4Q6Lgd|ge
zaL(j;6E?lUs&w!~7ASeQ=8?`Dz?IJM0JR`5y@A+EyC#x1D++{zwin`)Z5<dPK=i78
zGs!4+L5nnNsh?%0{L5-t@n6${ADOt!@n%^!W8GYerVuQ~uHA6Y2o<bGT1fzJhLx&{
zkQMK=ql9kW>LUHjp~mF`9{Sd#y+`Z;vQ<o2is~J5;XyO9ShyrBzEMh8i~|5(3P)BP
z08YwsQkIjloRqZ<4-w=@47za|YtYfm>%d|=);atPt{BhjS7kXb-(JvfB2X>$CikQe
z#p}j%Pw8=N2f7C`PZP*2;@qmsKyttEvw7SF=>5tlc%0`-q~Jdd1Qm*$v-8ydgF%Q1
zZ|i^wo1=?nTXA%;hb=g|xYu-X2eM8f=%y;`sG}0{jz(B?T9U=KIMJ`ynXFA=usPIe
zwiSmud)R_QoqLTsjl2GK*E_fVkGooCo#Q%<Ls#nEe|)?Ysh<=k?4IP~<@o2*ljE)P
z<9Ud6(Vc0l38Z9<tXDH<$!D$<wXJ)*q5YpLz2L$kV)G5t=rM5|G=S8`f1=sX`7oa_
zc<PJJwWvUxd+7<ngZfSBut!?H9C`>Df3b`c26U_ndE?0o&Ww$&jw*@R44=)XiqGmN
zQ#|7pN<c9WUl}RFg%{>0vc!EtGKlC>sZUME-@l}b{^w<o5Jmtp8Ar3-U8j6zFAIom
zK`s`TV0^QTCvAEA7B|ayy54T!;Zv+0vBI<!hTqF1LqU|icy4uP;0yn{H5MjsYn3F&
zR#%E8N5h0xGzlWpI60;fm=d-(g^ewW#b%9WE4#FK8`yT1+7{a$q_@S^vnROTEHN&v
z#vbeDpP6G`Y&J3uw%w+^&39!93~RZkvNy{|v#;_Gw!UN_8q5AP>{8-lGfs<}ugFkK
zWuKtewp_XOlB^w9Kn~oJEK_n?L1Aw@{wlDAt@x^J(^G|8U=SuG4L6%#l)Srr6U=^j
zqiCYAQq>|KO?W0XSKH=FhTgQb?K%kO1>#h;PG!3<EX)3@Y<u<sF`l`*h^B0|cS2K7
znCOG6%zoz#9HHla!SaY_m8T}o-_*?-n+<X%zU9o8>B>RB8{Vt_K<Zhr5_@Gd-5}r4
z7sZJkm8vF`l{Ng<oJ$TZO;-zl1Ygl#CIRa9n9)RUnshxfbTRcQWuizS8i&C&FjJE4
zDbprAf-6vEEucV7&De#w9OEd{A#g8Z)C4h3g7f0XA|-ab$~fz2R(0bO;hIk}<XF66
znjwySNw(A!JX;C=GJ#FaOqovn2*CumJ@k`;ve@yHj-Pb=q~j-Tyr<SMXKaY>cWL@)
zQ1k1U{-Cypph}#3L~^6!*`CNw{k*&YxuO;#QMDNb;v-5WNWqSXh|y<TArY?lp(}n^
z{=^kOwBC;+dHFbBTJb|0&5Tk681yxW6gFOEIAhDc^*3)}Oe4+BN+h8f%WOpOOOP1k
zO{6Wt6?%JebhdR*K5Ls8!gM!^nY#V=WEI0r^sbEAN56b^_av8qKsB0-@)JvctZuVU
z&0!f$;~e>&6z`;X$I@6z@shZ13)QL&a^#9Y$c+#p{jC-&mQdkdc_eHhmRcS_U#uEQ
zs~4sew1_$ipSJU6@Wk*pQnu5SecHR$sl#G;ANP#Z^hjoQUsJOe(z2t9nugb7A4y3c
zWW+jwb3a9zO^OHG91|8$(#i-=c#&aAMs8Uc%#eiWc6dDj!N~hr)~#)wCdjoyFaYM&
z3smN}%geJ1L}pn$jYE;<f5{R!oQ#+M2*j-bL7{b$WeB1Lji-h~fg=KV%JKxH#r1iq
z+VmbS&;q3TxR7?D{R*+920Azz=C;r#YZ=6_0JG5rGb_AY!8xj|tdza-qZbJmjSjzM
zN>k!wK$sr3xUy9)^NrH4_fSxI%Zb-7=RFirHeRDi@#LKqPBtr=Y+Nweyjb#XGrt=Y
zM>Zl;fLHEVGCKvz0?!lhY=0$*eyR@bWquf@0#Ct#i`fAvY&K+9$R^w+LFUWgy|mz7
z)~=_8A&?4jgB{+iG*~PFo4_e2_tK6?x~?#emx6pvSp=WJO~4ekfCmZXqpd7xj~pO0
zz)K6kD1O8yp+6It7qMLXEuClCGJQE7-`(AfC_)q-0iMz*h{v;dnvP|XMH1)6iN6em
zX!i{Z!}#u30XNvyueSmFbxwQlyb6;z1}HV_)QoVA%?)_3Ax&N_Kus~q`OTCI$ihSG
z%4Zp+cooOR@5-wvqw;M?@X$$}z|hVB@DKgyHb~+K%U{uDLd$TRWcd7H7VjPO35KHb
z*GOn~qx7%?&Ah|>xNL%+PEo!Myi5};xP*R5q=N1|XkYDXoDZ}quhFHCw_-a{pDtXp
zNLx;$%R}Wbe)B=;)Zzax;~+BeZ5(i2_h3Zi;Px2~Bm4*a=o)KF(OZh6yyC=Qj6&&v
zFCkrBT?L<8r$DCZ%Fm{AeEu?x@l_Hp@+udqOcmx!C|ioVIAvr~g*t%3k(C=9E^y;g
zN{AHy2@=>x#E7ljnazQo7e)n8r}Wx_G!BWIsi5N22aK2n)3ht1nNxBE^(+8k4^9t;
z6Vjij;V{@YsZ{`CJ_BMeaJ|8c)2eif*XQ2?>{pD$2To(A_sUXJeUO`BW$m$Q(`}4)
zIn^*e-^W5W6OS?%Wjr>UC0Kh=$_lzTAgxw%le_|+|Cs@e^heWp@$#?Fo<1Fn9&dVU
z#iMQCj<5sXKI`dHe-M~Lz(k>?T706Bez+WdfSM<7aC<oLI>gq&?K8kua;}*ccTc~x
zd}~sf?)I>&LmRYqleeDVrG^fj{N|lMnaA;sQDXX!ysuSidgf%EV|QhN+GSI*ZQHh!
zidC`Aif!ArZQHhO+qRQV-TU_F?$IC4`2pv{8GAo#&AGJRW3zQT<?yOla+w&6`x8j}
zu8Ff!lPf+DIIXKFUEn8UeG=wzJTu$!llGn0h$=ZQW9M;yzDzW4XWpKCDPUSc9RG$;
zLI0L(LGnI^T6N&tu(66TB8k7N8sD-azb<4A#GEc|$7jZAWRaSEur|d`1=c`Cy@PuZ
zGX>dEs)!5OzwoN+nC*oSsi8|c6}U+($rH*1P#*=6T%F<ou#)f`Op@>fbelQ!I@TvP
z46jm-h2NAXbk11FjV7a)M%ZO}+2I7BXg(LmYAH#7CrDWxfr6iO^c*P+x63Kg?f<J+
z+;|g5O#+Xk{7&_0*hm?h*}v)vkNFN)b^O(642#3#4y)egmFf<2)n{xIIjHdhRpqSp
zG~1g`C-a-i1&b>o^{oSAP$VS@xYka<6b`+QJN0%fqp;=Rlg-FbS=?k&pqI@BrHC53
zx%zM~Ls=3`b+S#O${p0<ok`4@E&ioGw(LCnVNl~MFtIP(`*c+1oqVhXS{ni>>K5Tn
zDI%)hg{A*ua18u_CwHW4nEu2htUHR`MkF@7)8p%-eR$i-ZT`Ys4A2RZ5aCy8IuaqC
ziB8yR@VIpA1?G9J5sB_|kHtQ<E#k-3^w!I>d0XX_rzN^RC?=$$bHtgZ;(7CqrebEe
znfrU5mZEcx3axDLC3&)K%i~S4xZW0bar4M6Z6^XQP?1}PJ4)h~hVz;4{D>q}$Ql2_
z2C;LB{vI)!{?1Kv|2C|*xuu}J*D!P?U%ccYNcD+kxD90TK3eX(VjPU?+6;b5IPlbS
z7>Hh_Wh+!A&C0PouM`q;!yD)}%d3pTGE)vrcHTSOOk+_gr`2yLq4a3G72*Y!sGupO
za!7Wwg&Z_;Rc+a8KSgAj5Q*uQbY%prS++y8Stl{oZ2t+qMzDpv`YTcs0?GRE0AY&A
z=(6ymWPIyicEo}UVa(-HZP|B#AcN;gs}T*z)Ry*fjOck^Ih8>sY@JT9Gl9NA`jL@*
zY-#wBF$$Si<-7f9eD{)HbK{6cB?3xNxYRrO^h(~Ee~1(3d}w^GKW~qTx==PJLQ{x2
zqWTvFx}W+t+KwVoy@q1mF>=paJG$vl1e%eMuy%2N0^Ze8sp>Kf^b|Uagzon5k7u%P
zhQ8{rr{-U8UR!Yg^4)H)#8TR^VI_AEvtt8ER){_TJPV_h{WrWxFzaop!?;_u)90sC
zm*Mq(h>W0zF3Dnh@7_BDAZBEo%uKJBtGow6h*Dg8T%rE>ll!qu|5kS{j*RzgCTKU<
z*6-j6pFlR5dpTbC#le8^JY~g@*kxpnF>k_2{3Xb}2wQ@5Q=~V;@g2cV|G#K_!So|M
zcqonVyoqA8;JjgKD(T1V0}T$bF1|`hVeJux+MLlU+|`>js25TnrXD!4X5rCQd%s5t
zQV=FdP2zSR05V&s42bHpUk>c+!x|7y<I|99#^zrN@4&lY>t-i)6dZuFhQbFaA?w~5
zjF4bRsn`P@{_psgf4K;KfF9Ha&Xfs3YkOAzDN=y6F{K=IeG6C)q~8f=Dc$F|Sx=u|
zPgU8Na2`6NyRBtGo@2ii;<@1CiZvTm02M%3`HY`^$-Y+R#Cw!4RmBm6xedHd5$>WC
z)<Y_ER}5B@FswXwg5QKUNCgYGzCpyf=Klo1WC)(G!0E5eg?ubWTRGOdECQl)801Tq
zR2CXY&T#9-E*BNB7<nLqX3}@E$p|^8Gu=ivC>+<ntIwL9GV)V()iV!Ouhb&wb1MQN
z5mVlNFM4E5?Xy2VuHd~80U%p~Z&CT~6(Whx6nK!)c;ZwPoaJjjUHpw)Y@-#@p7={z
zE!HowF7LHSkp7a3U13YjM1oAe_fspI4$+<~!dj~7x+}&W)Wa3+IByu?Mk(2mrnn0q
zMnCl?z}wD$CevEO%b$pT;v76`9MfgLg%WNLHPkH4Q3E6FWF4d?Py#7oT5Ywz8z9>g
ze*tuKWEVrCp>DFI!l1xVqdej23w8&9f>Q%Q6lv8urx0sYGwmTJZY~5+AXCzXk&Di_
zv+vd5flCsYpCBTfgbi+nD{)epztQl*#BsUahyFfZJO(hO!+jOMD85m7lf1S$klaE=
zem!}RC8PzBZ>b(SEud7W@ne4g-TL+A@82iIM&3ECz%U6Y%Th-shYj;N$k<+;Daw!W
zl?&wBPci6#%--w0E9EpIOPf-O7*!ezYW(F$&yr@jOSXJs4Q{e{0IOQit3_p-EdB$h
zb1UA|K)a3RpNra?x1r@3StCq3wnC_K$!hR#U%i@|9~qkUCcQj-@tX-XKgnEmgt2f7
z(HMTR=|Ri|oo3jG-#*$L&;ygehuqErQQ)gX*eAOJCS=Bj{$A^a5uxt^_+rUPIK)9Z
zn|86mgkg`Y<dzVQ2{px;vG#vVh0ZTGS~$I@m-*xcK7koDn%EO2k{D@SVObT5fVO(}
zITykfL2EkKtE^;sXqdy#1eEEginW6`RuD3=irew-ZhKLy=D7og8DcZBX&I8_Li~2e
zu45L4QtMPf-m0AAM-KLn6F|LD6_q;^2~$&7VWi$u>VoWpHhNY;+X~o?Gl-?rqIY(T
zvE<1x3Wxd~j3E~7j>r(Cx-9&P2F_%uj%8A>o6X{JvIsIw>sL}Pi6%J?U>jh=E)wM-
znpd9)m;EM|Kzi02EEDnawm-}G@<Ud%`e$g4okt%GKT9Io6-LFlAG;a?H7_YxfjG$d
zNMjXq@oN;uqKPh+%J@HXcTwFLu#{pS^14G<D4sl(^rO|*Jw!rvmfo+)RW|b;3bG1o
zjh==!M);H~VA1s&kL))O?DXe6=T)$I|6$0v{^b0^c~uXV>Tc-!PCy(KF*EO9wwZDk
z8N`30>V4@~Ay=4QN1-scrtNH%wC;LB)pWb(k+HrCOStS1Q}exBkhwfdU}04$o>-)?
zcO2sueU!KyFH;}|(LlNvqW$w^<W7%zZE=0%$^b5MlO=r4oE)*!4TDIrfEvIkH=(;8
znzt)oyCSL&o;78Wc_XndY+yf^8b7tP<(IGEPMc}l;9wf_4!zDv*3j7_Y~cw?r*FS9
zYe5Ce^;82AjMI&N;S$85j}ta<BwMhmj2(8N2L&s9#S(VG1|xR;Iy8Ku@vzq_zIMBD
z8i3WoCdTchXy;)n^ZN=husV6B@Ucg|Xw#|ersIT*T1P{n7E&yhz1K_0??^k|O5=KG
zd<@>oXaDDoff%7UhX2Zt>sGj69a@Gn?r-%P0A+IeNBQ(0s|1`vA-c7;v#C&+PfisO
zbca6DL|NI@Ft5mt>P)KAm!RXdv;O!6%1**;Elxwbcz}86B{8iA&2i6}Fk*46UbXI#
zwuvZ2E9|i2pX}cg6Ms*aHL>KH+>|DQI9+Q3GeYKY+#6D0o7lDe5n3GkZC%xMOpsNo
zlY(ZbiD4yiYWOA`Z~&$Yfu8xK^!K4&rQe#ra>;c1@UGOMv&tHhw!PFYb-ifR<W}7C
zP&XeB!_<??Dl+0pz6ZYXoIPgho_eOpkg1`>W@W+>WwN~tyM!iZa4~ikWyRtyMR2ji
zX7j<g@<EFQFBL%_&RGM}H)fS$`?5-9ho>~28M_FDFxSDUhv_<PALVmX6XxC&ea7Q{
zVCLJeH>idCDB+7W8MoQrB@bZ7_yVaaFPxNK!;w|<97HgAQWybzuA;}+3N!;srI#ak
zT!S7)#Nz?axRUdWfN~Qki{8WDrBY_}^5b*R*!7iTxs6=98mE?=HCI7OOgr)psa6Fj
zpjU;-Q&#L7uG$=b;tpa*o_!8{)mmWU*!z&7aP+IQkA3?gw}?{o2T(7b+56&_4N@$@
z(=oJ%_tyopz+mYPZrni7bg8d-Glt>aqK;MxKZ4xBH}<zD&Vn$Kx7y7sTl^;Z<3VI%
z_=eWNLw``j$^CH3D>NA1FWR!fg4Pn$R!FqPJ=Ld9<5fJ~vcp|}2_H>0ljK;OM)F0D
zP=-7qg-882ES?;oud=#w@p(qbuh5!RyEs3KY!S0e0S#+uxdUWjbL(EY%uZ!w@eZ9i
zq3ZDbv6SV1zdNM4qs!QCsl2lRw=gc!L0m0wTphWsbMBv(U#RyktlN-qZi}N$dD{%&
zgX8SKH`8HMA}ST=oZKF)Ca5eTyv08cSW5f-R;$;9y7wNs`?iA1azH3Xu<x8k)(NbG
zJMi$Mgp-u(YTrCNWDhyHdm0mL`4FA5Qo&qeu%FlPt$?wt>gv^(nqXo#D(79q4JnAQ
z(i&1((k9p+ShX^1Xdor?ZaL{7vnl!$rJ%}{Id6|IP#5P*>WUcUEy_sl<cp*@<l#_p
z*}F@<_kz8SybmzQr$0?S&dHo^X+d311yV6}-NiU=Fegp^(uAsJfible%WJeCzZfuw
zUyE$<?JFH~E1>d_LIJ5X-Ez;N*FYhW477~kcooRW<Rdv{OZ24?#-`NKUx)}6tC+mr
z|E<lKhO^NC+t{OTO)incO=IMTIv;kH=}h%C>xKpfnyMe~8(FU38IP4h(Eycb<>2My
z`b^x0>~gU(rrzqx-O?jBGlB6o>yQ;ubw=!${CgQ;CU5Vh5sIu%Lu#YRpZ(WGaAfHn
zXiJ@)LxNF}cZDlxao{H{wg+{|vH|43>2v>rE?CUMgVTDt8sFgfbMLBH?XjPDl`(iW
z=54Cd2CL&htyX^XzSlZCXkGqL{(Qc}7Erk8$80-ZQ6Qe-CE;F4?#Vt1Btg;MmgU%K
zly|jKlgshDf6Dmoh)qd1eljM--ZynIIXtPd4_Hf6TdWxCK>2`O8x*K9!a$dv6-^*=
zKn4mnH7xLfJ+G8twg7u7rn;&z8Rh5wPJUYG^+*HHY6z=4v%x_-%A=u=rx($ma1oTj
z9g07#7x9g(d`9LT-b()i`t@9^%|6uy+U_;4(7%TfhNn#n)LVz-YqBzR9skMmzIVzI
zzWY|Teo+S{Vly$mXVAPE`jFZ8ycYF=S=G-*oZ_3pj%zwO0;jM(@}cpRh%zo&ljm{(
zT#1Vj$Nxjq42n2V{cf^nJhYY-N<KCfEyR(n^fz8xQBI(;b2PFK59N1-16z?q_a)Uw
zMY3hZiN>+pMZRA(++h|-LS&*Fw&%Z4ACz+`$Ye+WcK<(scR#!Kk*Ecbm#7zQ^S&xp
zunBgaZOGqBs}RDrI!-9njta5RBKb1$5mcjG%9L&i1a-g>A51IpBUET*E(=#rTP3LG
zePvjNWu^Ze^s6E&B3IJhIpJgS#frW1hvtKUOx1OXm9a9Y*i*K;;Tt1)tMt;82tZcl
zbJH7POm~o#Ub{z32HiyG764f)q@C(S%3!r8v(C)6SBS1C8k7&NVCWpzFA_r+C3uz<
zr+<{SgvmoEDyrx<QCW80Y}XrM3w20Qq$yW%hPjVRMY>?*t9hD|RUN!CG`9mxjv42M
z3$CM`b8vFXott>eiy2hy(MMd{)OlQ%q!>0+gRc@lz;UA%scNn~(@*MI<+cV5R+1W~
z<dQ^H8&K0hsB%sY#nWd+pizemoyio8VwulKh%Vo<S;KXEFSUtXn!t7F&}!$$2JxbK
zb7p}dAbo$PRaj~*_Z$qSXpvv2smY6edvxO9OtKn06cFQ@8Y@Cg?>|tgsHniBxfv+h
zF8@kJVK^>S4#lLBJDS)yTEY$=kx4)H`e`drt*Ifcuh1grEVdXb5`B7ao^J)AF0uD5
zaGIH|BNW1+i?7)Om+BpquvD+$P_)@1u51ws;_;$fbcLd)hoQAk2AdH(rIhf8Ek}CW
z$TQE2XN7%B3~{>HW!+4Po%%FcA2a&VLD2l`Dnzv!*(S4G{-JLE=_;uI)vJs=Xs-D*
zI59DaCy5IILV{S)16`ezkDLjkTT`}ZGqX4c;UP+x6ij15ch~d45n7kXgz$T$@iEKC
z=lv=K-z0(rsUXX<ep3iA{SKsC>TSbRShv)(pCzE>G`yr~If?0vf~_4@Qt{t=lY39A
zvn}my81gFg((hlh$s;Sv+(9@C0QsiYk_gNT-)^AV^*|w8rl5ccXn?NJY)O0NUPk>O
zm)nF?B~y&<&C~#nt#I)3CJFL&^}p3ssDedJbJ$JlTVmivz)K-Ln=jj$MxQ|vHFB}Y
zE<6|8E{<w0j0Wys)6~QMY%+sRqp+i1SRB)cj_wKv1R82fGSck<Q$70oyS4o}<GDtj
zUrr-J#);+fCu!IIN!qi1lJ@50pQK#~R_qDe40$qF<R@ug_?NVsZI~~Zq&9TUvs1cB
zXfNbc^G|+;EQqW|J^N~8510DtP&7Gi1u({Z;1qKZ1fKHoY9}QY5lX^~nh=jpdo%>3
zby>&w8llI-KS{**G>o%D7Zt23`RRVsrVLR!T44QRR_Tt%0^m7FnE$}4s;q){RjY?Z
zK<EpWI=u0YB&A&;62l_Ip9J{}?D?qM8JIn3Fbu`6-E#{Vg;q1>+-!Q}>F%+1kTUo<
zX|0UJ7wQ2WO5+YgAcxfSq{@kyva9IpX9|Fk{uyd_m3gnn>ndtoT*dAqZa?_zfKt;I
zKos^V3!B@+7C_i&t^RaWxplZtBmmnwU=DXDC3JxIw=-p7rP4b~a@6A2d#r0@+n?3w
za+9U3q-k(^1yV`O=fm{RaC!o$@@%%iU=+Fzin&Fq-H@LLP_mP>uY;EpjnCpIFwrQ1
zIpHwqXrea3pZp$4y&w>AV~0qoM>{us$yE$>K_Wi8(~S+76Pajt7Ii)NzS$Q**_Dy}
z&!(OO7}{bqWQ}mJ*MoGxI2To@8YjM+Bk0zMcj~qSU4-o`Q?$|GNB9BZ+OdA~UaN;%
z&u5D-lP8dvBOp+9lL31NJLL5v^)zxg{~Gq32)4Zd2_@+q)(I4+n&<~=)0o`c(+>GP
z(0;DsDI~jVlD;lpm4l7XvUSeYc8>YtrXJslVI8A?l-ZeA&tm*Mt5Yuq8wq&16J5@x
zOGU+!vrN`2!G_b{gV4D<T$va8o9<>lI)%i$7|k{;K1yN+WT;$z4wtZ-?fzCg+F_e+
z<8sp^{l{*XRM^1c@tBXg;d!MvW)%!(0#MS{l&~-M4}YZ7F_ghrRph_<il?%6qPx5!
zi*8d>tw~Dv=1a^K`l~`tg$1JMa5rFq@a@o$wElkMIX91nvh-43YLM%`bj0uJ!TwV_
zVKNNabc5tZK9(jXiSurS@=&sXYhEcpOc+!2-%2n`XwibYUcrwzOUunWHC_F0my>#*
zVEu300LzRYtZ>UA3VejtNNy|!bTEuwQCP#He{)+eW^Etow&N5T^+G0v4Fkipk$GXT
zFM-O?+|%Sf9jZin5+-h<pA33y62PaP__aK_FMf?!R<?oEpTrS&JfKNRscomLKYUbT
z+htmcV?1up#l~=p-xOdo=6g%lQh#<AekWPAIU<qxBq(yVJCytl+M}tcWDH3juTits
zV$VR@TBdXZv9A2E0wbUnIW6?I5~r)Iem=QyNcPBvAtQ~7ytrRC9F=ZxRSyeE!#JX)
z&zArFXF!yUMNWI#kH+6xqD#Y0<dh7wxs6GmYa4j+W_)K*S~*px2fV)TsVYQR_F=j;
zj6;Rtn6e2jgSF|?8Ks^f;yk1nugm+`cRr&A6KS9DeuqbnfD`aiLQi1nl3=ER#Fv><
zOs;CgA(l_hxhFLRBt{ad{)JWmjXG?zOMU}JkY+*&{%s4XE8x$)(pQp`V(p-0ys#H5
z^U0}bGY-#{n&_iyhSd-Mw<+jRldMVw8r|3TTR>6-Lf;s1C$#5KjoO!}=bN}8W7Jn+
z*NWbFwsGzdp=w7Px_(C@hs=wJmAhgQvE<7Ja^LyaY=I2=Hi3S`%Aexcdo%DF`gYPy
zXP;^JeVG-*c?D2j@Yp~WR`~5pP#g=BjLU&A6&oKBzXh2YIW(yh_*^kS@mT_gFzStz
za*ZTvv9yx{i0@Er?e$&{rN{Pxkn5E>{3%mbs20hmRFrh<L49P}p?xIp)R%*Pq6WJY
zD-i5Osn5(fzZf#9q70YNVC{kCE<5Embt9X4au(!g+afJVUc6Pe>`9Smm|e4huMI$j
zZ8@i9MDEW;_4CTGGziGv=O$LjP$c*kzv;gwLJm#JBPDR}Gb6I9`K{7N7mAW*px^Sj
zIw#a;#ih=+cSoCn&cF}9#l9=!zN#v$2`f6#XQo!6X%Zq0g}S^}Ff10-wlf|l)wa8E
z&(qZw!;Ey}t)XQ@lPsXWk($bCCPuhsk<+s0RwoH@#2Nk47G<#1nK+vrc(jTl5f${v
zs-vfAx76gymu)?8^g|gZ?z~a!pa<Dr2Ml43z-p-~vN=$4YO4Q&@SY$b>_yHcYf}o9
zfSNPlu?x2=G;j&O<H9RhyjPpBUAd`9_;3BUZKuiLwhR?=yN%UV;yA>+KgL#{A~?Q5
zls+_}QWwk;aNOqO5Pt+XcSxzp-<BWfE(3+fi@!OPq?H$Nq|?Es_EaMw<wRaa_eacd
zcZn*m%tC{Ej9qCKlu*ohUEVb&&_bUy32aq^wKjhIl?*RHk98Ajo40FVSD*yMtm8dJ
zvn8SVO_l~rax{tKiQhtdy8D{^+et8+hs-hEa!`EpryyvH`3))GT#A<_z6qaC(Rfy7
z&VgpS{Vh=(oO8S|&&7*_mreehzu<0%`UZW^n81_j>TPHE^m)rnzTko54Wt1=$ZRNh
zwZX7(emoYCTRZH23MIkj<kK#_w|MtZfZ~mo`s>y=M*JF1h?nCR0%o)n%s2|TbsSaB
zo8`y)hA?gK`M8TM8{I>7$$%E3<}{O>9~$o1f%acY0&Q{Mw#zQ85f9~Fk;^(Q_+Pwm
zb=kT|4Se>pSxMas2OheRvC_I76xx8lmO3iNsD0X9&dK_A4LE-QLB9y77pHVbQd{Wd
z##DmsfYwRpJ~Iq0uMfY)OQM7kmq-(Qszfzv2G5m36V~}Nu5sfIfApL`9+Q5dsiT(<
zqFnx1PsdA5bpH9n`-3dwS|L@I#mzrQD{tECno4u{R3{dr#K7i|Y-~q>VnBRO%-6@5
zVGwy)=wEveCz;Nv_(+WX#$i>Xo}Agh7Pk_}lGj=q9S7r$N%jY;$xWNjcVdfX`NwqB
zcb2&2r%*a%6Le8!5!_Yw7<{^MU4;lM5gdb-m_?(@6KaL)Y4OoilcU4ZyvqCB4IUPn
z35+RkO-dBE@f!+KbLM*?6x^g@_k>b_IgG984~6n-27~k4*0e7}&%eF_ZB<EVjy?f1
zwr0rC_K?h%Pv?$#7)EghCXN`ai!YRQ4x5@1XBX+)PqN^LvcUJQ=Ekk0UT}F^FS-z#
z{y?Z_pE^|S!P}^|<Cch8Y!^M?lnqw=K~i*tW^#)`o3F_Q`Kdj21L=f}71TH&37!B^
zN#(?&Fs9Tmqz`~&NaWZ<Z`<Qge#Xc7763{S{|T~*-+RhY*I4G~xNZVu)U^CFo00H?
zcqLf0!;z63?_1PnB?<Jya_HNS{5xlH{5xl1KVx#Juc$iw{7YV`R$nSWQ1X-LUHR8!
zX$_2x&yvpR)2P>kgNK7fRjmjZ1_~<<s#o_?r{xvfeBkDjYpQywtlO$~MP{z!OZ1`t
zGA4~$4P+{`ljd$z$hs}i9BC6>;Jj6<I|Qzcnnj&tSo`zyX?nMbaN?a3WLgv1q`y}`
z>Sp6`_%)h*$0zmpam*a3jm7X(^<lxeOu1}>cQFago<&ZtYvDuwx|#$TZvgqY3hi}4
z;-4(uxHJYB9sMGjVUja_5Pn<+X<B<?JX}K<U%}RTePQNdJ$W{y%=*awsONE7f8ia}
zj9Dv-I*$c%`|@;p@_J$u@!<0D$1+$DmG=0;CPBsXQUbK)Qqd?5-Kw3Os%g_0<UE)E
zTpen=48V@#x=@#@sS??8@bB@Nxoii@`V?e~J`>em*knr#)wPBC1j>5<s3GW});$QO
z?01wZqD7eWaTjpDRorCvMJnf!#(Dpu!TOhrEpw<EqadgGfyb@=*7h2b%y&~ZcaeAW
zd=$KZEe-LhRu!opJ&tL6(F_4Pq$ETtqukFUC42qIB36u*@-P1;&f@HN*;7h}c5*ln
zsOlTh?BfR`J+U=mr6+KPo1t))HZLxUiTod&Y|z!^NqxPc2J}Eq!;IvR=IeYd+NPQt
z5YYrLohD|)md1!piG5OW2XIL7ZT^K5((8G28pIck?13&zF4=*JQ4G%gWVcvAJYOpu
z><CC}Og*`-$>>s=ZOgrPghWyyA;fYvCuo0a03LCCl%VzsHGRq+C}AZ0(k7yx0e0Af
zg?)&bB1C_f^UW09T;Z|O_6@$Ut@E+pCG_*psus_BNKf>g5x_AS8ocR->QvRJ5SAyE
zTO{ODMYmBbx!*z+$PwfAisnhrL6u!M(nby6xn8=+9&Pgb5>kk8C5>wvP3J(<GFpXa
z$Gx-dTuUmVDQR59XC=tF;Nu|>sh=ueXIt0fK6}_romNa&A(*ReCnMonoQ=J!QmiZX
zlp(c%m6VKl({%JNFA{HjRHw4Aiaum^n-O8%`jj^V%Yq~yH`)+f){Ln7T`sJy`rT_F
zxKPV)%NJz|vvb)^E46jr^Qt}Vw#3CY4DRnDezkPdLRkUP46x0F^^U^vpJLOyy1R!y
zwZHSG#2S>(OOJw=IQq?k6DP8jl61|2F~kQrdcw1x4oq3D)%-`^<^gQdW7B1=GgCT5
zI_tX{G6&X~*`R)y%n7m6l!g<Dj4BscYFD|_hRc6jt=VYCims<gHz7s6ae-hNX4@cn
zU=LCbtn_s9(a%UKop3C7vdTs#)+uDSXKt|j!W7(R>wsX}WMELy=uyDAfALJ;f9k5p
zV~xASt%8muAG@d^5$RWUUQJj%M=pxP`Bj}D!}(V%(P!cZwNbHq5#D91QL)fHK*9wM
z2$~9ma&IhmQ`((KxM5(l+wJ{YZ|XQ#b}i)#ozAc7`x($~$LzIu2-uu&2p#6_33|yN
zSfLt&@LSWv#bkY8sV!F>x{}r$RW_RCg<piIeT1iTg5}i5cT5ksjGD&TVK8^Q2mkG?
zY6{k=))Cj2fzSBLN8J+~1`=RsWQW5R;=CMFn!$|RuTo|@znx>^B;oyucmIJ-DV~0m
zOmkp~=|%3vVzn1NpHHo)^1esE@pFk!#$jcwu*8sYItGE~`rCtM1rV~waHIrKH?eJg
zBeFo%yr3M7!u8cS_NBrV7$FFCfg{Q)=qCVBgTWGM+gYX_==xw1T<4yGRJC*!Iufek
z&qE3IxUT0qzURVq_U7aR<<&8@=0<fD`)M&<()Ay+bqa-gZ^oXsBWDI~9zyNnK|$J4
zW!k(`2IwlO&L2hTB!Ded$^WtQcQVtA7xB~QcyI>nK%<!EO)_hE${k^prqUZ%vf{}c
z04j<*;fM^-gM={G$-i1a;4$R7q%aB?cT@Krv8u~TyQ{+46&2Ya-E}cw{`f5qJV?eP
z4W*f=f5vfXLXO+&f5w~<<A{;E)X0#VtBc46WVPK9HZ|b(Zch^Tr8!i^wlrX7e#-GC
zHMy(V`L7VrnOW}azAmF;ZFE;ty09;sE@%nc$U?iG+tkT#StKtUSbu(|Bb<^BNn($6
z-4mvv8@hTqk5&VQ*5X=!ogTa5E6Vh*XzMdp6+ed+!Sd1=S_U~5d;<)2T~SfPwun!?
zY}w{yp-~D_^4hDmFQmwa#EW;lZUw7qLyI(J)YmF?0VL>S`K?9z#9|1b<DwyrdzQbQ
zgmml6Y^UFg-3FMxR$cKDmnN|V(-21K#>Z|z*xNy~WrR|N>WeUMC!$qJ#5ZW{$$l80
zE@Aw%OZXk<O@wkl=?n7_31$SmjPO(R)}fD90FkDNTrbzY9z)V5hYF*Fl;#lnyha?E
zEsS?Mb%2yE-f@7`iI(my!O{TDEcB5qJ>7{%AVW_%oJ0r7&NKrFxa9+hv14wmg$lRr
zgTYd1<n9Fpf_$FNced_S<JQ{Mk-wV_m+SMN3_<?zX%A|q*3>J?!xx8xuhu5BsLj#&
zoR*vz2UjS*#N1!y(IkUM?Z3gjLbzD(eq;!O2R$<7>~Lt*9D+D<jaNjm&+FsKl0zA#
z2gZKH0?$$)*2AgSJ7ev$ykpna!am=*7=g9H$Ul)1`9pVi{XhrTv5pVoL18_;xtZzY
zJ_Io40Da7`M1~dL)4?CrN8d4i;x;hK67IKcTGMqkJiV6U@OwrV|IS2apWZMY-Tv0~
z#+=g_f{)rGmZBH?YT{uCvE_|*Y{qE35LQbq!_I9VW~;yW%}fJn;AwF2$U{YvuAZ6f
zt!eqtUcp7?3x|p7*pq<MdZK*IWeRtcPLVU49dWgh=K(ZH6)DC>Wnrg^U7n^DoM<X?
z!a#rWpoYw|Qw$9h5KoU`IEvG0p*CL!j_d5!*gDXV7aotK?*3T2pQ&YUp1R|>71@Vj
zUod`=K-;J+igoyRJGHY_pEMieU`mjh;I-y&);sBe)qOk%TusD!SlSIz<8{;Wy&6>t
zfdf4*p4f4?5U8%;b-G|K_*a@8Ylje(-`d)GV@i~*ssvxMD@&@-%s~nw-B%5jaRaQ_
zH+b3Syw446rRxHJWm=?;(&1k(04UI&cSQ~OCwk6|`1^;qZ<L^Yxv;))MZbpH<w=Gk
z*_;TvZ9IbZnarAZUZ97K8`y@8x#6?*Xx*9*`*DvHy9;HCtGn`e%%Kjwn2k%lJ0((5
zHM5?Z83j%6xh?kOa;k3(83#%ZQviAz*BIUL+ve$gde>h$Esg>QP59*~Mmcslr*hjs
zhB?@$ayu`{j&;wtiEPW{nh}dO6no)kerXl#+G=;rjJP=u_AR|}1(rLiGldiC*s#&k
zZlRu$jbZ=taNLx;i$^E+T$)g#-dio}#5UGzy)JR5cr5yvQgAu!v26)lzF7fDt|^7y
zlKZIK^9n!}B$DsOf+K>>OM<QGcI4<-VqZ!_SH`Nkx~9&2-dAbx3^oz6^$0dK*0#H6
zG#I~MsdK1=02>OfTnE|yeYFOn#k07q@iNa5?&mN&8BUQx{J@eX$njcuk6OslI2S~+
zw?XFKWOx}&mo88Y;H3GOWb%YTEn2Ru;Zu|J;MG^e<|Slx1T{f66XtpkYE#I>-LnDv
zp9;IX7s^(JDi(Hw#$8VnYy>=hG1)7TV%j0CiCh<at}JVsY2!iJ4Csz1X{oDgJ?J*4
z5t7udN<vM7z@vad31oC%1GtJ0=bVg!bT$6Y5&FPHF(!rsZ4QeOkw6E-y|18BLbfEo
z`W$)qTw@qVQZANMOL*TA#2*lmxNxXV`t>lV%@aK+S_gw_K{je?ofW6>aggE1$31(d
zO&-?Z`N^g|8#g!&8+OlX+qOTT1_?AUZK)*fjjAM+CvVD7IlMK}WHzr)ee({16iK+l
zJ}w=?ns8<3P;d`@Xd9xbr`;NKK!>$I$H;wJ!oMic(&xOaK7>DK(4E>e-}G#UM6=YH
zqc_yE?_3f=_1a1xQj4gKRLjBGcHE|&kxlLRcAOCUKy?`<1QDD>)B{TJaA`?(`;mjn
z-vJavYQda1X9?zxCG)vc^3S|T&Mw+Lobo&C*;^DE3k>JnpVdRTP~ViOZlZW}C%dnv
zA`l4lot$2N-h4c6#bjb<tOQ}!O_RkxJ)?;Z<g6^!c~Z?is#}gUmYGqcefD{WMxV<4
zGdXcXJG@G(8EfY!#z7F%k*m?ohLpZc=@7<-cZBo+ku+`%L?b1f99uY)?yew@lcMP*
zC$yCarWdxWK0s^zb+^CXojkfp-knCDe?OMf^`5@_%q&jJzSNwR06JIcQC6H3XmZ-9
zBz0ApFcUk~c+)(M*lQjK9cEOYiuJ186DsR5e>(~X>E~LGN*J)E3l!*$Vu6M<*{}#m
z1Inn+be0*9YjK)DRZ&^>EzspN1=KiUWi*<>6sbD@2K~}WJd`aZLwFaJ6f{6bdnA5m
zx~(3$jtXQWMjftn#8}e)dMg7NMLaz$cP#Y1C22Y&QnZ;o4Yh?9x`c(_$2;_IB!=E3
z6gABCDzWH6th~;}^s_EiQ37si9JPqv5R@?sjcnR)0iDH7F|Q#$N2H-TXyC|dCx<<;
z$?SK8UFOhS=2()p!6`h*7cxpG;FOG?2xPqtTAA6W?sO>G@0E4f<Ma=mLNyYKNR?vz
zhYV0F{LSA>q<L%<qWz(?fa8|`LkbJM%1B3VMG7wP8yif-f4iYfeAv?e*s(5DH2bOn
z{Bt`-PEE3C)~M=_CJ}%{p|Kfk26A@eFHh>l@a!Ctv+6*qjq8J8&ThY%h%*;&PWA`k
zZw_LjnGe<gP+cupp@f95TBrYd^+60CXtUFZVWlqw|LQ=y>21_DutU`h^&k2~*c1CO
z0<X?6;sz;whIQm&;xqW2;#Oi&K5E92X3%iRES(gvX!_0_NJXm)E!OR9i8ZN*xU2e$
zIvCcAv#$ZJS(9O;r6~M4;{{kxEl)G4l7ML^v3Wq^lu)JG`N!Hq@<A7KY=jM}z`U=k
zUC$-rgb6G9feuS1hoT}}QuZTEW4J<NW~D8G4DrM$hk;IMI=R4eZp<pg8yhl1p?-^w
zPTt^8YQJ=lxx2OdxIZ1eU5cDzqqJx=891%b!2faX?Hm{OAhFmdRYa?+TCOUGV3Wgj
z_?XjV{F-RU+haEYz*v6|{mXaU?{Ow^Pm|s#u(VXtPFt&lKXsYrCs|IMGoBk9BlqEm
za(7f@zDd1d!mLc{l!uT_ne;Am1gs*%17U)ojS;vA>Hb6}K$RV%BeeB9@Ma~VTgoF=
z03p0rafy>tURQ(@^kCY?LXzrs%_FeYapk)M8nKVHCwpkt!dZnSdv)9|P>fMnlD?~P
zD86Y2C0xUtdo!q+tJ{-UM4X@ai?C}FXslX!m6G8}oT4kOzqlttn93*k^qG76Q!<6y
z{dVJwwh!&g(frqK$K(FAy&Ne{0Hma&NrA}_bDnCR?9}$~>pL^c@%273x=tgYLHCE}
zg)&nGVp^9Y{Zgqrztd*ihmxJ5z%NHG40l~9jnSq0NlhN^0R%lltw_v0ti*_}PxN7&
zSBll}Yf4neSNlGuQddpID)dtt>@qFuy*jd%6mm4A#((U_u+U=$Pp`|7=GTRWYh@{q
zl*5YB-)?)*sG0kTkpGQtFwYXRVjW0%jHlAfC;EG_b*Oy$F4XIiJdK&O{qD-83q#_f
zJY=V%GPldexWzhv;PtCMp^FD_46<xByMHPYUshnOyM-teuY4vBYd2UEBCUi}RD&Xq
zQDBnpRC<E;t8Ki{D1p$=05%xXOq7;fD#Kr@<szeMk_j;99X$cK4KfX4zav?dSHPB~
z`!E7bPfKOYd_nMouyQ{k10iYHC&S@8eGwm)St}q@>(8hqXxlD4&Hp`FZSdy5hFiyt
zX&WtO_2cnCS}o0H3$XW>A!$^lNhYY8OJOA+(`t}`WV%7S6slo@n#ENOZZgDJ<9qjt
zE~ql5iXn2<0UxbztVCCLZ7N8W3j^@)0&PT$P{Ej5sk8o^)IgsXv-jW11b<@q+NG8L
z`vY;<{BdoD1*@7_kI%2KbjMR)AAm1vmz!9)>?SKmx5{%in&2hvQgD{Bg8)~|A06RP
zdvkS6_cVhYH^EG%m=?d44s)iCEJUUYJ#Uh|q|^7f`u`~ouvTuLE>)I&6=V0bYnFn(
zd5j~pc8{Q!8FFUj1?MIG+#_nr&M<eEa(Pof2)n#1=Ui=%vFk*73(Z&R{GZU$2Bf&M
z+NWJSNj&ClquD=D&tv&B>~+}70gKqS!KX2v3!GAEk65q)lF9WtM}~gl16*wCQ;c3%
z&W-(K3kbx!76KD8&w~q4SEXQy3|3ksVDkrM0Kdu$cpwjP#ZIYyVw(ax%lMLa)q&~=
zYTt(}!p^pv!_ZwFh}f(7_~{-VAKcKI&{%~|z8D!P%k2oesk}63<@l8QcE<*W6geCQ
zX|?L9SiPK6uuZ&XGQ}KL*i6vv<-;tXz?GWzpj?W~<Np#~--;Ug#dfb`hTW8FQPRF5
zy}N@9n`!O{8SF{avXar4TVX@L#6m80@&L0&$Thw2&o=@-XVLCoI4Sp&%z=@+W9DPL
z|1*v3ocUP)5G*$~j@Fu;Q_Cao9FW)ToeX{(tk6I|UZ135nE|Z-T1JR1{!uKs=c;wU
zJCN7O4d{D|K(|(zh8TdY#kUJKBfvrcG5{d2ZZULViO7$g54i9HeUf`EvYVAS!n$>}
zkPbG?)C9$UmKZ}KVzM@xlfszV))btQ2AX>(WFmg7cqxT1Vrsf~`N5ugltB6Y)~Ry|
zatyk%l;xsUM91-Zr*6BgesjemK|R{hr5kTtO&0>&Lm`8}-%WEaUpt-jMY3Mex8tSK
z;AnH_`ptPW9n>)r8$GFAzZA3%7_hY?z=g*F#2&8#uaRYQ4WyS}W3_d;e_PMwMm33w
zulHL>nstBtDx{JsPH+S2n)_Ay0ebf3NXhbPvZy8tW*Vc%u&d|w`2H&ygM-E94t*{n
zeNLF)(3v_l6ObZ&4!}xmA#Hc`$m?4XXKnn09{B?Xw<QI~r|++zQ=rGO7NTL-gm4^c
zp1Qg*lxr08E?Ed06%4AR3!=@~Xs3ftK{5Q$t$aNUFv12fs0tiB-7LDpEYuoM62vbA
z^aoC0?8Rc6%ynziVopy9XRE>b<_HF(^qre7g8trWK&zT^9c!Q`s%f}oSCpT-xU5-H
zMPyCJB#a5eazv9A-)hn2LGJ~rh**&%hw<QXp4}gzfS9oek>ubpy^kY*`HJ3eouS``
zi1I8ukk!2*BR|vzwutJE%NBR^mVAYL%Ad|&^hSK3t^fx|M-&gMOu*I#D!%lo+t={|
z4;Aqac&K2{LCRVc=5qEDr`n?t6exdKBNh2sww9hIEJKHge;5nl=Rb_)BIp0bSfb1R
zgRy`k{#{GV3H=YoB38_hfeTHx0Ff2cue)8)1{(63!X>xk=8uLZqzT&d`{n%J`qvYc
z$Q@)c!@PT8RVDApWKG?ZYU3%ZNPC7EdiJ#e0d$yX>bP_Y19B9jQeP;ox7cFi2C=2h
z&rl#gk>|wO>;G^pYlyCxn`_h;mu1>_mxl@TGKn;1J%pu!@BP-a$;4>kO2o8lzm9#!
zb4)T7YK&84)321|dh<drQS)4fNi_zZXlFYd59TizWaaRk?1dCHM+2y3e&yW+Z!q}D
z5?Pt?*DOG_o2UK-yX?j04knI!&_E3sL3h3R_z)W61o%4;%SRw^wH8py9062i+{P9&
z8}-;*j<UYHc$f>V)|Z!n9uc#NrP^`gXO^rivbrK-=dLL(NZ94^g*KKc422q}#1!ne
zkkm<s+y9R9C;p<=Ued-2Vv1(h+)lEkw&ckmlUxwXJznBE6RA;epJ%X%KCHh9cAeAW
z9Ys$g-%8+nmR1_#yKLQ<2SN)kU`{wBS)yN|JdMIl_5D{D|9=4<sVM(-WB=GR^CBbZ
zA|3Uv%cX0$&h`E(Sj!nk_Dd_0uNdN@q-+hN*{O5eW0@mck9lVA-5$QXE{U7`8v6nT
zj6~PS&IjH!%188M-BjmGQ7=R(3N-fQ>cI>cg*4d`ac*;xKY>Qy;F)Y}_q-vCI{ag+
zpWV{!-s88=Ip?a&chiydyJ75f3+WI7sx>L$m)JJuj5ye~BXgMRM)m_ongC@~TO(c9
z(6?LNT?AR{HX7Sr+6WgD@G9tjc{XHUQ)qRkUM*EC=;IQkhg!*C`MIam!c{8{clKwr
z;D452sT7z$H84d<PZ^=0Uco#Hpet@DmBj~ao%mF?PIiEaR?x;B2wo%}p7<}p%%Fh(
z2LQU4H=AP)M}SE43yu!3m|dhqRIW)F!69=*e~L4E3O?Uiif+ql_#H=J?-`L=l>;!l
zVF}pkkgLK7g2f8ux=46dpa>{pLRa+=-$+4djuxkf9aEdd_nAe}<OVxf^H9hJ*S{hR
zKZF_H4Bn%9-FA_mS6)2>^@ILkp-JU~N7QM+*f$vUe4$hBuPJotfi$`pP04HCeWf!p
zmJ>Jp&E3K3fK)(jLYci1A0OnX{CR~=b4=8HhCX>R{^Oxt6Qacyeg$Ik5zosz#pgB5
z*Cg+M`<vSmSq7G9un=ZJ&jO<Z@yl)~ctVAl6Lx<Qy4;L1n(G?E$l3$iKdR{EJjCA`
z`E_;t_-AtU<Fd#Z0VQqdoLj&f;VNtjWwh;D`M?0its+bfHYhGIJpI=;ka-l-koZkI
zpL>1PD3YlbFLW*J7~3di)FQ^yS@RCG`&7;HR+n!7mUP1mh(s-p(u4BmRn*;DO&)Bm
z1CVzFE|M#|=xL{8aT;%AM}toZY=;c}0om2M3U$IRHWT)j)64p<b)}`r2OF|`pNkt)
zD4)g%r}Zn^IXL^B0@*@CRXtv=2*5f7qt+yXKqrU5N|Tc)cqYDrrF4v~U&KF*i0eaZ
zxru6|;S0LPH$FXEUx)?&tqmoiK6?&Gr7kkYY=HfS{god%=vuH^jq^_XR%kZ#xdG9I
zh_KiQMS|C2^Y^XR&W&Re*cgr7Zv3<?&DO;Vu!zAtzA6-S)hP;8pZfF;?L~)f_78*o
zCzztsM2~8l#kITHTG_JYa^X%7lg@s8(4;H2pLDgsmU)7)rpzaQC^RsRK<kG-vO$vx
zSxve101+-wPv<Yaj484hCH;-gjH5T-7S(tSS*|f;im7YEG9?bEUZx8E7MI8Pw~@W;
z(dXv&2k^V()bPk};|Pf<TqPMgn0+xJv=-sH>mr0=7dm%0kOA6g<sbcMGh!t&XO~>}
zvxN>S>5fwtY-oS^$0*$e|A$d(Yr~ZD=fn#Sf;0b`$ljNvlS~jKmjA`Q@=rxNiegfO
zTJtmRdOwTj4UMoG#hVk3FVYTF>!U$ukY>nQ%=hgfRGkYS1X2?S<?30zL32`FXp`}g
zZ~y(XA0(6!--Jmc5(?I8cl_6~wF5K9OL_pw&HKX_qP%Z$;u*B?X3oK(5mNAi^+u%T
zLytwD%y`BoXSNkj|A?w`t?%3AyEE+9`s|TWet^JMiZvC{i(Xwe-}l1zkAsw@;f^6P
zk?a`#dJFxFQpqM@#8oZCy$O8s*ah-(@c#IvJDAVoTk%`RWEvJOyX*fokWOdweSZBI
zNG~n9ta~)-2kyV>z>Dl#Y$HG0yuJlAAhu&vG5@(oDY~$lpn<(yLdWbos1fwS|1n1s
zJisY?q#*#;I6&C@gRMQ5WFye<1fC5yOhIw<`r#b~<@{{yT!S~rH<?R+x*RW32EPN$
z!B+OYJHU^GLQh+t>Rrz6vTG=$(ia284zB@m<lfMBCk+;YC;t}DS}Ur&l(bn~a3E*t
zfmivo!4_MDoLZ#aY-D>!Ee{ru@E_<8++b$WD0^g8_}L7p5QPRizdJa*csxAB4(vBZ
z^Ww;@koad7<&UNLy&#lD-KhRsxAQo4d_aB4+6G!k)EaIJp|8*Z{v5O3DBr&)`h1pr
z<XXD$oZmREq&{tjR)P3&)~p{AqkN@xPNS`L(KBmQ3M4T@LwJe>d8d{`%4W6E$nNB_
z`>+3tH>KqFe(b4!hs0<>p;1%Pd>+nnZ@F5|a!@f)?Cjb;7^%<8UdopONp$dVt=ul>
z?u8k8fs;#%uyd9i>SPP9F^q`|mBG^;96Qks`wCrzxPE)nEdsWHGAD!fC;;QDQd!Y*
zODlJ$#d~$Tr3a=a#<vfkz*qELur8FaAFb+b;S0&jHlcCvdjj5mG}IEUJFq?)cb)dL
z-5E%qp;E3v92+7RuwUPPpRgwofAR2Uz57BVLvf7_r2cqy0&>_>5BWbc{zq-rnx$j=
zVO=O42e;EHFiV=EAAw0q=ZjNzsH^OJ{aBWO+#s$xSModkKs}$fKRs=Do{B?m!-Jcy
zZBPO&?S;^h01PRqJQ}!LD-pvL-!9DBaqxVThz#67YX3ZhI@rS@u_n<!{@jSZlQ3}q
zN8nNt5!tpdP%Jj3R1oPhP9ad(EdlZ(UwF|D%P3AG?3R4tB^APvQUT8sWqgy<_dok$
z{>WT|)cFPg&oQh>2!AkW{%(`6<|<2<##VwWspF#NNyk1VbQ9uM6-)^w0ki+eOjFO<
zPd9{S%Fon+2wc^{)c}wOc|lCGw*I6pi^Gu0pH`BF<4ZnHv@iNbhg#yZyd#3#V-7x>
z0(YW%xkNlTEgJ_LC&1qFN65$=XO`hDoF)Q8ENP^l<&XB~tk&z|ZZ9TJalE<I23g%S
zw~NR`jA2spLeUr6pdcWY4h#9Z_0}*)Sm;YjK%rc7QCkldCjBu(3(Q>zKka87QLYCd
ztD{;r(nmuEDi4q=m5OD52d<6-fil9Y4D>t(E>>y8LqhB8;NpW0W|Q+kGi3yt6ys(4
zr;{w<^7iyN@{EX2r~k`zosjolcg3uUA=43xF6~zxr==1LIZDOK<{u)Jwzw2FhkNgD
zxsMG3!#2N#{(LhC`84^`RJv=~90~{xZI`LVneX@~8hM5@@12`$n;X`caz&LuB})?B
z)JNR#npgyrMVPIH?d$UtqV~%J@=?Y5mvLosDSy2i;heNh0`|`=r3kjwK|~7O&`4+g
zUEJfQEGVwVa*L&rBSQsE9a$AJPpjMoZT-Yh6%wq53Vt1yg=Or%0MFH<jUYxn$IrO7
ze?Qze;S0f^#G@rl4)g?;mKjpj@!hPtFC~}Ka_J|i``g@C25EZvUS=K1v-j4%BI#&1
zw+Cr6S-EZTv#I~w-F8$mo>W%OWldMaYR_T}MD0gv9ZO+3u8=vbjvie%W2RdYqF~w+
z7xX_gfPtM|?y(Tbny#2b&+U8DG^4$Ts2J^QnYDVgjG56jgQ*lv=~iG!DvVXPqVSY2
z@#zs-5Awxm9_*6RP3&V2=ou9ZxxOinbq?30)r-HAUoyWfPG3mW%fFX*cXyrXvJyYK
zyZqrYzL#m!?!WE6bd<iU`|{cDp46uY%h};Rwb-3QbsB&t(o|G-hs(HBCQBN<H1~=(
zOv`U}iI}Wucy1Y76R?MO&EyK6DYvWG1ZpDZxDf#jpXEl``=@=pDsO~Hn#wsHC|pVz
zFIvGR%1(9Zfo|pUxgq!YzCTC3BW~KeKP`O*xvs&szm`M5h!!kL4mxz0wxMxE$@ScP
z%g+~ys$AR+X%N0*8O@TbncV0(&?t@xNz&|N-;(WO&3fSuu*&(wC`ihC+V#EDTiV+k
zRg&xhGa;d7!p@{WE~e0w47UL+WeD-kb0H_3_P2`%fQ;Ns!7>{DPNC8zp`KVYuwO&S
zQESeed<S`dUt6E6XjJo^Ep?NA0sin@hc3fQQ-|PY(Sd=td$_+f0@0ahY^Rd7#ZUyx
zr=*mYICsBiXIn`plCQza2g^!%IGoQ-NE4ZYM9%xXx`lpm8Z|#LDZ)9OtwPzrv(8GH
z%oW15cs;{%KYR}X1UZGESIKMurwfnuOZ*l9h|488j`0^)DsM~5faUqU3zpRV@dR*~
z<Ip%D5RYS&3H_`m`!eZ*b$7IQm3Lj3-XZ~`aqfa?lEcydQgliC1P@kDuVDb!7`29L
zKHP7Y_J}lAWo}j`Gw?h{^oxr51taMmLJ&sF&PueMN((qbQv%J$!Ov*KQlA|%4Y@I`
zI1MC3K~ypNebn*mP09G`b&;xYBO=2g9ubRCUrOMO2v4h^KfuBv9vVn<MuM{GH!1Ye
z!XI4R5N7m>&UoUB80-fht#q*-P}O<z!U&g`U`Gy1DcN&ZTSQmeRlkgOgpytX3=r{V
zend`!-T`AKT$R}HRJX3ErGs=la-V1s(c9=~_K>+=UpCc3plb+J<M;2cZ3h5ntN*h(
zVm9nCj00ZMWpMF%MOG_9!7t%c7@LX0iu&g>RtTq{hdo0BOD7zYBb}I>le0S=tcDxM
z%4`yRChn+Iyy;Zn!4WciO{wVxF$OR{jfHesiF@`N^4NJI6R4q^wU}*jdN2NIusDd0
zbK4?)Sya%m?9H;W*~cki_C#|#jE)ghQ`GVzeiQ-KdX6MgDW<<1knQ<nce)7IQ+vuY
zHWiFhK5`P>gj=TsjIB;^-na7nZ0@0^w*IGv9@!wB+n0TvH{{V>#P-=jUkE5)2RVC8
z5%<dyFdN(%(~v0tyy`CcjmKNc+;d~5Ir9;t$qL!qJDB@_@pezamB8KNreoW-ZQHhO
z+qOID*tTukwv$fMvF&8i-#KUMKUHVuaxQkN_U*39&HAnNyjGLf*Ly`PzB>Iz^%HY*
zrVj&hruLwcif|ZTfGpx5mSYZ7tZwJ~WR5s*RXe3~FQ=_KfCEr(=N8To2iGB+7a8l(
zlUvGglSOVejUK8FEAdO(zaN^DAco8|CY42BqyM;5a#0H~+5=tmBgJS<&=AduV_IZ}
z^s`V3nr><tDiWJ(>nZj07b&lWQMv7^?QV}OUnldqj_=9j*p&bE<<?+84`Kk2y&G6v
z^r(js^1twZDy9AnxEUU=e4N0<5K}aK2<E;HSp4z*QOkDRYp1(khx?;4P#O}@uKcB9
zNk@2CAzGgdzn6n4#EZj8J&07{CA#%kIzJ;tXuHsyUs!$<G(6{rq$t_SeAz>9)GM@m
zJG9p>5}dmU@?BxOXzmRbMM!sNlP~2-Hm&Xiv{PqVX0X_3sJx`|V5Zxh$TXdnw<!T7
zyI-k^sL_t=_onun!_}Y3^c+^D9$V`(8KVzWln+MARwFpTsqXx)Xn)`3yXsx~yl#}T
zwRY3E2Whk(c5f0TLvi(I#chKsdI&bPJ8lW*ge<_c=}^XeAigerh0A}+0*8)Z6ce0!
zJQ}c+F?pdVDcXxv$5O%8#VBGA+~SZb8#z4@D{q~<h6w(eJG3~XZ*;-g-Ou^#yw%Mz
z_%n%s8y)_Ux4`IG^t(6z+cM?KpYQdx*qtTwHi9iFxkfGj&w+SG;w~ViF?^RQ!~64N
z(Zg@*PtP=a*EWO6d=E>_E{KxkFFIZ~U-VQwZ|>9jWW&l+zBB?5TL{YrB4s2hWHTjl
z>QBeyp!njgIv|dk8Or1pUiA&@+vFRss#9Ah(?V5@gd7!j*&3jV@c|e37fUi=5-k=f
zQDNn6^*-!Z=>V0V2Uw(-{dW}SCW~M#wKaK)9aOK`Nq)EC{XPC{VBcD}2kU9|er%`G
z8}E0Q1xEjU^BMZx*F)}JpW{^ejQdG<zt@<pwrqXB%50kF@}kmG1kzj)CchzRCx@o!
z;cfRJa(R$2eChCxpLksL-LWIycjyxV-gnX*Zij|Y-LSgQlMQfgR<rycTtK0#iw9!U
zHuj6B$=A)9oa}%X^vJHbqO$E%2|CwmZKAASanhs@0zP1!a-&;A<C-9<nrb&S;9l7*
ziX^aOFY+9HfV6ohD{Ji}jgu>!Fm45+4}d=CPx}LUW$B3z(3~29!Gb1$9zlyIRT@Nz
zXSOYhZikmV`#IWzhBEsh0qvjK;k~($8F3_0IUbqNoERe`L+<77__Y+{C^~r{b};IH
zTiYWHiMJAiWB5^>=Co^sWb6ZRGhQ)`*+G~`#8pAhXv}O=(Jq_WYDS<Me1z<!D5Y3R
zo5gXBb1c>&7-F+}+|os8HE4wW0UHvIz?ZKcLt_4losvXWQKj4!iBPnLU+!jLdt|EO
zEtibxdC!+PQi2L^26P}LBJA?UiYZhkoY3><!TFDNX<}$?W*x$&RKAZ_ZX9<(^kYgd
zc5<ZSdWer6^F)%$r$ZJsc2+eEqfNog#c0pr%CtgSD+fQt%@j2%m*Q^Dv1GRlx%{<t
zpU3rN_MfoUF)GYB)Q$lf&$Q){*lBr}T8T!}H1<5QFU+;xT^}FD@GoZ^+13Dta33h4
zrL#VY5Sm~x8uPiXYh*koNu`khAz{=ho39mVd3LCj(3J$9G0MGH6xtuhJc-{wLAYJ|
z!2I58a`1B2Y70ARa>!X6;H1r39Qd@h-mB3X2Jx<lJs39^0(CRTVE9EpK@6F&U<PC#
zfaW|Axi0zSKY)lk?atC$URwCN1T&kjeMBpOqOY%YpBI`?MsEvB0M-YY(%|80`zg5_
zmO(V(Vh=Y>Odkmtxu-5-z?5RbgycsCB^U=Ri%%XS(Mk;D62l;A459YBB8Mi;##MP5
zbf>nH#NxM=e)vKpVe$1ScEV;Y(;u*!PZ_TmS|@q>`RgiLYB>Arq9Gr;k}>))nPx(c
z1<Z{S5mb^Eov=U}Y5WFn{`d)?>v7bv&7>J%UBAp_`)otw68Mb^&P^)($vE-@aaig3
zYRO)jq6+~_F)X#4qJ7mC9mOYNGB+l!=TySXH}N@1T(MOaHb>Vid&bCft3vmJ8W~7D
zC*ne5yp~*-!BHl<YEH(O%QMp>jFfz%tXd!3HEp|oo;tfVTb^WGYvH~#bW0@F@IV#}
zr@CtO(3b<fx4w$?5OJrX{5rf{bwc`35d&nq;Ef6Hb1C}*cJIvyb?@TCFO+ELITnLL
zlXsT=g*$S%X%*%*OJm9G=&WbJ+$bF(e*3;4bc<h9+X<baSNw5Oo2d=iEinDEAt&hr
zK@!PTXr50DqdUBC9Tm=dGuT_)R|EjzKL}+a!9IMdM3G9?U{D0SFg_fopbUJysfp}+
z{(9%e%AMntIA;<z4)ugJ6x6=2_hav5f-09bDdO{PxU9TlOh{X(eVt?4=Z&J~C}^>*
z!|~Z3r#gHkEr&Y%Pp@Gvt8#Sp>}+oVt+Q#E&bD4!TgU3Nl=dhh&#ggeXE(*Cm6`wH
zG3S^sO3AtaEtTx`Tq^Oy83;+*8ExtENRe)Pt47$mYppAFy*wM`$cBeiYlEzG1ikaB
zex7QxZ^xCUy3Pr*MmNYB`K29X)zvlzWYrcj_2+x{rEHM3K<&0)DwZV?@pc&YIbJdL
zV<*f`v+gqqam(bN?H=e<^Uk@JTyqZoZsK3AmTA|*o!R9ZGF>pgY%Ta9{X*y@#pkEq
zv{S3weYgC}ZKea_49|-6l(pGQ=C5?Y9+aHZB)`WD$->iN1kBFV(?+#fhX0&RKcv7<
zhZV*JWFfMjeW!T*`9iqrm74HPCFnJ7rW532O(obR9b4_F;t!CHyGHtZ?HlCtX|MZw
z`~B0a87W0HuNGf45i8#sJ`?u~>C5r-HzND|xb`Vi2{ZG;{~YJ}ZGTeh{?U7A^D2JK
zrvw7nBXs6loO=XW9V@9^Oq;qW|C!~X^uqrIkiY_~&b*7Q@*y3l5wd3cC&u7)klQx$
z72`BP_En(Jng4<D_R;&*{Mx_kThB0P_h&ZLQvktdPqR>l{P7V1Q1p4Mud}H2YB8cD
z2O0)=wfPdY{ZjZdC1OuIplm{)%{}<W`$^O&fBK)6mfmdc-J^&9SER=MWfy(+d!P5x
zHkH;kG%z#g8QlQ=$YB!e-SzV;v<2xmBoTl(23~G%(Tf_(sFTUrO@jyzjeJoG_=SL<
z?hd18i!_f<5EzP42;ON+dQ=Rsd1+l3(C@{L@#h%a#+O_NctGQiSoHp^G~Mri6QP~E
z+_X@jYFFGb<u5vgISZ(W1Kjly<ih{d=MkPq#}!@I*PPoBbOCh$U2)~s5w=k?9X9_n
z6w3J-3UMlhullhFsd@falZFK2|8CMCxgQkDi(di)#hMI!os;O%b`C%e&F!x-mL9og
zS!_MT9ToZCygwv<m}3;JV?UO*-q63@GwI~#B+@4<cX?)+T;EGV1(yiSGA7*>e<*Xs
z#M@El5zjhn6Zi|OZWkdy)Z2L`A~}a=&ig!=mM}FiyiszUM0YJtK{JkEE%rDinixW$
zk_7LR^c@0J-7136$h6bqKpTd*U+|$ivJOk&s8flus#6UoOTDU7B?pa#LKT%sh%8t*
z+9)3PZkOzgS&nr8*-(Nb%kN~9yzJJ}`K=&(@&{@oZFhy-w~quo$G_|vBkU-NEI-a{
zVhC$sMHG-54o1K+r)z6M`!97Q_+vFdsSBp<Wq&$2<&%pC=9`RAYsa^YlMinZ76_jj
zX23QE#5Q~9K?q-_qIAJ-s+&}B^7V@WUyzuQGj_I+S4)5O=8#1L=`q82=*lC{(S76l
zJ#RmozJ9O6@Af*}ebZ(9l#D<0<G+8!`mJUJ>|bQa{c$CH=_$gc_|lk1PHI^yV=PPO
zS;bZH^Rb{6a$H2Z!`MXVw>QVruTH%dWm|xcz+gM2m{se;1saStAJ8X-xn=>AGbYGb
z#Q2c5gxN6h69LU$_(F7{;@J$HCBh@g&qwM)1xn9aj$S*|=!X=SR)R<Nm*;~RO|t)Z
z|5d|Ct=+96h;J1aG@-U@Z=IA-?p_fnUSSItCmnyTyEa(w6<Xn^2IcOZ<&}Hm=Zl0G
zz+-~o&V5H`BqbfzkxU7e4mCB!O-J!5c&ro>i?22r02&9a7{!VBay$`V*cg>kE}b2D
zZhF|YX+%NJ=gthwl8kVB;aaW}ef|34{M3+iP-e!wbLxt6;17&UyFF{7R!ccs#z3+H
zekFXnduIXrL1>IxuBD}x+L`&%(@HQlLw7=sK4Rl0b(DNW^F|h{9dK?tr8pe6lWx`Z
zjLW`dR@F!%rjV6m!;`1r3OF;QL&pa3Ty_#SUX)vcF+mZW;rMsk3hj?b_V3pg`6~$+
zohaK+5M)0fgGPgVA}G+JIK$FURnDglH!sz9Mgpt93s)ZuI6ES@x<!yXEX1U&+`PR%
z#s(z?xep5aR-$^>`|FHvK92eyWx-n;$c3qBXw)HfX~U{^%rFm)Q4lxo<7WYEEBlf{
zM17bT2I%|~m`DaG-5u7&IvK(a?;d;YmAa^qRpQ`ke)>%bv3jxC3(W~WQZa;6MeAk6
zm|qpVf6Nr%El)D|D|I=zQyPtZNvjvXfZ^>~*QY?148J|!K8D>%-)G%l$j!gk1)ZPp
z&A-bx{3l}lj>+=wfLy2%K39w&sJ``@K~-B;ZQv?&Bg_yhUVV?n@+W??3eP?Ae5$4e
z(n&KFGar{7O>xd--PhX8XwsdFHmU)xZ$S(#q5}#jO>ji^q;))`NIgscE=zhe$X+U&
zBxy6%aPe{Wj*H=I5cX73RHqVO9Q_%88E^0}-%(*A!D)%}4liJLG#~c8gADra*Q!Ca
zZ9Oc66D?t8XU&frb<5?i?bsU2<_RgETV8bB`BSS{RbC<s?PHOcCbOU*&QXtN_bx+1
z;mJqZ8KfGW`NYHti^tug8BglGRi6ow<Q`dxfZ~;kxmXSP+Uvgc7E|~(Ny2!De>}tU
z^Z2VReB<_b9DVe<FJyhqo_<rk@xPw9S3f1*TW$0(f6BKf$bYpLY${9JtDK^ejk9`g
z<l=8sYTL;@A3q_rP2UR9HY)UV-!%WtZj-YeN7A4iW(DIJ_ljqHGw&kecjyMNJP}`A
z|LDt{!CY|-u@{8tA00~ct&ctzjf!F{l~tLxM9yZrg<d5?^JN2>Q6xMRP<qkMdU1Bc
z9*RsVOeLLCg~hZ}RSq-salfMXUC}a}=rl6aD!rzp!E#(t<RjoUM#z@n4fh{;KXQJ4
zz?o%*j*%tRF$2VLuhyHUV9V^Gdj%J(93CQ%yX!CRkx>eMGq4>lD^xdtVaFfb36?n(
zb2ymo`DRasi*fLI-NI^(wYcsmc|yW3d2Gtz)ko&Aw@#&a2!g_Rq{7zaROk$NvK76h
zpEOk-0M69*0BpVC#gB$!1f@(y)7rx?2~cS2H1~a6cpoN#i(Ljd*Bkh?!0~gC{|ywB
zTH92!Aayx*_$yOiNqZP^_dHD7#?QjX!}pi>`;iu^DrZmSYqGrleQ?{QobDrPMJ3lG
zf2GTezm`7mQq8xg-^)jM!`Ct9$MmVc+dPZvcp?_*+)u>q)w$@+!rXzf&Gk&Xl=RK3
zSp<p|gED+&5#rGKM2gV$d%}wFQCO8x1xs@Aqf8&hmEY@)Yytc~13?nv-eN}=u@lbP
z5Q@nTBQkRj!=K<;1kR6#N7zh}vI0LPc}yX1^_Bbm^_O4lWqJ3DjpKR!!tdtNKgPrE
zdO`*LP-l(xW3@zzt`u2m`ZOd<?nGaTyojNC3F;K=y+M!S+O`nhN-9@fc`?VloqD`D
zV$Bm}ABoy;>MZmkrh@Np*FY$W0G5|kMsNz%qNzSad`9R2mxsiwPfnJ?FG5m@t(WKN
z-we8sPFm6i_izMU`J#VPDbhw7r>WHIY_ux5_p1RS-Ph0o9B})T<HCPiVzhBl@LM5O
z4?D7V-lw$>k$wT0)WGrgF9^+^V!z~46Ct<N4ZzyCGcwickvS{5fls5Ql&Yu13rm=a
z>tT1*zsS~Wh8#F4w7l42Rk7>mhLmVnq;94ROUX`J!rtRHKe1FD4L#38=5S4^`+<N>
zo(2R%!i2pZoCp9`dtcXVSzkGoO+15X9qOf++EnC+T|qlbQYs~)&g*x1LECP9>_dX@
z0wXXeFx(3v)F?c+YE2v$z0K^OS`m8A9hE~DM@L)(f|<8PQH1!9SyQv7s4-Id3%|5H
zt-?ZWO$jgz`?9X4UKMzUBK!FejoiNk{M`nJai#b)Tx9YPpJSE<R;hG`{3vG66Z~M5
z<Dl?@f_vG;TdgWgXM^MAGZ>78eYf(pE-0I&jDl-@1m&il>2F}Z3Ko~0<XVAZO9}$?
zts*@&OrT9WoIsl_z5}ESkRD#$@jtBMnimQWYU4$JW%3e0BgsU;skZ#91LOIV_vWZF
zzH+MiZ05scwSP-~FY>*&MD~lUu+>*Ux@=ovQw0vmP1R9G+`(6PB+d!Xv;#RiF|`4M
zrA2c2p%l|>%q}4J($#YjLz9=zvnOf&Cx*pUZvGges#7xV1pO8EB7D;a(0|?eDYDX~
z`V}q_uaxU+tx$;=y+X?mQy@1x`}P640Py9gKo-?&L~$Xm{m0H52HCcS>FE>9cz_u;
zQ|4K%v#<knV&}2PTFoZ#xq$}(kjn&>SaZTmh_7KD0?brxSAmo~FUH2{;Pa~oBL({z
zh3VX=%?1}kAnzx0Pr-$==Q;Mv$PU`STDky;Q2eLOD$ot~zdCv|?s3U#i$ul5>7NpU
zI6rCDhzd@MXfmQh!rW;2MgW@FE|;G+tAG8}mGv>ALYV)Fz>b3y<2EU&YJq+m5VHtt
z(@&iBD80#LMWwaM8k)adOq)4RHIdsu(Q327uhFyK<UVS|Y&kpp?1ZZWOP!f*6MCLW
z54VjNFx`<e;tmNW&;I$NiPf2@*+AOI%b$R?K>M9sr-UHz*j<DS<xj`sE{J^%>>}qL
z68QjeIH8Y}Z&)mz1mL_>Qm+(GKOjS|<Afx3EI<e#*iCJ};4o&(#)CNzM+{ijh#Foo
z(U>F3jyLd|Z5>~tp-Xc#*E(v~VKpyGeWE_i{aBFgQAOKIkw$i_3vfTPtziguLaSGT
z=Tpws2kRq8>36kKUO~!6r-hPlx@m<ikh7$-aHxX{2SXpmv0aA{nU1D<lVzcjY}uhJ
z1)|_xe8Kp0);_rB5{b05maj*lqQhb9J*JpzL}ww9Hr-YjV0?_$?22RYpv*Hb3U2aY
zf+unxm2?wfCHELEjoIO!U00#Q%?B$t67zem+cMquFxl3m$6``x!|$i`ac(O@^V)|~
zDL?<ap`i?|3BX_7s@u4?<8lYXOc0;--|M+G9+*c*gnyHqNSS@Kh-(T&z){xsN=fuS
zj{RAA3*GKxj=I#|jge)zV^h<{%s}zkT%C@y40WA>FZGRM-P=+g*%xZ;=(gy}bq?ee
zd-RG;Q))HJ!`s8ux=n6_mXUWsI@NUwusSrE6FxzkpdXiZYHAyQeF0^nEfeCUm&><R
zf8c7j*l+8g8&fo4PP(ya5!i%f5ZI&$8T(O*hgr`vAhv>G_$`}a(6{7o|9R=h{^sM2
zGE>{t6q?j=IFe>U%%LsX?`n)pvQNM>rFPTy0?Y2^a{9yyCJi}F@Oqc?teVknk;dra
ztP;fMsM@O=L62r-0+X>Dl~!j*)7{nb&e&Qod}dgayw|(Fu+IBt=Atk@s(A&PzdnbA
zt!{J%R|H-SH)}6B`MmkX_Q$IR-l*jEG?_)Z$P^u7es~AEK$Z*JYa=?wp=qXD#fh)%
zQqj7}&dv4^(7gCccBXm>^A8_#It=2+J%H>nRXHv`!gq5{ru9{?{i)V`$B{9omF4ZL
z)h4cU=jycf*un*qp(57UT$q^(aKUYmDNm7M8fYfPZ^aaOWf;aS6Bs<~`gw%M)p4r`
zwu>c?i8CMiz4HakN^DcFDKY3vHwNiRM$+M2$1t;pt{hZ>7e&@>Ze-Vdwh$M&zD`Lm
z&aQHv3;{1K$m4YG6fbo@v6@iVTf8PaoJflH4=E6or3W@ota&OJ#+9mh$U5Q>u8g<F
z53;2lO=sAc7`o9ihLlk9?sEFimhMwojmn?5MCe>E;jr?-TEEVm$D^RUe0Sg4uSYkd
ziuTw~w(bjBQZ8uu_sf?J?Gey4ZtpbDE$y+KFuiBqm+fc0Ulp70I|y*wcrR{zB)pz`
z{CW6aBRMZ-ZWm_uKFG$R-r$W{6l3rfRfb*!1>??JBud?N4E+{AmpOUaFbJZ6YE38R
zG+8(=I-YHKOiD|_I&dkdJ=QZQi*=qeM`I|!v`<I-nKkcF5xu=3q2xARg-&e&ZNx`$
zZpM=)Y;?5~t8waw(w4ff`a`*=lr@<EC9L0*@Vor}ZXOyl-*?%Q-<_F9ci$aTbjee6
z8-=@iR_L#atliR_3)HjM1)oZiHwE+=i8UF2do4L%e?2V|r+yaq)lD%3fy&p61wCZE
zwqbacica;l6KvKl+2vD&OTS_A(8WmdBFx97jd~PBc@l(!bsZ*<{uTYAL}dd})E^<G
zcZ;+#agMb5az$RYzzAbnKB-0IQUawFDK0Xa<I>i;0ZG?g1tU~l+)AU2=8z2fj#*y1
zgX|*Lkh}nE4A%R(0+aZ-W`roAT&R94Gf^o?0)tXgR3L{QJJ4COP)?p~s!>UXYA>%O
zD7q-CrF;0e*TEN-lG82>Q6X^|xI{m6p+$mChS}pc{^@eB=xh?7c@;Nft$@B)rPFqC
zwVsM1xVoM$kT(AO2ZjtXI<fO1W&dhV0?NnDpA5X^P-1Kp!uuEg%n)8WVy_z<W9|L&
zXoB(M^tY};SCRJoL@dw!2YBL)MmpC#Nr!HzWX#qrhB*><Y3zl%YW8-Vg@$U(W-x_0
z<#wxVDO-&ch8g{ek!Fu5@+}mz-wbDOFVz`J7}Ir-otk&SswD#6rKRGaX7La@h<X{I
z2obes3&Yf#Yv}>dY)8!t`!C!RV#pkC_8;#lT`1q#T0aG#E84v3O^n~NFmT@tm+oiD
z*(m{m6+qw0<^y}|vwA9P-VIzhkluXG4)c++7p??8b-*pkKo;x2B3JF9+Wphnu$d9n
zvr`{ljWI^gWgqcn23%M9wb`$CONESy6@Bz368kstfevBBI)|0#&NN<_br^6|@MaR^
zDb!@v0&VY=Fp{k}C?1ss7HqBH`-+Pla1&1ze!6u*8dY(<iZ^o_$KX(_Ra4ickQPG~
zyL$Vl+qvF)R@h*x6{-@`C<g{6oO;m|pyeKXYbi$38!}B@#=mICu&7argvk(`BXOpf
zqcZvc-ps3n*$`s`uY`j;`y}ppR*E)%o?uW#AwM(4a~)Bz8>)(I_pq*3_Fq{}O%S81
z=e5`&kz$Qq`MLo48zarSIi1cZhvG(-oU%O!fVeV&j{89e2|u8W=3uiY@l}V0pEZg!
zwxh?}^k+snyMeUnF6Aaukmdnr-@(p7%QT=`E`=7Iw|N@(W{BdPu1-x7|9sUoBEL)l
z_#LkzH&D5G#qQd$v-L1`*RY$DN(Q15Haa_{I@Xg4$wb_4+Rr^3UMAS9qjr|@n<jIn
zOG(0e+<!_cw=>wh?gA^;Q52>Pw<62mQ<dLC2ro4e8!4y$(npbxXfe~0=5k!x-q640
zF56v3<`+z@w-k0(IP(j)qUn@WrGCnsGG>w(=s6hFyDH3@e_8Gp2L3<FoQ99i;Y9VE
zDF5;+ME~+D@!l~+vW;<RE}0GZ>S=`qwJ-IJ>enOxOjS+-km#^%&r$K6kRye1bbCff
zE~u~eMM!p!#8K9LgO^eVsI#R>aCOjDfYX=#y>IxU!s%Ul`dK=JNV8iOI7v}?Di8gl
zn%;2g#+w9;YvrDhC+Xn!U~2AxdAeP_JUtSiHg}PV@w(e_Utw3Io#>i{r0ix7<8ifq
zu8BRViq-prAm9G4DflW=E#p|MNdq~_U=<*XB9b~>TCdb=I6(?Fm%c=y#rgOn%f9-{
zJkCMEooM}LNJ<M*zya1|p3-@Au1dQyXjDzw6^PT-nzTYmDHTNk_I8S=mXRkGY}m;{
zR{#O$x?Aq-8U_nKRdN3Swe0?SnM;lnt!B-mIzwl!GbeFYSN=atF~V0WsjWqybLdM_
zrZNMTlYYN!bzSxQ!~C)<fkM~}ksD<i#D6GQ^U{|ij%f8pJsfUs9+-1Anor{PupG-L
zW09wuU6XbbL;9IG$%GcMe0B8lOn^1k8pi)6%PD=7*R`Hp8hA@TkMpUF@P=}-`20U8
zY$bCV7rPy$sL20&l@qd3`9D=odBf`eU#grjld6P%_OF^(wzjN8*@iBsqtM)szz^tU
z;zeBR?QjLa!Ets%u}32UZcAax0$H)GDYrsvRci7#w*`|_1gIYX#`M|S4(Qf+{k4*!
zJY$b|2xtgBn*@=>Q;e&G1FxP#pENlo{{y^Y$sP=2m|+i?g{`I;hKp|zJA|)Na|G1$
zh;x(@KHy9@ioU?I^X(q&HVr@KrMzC&5F>WStAW)Z_i8lHJa<Q>WQNzM(7eN59ncvJ
z6txFH{_w60duy}Z=KT142K##lsQ-9ZsrY6lqV_IXBN(;0rIa*H(OA^JseuLxj{l>`
zx#t^L?>M2^%~>3->{ZnbD(?EEbxL^aCt2A+_nXRC@BiWJx?h=2E{7aJDHuq$R)74h
zAsLb83ZLO|3;a4i`RGo;_}yFBP!Rv?ghp1q8YygE%ldAzl}>%ESE_$(mC6-k+2|%|
zN>1Ksl__3wo<K1{FrcWAIkf%dCgUz^{IQxmo2@s778fLIMa}BFN9rR}n|YY+pX4dm
z9<!?enEJIqc18D1K<5WCt1Si~$nL1kNchO2(Gb^j{&2%;s^%fLu_zZKp!z|~F*&Q+
zEpi)?;?tbJJ7oVzxq!u_b*?bZYh34LQd4D7NU7ZH8#dv!J`%me^^=FeEaOWfho-=0
z{%LXQU@URk53!AIApA$|<cvOGm=W7X5OpcuP<WJ>%u1sqx7fcBsFzS8AXKaWyGalL
zQ?{4#q80eOVfYRxd@te&4kLMyAOm(t3)e+%^uBA9<Cat08sZd4>YMP2D9m>w;1~i9
z8ls=uu9ukxEzE5Bi95DFw41DnAv*GhYoQ`#g!x+X>>bazk?_M9BO>R=>6Ek_DUI2d
z#y&Zro!$o9j?oL-a^WV{Z%Zy!-vOEoAR4a{zzlt*%7dRn4U?+3Xog`(b(Hh;N;sUx
z;jz(M7xgrty>yO&7CzVLN-$KEcL=wGa4qMb6yFYCGP{s4vc=hMIT!=xihj7DFghVH
zl3nY-6=M61cQp-YGRZguhVHiek}vC-za4gibt{q3l4%b22R{qt(M>7hp!Y6_W4=lO
zv>bjo6%imZ^o<lUrgg|QvXjQ!sGu@=Q$royd)N*O-^B2pUr_v$C0(H(>4!R&?nmKV
zWSniNGZ9>PP?Dk0Q6IMgp0cK!!j8N{lgJX7`~GK~^|gvq>suICwjepuR++R;qh_q?
z1e61BBFr{thd0I(ZCW&p3lC#=UlDib&@GA?7T-t((sp>5o6>mVj;`j@-yvj$(g@SP
zhyR9Mn|sC2n*$EFz3{U*?!NNThUwkl7NyvYy0<+wgq~?V)bDQ{zQ2;nh~ZN#2DsN&
z#A<V=6N~N*O(L_h`O}XOVg`9cdtcv1K@ogZkoTV+=N%3$O>=l`P($P;y`s=PJq(hv
z<(Cg9<7qfA!&wUpVSK1|ZA8Tf8Z3R}(%_ybDkmfRVvnozp&(jAWV!~PiT(PJ9NlrQ
zkAY+#S$-~GG>o2;-d|}Px)80r5#RXnP-)Lfc<t2sBpZBC@%Ft7&(e=gwEWFOTX&__
z#ExDkxkCT)&7~Xjgh}&r60X!v4cd0HToTDTcDA!>nhVdg?{1T9ns~YkrXS@%bP$>(
zvBP0OzFo)7;J|vEammxKe`w0V;jJ)x9pIf`;cCD61&K#br*SLvWCPs2L6*Cp$w4gW
z_t9Fil=DTDvHB8+K2&GI({K%hZCH$btO7_>0t3X6`n(M$xI@<qyVKK@^{D*eUIc}l
zDOu`<ex%q_CTp9f><7tRqnVCgz&!Tyc9fz)DEw>Ti;zdyz=G@pCiIi$ea9`_W(Qcj
zrTPJf+=<DdHm5n|tlH4_L+qZnl-kgDWEW7PWPAj)p#OCnug3by0QvE@T2(alK6%DL
zO~%j1=6SEJ(kF|yL{Q0MjZoYMjx)n{m~iyxrakUJk68Q{N<oL|W)wHsEj?;P{ROrP
z@~3&Vyf*)7^ZjFm^~~zze|ns=^T|ry9{ThLHR+M;QhQno^;&qo;`r)DMsbnX@d&a$
zDKFz*ddzY(w^<tdLkX}y2lJ!7K^jJBNN$McU*3tr>g$n1{%KmGGnP=@BHpqE%1|b|
zQ*pz?==_Xqt4Ui<EYvXgW84|je@68tl;r=5>pX2~=sO_(LL|pRPI;rxfe$no9&^LT
zkEaBqL__%V+t5?vT-x4gcYXO~M=rf8-ln;HG_*tY%iN<95juPyFFMG>=iTMO$Av@8
zi|4DPWsnd$)!B`Mi!VXiV~hB{UT%h066TiZb_+yc!N3s7yUb=N$q!l&0HGI{{`Y`)
z{1P~AAn@-eaNXf6(@ozT?%%RS#Mz?_XGc#Ii`%Avu?JGKP@@QW-ObOBX1JO=SgBIh
zKmx~qqB#$`fpo@|TzTOX>hN)ppS(s>fD>_DjtLWGy<D)|)Fw~RquCs(#S)h0{wiW3
z@4>+<*hJ|Z!66jdO^pAbRuYHW=ONvIAT5^+NaQvfG8E8#ujw6HoKX?-Ub5@k>PKyl
zzH*Pc&ATCs)U*0Djqkx*-yE|w6j^NIJG0U`+oU0W9DbDBI$xs4g+}u>Fegx9vJ{+=
zNy7`vPMBa?ynsV40Usu1tx_x!Jwy-f8Lp*QO{DO2nv>Af7WF9fI!LuOjOF}u?=)?+
zB#5WX$Tz3}JMsu%Pf@SAclO1{>1<gfS3h_b#DVtGF#!F+5|SM4-oHPFS5icAqg;23
znBOWQa1dT`|1BGdLwNtUYy@-}_$$(-O<KQlP#4ZUx#Ky9Oz^*DBldIL64q?D{Q|3k
zrSgGlBZ%wcgGFRSa!DMwoTa>0pDvD?WhH+^Xv6r3?Bhxra8U^N2wd}a)<`@;U0`qr
zar%(y5~vT$t{>V+`{mLo5LSwFCOio}OdV+Ms6f~f+>dbh>Yr?MmK+T?8Cx>WYg;sE
zzHByG`yhB&a=JsQM8k~`h&EyfngJddk`Uf`E|n%+P!^$L#J4K4!k|^A0P$Hll^H_Q
zv9|%VVBEK_juDC*atR7+rr~7w0~;xjo@az2{&S7cHXz3PBPv!rwS4moi?%JZ%L+6t
zxLFcAV1ot4!9`3<RB`1%JIyxqxm<0%B5ACJqP*hvLvLb1LH9TYqC?vLB{+jC=jPUz
z{}bhWst^MH-xMN=x|ZNA^6X{{d+iIi>^NazKnMKB^xkOfeD#NqGBp8;%tn!mn{<p#
z?*4x6gYajvqjjh466?{HWEn~Z5=3+~ta4~-BHFzz#~$0%+38cdU)HW2lfFbd4VS%F
zPWs42f1t&4MU9o5i1^|*z+|8W)eV#do$yMJWTa&WTEMhKBR5-SGn-x(#-ivUnp5c7
zzFj?2)qdB8Z8qKxzj8|-_oF8igI@Q8tHL+uCfN~K=8UHB^^*m0<G0wM`+(!T6_sn#
z{U3@6?m>Y;!rbb-Ov9zi4s$G#Ig5ES66pCNquKZdygu7u9Js-#>ZX%p*w6(`3NcAK
zRERU#Y-ZgltXgp}d4s@sCu^+B4nU1d7<d_|=PB%v-Ue%Ym!={CPE$8RuFZKL1Ym*s
zWu~N9J+xMlrt~Kb^P#@lWYl*C+{f6E>2LPQ4$Si-C6-VFMz_l_Z?Q51)&(gb59TTr
z)sQNWQe0A(do}b^b2wHy^qaX>vP)hg__%7L0VS2|IB58c_~8Lk&D$8I0V5oM8zqj0
zeE^65N^u?*RoQw(5QrPi#Vl$B|2ESDN87BQ*)w+-_R#C4n)G~q3i3k^v?^zBCl962
zW6$xHiZ$k*<Bjvo5HLeLR?`Jbc>fPpB5<uP)_=gGP6YaGNl>QnH!HjJ3m-;E#zPxi
zW(`M|WizVq*AIs|KipmNi#yI0N|0SuQye!r&YfkTU@?KFWjNBWd&a~TDtJ0y?w=36
z{^LWR{rJ$9TaT@sJMEADTgy!6IIEU89ZJ_<2M5IxpG6FY&m{Qtqx`u!IQH52v%*!s
zu4J@j2}q4ix-&SX`J9W(Y_~UIFTZt8LDA6=GwsvFVj~ao0E^hZkf;4-!e2xBmGxa}
zL_znrq~#Itmh7d%c^B>u=Y+>zewk)5<Qc1uVaw||nAy0vsz?r*z1Z-n`l#`z?_<^~
z07ZGeOh_QobusYAlU^Yw2#Tai`C4&(eUa)u@Y4r}FaX7kb7WjzaUC*yYYNyvJJq*=
z9AujESWa%XwrP$mKDq(J=Ndgmpq5lKeCUy3LKR#LJ6Cc8>%Xj4*E4u(SCVkHbSTkq
zVv#i!NFt<<j5EgcCDnCP+Sn-4uvxQcuNMz*_O&!FwX8i6bknxv@b*8NMLJrtK54Lj
zPvP7fHO4#EU9w%;_WW~FCVBtMNlEsvdn5&(|L3HnBB5tGYHj(5hG|i~gLJnXPE@Cw
zT($u@{Yf!NPgsP4^4`2v52UpjRyWPeq1plpW+1d|TmLBdyM38y@HB}niX56;f%a<g
zBRaHiu&FaWlvLZU3UbgRls33hZTcE&KIxloHljz|PHl^_m^OAJXLt>W;Om$^ahv~v
z;C+Tp5$CDoVRif}v0GWQiDSN{HE)qohkM(;(R&0}nhi=`qb@uJdkyQMkh>^TVa>0q
z+G{=1ak8-N(0U<$iTYxKRA?QICi7Y>I*-r)RW477EDAOMvvwVro?s)N&bEiB6G&wZ
z2<l`tLN|1XA)XEw=#5xN7U77Lh0c#gS%089qAA{3ft?Gn>XSe?x(~Yu<M>y)p}6GF
zy3|c7q>Yu?gv-7-1X<f<elAMV@PDT`arrF|c$>pGjfGu$r5DA6GxYy62Le&u-y%-H
z{uu*_xSbszf{y*Pv?42}DG=}#sRW_iL`0(bHlZRNhT(N@2k*##qMVO@IOCI}uM1K5
z8y03sM16U+f<<+=RD+n>Pu0Di(8gGnc4|bB(;8;PLHa>M1olL>i2vg_+-d$Vj>Fqw
zWhZ$%2uQ`eNm8!HoALiR4##6ZDNgcX?vxRwsMH}>?J_mfIAV1WA-fQSQ~PF(`Vgp}
zGXX>B`lUO7H=|_<t!{?mJkce^m!@p?VDhlu_=fC~i^ZL0Ib5{C_crsQ5^<)+_l%70
zxD;H~C6+F{cL}LC0^$|Otar)<8zr8#qqMq!1T`^_fnPAvOiq&n24N&3t%K)~5Mn#C
z4R*HYEP^$tL4XXkdU;H}x_UXf1Wc3rmN-!?-_j|4dnR2U;skb}5Kz^LG{Ok97Cfvt
zP&kNv$|>Xov^BHR%O%eafoKHFqoGa6m+BFutaJVI46UJTnv(=!plLC5X_|Y7P&10A
zro|V@_}vn17A`Ne${9%Hzyl9;!^zc7>Gnx}-QhtK+HzffoY(mg4YydbQRLTE4h@>~
zCI>;|N5cv3nXlV<91V!+KwVCw3G0*!XdXEM=I_*!56Z3<^!I}ds2)&oI#X~0hK+=s
zLTr0<kWBhu*TtaE4Q{-&Fo7x&*cUfu#r;N*Yanu*?Wt}e3$CG#T_}I8Cx~7^?0`z@
zKzSr6@NG>6z5fE_1L|o(h}{yiL4Kz9bwwO**q`!DrkqaRzFb||i69o-K-?sW3G(C&
zFS^hq(j;)O%YB$qh;-U(V2rr;LbdhR_;tgs)jDr@AFHMfF$$DxmYRiF+t~Ga!&=^1
z0a`^V&e)ge2%zC<sq;-z{9N_W`KjxPVkX-Q2ZhU>frPn%1^Azcw+bSOYkWn~A!~&l
zkPIHfH+uY2Hc*m##e^EMi^Fj(j&P4gO_3j5qV8<}m}VIClRiijp}HIkzFX-Z_~glY
z#?blxP^gh_E_)fG8%|idcvRuHnebAjaNquz;PH|62Lb0D;KW4Wt+Ngod;EXIS2eVw
zc9d`qQOUuKQKZ0qAWzTEs9v_XK$&FK{n)Y(?o%zJYZE-;)!P+JD;V^J)|Iw~DTx!Q
zmH<(HS8e@q2*gfR5-NI;kL%+j60<p+v4MN&VxS7(Dqck^a+KJT0Yxq4GZ>;tE73)q
z&PpIIGY5q5cJN}ziu>Y$4e#%ftOi23$3*ZBJcrfGQY+T(;`>H3=rtnYbHHNmR!_+|
z3*LgEwvJWJv@>p+EDyVV<wI*o_eg4|IH+Hz>EHOJq&7DUXxW^Q`4{!(V;07uh(BZG
zSE|47)5EF3gU6yaHJ<IeTL|vWlcs#?TW}u=5E&Hh@;-9R!{Ff!@Dh(_@aACPDq#zp
zT`pitg7b7!oA+Dsp?2bgOKZ3;?nYj7X4m5f9jnX9U-s*df7_SQNQ?e|eXErgnXflu
zKS0i7-W;kSvm-gNOIQ&7$Zw~*Ob%n`Je^hhgDrl86lGnVoG;-v<Mb}#Sx#HVW<8Br
z#)=$7g|D>2%UJe_Rxu0f7(zr1WWR9hkCnXdg*hA3P^TyTBrV;9J?Wb%mptUQLGw?`
zstuz`{G|`ZNY)za;{5x>rKkaFjgm!h%%7bPW8mZ%f_&>`(1U74P)W}~=A`H}CfsHK
z9hA?gTU5@F=Yr{;xzULUwOyK{LQYbU+7F80e0c&LqabSg!B+t#+I8hO`b4+4;QOb<
z^a3nu&V}i8lYm+O-Q#mtho+iP2By_*=%12TszzSm%*+JOt@%6fKG*U(pPZ~a&n-Mo
zZdp5^^95Ve><s8Tbe}iG!r}RPLTUAHuH{cH9sg|S3^b8MBqK|C_aPjON2?#v43l2>
zQW7^x30b2-_4HRVm>RbE(xM+XX>s*gt*AO}Gv{sQ3U+j+59P+F=zbT`@7&Q>q3C@`
z%lmDJD~_1nNToSM$Hvtfx!{acVw%ybi4j~wiazm%35qL!xDEv}M}1rz-XHJsez`4X
zn&}H8)hQ!HLP%_9A-oE_D^2m~xJ{U@YQ)k~19pO&VVg%L{&Dwz8tK(vv~|6*9z<ZC
zQ^@NuRyi)v>IFS6_=$3EZlYfnbO3id1#;Plw?_|Fhx5xq-5+swi~e>$jk&>KSU%XQ
zEPL4LP=?PE)6)`A0WUZrYac{GCT~Xo4)4YNxx&}B#?H9sHnaFl*P){K5IxokQEtQO
zh1f1luo+tn1MAlzap+N}fv~on)U~kf=gYk}%*e}IW`C&}_b=$o0knNV+4c{pVU=BW
zgw`V1@JSjZ%dc@{ajDT#?NclS>lWz03-UrQD)10e@fz7~idu{4q3n%l5gvHMG5IRz
z%|pv}Wfz3j%+MvHk+Sqr(Pilc@q~^e#w<`P(llN8OhTui&}*GCD=Idy%uGz`M|cFc
zWfkc>ZFUZzgJD6jw)tqE2eAyvI&;y7#b5bI*S|~EOQ8@(t<btL0K^Y1e><=uDo+Bl
z0ra_!<;TCRJ~5LUA{lqYsX=>d#y?tNwf}eCy)_G=JA3#UDu~{Zowf#Xeezg2A!p{L
zx;@b6V_5jH{dwHW{~C+v_t@GCJNJD5pXH;M$4VJjMZTI1Y6Wh5?FLB%uonaBLA=#(
z3qFr`Gpf|+S*hMu`BCm2Jh?wCMbEli+3(OP_}F>*CnpyVgYM|X_!;q3T%As}23M<c
zIY(c|FooH|S1*Lh`g_TXS&8r>nv8pyWva+Vf9XW=?s6qaBSeEZ#C0T$H$vFgnO+pG
z)7OW`_KuuW#YM?Nm`N8Pfui>pmXBWP81Z#Ua`ci@_j`=WQ)doP<t^NQC37MBW9f?*
zE$$aq3LrF)nu%0FW|%PY3S3`Ktc@L#^Koug5!s5o6_GtxIx+f{>jc&Y+qm4XqVNWk
z-Wt_M1^pZ@TZ#maL&*{1&VFd~<COM4#*r>^A~aEo(MJPr32(@VJi9fe`4-km&`wkc
zHnIz<2v+NcKa%~4v`xcM&`4TNANv40uBD@E#+mW38=$A`?VK(RjRO^k_vAvrd(_!M
zj?#CMIXct<^rs7=Stj<X0LE7q<3IvPjo7pjVTwzM-D?jUrKwiLvU$C@iC!SYi?}_N
zgwf~gHyg1%m5*6xJJI%tnTt;XjWXYa>RlOH8GORT<G%mhPEtZF%%UriEQxo(1oVOP
z)(X=@RLgs!`nmGklqFH3vJq#J_ZK2rQjLNjkTYMIQS728PH7L`1F%0xK*4RFH>pC`
z10G~X(^XMUZE*6E=Mr@GHc!3QYN$lS`qVaRo~zDAic=Zf`Vjn~L5y*_Wo`g)?u@>#
z*h2!_c3s$GGXEh395TngZmH-IrvRw76rny(o5VLX=QCb6|EbbDMzK$mIvHE7s#t%d
zKE;%*$(|JGG#7$rGo=P(Ih8>6_)K;pIUl0@0D4)`pkRiDVZE((r-bI1lHe{P-`1mg
z+Xz)0gVdRpykNz&)FUZjJMDBTS2>V%1k~T8T<D!M&pH$;Gdw6uH;yh}0pHGyu-&`G
zlRj^J^B4YFK5z-|+c9|~{?Oh9eXnq0{kxXDG4axHB*)v>eIHgia#hM8)S-O#8@L;M
z927Gt!Be-KC`+_}ig@10eTx(Nly%=r9-xUEc-%2;Im(j42*@vJ^9JECr+%Ac2bmZa
zj{Dl+@_CzoJ4E8b0+nR$eMH}vT9}<OcRL#-c|qZ(bJBRa{8ZYD-3YYazbtAd`TI7U
zH-O&UX63b+$(5m7hDx8om54i<{hex6X?6&s2+n&Uk>l88jzgrOs=|M^hbWu{qW^1q
zD6Mk}IqxD`24(@yjxy-q@(|!5)peSJ|48tnMW3b3p(0g~jLdm}A9mHO35G6hp<Hgb
z=gc#qfIS7BF&aIVqR`B6%{ZBnghS`KHu*k7N1ZObwXJJ@=`zSEiU*cnWKu9kCXta-
zBFOjq^6;$Jd_1`YWsjirAgkWS&#L-CTrp+F$k}%Oja@QW0RT=CN<#oRXA~B@($qpn
zf+%9`ohpJEMQ3lv4H---&M%SEp!UjOoAW&yZ69#13x2P@L<qW}Ai9Zqfi?5R4T#L2
z$NfFwS~@E?L=j!x4h=1^2;!f&{kuQhNZHj{&r9M3WQy=J-bO>K_^~Pd^vCwoya#`k
z^!!P{d-N0Hs9i(0xMzj2+R}3psPgQATsAmn0kJ4!w%99ne6YHXZ*}AGE64XJp4X*C
z3WZw5apfYCi|uvxWV2U)M|C|?;x|y9Ny*7qnS$tKZ+JlR3FEbqg5iU8s~dN}T1UnE
zT(3G_jIDB+ycMJVE=?k2Q_{xn33KjYt^lgnPanqbVM+Jeso~P}cJ`ds)w^$Q{d1Rb
z?WyOio^5lyJPwsq>Sv{%S5@B*WLhJTPOWgnS)p#FuNKHext5Ve?qu0OzZqQbVeZX7
z`)i&)=$S^VwA}>c+cr)xzXd5N(g<u*4h1$fYM2j6_=d;qd`NYJ4l6TpCd;Me2@NNE
z!}&D2uvj{{$b9YRf%#ID#^{{c3Ndr=x0$x%T75Vz$HmLA!6>r~+_?e?TR71VysBXG
z1Fupz)he3wzVds?v+#-S7NF0{-o+ftk#GI!796=POgNDCzH&?@^y!wNs|H_Tx@>U{
zIbPl|eBH>1I^>TUf_$oEVt&rB-Sh(2SF>^e#_{L8CiLbA1#u$ZjHD;pHuG4BXYpPJ
zQ)n;xtM9AiRM<p8>NUTj>Mmz<vf577mxs(&9`du)|6u*s_fki4n4M=_4L_$y%@g(Y
zVu3I*6C};7PVB6JRP!oWjYM(-V&+YBrPw9O;Xr|hzn9}|5daaqv0TJgT+&*UWc|Wu
z#lWXR`|Ib~l}vN9+FW9PZg*rt8Lz?cOxBXIC8oc|g)dAWg~0A6CLmu>9+nE;8g&V;
zNyvBSpOaAExsY>XWDI4V&g*3Jl+yJNNr-gJ=$$Bu6Tm+N=1k04979<>V_}jbRz9;U
zZc>xX@*Ys!U*P09yiqZ%hLh*yQ9bJ+)o&phHNDq_M7&Zc&3;*RDBkGqu{ykTep47^
zl%m`qls}f<bbC~7Z*5*ia1Yz7!l%Djf}hjR%W<bMTJ>A_1t(O@&jF4&(bcr7c*||)
zl0AcIiC{WG@G;KK<)3RsSR-XC{<TJVL`|$o*7dBBQG*s?R8w}t{UvRx6dbRWV)iG^
zRu#N@8*o#~elgIMohB79wP4bPxSGL%zT3rZaBt>*!ZLv*R-^}<1b%A3Hf{*9MB@a(
z`;!MAC*=ySABDKZpm!8;r2}u!MtE)Nh6`^O?~cd8gYf6Awhh48^LdXaY|fcw7HyAx
zOZX4ox0xElRNK*xu5~%84Oj+^N6-i3ikQR$)o*(|eHF)Ei<?__MOw0H(dIGLwlcKQ
zhHKu*uNy^LczhM0zY{{8(HCW+F*B0Uh@=@6=!?52fVem6$-1%`DT+7pA=4>|C_hJa
zO6MpWUd~ZOr4(8}n-pgk%>@$sp9y4Mx;UyMUH|#rH7W;{;pCG$un#Ej(g;$cALElm
zZ9AcD2Vm>cMjKz%JmxCpT2McK3sUHfK%VW`v>DlCd(|%%x*O{m8h=Qik=IJ%qD}cN
zlf9vqexp9|sesZ-2p+|?3h%&qa{v7VaHMHyN{Cs$J_w~+-2<#Cj((4?yPx9e3;x@-
z3g$?>=8%}Z+|Xhh@z*YUM4Ct%bA7I8x@z8JB)|3aEW}n(11V<JQ}IOxv&KYAqj@2c
z-@LUfM=Y5&Io?Q_Ha?ZfbRyoX?xycm_7j=^f%%(wR>1R0{y>|*{+ByrpEUZ!62PYL
zMBu807_+tH&>c_OJa6*GKye>_p{5V}-4|vp*KvBo38N-PTSLro{78Uq8U^8q=+zBz
zj2BjR-Mb3X3QFWqQm7$27FV~>WG?%!Lm$6@O|Cy^;p5#RF?VxGfLa>-J>F;2Fe>k+
z1Q-rEx@clOIiUK#O)A!y6egx`=hshbKh$o9ow<!~pI{&1gcXIYUz86*nFcx%G4z<M
z%~cXJ?l+~1=ByY44}jiS2C;=&cJOaj2F4W=^6&b07^}!eXm7Kb`|d-K0fNwX?#&6R
zpFTWJ8r=1dW-K#i3%w4pYh8|M)YQMEI~QDE3XI3KEPt-mV(5MfpZeYU;Jt)2)o4YL
z+GeD(`wz++)}p6_l6VSI>&uT-=d{SKqhYYqkXUYfiR``QK$$jSLs`&MRXuV|HmGDL
z`*%WI+XSsdqqj^LWu`d5!S(G3RwRB}4r3}bMWcwau#sek4q-m7)!kJZPi~1`WM^!<
zZw|~mFPBBd_fCHcQLi9VFi^_bBG$D57GP55_%%cQGQu5@56s8(uNSf>hm7MU(SP3W
zQ!G#BFPUE6sc!A<rnkWAuQTD@YJy*4!ZWJBDhw`avOwtcI!!4`A$4L!^Gf@XLZqc$
z<>NO!drU4UvTciMW$_i`yZ)Y8l8cpX#GhjPJyy~tpj=9@2h)>_Zq|&8n(7j$>Xd|i
zn_~r~ZR+qY0=Q6oH81XDRDHA6-!t#FF&5qZ_o$ER<4f^OlV?-4bZ`=^AH>QySI;KG
zjOK(fYKRl=h%<7_#BYRs!+q!6jyt-+A##8aBg|s$DvUCpysX)`Zz?LqlB^^v)ItHR
z+W(;%HHRbsw&Wnq)M`+-VK{mIt5T~Cx78`4y(UT<$3uSTsdqRbufW1Jz7=@>B~oMp
zTndMm!Xf2RRH-?#JwthX8JIKkr4!0d5LL+m_b`xh(&LC%(s$R`hAqS&h7{K#b3x|Y
z%4cJ(yD9MZjw$az36?hP$jl2@ZuL*urT9Xbcl)pUuxgS~Sy2a2qpsz7=ywk70l~hh
z)O?fEvf`GunbpuF#`Kvqw<GCnZ2LB-g&H5UF3v`e#_arjq?Y)5q7ardYPg|Kc;cb8
z_%KPQso)q{zW<+khT;8zo^VSzXXt5G8ar0PK^WSf#+I?CWZ!}%TTaNWNtb~ji<&=?
z?2bmT8dt~fUQh3r&&Cx|D{=2XpH8<}F)R=5FN?Q45os^it0uPR9bjbiBNsx3vl9ti
z{});B5M@gnZBeFe>!xknwr%H4+qP}nwr%UCZQHK=-+R@lQJpxa6|Hk(#JAU)d%mAs
zT%G=H!7L;rxfACq)O5owRcr6)2xyzbE{y1e8><TAplg==rykB|cFfv(tS;=c&ixX3
z-={f0ld(GDk`GWlLQ;rz_H&{8!rD|ff>^SwptKP~?%gN8kV7O6OC(n9K71`cAD!6u
zjE4DsTdw~iGqkGQwQ9|)OjJK8464{=^BI^}kS=?#{Heyc+@JUm<SHr&-sH`dis&Wr
z_wBc-;5tPU*;!?7YuNtVR9InzwzMYh4Zgw?5);a#ju*yB6Yqm#8na2U2vYT$Z!ug{
zG18(t#mu+DU8w3`g+92zUspYsMyRp{RQ~k?-O-7h;wq5q^B{UJ<`PPO(0SFvEia|5
z+dyYV!r9Lg{MwU6LNA@2!enYXuuxWF*H@CFrC>`~o~fRYv6n-Tc@(ZdV&%!GU(L=G
zDN%GjOLQPlD%sm*CCu@QO!SX_cdDJVx9p0ApR4w9=6k?gZxV(X7bAaCF~Ce=M}cQL
zIM>Y;LARo`#N36y_Ax8us)G8C_~o!u4jO$>>xjMcI(N}{6JsnNLmiy9su;~l#~bC>
zsBU|BJ?fxf&@VSr0|WE+F|t8VY;~V>g(d?<tQ&eYRGR+=?a#kK`}2Q6d-re9PU^tl
za3Wv$7mnpOXwM({4cg@obPGi%i>|Uq6y}xg3&6ZVEw06iSSMV%;5Xm7Wnn)h>#H9~
zll%{F*ry>Wq<`-28mgF4H3HZLi6nfE3rYSxdI!Q#52gjxsbzqa=!_W9lT6njfqc03
zGpm*xZ9wF;zh`d(oD!5~9q-s#I|q+VW;ln1A@CYghW=PG+xO!NtRn!L)6x^2R)Sy9
zd|Kgh{jZ7BuFFrQr&EUMX5(Oybd<Wr)~7M!RpQV{+-l7dB0Qt6d2}JZ52h3fMH+Z)
z^-?a$@g@uY;rG>o%Xt`3I)e%hUu`b}nBAf7<#2Z|5}2HFF-JzOWr7EdmGIDwDCrqs
zRGRo1vO|f&x_Z5~-Kpw%Cw9v6pY?=~wn*c1lb5JpI-|xy8{N*OUJ#^)`d1ePca__o
zOni+lq!=~(CA+}NBiX3f&N*K*AG-re0<EI48_xWn-}pXrj*up47Ywf)=ow0<X-23a
zPc`H7a;cMGE*}Fjwq=z!s}~leZX!{@{2Z>3tF6pO*^h?vvCx%Jds{<dY5{P*lId3T
zd-Aiy(;#Xx*PWW`SdSQeo)^6nb@pfy=z0`3>kON}0vW@t`Oo0qu!38ynR|&k$ii_P
z>wX$Cr2<3zHoxB7IOl$Aok~nX3%FQ19tM1|q*~v2BMR_`U2!0Amk+S>513BnHQYx(
zX<{;_ld{qaa7|8DOFi^V8-;*+vnSxyh>=NikLUdq{9X$akz7*Bi`zh`|4;XqdwNAu
z=;6ZFs{%oIzB&ZxM88td5AMvD9Y@FqkCsd$O6AY+q!T%}PRL;@PfkrjQTs$5Bm@2U
zu=3;R9$uEXS`B&3Pys!5v1Dih7u1VD&9bA*OmkI+USo*?>Lh6c6$#IPn;#!}(5i{N
z9VUu4Sa2;_V1U8>q~a=^7s1*NH;xmSnpeb|7lkMVu$7QdW!5rPvZf!>-18t#+PGcF
zTdhT1j~foq16S2eT~80_e@aeUTeu58jO7!+wv@eA_cqb2cSQHhxk^k=^SC?5O?FvU
z=xLMKm`dNbl%fPkAuC!!D&@z5Tl3w&c=Fw=i&5vLjx0bW#v#5<c+erm!gej-=jR6o
z@ccHGOEhUBsl<E5z3PS&@7w<hPHd0jF07;`%6?K}f(|7D$d2MLzqBGu&VFdVTAdcF
zGsyvqiq_YPg;<zSYz?fF1-i6DradkO_Ofn!ROhMOERS5dAPg8J>AoDLJj}hje`^e#
zhaXn#4E9#WxjUp%E(Ozzio*Y<=w1EalAtUIc{$6&?>*40Fuj!Sw-T5n`54-kvJp4l
zNXtU>!022WCO&~g(@<MnMW_P`d}maq{?l>Rd+#>YU-ed|MH^^~aev)@alvOD2Q8&x
zpr?c1ghS0E{#AoQZm@y(FQI`fniq(05GjfL4DSG*8KU;n)=V3AMeNX5xO`6Dx52P5
zs0o;R$+;!5%Ba0>Z7PhQ(aoT~Z~Q%u@O50B+Rt)UjP5%vW=>z=?gw@cX)?H>pur(&
zGD;$FB?8ES(9Rk{;sAb=<sV7IWkI<Hazxf7)5h9?z8I!~ssZubVb|{&RHyJig(_k6
zLWhxh54^%58V%WSMrWxB`30}Bob>>EZDacmkY?sE-U@_KSJnH!+OVDK3msUIsdfbb
zGb0uG1jKac4+KGoAc;r7<trKQjc9K*{Pxv^$z)#T4sX}tjw>s6NJPCxQ^4$H8#VfL
z8fL3jy{OO%?HF)#Unhsi@Nn~!g<Pq2%S_L2l2C%U4H%Dxq_`gmd!CXT7nUdkGeyet
z+hUonH1FSjjqO&f9##-)M9(K^Y40%&ohiF#wac2eD*vSAA$nSy6~wdr`cS=Cg@_6o
zn*~L^S3^ZZ2C$}`8O=&H6`5XBp}qvo6!>JiBNN$fXuF8=;051plOJ78ypau#hW%V-
zO#kLv5fj}%4bJEn&b%L2+0MK_KdJ9bRj5(}XL=d=Nj4c9z2?@b1e=I%hnLKKCe7HO
zorxzP{;Tp?pUaqUFTOZqv`$Kc;&S))a=Dv{(Cm&mxImCfGD!Jpj58tc87CvPq~{CM
zG5DG)2MG3Np}G}_4MVU^>UmTo5M)u0eCwlF&o0=aSby;=Gu-eM>9k+zRK$Ax-?H6a
z#C)eNf7H+Rtw=S~Gp1Tk`Y?{>G42|(X-@)A6#@4OXi+9JdK|6V9?-%cnoUp5*IU3d
z)|N{o66T-%?(v3D6~hK01#fdfLg-dqL=}^beT9+o2v!7vj*XOwKx$)Trh4wN?S}Ad
z?HRr|e3-^F-Ph+k5;$~08u^2*(Zhk_uBA|mHFe3Bsd{k32aj)WvA0(2_e+lQ4J#_y
z^J@d>n8jDMxDJ`GIqCBd44HBjHJ!<J@sDpcP96}R(wyzPv)5PQcD&;4#Kt+ZwAB2|
z@u`nQqQ;xpQi1&Ai&yMbN`!m@Y=@JWd|f^@QkZC-Z7DtZj(XrtXQbMcQnKpT&M}xU
z_#o+DQto~nGHlMx*h0OA-z`xaaLM*y=a|+3Qde&zveP}^SA^s`Vb>!k9I5M8p7e!L
z3Gz-7>Yw$?7XNW06stw*RRF}Td)yaDX5LqN;C<6)G3g1gQkWCafy^BeMBTB8iYegc
zuofR89NuC(UpJz$c3<m86;rrTTg^1g8|jpF5Att;>;3?}$_6iAc*If|SfhN(F#K$g
zR-`fgm+Im@_%j4xy>E#oJtb{Z%D0aB>)2~;@y5jA!KJIwxE6G>=IZ_(TD>{Chg$0d
zjx|+MR8n_|d>)nov!epc&yUrHa?{2I7(yVFirsWgf~3b`@+vvWTra*6>qn{;sC(S3
z?~~}&G-nab_B37fq>5FjV)OVK#M?fo%jmsw8u-{Nn;hC_Prd>sKGH<@nNCsIEYi#L
zn9fjcEoXUYo6GXL+}C5B<R2Lw6eRWkYps?H&ppgBOwdIZlip(x$Urwh0!SX;DxyoC
zz@p0e_HpcI>w$ko4;!R3XShM%eGK7kN61z0luhNm375FWH)V}==Q3%1r)+Jmj;aY+
z6L|@ue-=h?P1SWV8hE)KH+hM!vzDBDmoEK%we}laf8ysc{9rA<k*6`W&d94UN}CVt
zN(+Id`LFf(=T%UdG`KhuLl95h04TdEu0N}In^<&A9w^)BHRnS9EH?>;7*(IpoG~a9
zr4@W>y#s8*y%jZX&%!d|xahFtxX5_Jo1KCK&n)t(2?fh#3^7yazj4;sf8(s*qxabS
zz(_&okf!~phjp%`JRl{cBVN$cC84Tr3~M}^<$QpSusXM$(=Zw#6?FmSvInf`JPJ?n
z!3&1S-oSn5dd%Rx_2nj*0@4TsJCpqsZ5Bnc<9>PeeH7V|;4)9aa`<cl4Oy6TRLkF(
zc^iwE`IfCvqoxOY+>CkF^N{ov#-Hx-d}#5Wq#uKd6TVW4$Mvv!*CVsVcGdQf4}DwH
zzB^%mKqFw`@!1yTG#sU}S<_o1I?OKVie^<bH?JYSePLj4Qax@p74b+BKCTedbmQ)E
zZ!@(6PfJy{mWJ}ta`*$OT$3NBuBEWxhO}++u+dgIv01TDqoUCRTMI6n20IS3(88{B
zOEtzm>r%?ZA-fF`jruEIDs^~J%@xg8RnWLecREn5dh6o9RIFTTdV%}Zt1ha2sF@mw
zYE~n`+U{nHhBd3WvZPGp*BNwke($bB3HnM-oG&C8&WTpvCbRz-b~N#7a5tVuBMT*_
z5-=Auh)yDNAHJ7!+}>Ni4jH~Yvs{7@A}k3cZX8%31JA@aSc2jD<<%v}lEOJTxrWn4
zYPS8H8lf<nmN>q$f+W?#e_Pq)>Tbb&@7$$y&_WBe6%Arx{%pEc^G_QR2Do2i9~3i#
zjVtRV!7TW(>xxtqws(3fK0%&Gh;jTMt5*KPF_sja<pbs=K<M-(3%MgJ3b&ndKC}>B
z?D@WTQ5{8@@d6&JLhyX3l2})o-1K;-ipw2I%`}#-9e3N%qO=+r1;SR5U@SPUq#<$Y
zvT)(ft*cHs*m=UbR-r~XG4|}omHiAQ5&|e(%ky%B>X{X`(TkzvOIOu+BT|>P6W8Z!
zq98s=binL<?SA41BMvSyr0b_z^OnkWW?wXs!iYsKH1w%&BgcZ^q^`*y*}EZM8t@y;
zNUrUhtvUSE7S`j7)@LLw-97qO2id)mi6hfV;!N?zm$o$OcolSb^oT?6XG>4jc%uqI
zzt6Ns8lJJpi)6(4l%UMX%8020J5nP=2O|&325%pjTdFtU`Z^^QW7Lv9e<50+%;A4{
zmPE}U{~QG#>-L<oV0YGTvtfPl+{CRuYzJE<6|_RnT_)F`HC$0&7OJb3r+44jKquCv
zse+L>_qk6?Hjim^dRmUwSJn@ZjWD||R2OsshQM>~r3U;;TNd-}Djfofd8Ky6`trKa
zKP}{8oimTouSi|%s#>jMyEE6MSDV&m3&z&u)u_;vyadVW9k&~(+y~Y<#vXN=4@Um4
z)Y`>fI3d*<B*qMzLe0Ia{6UMrlV?`Y=<goy(UseF?p+oi+CVAfImjKZw&I9EC%LDv
zgU0^K%c1TzWJe6a@*%$QUt3ka29|96PX*N;d@H&Brc>%e;}!txXdx%A^A!y{u5+!s
zvK(Qoa}<i%r_!`blraD<Ibm_+ZU$w{LT$Y3^Lh5IJh$E3_Mhv8m2<n)L7n33?#UIb
z6XQ9q(eSUZ-MRVLU7d|$n9jo;@lDE*TOVFt9z@=;A?FiNEssh2-~&yXC-iy*G>KGP
zO%smP-29igJ<bnht2lVF|E;VZV<ikHkff`K_`xMPWWiI=!HloIYdeu&_3^1GSn}u0
zs-AT%>aCpCeg4hZTokpEtar6~OXe-xWZvQui7)}bZk?4$g<^&Wf+P{pb8&On;4e7c
zr6G;O-DZhGi+EMO)<<eMJ@$i6DAVv8uBDgrK?tcvp7Fw`iNwDbiSx@qDg@Ezu*0}Z
zu$&|Y2mS})4lhGzH~d6XjXVyNu8R*evjJDV0q=bZ3-;#^LUQ&vtn(ue>SczxFD7sA
z8HwcQMU3=L@hSBstscaWx_q40S<r?W0Z8RQ2CM650e78CvPA-RlhQ#3GZM;VelPNF
zx48Rry>ekQyhw_@CZtx4!^IgfE`74_tT{1^lDPT@mUC&$DZz%h90if~@*<S5OXAbN
zB-bklKE{1k$WiRVJ@^Dda^5q0&D{zVrCD<^p}Vm^%B6cjRg+^)HPMi;powjmb|1$o
zPNd5lxm59wCyXxL^`xp=QnT}B7H}u$I=_8@^DFJ{jSZg;530manPS|~bsP)FvTFM^
zxaKQR3#MdB$}AnVAIgDEW%Be5H*nQWAgL*v+#Wxkw!Z01@13Y2IPQ%9dbWVdF4;-j
z`c?h4GRi9Qyg_8_zfeVRcR83ryUk*=(S{@q|1|sz7Fof2`t2M0j*DYofMfdq=r|4W
zFo3K+ZW!xp34mV*HXQEd@xEHJ!r+VIk)e<0P*?x?m<*@>Q@*#!Q&FD(=*L8cJhr~0
zt+Z=~h)PRgI=A?>KJi`*Qsizbb2h@Gzx|3}%kkA9t#)m>$%)!x!jgvH1KhJH?JUeU
zb)P)ca&84R<dqfdCJ4@bQ~6_Pvzw$!mFze{OO;+doS;OvRvAyJLA51iz;mP6`}?SE
zN623<m8tNfeklBs3d^H))T5AXR@*9$AXzcw+kA1mJujyB&!B!15@L0ukZ`R;i*~^`
zS-MR2pqNlWB|QAxo;VF6LBGy@bq#ez(>SeHFlMj!IQ{D|LSF1*^>@CjV;O?z>E#yp
ziYt#8W$9-#iz?EPQLpc!D#SwwcFT77Z?gy?FVbL@S`lp$NAJ$})xpigT>K_6M9dg1
zJmP&zecgArz$kX5+&!<aubVcQz~oDe*kkK?*U~_aK^;&+_H;y7h-7OtP(Eb?pPc!8
zmPd-91Hgde#XPY>2{MP$B4-2j7CEF|4fZ0XA&>3MO4w5RmRc1;XtijaPbc=17O`z_
zae0^2HZt&A=xSI`IyF7gi#g_7yJ>SX2R!d@(lj`3py%C<beBdPpT&Lh7v6^A$7-(f
z+3JQe{DL|Qz+8vpEyhJK>}`y3ku6C>dCo3GI_MEzAtE{cGjYcJ`SMs*h~@L7B7X3H
zC6CYMd%?=-N6j_e<C!f6h{D9nsDitrRB~?OfLk|dcSLsSh^H7~p2G4tfoh0%C7i+i
z$$QvMNOQK^W98V8)j|y&mP90k-#81`_TksQ<=OP%*z_N>1@tWx>Vmqzhf=Ch93O_d
z3ms?~G0bDgVtjWlwN55(+4K8()qZI&?UvX=WAq#_VcZECGXocIZ-eK<0yYFwr31#|
z{SK)$gxFlWePO?6+fJtBu<5FYehWTe!pT+W1RXVF=Pm5!;63nvg>jtkq``ZpFMX%+
z=Jb9-z0%Mke<|dU`npgVm^!@g>P^O!%seqbjs@}#CQBp`r5ObQs98!`1D?+g0fgC}
zSutRuqZS2@kd&B#T(O5+qG6xuw}-p3=HmcYI>8KAitb3JKPrI=@q;@hgpGZ;4;EeS
zq(W<1-l5R0Ud+%yc?;;Yx4&zV=TkU_*sZ*XNyr_-KWj9tF+`kIy*grtp7a*mk}79&
zc9<Qd0*@J_=?WR8Z3~hyxsBPkMSUS^!oZ4u-*UsSM`(8P`>LMYYaXdz9;#cnbM`em
z>%!|TxZ)Bfia6ks=6XoTOvTjt?XeeI%COV_iZN(k;T%?IPtVJHwg+-&G*F5nZFHsk
ziSujcaVEy;vRlcg%ad8D5l?v68c8hqyw*@SLF*1GT7?^D^*J<~*MWkXi(ZgfyYGk`
znDq2{{Z*$j+5D)o_W+Mw-2SJ*{!n>qI=sG{x0L|i;;bJ8z`-+)m%l*mDiC=e3=!Ng
zFI`EZ7R(C3$0#v9naT3HOp&P%)mso$j8cJ~A*kYpQX<j@^e^5g!@&a-kZly-ly_+?
z&k?Yi0vmBZIvpOTqTo{-XdyvVBdJDZsvc%be?SL?Rqih(eS)_3X~>$Y_NnM^<eQJ}
z`KQCc;BBBqOPiLxrWQRn^X$5wBg^I&D_;D?iU-d;qZh3iF$%5B=ccLGs)s2R1Xfx#
z0iOJwIsGSF(Q`_ur0XBq!G;cK_C4fv^xX2$dv<vzq<^+NFv(;88%DY!GF0l@X};70
zqWq3Q!D5$SHb09hl_!H(S6bzN;At=yBCP+=8#o@$SW(4nKGlJWT|Z}RUhxM}{PU=Y
zpg%8b!dDYechX$Q5F)jOC6vY-=lpjjU#eXxlnv*c((#hsHuwOv91pbf{V2Ou5TkK&
z=F0-7^Qu-q$Mx<e06#0oBpK#+wseR5`EfSS#Ur5D3aQ}LXwAFzlVxyReET?*!McZ}
z7d|^*<u99qF`8ad32OC6Emo2+@#C*^pigIGDg~{$kc-@P$uP>blVDQ*R_rP<^TOd;
z0(s>*K(uGs>l4eN5Sw>POJ|>HR)4QOI+`2u#xm2##T8)V=LO9L+d=O(Oydu_s*#l1
z(`-j2(CKtYd0$JW1>lm72GC%}eA(sn{rn}>pno-8N#IBWAFSh6p;h)0L<JQi3beJ9
zDpuzj3L&i2Ha&k+a3!JxlG{SSwF-~c^@4zwosK<ni4SHrK~VF?Zk389{cr~~<Lyrc
zb*Lmy_$r?!7S>=}8QEHHxUYzhD|Ht^J-bcyWZm=qiW-f0ia4EKH5F_WT|Et6et@N{
zT$B;Mg{vRN4>?{HiNPrv2O;#6kO^?gUvKy&1TU%X3c|W-8B@<gTn|MltENArEMd=m
z+JPh*sed&HN~iBOMeO-QFK}uc+h+DUX6ju6F33snNGLa8<~1^mX`8~?hC*=7&WeTp
zz=sqduV6|$wU84TP8lb>{SpKE>5SN@wN~Y|Bo6&aK16X{qE`Jru|yNT4jzv-I0ayw
z*hV>@E0y}kv4Lx~>&CtNNIsw#Fh?S?Vh>jHy6G&oF&ONIyJ7xBV6eGXzhKLITw&*9
z5{(;ACX1DP>`yMiSyhM_9$knZS*TYL!3tR2m{Fq!KBdE~H|qnkEIH}RfVsf>Y7sBY
zZnqzN%@bB)<E|tQ^K~qO*gl<*+Y$8vg?P7X*+u#rCiK8RArmbb)yjFCLYh+h2I4B&
zjS~uOdq5-p_ioFLzi^2Vqfq)BPPdDQCEjgE5dtGDI$bA2WDt``M-5i6>43FeB&w3=
z?H=9#ZL8e#_2;HLpie8n1b@ibVrW>jW8WXOV-K%rqZCy6I>idJ@6D^X7f|89oK&~g
z?`sk<`)R9uqW+R+Rjt&Y|6TZS2-dJ^UFw+-n|hEdCl}LdlhmVNP$@zrYqkZnwww>f
zM+cfymfmRW{cpfxvPJNa-+dQU+j0*^zXTO^RN!~)zb(i7!GU+Iq?Td3R)yNoBD&=q
zUJYb#vx1_nNdl+?#}gE_Ut1Z+#-?*&x+hv#&sdKf{i<BQ>B~sg=5a2;A9*`LUZuL)
z$cL!;7W7GY4@Vg^YWiuiABhs74pY*wJRc9lw7`Jx8)BrT8NPB%HB~+MePR-a&;t0)
z9AnzqS@AZdi$*P+K%p6MSIv^s1X`=Usd;e5+O_p|MZ_QpM0kgOXN@cG(>$RXUN0wk
zw}itBYD%pM$SvJ_@^-B^aJUwEqUws+b6cwg9d=TU=bIDBc!sa6ULiyz!c>Adj1=tf
z%{#MGTF&8%SK9Ylfr{~QbYs+-VURrcSRGg|y9L~Ek#bm@P>2LowlTg6thFlHl4E^*
zzDE!PfqZ814`HXw`0;9#{d!DpT-QsjUVbbWIY(mppuk~R+;&g?$^$u-r+-+uJ+16N
zbc2ty;^Y!?gz4noY-hq!=E|U8u!iv?o5?OH$4oTo|0OrVN$c0}&GxlstkP?69y|BC
z&*6)5K&k50L>FQ2VZ9ZyRuw2l-8D24v8Tg!@a1k1y+nM|LCTn{CRH+9*<?C$65^xf
z$Ym_L$rLvKERr&stK>~+^806H*q>K7m?1<}o9qb6ARG{5FdbJoX*Q^W*2ipdXw-WX
zYClMbf`_q5GY!Slji+Sn`+4lqA+P?MN;(^gMUb}J5aOdC&;LIYC#TN>DbG08aTM(Q
z7p)8)tcA~?MZAB{aYyrEp27}=2WvTFvR_>US=e5b<-->3F!sqKO#%wn1>TBj{=I+6
z0<txJ9}k>OB$IRBYcHO}&OBQFIO89J;yKmU!*dgjB-2rfAQ+D<Wy$(o6Luph-WRsp
z18Jfe*pJu3b+LEwuJ(+-k#&&eM5i;mUGR1ePPX;d$J{z;2>n*HVTsKTkH)YaayOOH
zGs9hWhi8Hme;$^M=*;-SY~{wKlB2rlVw<%4uZdH!%gCI%*iAyaHQ2%z@xbx_4{>me
z9RWTLS77#XZY+A$5}@YH(D$w$F%5-^=GPbWG@?PXm?@m8Yz}HAOCn3hAv^a%KkX~|
z)CL(GOqgLVg&+r0v0HnCZpt)B2mCwf`9lqJ(0Q#k#rItJyZN9Hv?_a3K)xJ_46{Hb
zZQK*wJHX&rjNjo}EPx_nVNl=&m;5zSW=<aAXaf<TldzfB-j0#*@;{Qn4xOY(OknDu
z&#SrDo>%_lF?HfYbC+fFj~e~aYf|D2z$B?DO6bvV_mGDy)K$RJUdn2Oj;b*Nh;E^C
zp!5m|R2%j)np&8-n2POk0=Cm(P*1MiVCE*vpV}<g$OjS6I<Lk}Tn4!2FIxr}B>DQY
z3o~3>dadF?9juAa*02i{c&Xi~cBK;gC3gStF$$bXaA19nfPrAC?Ht;gdx_{)$)#AF
z>Bb*w>zMb;B`*H8MU3gy|JI9useya_2e5=zdLEoR_xu7Z3T``B(TImF1{k}k53St4
z2x3~V-hU8_!G917l+I`Z34oegZ_zM9EpC|W1@R=p7*BL*h!810kQ)&B*h-)mM_EzX
zP4SB#KAJAlXz;ns6**91v`SuJp#da^bwi4PanR#oPqT8?{8COsBXJL`sgI!-LEH%S
zu-F7pA|B5rv=S!9AD_vjlBfv4Kt&B62W*a97^xNLS=1z65mu0A59y=joq7}WcUDnq
z(%07Hkq7XbV20p(&nP`vXTi2O-QVOe_}Ii>c^_=%5jO3dFm~_OP?%g3jK9K_&a2c9
z>W^c`Ozb1j0i;JDoO2V8<T|dYmg2_|Jh_emXYoJm+hjQLBR2V$TBY(cvC5eMPVqpP
zNJ#jH${qN&sj+hZ#L+m@%_LeN!cL>{OB8X9BrrRnf@K&v)|Zdc^Eut)(EMH7+rHsT
z02Eg22C74@n*{s^6WW9(grx;etue<UNIros4f8tnfkZzg+3VsDLY`pynA8kw{IFe8
z`nKOQTlh#`r0yJUois#PU*5{^F^o6(V$(;8Yw1j>!;vbd+a!u&10?hX78A|~)h<xy
z%LBVk&)uhOrjkC~$WO7+*gELQ%7#C(-L%R1W1Q8R4BnKDL6A{rf`f_|J=v0wFi6>y
zxr197?tl$1$q@GYhY^l2F|Gno%?(ym_!rvPqaOeoeK>Z1OfgIzusVkwDFem4B`K<`
ztlV|HKp896d0TUenbjjb>Xh6MR%gGYQVs7e&=?kIj${$5QO9s1?@Wm3=?87u!Y?!u
z{-szD&iH;Q787vm{}09DrTjk>i*OwMVhxDQ|4=LfoY8xa`t13#x6C+TAEZkx{8OWw
z;Xo_cU2XXLi~w*0dbz&Pb$Sd5YV6VJ+f>fhPXaa}$<3n`GOY~jN6Le*UU<+3^4t^J
zE(1~dc1h((vQBS86*Whs=7B^%Ou$%YMyj*_hq3%i8CyJEHZ`zSdrGjSD-Ck5uu=d<
zlc3qe^Kon^Zdb1&w4aA#ht~!ZxyTCO84Ox?s*Qj`ld)<=nC4<#BW!UEKdvUqHI4O;
z0IJU<D%h7KHFk$W2<AJCK@7sOR{{<w)?L+^Wajz{f4s{<9AC84fG<2U7I<<(#<&bf
zPZaYBiRiFGDqU=VW5=`D?H}b*1+QDZ3Rg=DZ!(62Ry?F1bh+KPFM_Vz*~B<8!kVyg
zAc=)^cl6LJe@(4f7gv?Rfl}0R>3xT>ee*ZNI5t}=;D2<SdWl*C(IU-w7s8n9tC`9k
zH(6z{*f$g{!3sDn&a2A?8?_J{SkB1ru`c$KuWDPo7ZRuM_(`;aUCLNFnoH92gX{3O
zpdSCj?-)4XZ1Q49{nKWmab)~jxVLWg@jczbb#eY1n9^_VN_7`X%+UO~Ng3&)8_VU(
z7<-Ue@&*n59si;dfES!ils!>4WqDcrGOt`d+6FS&WyyD+s4v;x*X~7gY?ZbUBq+15
zL1j)!{ULVR)t>$$Q1uO@ICK5uy#A#X(+mEqg-h|Z34&A`a?jtEMi>Yf*0wtF(@H$s
z4HHUPUZu?>Vm$$p*SQmY_BIQ9`F?`E+YH%we}0J2Hw$SSKtKuRx^wM`lX)3*9v)Fw
zWu&<2;KqQJF{5x8E=kN)auxX7;G&*haJI9+&M1+pp+3g9OJt%StX3~c7}NOCelH46
zhSA@nUIN{(R?rG=!6&bU|9|{XMyg_BiAI$8916D=v2kRLYJ6QlvG6r}`CwhDawDHM
zc&pF9ry|${nDh&yDJM|SuwxtKv0~`%1d7!<jj>8J1+ro!dO=V7;@m13M2*fkm;=A4
zr_Zw&>G~x{@{nS>Zg-3k+5q}x^)3;B5swuUJX9U;U|scJ@~2H7OGH0u%Ob6i2KaeY
z9&;t<9+s+Xn94C_KjCF3DPDslp9LCpXICYyp{_d2MNX4;#{BmPy;N0s*kQ)s%4fO%
z5Fm2dq2WZwe~|llXa9Z2^<AHg6$QU<Ug+k4K|yPs2WK?7n|zzf#B1DBFmI1hYpSlI
z<i6=HNA7uGgyF<ItS5%!RX8@Q%j^5SbzsZZ9a%QVtb2m^9%-lMR3pCZ-AagOIcKCY
z<v^cAt-T5JimUFJ#ULB7^R<@gER!RCac>ajEZ-xcYF{-|r`8K<w(1zt{rn7y{p?Z@
zOe-I8RaVe??&6xX5`yX+R*d~>^q4j_$RT-C&9(Gsepn1D?7Zt8K)`3e(_@$qbCR}q
z+xnkQ)6!b#pf`UNd1NtD;&V-K*?qECU92xYmovY_Ir|HO1!z?^?#v<v;d~l#prx5h
z@DwE7!Z9EU+4z55o;MvWIszq6W`3|)o1Z8|6@c?A)p=Q8Nw{qZ)<McdBmSe~;05$v
zcplRW@h=f%5wcyS$$i*}95j{k_XZbm5jQ}gwT(RTHu2E8ULh8DrlX|vSean`n)-G!
zwdx4V9$>BpC!il*Goj|3(q|&jT5mPuAKl)K7K7HMDe#MK=~}d+579WR<0a9B1}Xk3
zpg1hD)JZUBzwl8|r<>r^NYn`xIpNYeh@^EWvxyWd<UrmTMCP({mA9Ju7NhJUKwzc4
zEYh6fu;5%ON-{&`@Le@{P;BTXjOEJOKK9bIKoIpbEdy!nh#0av(|P<0szx7y<_@+e
z*6s|b<nankBc{fn#yVP*5xwwNauZg;)^O`DqLjq<zlhS(QW)01H+5z&^#`+W96b+>
z0vy74sNH_F@0JYl8vej$zwVdO+}Q75&BB<=BcKil!}^~v&`l4_MdC(|ueTE-57=OO
zYCjt7u?x>58v$RM;DbZF?2lG|U$XtIrlr3OlH6m-Tx^z;M@s-tj)XaL9|!Q#>ZmoQ
zJ#6H`sU?M#Dj0^X{%iq9@Rf*M9DyOg(KBBNOnT-^Xy2nBH!3izF|2ghBq;YIURs#_
z@QGiaZ>8V4zV=rHns0DX$(g4ZbgXiZjGdu@@FiW7r#Uo&l^i*Oo_C)d-#2^kKR?gg
zUG3IXo(NaHPZaczwi7c+;*u?w#*d^-h2oM0G3d!ftBc9!W_k$-;b;)Qo9h}DwraOm
z-1KaD$GJ{6LD4_DiNz-&ZB$&T_pc|{Qd7a-efRWc;q|!r-Y56wD+dEl<gWmHe82aX
zD$#xI;aZxGr2z-BMPeS%)puZO98J1QZuHE@0h#vQy?-9hsYk@d(Q*KIN6FJiCy@}y
zu{OQYjr55Cgj{t2_@7Xo8M5>s``km4zzoj1+cW8n8xc{8-wZ*i2j|BH$bqGsEs)~$
zhlxM2H@N|1ejI=>kk{&ot{VM_?&Z``Mh-0k7VbO!oKdty)1WYy3=+phZs8?0y%e)p
zmoK3knKo%-E1pNIV(T3${7!p+c(l=_Pgn_$6yBBCF!VXk<`*8wyjYQ#I4T4C_vUx?
z<p{&~3uD0#=f?HZ@ABvg=r)D&QF6|hp;9A_O7mO#h(D3?P;9Wyr^I@V!5+hRSR5#M
z5AaxC@TP!2r9^^P7{zV}^hEnSl4#<IPBkz{Y!}Cuq`_G9rE*0~vIRgBKygY5!4D@@
zF{QUtH@wF_hodB-aDnsE8&RBv*!sthhCk3(+ToX&8=q}1Fw&69A>oobRH$48q;c9Y
zGlG!9MQXzIN1N5tnz<2-)#9CZzsneG?h{IR!~y``F+vypP{g}jQCkxc6b9BDqZ-6?
zf5r55(B8jpL5J~tTg<;aHLn{q|I`roVpI-W%2UPLNDI7(;e|W|xBrH_y0hD>)$m1i
zo9BugVA3-g!LV`!U0p940(pD|z8!`W5=f0NAt7bfv>X}iS)<R>l?&}P7t9EYhV*jw
z_DG26IN1!mD5%h^{Yo&~8tW7efewbvljw>~NX)~+%35%yyNQ>9>(ID(NdV*)mO<~$
zNbYAN0W79<eozPwYG&bP$*&LmF>-Tajv`<uhM<9T&x=(7^6=e>KJ*BnllKcTZl~38
zG%-Y8ZyqjOJJ>HUDN(NF6PSkm{DALvly-ZKK+KLb9Z~R3I0;{rQ3}X#;Q{^1bd~h~
zsz}^ML3}JfAa^<6%+_Qh4swJNB6qFkFcN)ejx?_)(>GdkD}!dh--0QoK3<kSWbPex
zUStxC-%O(Eadq8S+oEl1S5&aGzgLt;xxmGiyuqmG3Sc}MC>rM2uSM~`Ag+i3I-$Ls
zg%4_7(*<_ocfr3GjfOF4*YfT-B!(nR6RHWN8L$t;NjVjRpe6a3K~Pt*Rf&?RvqF}`
z4!P0|bk`67RW}}zYuf)6Wo*3Ftx{F=FyUyCHWE%>8>6lncrH-Py1lMo3M{4&&8sLp
zANazaRo@+c2nmaE_(E)kA-#8qgV7yI{Snbw>Dn%b1+A9oVL*ijZ&|^=>#BaINHwKy
zOw26Cm@Gv{ez2XOH?3kCn4!huskM3m{{8!=@DeAp6quWlLup;Ia%es@Xv^oSWKz4-
zG($kOsc6vywoPCG92)H?h&v*_(9T>FT-q7cVQ3ndR5Y7D5fS>>u;D)*Os0i(GUu@L
zxbLnA1yG^vBvTy+p9xl=o8w3!)}zdVbsj^9aLx8du4qs?r9fpD59E$1_7g(%U+>oB
z*?nu*shxszzHapIz<qz4@79{*SB)ITm>OVC!9)V~H4WnyBD-VSMj=A5fIq0q<<S)7
zXQbct;D%)Q-Lofx_gO&YNYuz09hlhg&(#^JS25w0<wTmpS1hI}dN-n!Toln=&B?tX
zaXv2Q=f2;w&(ETb|EMa$@oQnTtHvMs(7^Z=1G^qco%ZQ~U!PANfVhe-ajRl;t{ex^
zu69Me9-XnXM5z6BPQS_WYD+oyC3`OM|M#(fgHC1}705mDzER*=tg|qjj=J4vo*h|2
zu3Oqwh{4LNJ7ZAJZiEuTyv1;kc^B)+)$y4@%m<%@m~7?uhZR@pScWq=vho5s-L6IC
zAHfLco)G3R@br!4_VgX+VsSjDU3R*W!DM(SFt(~5+a=MaIYV5+tUcs9Sy~?%!0!y7
zDtGzwjASo+<4`y^C30gy79f(4$mQnUCs!JfIZ+xbeV=6Rk3XLeXSWk?(0n!?W83QE
zU#V)k38{fZGQtzG*48)zl{I&XhpuBo1RXXe=+4_*^Tc<z7!QV6*Y&VfDcjGEc)1nz
zE|bT_C%ge8;aBzbaDR*Lhmt)RcLpejjF|zy;D#~_Q^|a?tZ6M?0HCD>|8vMW=oFY2
z`&!yUD^7dltu8L>u@L1nPBN2{>3OLt7!YdUDz|#+65&Ni_atDDf`CJe_Ewbq&^Om1
z+K?<xOUsFi`jrHj`Lb@92P-EE>s$6bcD5K_dpz2iC?N(E(`bY@;wy3Uj;g`6)fwDK
z`>6Y;{%azm!8b+CDCHi~2}?-NR;1dl!F4^@<re;0q$tYW2F$3A8JFe$ayVI&llA{T
zjw-MR%Q1MmZR9uWc;g!6p|vf6Z2*RGWGSV9$*;RaODm9_%G_pw<)#?IbY~5M=FzPk
z=JdmL*q#J4f)3mOv?u+h*KQ2xF+v~qhQ~7rUW~B6u{!7Fq-^)$y2r(=^J3XQ#ne6Z
z+M{7j$Gd2M0;vDovT8|!cWJ2$f_LGu+_Kh4-uowhyar6SCzck&9iIK1CuWuS-tTq5
z-&W6ho;k*(gKAa?#HYmpKhFosTS;}t99yu3f+_KAUJZ4kf=hm<aTjk5grZL-1V!KM
z1HJ%fw?RI9t_lDqf`!j-APXGmkL;(j!4-lE7-@3$pApFFL-cj9Kq5bF9j2?SO7{@0
zTKU=3Qqck!X)g>~#%Qmr$c61D<B?1#*!)pH+$6%mx^evZNK3G$72NqH1ojBDIbWij
zAbzcI3^?M%wRJG(Q;m+Tjekl^{Vf(*RXkY9C#?GB^=_nSzPC@3b0+eyYVmB^0!Ufb
z%J6mvr*F50*UpxcGRt4gRLl95RX1E1Z_xIuQ=^g>oy=`~+_z8^y*K&))RfEPvq^mo
zwI~^#nZ1UK_U!9;38rqdS}#;51z+F`G-sD@OUsL$+TyGHW&GV&(99GaLUY}aj-{-|
zqDo1aoRPBoRvK{pl88yjjr^)M)D)~HMC&Wa_a5FiKvpzQ9@^$)Mt|jr*q-$7E$xJG
zX4c-WpasnyHjg~ehlV-Ua?gz^y70q&@6OMAg<Jk;xz>P_u(*EF&=_k+yb#b*KX5pj
z8OtJ2D|4ILQ0#D@$Q8Fnk!*Q`1T3}A7cvx_9|Cl;h}ux1{;vRs-XF}J#twjNkG0K`
z15WsT$SCvUgz%AVdRX%#dI_@!14YhEc#g=K<3giLJRYN;BWvC%vpG7#z!qaf)qD=W
zQOk7Kam-SDq7@%uxHOl_dG;2>$iU9Od+){J62ZPH`#P;Bh0P`#C|oJ3Z+`gIQuG9@
zFW?fOz}0R3|0ZEMXD?>ZiylDV9$o{Q4&AMpH77EgNsO0Py^%F6<JD`fvVpgl2hzBE
zB=*L`8d)G`LWWVokgDy>g*J<{x^%Egy$&WNvT-OD*_G*Zh6+pEWF5|`?*+q^DTLZ`
zsI9^0B786njO9aF;O?c8xrs{q5ba@tJ4%}MjW@_*jN?W>;TkfEiA0Q1(8z2-fxax_
z?d8||*(rx`iYYf?RUuO$$!0T@^1KPz?<6$UBU{D0L;a}~!q0tjE%s6osZ9+9|B*CG
zSK#ZYug_cl>0X|<^u_hChK+v*%X3#Nc!8>KgiC&rvV^$or(h9==CrZ`<VlJ>Q>p<2
zT}zD&j%8vFIDjfNb=DOOepR7JcP&VM9l#2w`AdWw3fD%W{IB3RUr0j6WR!edw8b`0
z<F5u`e%e8Z2dsTtwCR!DY5`69u;uBbxTgQIb6d60=N@kq>Fsc28*!_y4WQco)7tpa
zGWB59BTbv@2C8UMbu(x*v}_j(;E)j%eereT&`g_uG;n-<Y16E^DpL}U<N<;Xb45(y
z)mSJW)SLd)yrl37>)%h6$H}DykT{62dE4SRYVe+(HkXd!wl;@EHj>~d-I!^K?j-;~
zc*qppxzD#<BLZ|DY3gWPk8<D9DA4weFMt~vC<yXM<*zSQI##r^xi<Z;WfRDwQ^fum
zjvTI0D~HIjNS&HRvmU(dm0rQ^IapO)6fj5WRMGUNlt>W_5(pp$><{d+gC}G*0H<4e
zgdlMQyyx>1Sy^hUAi)cKosiWcEhHx7X5!y;@8$-)X~j>PVmb%i!52-f+A_^Wnd>pS
zL4V0%!x2yt3Ydcv_!cZv(ud^QE1uhq*%>~NMRy`3H37pj!}LzRM1w~m$8-?+8_1gc
z73LIKEAJ)jG$G|Ll2MXTw2)@0P*sVAu<t7Fk5M5PYcU6m>puu*0;n#K?NJQgPf9GS
zzM7kijS&s2U+GGwpp;ea#R%vpMcZ`?=5@p5I>XkV#jXD?I*KlXPS_6{P#(_Qt<K2|
zAAsy#7Qk$aL|xpz!1&HM1(FYsLzoJs=ew#?FZ7EpBNGa<ql|Xjpx;8>$6HcQA#<-Q
zl`Gtr7~284wl=i2i1WmI?2n+iwMcl#;B>mw_;VA0XuPI~BR$G$VL`yFT<W}Mj}m4#
z_m@j|z}%PZ$iW7ri?UCPBm8{9fBJLilVe%sMZgy}93JJ<YfA4jV%AJ#T#Tqe+iLHz
zrNVtZx(J1u=K<AV%mi_m5kP}6iBjauWz%YMUdf17#|nJacPNSjy$8{p^OhhmnEOXH
zKPT|24nhylFX(;t{z>eDXr}8|4zy*$R184sog=fx7iJIa1wlYGL1-q~s;#yIsIvc#
z=keB9*41pgkd?=e%l>j;ya`vw@&&nt=gSzDj+(6y*{jHHm1_!QVN+WslH$wKizlth
z)!v$JEc`m=QC_^UOmw<H`i^r%5~2Ai1TOo-!IS4zq;F1RhiS8ip1cLvb_pUB4DPHJ
z%v!};@48+HOZc<umuqpxPZ&ajbkMewRx{~#H3!c`;1`smY8vrEpk-*UK<x%#YLEa#
z0$%<S9;t9~A=Tv-U)Wc1yhiU?sP43h+Sg1)$tW)%2;o6SoIyfX@kMk8EO}|WUlPSO
zDtm4g(g$TzoKRxt$DdKGl!1V0B`?}aiT;QjK12f)$krK4GZom0tM??1g?c21j=nsk
zzDUx8{AdN~&K*K690X);`|&@WbGQ&Nb8z=03E2`U=lhSy+J<fV#KPmz+1hr`CT|g;
zI$e++VDcJaww<#=ofr<(<;a81^*h~h1om>?qm@hLQ|FPBO;iGqsX7Z`#X|Y7?f4~s
z`NdTwOfm8_RZ82|6*F|>(7|~Zs6gd0xd280wxX_pitVMLv^wnrmco#M=s+&7&FjNg
zB@UI<anX(-BHOj^J-GpvX4eCMCv2i#-X$P<&)WCD3WOs^##(xlSMYFJmo@hjhhB=B
zy(-g7?)w*if{Km?5=Ej4)Gl5sCQ+h`Mq;()V(!wR6RrO7efiwYV=IHwTyeuj_C26-
z8%#|!EM>N;9P<q=gTDsrjnC@Lm`(L>6aL65nWF1<;1+-~uv6<`(f|w?>CmhzV~MOZ
z(8*N)H=#?HQ0lh@fH;jXX4emyfRnBhgr``{?$4|(9s4XN$6P5Qd#Qq5^Pp}KW~w&z
z5KnKv%h4X+^Z*tX((NONugT_)42Q_optgraye(t$6b#dF8=?4cMQkV_9ky)-537mN
z;k6!|lmpDFn+Jz3icm?Fd)LgUHiv^}oKoMz@9%E?q2v}DXrIJ=rMw`cbf&z}tn~Yh
zOI2bA)6~AsA!6lylla2w3g0>I0Z~xwv^X&4kJF}A#qWi}$*PLb7+|R?tS(%GXD3d>
zoh}GA09HvcS}|UDS#as;7L}uW$zZlzLF-9%))SazMmX|VLXUENX)^O;=DhCOXsL!d
zOTSybT`o&xxKt9i`nhaRpwDzu8RB(`A{S7f`fJ;3M2#6p4bm=IgjyXhsKxElZfX*O
z1v8>Jqr)GXTTR`6$j42deN5_b_{<(LSwE#gupx00TKkL;W*;j2CNw<)R(7VE`;~jG
z08U|_8YRA6K)y(Nq@~d0jjDikRb^c?4z#{UK7c>jv^JGjq6<=79ASW@m0ZAor&N22
zngGYUzdP8n1xIbTy}D=TtKwipj_io7?pRlC=M0L+SMMy^A(zs|VSM%xgC4}LDJcz8
z2)4dF^UIn;5mIO2EFZ!e6OZfX^JSawXHCqD-fi}?IMQnu<eLtLm^tA+$oB^utF-r_
zMxSZdxD<YL2HceydXVe=Dd$HkCWW=bK`qCVE-#4{8+O5tG2x=N>CA!8z}pk@<@c6k
z6;hu^AlLdaagpGyQahs-JZ1okH#?R}(jU9xm|R%e?M~1voe#boKc1Kaoq5BPf`+zc
zW2wn=-}!&vcYc<C-coBYQa}4)8BE!Vsj&8~aUue-x$D|{uQ9;ob^rX?^M&vAcF+4k
z|8aMEJ>R7Z6|04V&k<?{e*NP3eEy`H5y*tDrsOxTAG7~v1Wy8Vt!vO-e5q|Z#7AHt
z=<)S%Mmvx)gqGuvG6MgOP9?#AWoY}L6~*N0i{YXJ5O;(6z?i88Y2p$Rmd4b7KDHS^
z(8B)|ALNDr2r5K&P51ZHWO;k9H$?h|r6uS~^yTP#GQ@{C5&xjZ?fpbX3qH>!oullX
z^o&6oVWS2R$HiO%)O{y>1s_J?ppeD3d_F0lv`Q6I`7l}*(=39z|N7V&bT+WGAzJ8D
z^2P@R!#FZ&di;dUjTR=GIoG#yV`g7XjMI6<fJezkfro0m9pE`Uyu+tBo2p-w*Xr}~
zxhEgU4v8OWdimo`@Tq#12214hS@83&8FH!qIvMtM*2LkF6|8X2`bQqy??gq&(CV!5
zR2@4Nqvjx~R>*pfGLZ4ZFj6&iN^dGnIGX_=ltap%*a;ax<@I~m`C5oafl8HB1&VOa
zit%BLhyX|uK|;o03v|acYQuke0f%=V;ePo*Lnd&+c1UqHon-GDjW!%ILIlkWa~SkV
ziI`c?!XXzoE#=%CMHaWIrcp<?lXf9d>fcmpylx#+*Nm5rAYPV_swp0OLQx&lA2mo{
z=CS0$`;0Uw?v|ufBA)<q!*6U&*SUB~3YkNwWQN2jKr98sX7!@q5Rh_Yqy6wMEiT5N
zcVv(G)<><IN(eoNBhG<!*Hciaw^)ix?-ZMaCtfPVa+3eTemGw(zejPpM5D1pmyn<n
z0gx142#6534*#~!UANlcQs#piYqo2M1WX@dW2<x+1mp+oVH{cHEk$vSq==ixeR5FH
z4_{iMOsHq|QJQ$e!P&>VF!*!G5t-Ge!eSh5d~qN<IGS)P9lg}6s3~k0N;m&qJLXsy
z=>kn^I7SX~I3B>x-!zlNu>F6BUP;M!Nm{&I6K%_*zzn=Re`e9KlfuA>@5{Jt0AUys
zyM&EDDPlG;wcPV1^+@BRM^?DV`h{?D$Hl-qW4^h|A+!e;G4tvvQk^WT#i26!{5jK^
z;IwG3=Fnb%l^YHmFRX`Ugh@hJ_ksS@7?AX+K;KzwhT7_5ZtJ6N+vPbg?_z5Ptl$`p
z>&r+cVI4`7f3cwx5>SJs096YNX-%)nN1ER_W*Tt<?1L43*))P$Mpt#n3e?ja*cM8p
zXKL6O&u>{lDjT_UJ11U{-nj;rJ2$33g(TccE}ly^o@;Wjx6aUbYf%7tuib)SrzCMS
z=Dzv0JRGWuM9+!eQ`lB`wOW);n2bdSLX7i**Gar(WcDrd?bDY*59DCp)-u$KZi1v(
z!m`6?-9#+eH0iG_iyW;4YzSq#|4T2N(SW*^#O}k6Q6g2q8a6${p9e0u*f7DjLNx+9
z!AUAq@~YB^m*K(3s?3p;DVs8l_U?A!XcQ{%=U7LBpb9Lx>NCu{V!joaCFw%uywdtI
zmR6j|#AIO3pl5zHyi@NS8^|-a?&e&T$K136ualtyaQrFYG;vC-m8mY3;p--0k?(YP
z>}ab^vtiO^6`H`-okfGABig}O5Yp*dFgpHl8T?m%!cIv322hw@AD?YgvpDT+5~x`C
zli3E%=f&@SCA!`#`nB^AXbb=F-g|PJEBn(LsOabLH}c-5fB3Hm>Mo(IijUd3k8zUM
zGQeLtc)LSXYV&f+iV|Mz_MQ^iD%|9iOB2+vuEYRb#_kW$YTa_AMrpQm7aINCBsVDE
ziZmfLhJx3-q|e(j6A*R4moGE;yOlvp+iQ|`(qX8sa%smtGKkAXw`a|b(vs|iX}#3T
zRVv;9ZXyOj*;lRASrK*$h1e7;)9DbORMyFIj>cB~?#$cln5l{5SvI1``wTP9v`X4%
zT9|`rf9dw16@oXeCAsfO(avNUq5GD%el+Z|7qQYdX+a14>0^{Ugy?ka%qz3Jb(52f
z9rydKrv&gkAEdO5o|vi7=x1ZJk#Q}ycKE{1sifwe#fgD2TB7;0(l}c?P9wzFe2p%;
z^rc}HsY)H)X(aeubg`)_C7qHGqEb$tleHmiGFjUwXig1k5X#eWk`g`+o_RvY)L#E`
zKs9<gOgy>=l4EYqu}d~@Z0dib`wjp)fEFI4*mh<=jzQ`>MZFG-<|6eLdVY&w34AH`
z)bs(rzcR;qs?T}zrCp%DwLF>TXQE4kA=v`+PZ^hm{|A~tWxou5Ixa4vWC7WBeW%~&
zY(}5g=@VRr&Hi3vWGYWNH%x9vibE;f`n~>Q>sr+fs~g|sJIVfj^~1?&<-(OIJf2e@
zwc5eh^WEtCTjpnC&z7{w-RZj4v=aC!I}f!OR4moppUr1qv6luD$X?OLnON*e&G}Xx
zddV~|m+`D&ZVRYldPWVGJT-Va^)Vt@VMxs)YK%4XyI$MaWOTBRo4AuVF2KBT8Nr~f
zT2}7Qsdk?eCHj1tyEEJp0jf%OLww8aLurf3(IOU1UFSbA<D&B)TvUAgy;A^-6?a>-
zC`=A!gk8c1oLpJ0s&|`hy}^|({D?jC^NRcE#{d1Xwr}FYz^5n!19Ga%N=V?BoP4*R
z(h`^OHG>Kp`=dUEF8tWJIn5^m;RK23rj87uBRUUO+3ww7)gH}J7*k2#vh_-Ya%~Kq
zeWek5ANtF=`v!^6+yqwImps;%GpOvzYG!5gI#rZqzIo~3T6K-gt>!)ogHD2&3l-BE
z>ZgX)r%lZ$?CN9C*2;H3!>3kndTcRr=I#aI#J!fO0RN@DedOn<AC8!xt))8Cf8B`V
zD9no8lGXG>^^8=Fl=Tw7v^$d|^o0>=Ts;}RlIlwPvF#}>LO+~7TrV)f4O~2wv3vZ@
zRZg&~i8kGeDjQE;yXlL_3yF_Isv^r27CvPVKuyEOF@bGfxZ`ttEZIuA=ai{f5cA}Q
z>IC_Jv{EDghnq3+;%G^lz|nFtb=On`)XV=54xhhxk(2+wI6OS+<o~-UMX+(E&in^{
z=9;EcR|ZhN`iE2<a9M1+nO>m3n2h$mv~EC(YYp~k?gb|*)Dn%a|B?mlM$I!Y-edyo
z^REHRO(FAJ^CU{T$V_9~nuQL-?6%av|7gU<8)|-eY0&?^e07lX|2+Km+ZUbwcPAwW
zR_M${K!Sb_;L|q@HUKo~?>zKg>IJ&C)R!ZVD@^pO3v+~5DVJKNUpZvh46USMz7(vk
zBdyL^$yBt?n95{8X$#mXTKb$<?xVxoPw0lJ{1i)6Iw4QalM}J@Wyn^NQpY{{qYxRF
zev^HRkNGxLpHb4A`EBJ!qjVa8fmBr#dZ|C|5zq8CUuV_4a=#C`8Cd0KV7Zy^{SJH6
ztKC8U$9$ieZzUbp?S9F(eD`Hlsz<Rq&Wf=NcBydw+28UV>!0$yWp565qe~ms-Isbd
z<*KX0#t|E%LW68*wYveo>o76*`Ig;j2RE(gWa=fe<*4+NOg)wULa|vU4*-6=aegzU
z3v_$0s~TjGDxYyxema9RwDtDqz@3`sY_XH|ZUDCUYzeKZKXX@h0>p*s4K_Rz9$%<z
z#_3dSx~HJcr8|&YTJ7XF1=qDBS8Qs(-~U6BGH5pZ)e|vv_LT?1rc;bSmAL&Rr1c&<
zJ+yx4*|c*fXgX)#j!l3oR}HJFEvt)NeYGnniF$gVk+90bs61fGK&=j4+V0sO6|&%q
z`7=S54npXdv_O$)Ka7!eCMz_(_uS)1@o)!Hw!X=`hCx5TztGXE78GSFbz+;W*ar4T
zIF-uBQFCgWEmuPwd2^{E`p7MHqeF_9<drADp+Q%*M&=u6f#gE7#_4viM%%^BZZS9H
zm3F*^>$q$6R;>Whl<k%^v}kK3$WFT(O-!_nG-o~8Ks^II4nvH1t6zeuVaPMGQ7TZ+
zrHb{fc_AgB{bSurTL_r}a~m%|3%g3ehXhJr1gMp1ZNx|;ejTJMAJ$&uV(Ca>vx}9R
zR_=Oazw+2+5=vyq@h_|(F_1(xNdX_H8C8w`SDek}D&QvjpO=TPa`rz5N3Xj0zdI>8
zNFq(n<=I!*{wO#hfZ~QQBDGL|bdJFJ4JpJX-rOCS$FL9(_u_J|VCy5t_7*<^$LT-l
zj&a%F%A74ro7I^X<=T1DJUjinZWxcOvc(3Z%YR-nuI3KWr$0))A7uYo_lGjK2YAQ;
zgt;3<*6AVd2$8j7THj>p=#fEl`_c^mg*IseG|&M5559f*Z4Uke0(jZM|6P>ww=W&E
zD=dNX;9t_jmRO*MHvZChpwv}6vo+*~lJ&`}hx{c#x32#d5ltO{YJUIoFz_&>?zZ0l
z;qz}_<>S9RKlt`l_x^WLG|A#KXK>0EYy>zQ<IoM#K<M${XAJQvZUQoD<1lhV^c0;B
zF+0{b`CI%(TpCF~HbIa-2m#rVbS;x~TP57`a*^r_p1rK%a%b*r3zw(-%;ZZ-!^EaY
zr|1;g)aYMM1?Af2tE-qy8p$~I*n3tznEpV&(e*L%k!?T7k($DFaj1;2+ZNQw!~sGy
zwJ5MGl<#4MNlmKvQ`V6$C>}>_;fh$0bqzBWW$RfO$i1j*t5s{Flw=dWt}B-=KFR=P
z!@`F$uirAC#GLbE(*&a8(9uSNBH+lqR+Sq_NnN*y?!;g_Mtk{TJ2bc^8kBcsr|3|g
z-XleeYI=Vh^w{)DzX~*I^yoWu*`dptLF+LmCMG#mO26G8P|C}vg@W2KBCQy{L#S&a
z)Z7)SjhoaqTFss1V@0p|Y5sB0tm#|+I?$~RXz0*xhjz`-ZnXxWM*hFznZ#i94U<4O
z=>J|G9UkT7|1Y0+@n3dQti%}T>=5HWBX{aij*BwevG?lUh~yWidhXd0%1!fF=!;9|
z=8#*7sTO9rT!aDK{$nSf0y&#gI-CQF%|in_O<m6TdK=lI3;I2S<k9Bfe9er~+D1sn
zhT}bH&E1oSHPBA5%A=#y5)W4STd5h|-)RTZy9ZT&>#Yt)aCZ*H$8ezn&0#O6SLY`;
z=e>QW_v_`E_}AI_>vQ<m-vuz0MtwAD#!cq$0yR<gXI^^Bw0?rqFXms#<zCsyKz;MH
zEh71fJdu2y-?;CEeX)OiZRvRL<fG1Ip`i`OUDUT7Q#qdB-jZ#s^A=v;p2|{mjgfmN
z@bk;Pk{eQVPWoCdN|{?#*?kdQ*&pq)6qmo9JCkRNwuEc4hP)lR`6|&(_7J}oK$5p1
z|8pUo?CQ4zLmcOpdHynTOGI4qePn8U?be%{mm2<0O8)iC(c6gs`TWIEKK|$PZ(n@d
z@qfE0b=ZdUfSV#A{CABrQXcK3E=cLMYe!waE9ritCew<-D9{&`d%OkL1WwDm-C)Nj
zL7bOCu7zyYYB{h+iaQu*5U<9lBZ=ds8>!sF`q?y{v}$VLz*5=CL=efmo&1aA%o_K1
z^8q3^aPNO`Z&iXE?T5x;_};C5^Zw*$-MARw|Bds2HrRh3K7XF~|9k%GMd$yqlVT_T
z-Aew?M~I&*f!yx%g36KC$Pbz}-A<lRBa^cA@`cKtA64Ga+M83KKU7=KF7k-V;dYcy
zv?_O|oQC#YwXw}Xs$I5ra*>wzXOxpvJI(7|<R-04H(JczUOC<PkDF{XbK&iij%J!y
zCLhh`@$8puJ|>7mLy7N8dM_q$!`i?hQR>a_cg1+<gA?~X@uITn;<qy|D$W=Pq48Z`
z8g^7QJ;hoVIqQ$Klgcc5dF$xP?04A9%w>Ku`<?eviu%|D9!?xzM&Zasfq3LnX2-G-
zbCruDRuD@*{2zmvOsZF_s?=^<Lr1003xBN7zbJcmzs@|2mPr$huMhRTM)E|n;ny9n
z2vM@PGP@D8Bw76A=76<R?Qzg}!>Kiw>SNu9-!tDZ)11frGuLMiO6>mpAX8`IMjoNX
zR46Y?C1P^FK>EpaOLmopvMRA;ipvpf#<|lVTI7<B#1uyJ`LoHpzy~x}k}A3chPm}g
zF>9n##g-QPl1ukky%ij#Ww&ip8IkFRXnSF{4{PV8lzlzU{FHKbk0(#1oY5o9SD8-j
ztIb=faM`-~D-Aj@GE(iz){24rcjG*eP4VB3j`Hz8j$Xbz?Bu_@DE9i_N0lN{-O-(;
zifmQATajI|ZmTV_Oxkr*=jT=1lU>$H+pcn2!QIHK|2(M30R9UryDi3lE9Cz@{PyTY
z2mg0bn&JPmAWTa6&YTg@H+kr<`RtO(-ycm$*oF}gZ`h(P(H3$Uz5fm405{qH9Uc|p
zKOP=-_J2Dmk06ZA*ZZVPHm)Xsat#>RVwB-hOM@<sfOKa*I(k9-smBg(5a$<#_<7O&
zI(K8uI6=k9R7F9~>oaNy>&>a?uRk#IpQM=M|MlZQH_3kvUOms@{})HEI{d$rVlV&M
zWr%1Kqo2n^JJeA5+YKFEWy<vB*ov-vC8YrW2LR>f-ZTiK)?i(e{O8p{j{iG+_59l|
z|I1Fw6X%j8cm-kr1P(uU=YHk}&S>fRn3Tx@ka@?Z0A}`{I5#sdcH-rN=x8T~9q}F1
zT5?$|)ZV9{HHo)!$&N((9Z(E(5Mbt1wBUQTh}>K6GmyUo%Kp<g0|)ID9ALDtB~A%#
zNgUq`+`-=9?E2$1IiEjqPRS|Bd4GECOuQ)G8%(`qNdM2Lzc(2D9u4XL<qxyz5dTm9
z8Lxt2+R+Hsw_G^4p6|wc|78&0FW~=2><<1vnd84h=x6W0{6Em*J&U|>89Nte=P)kN
z-smE|H}EDd8}jP#)81eekHd*O+`}=h&YY|Ble0JHgZX4HC9cNNBp#+8zS#K}-oKht
zdt=nU|D)$G4s!8-4qqO1@}J$5C(gOJ0YXe0@9q7!#ee^A-hArB(fIownwZ7M!(qhk
z2Rupc637fRfJ28Mj8s>+LWLjZ%nODrj_G3@_Wf`Q|A&0)U=d7v00Ab+?EBu~!NKPq
zP$_=$eSre&{rCSiT>SUFz2AnzzaKkKoM-BuIwG4eK$6jeGY#Pp`UB_eo%8nHjdOl>
zaWnX4Z|^_-c0(c$wjeJGgg}3PCYJ_l9mF%w^(Q3m8L`RK9b)~yR=w{9w_!AAJdoZ0
zh?583{r(mnb3gvyOBT7`IREK4Mg1NO{_EiIRl^9PcAr;n?0;`hofO{_hkMPUGl~OE
zonMwC`0N670l)*G`t|>HcD48E)29)OXM2d%(ZM8i*kn?WayfFMWO`kim6`Y81@K$|
z<`+6>yaYHCn%4#I0x?T6a~(46-n$7^*Z3n%gChp~6B9GC*d<cm`IPVZ({Xl{o6ixz
zHh_h2?p#SLz`Y+Hq_xg|W`;0M<#+)5W2_A*bIbtGxQ+_!C$Qcp(H3ida>%lFK%4Yy
z;8kqXGSD}wxEW6BqLka0v}NhKZ*WzB5s?*)+<CZiV@D2?UM)unL*Z*2hhvXko;oVN
zFW3i9WF6}V$k)c1mc6}yIls7QLxwL6{&Oabq3~bvIPyp_?EGu*Uwth6|K)!&|DwO3
zH_a?9r1YKek5B*n_b2!dcH`utgj!Y?eD1%TQ5d3>@e|rrV&&_FJN9l-1_@*nEH-kO
zqlHXJ&pgtOhAsp3I2n|UR_<q3oT>gb;cpxMlX~Wr^_|**o2^_~=l;t<V`{AY+uv&|
z=d3}kTA4MFnuK>NH;RD#f@*PsAylzhuUFMfb41ck@)o0#V3Vt5z%Oy86_BL#D>erD
zRkSX4&Yed9WUl~b7*43*aFS_uar-t*E+aRFlWgb$L3@mGBy(L%XJZPh&<Oh)`cK%@
zW=XownaO#US?gnzSZem&!FLBu4a+nqCC^1gqLuz<PNqR~|59dOa(m9{6H3z_!leUL
z67(GsKu9C}!s`qXqyjp)jKVp>izU5W9_^IwnHbV!Hs$;DMsy&TNVU>2O8Q;nDdkL*
zO#n&GnbQ=SU51m2-tq=S*)DtHta`_EMEgD6=BamlNJC=hsdb~n%^RIQ5ma;Jg(q$T
zO>i?^MJ3%Sbcj!D5{_d`TRe6b@U9R#_#p%C4kj26)4t<j#VS-#WWznoyBr!eEZE={
z&lxvE)^o;Kkw~sm3`I$#Es!E+^d`Ch{~_`{r(PCLJPVipqzNrnxN{X(aw5LqF{(zW
zEE|>H|1!TA{aGCncF0uXuL}Fe+u*yUs5axYtvWocI-|(_-%EGtD(|n%x?avJ-(tFr
zW_O{~Av~SlLG}a@CNb_38{RrIYU7PzJ7{g!2;%R)Qzv-mx(nx-{cB0dBzQE6ei=R)
z1LYX>my13(CjF*tJvrai0g$cX{bl5>Jl~zV=kb{NT<BB+wN3gP>uK>OQMmZ+;P2VP
zIeGoM@^tdON!OgKFid_#q0<B4ym`qZGU{v@oWyU#06W{Hi(dg*=vUyN665BZ!{5jg
zz@tD3+92W7ytX$$Rbi+$LEqPGQ>F646jR_$Rd`+WV=|O-`7UnYiToCq^$vsHxdH4N
zaZ0J1Ha--rz9>gs<tj8Y)*?RxGr(D+fhun9IevA-=Z$waD91I(Zqg^QRmGh}5^CUF
z+&XB07`vRS6nh0MHEz;AYzTD%f2U%gWh}X7$tEbZVCjUj-b2mAYMo0@S!+EYXe~|3
zwTrmlF6}s8Dq`I^SFOOjSOoylWfZvu)RG0=!E!!ACgxUeAVo=>Mh94q-w+n%Wdrax
zym#c|85{t`TvVfr{UC~><b>hmV(K6xwTijW1Ykvil(A3`2;rkcGX6LfC$I(JY#>Q;
zjP#1@J^4hUN!$P}(t6Oxii_P!DETbVr0R6rgq>7w&x-9}!TeH+ONvq*q7Xy}c~R@2
zVj%vNwql)8^sOumak-3V_6xvPxk+P%cN7qn=zjyy738mi2&fv?3PxI$giL~%M^i27
zAf53isP>N2?4PicNwyPQMF209vsvn07bpv{n-vcL`NPOX*g%~*DV3CANf}YCl2PRR
zpMVnsIh%TE4plf!QBx_5s+aK?3U!*LIHqEoyc=o7(#rf`>#H_``bHPb(pIK&rDmB@
zlMo5fru>SSlTAt5aL*LV#3}$d81k;(?X64jp1PF{;Z{jDcpp}ChZSR-81hJnWS1jv
z;9PQ<J5usLdCAYqQ7VQH@s=W7;N8L`_@A(%Sd0?E^-N{vv{r2p-VTs9%vZegbtGY}
zi@xe)UAXgVy^1`+U*#gbSQmk-U^UwM8pUFoKA;>v14i9f8V5S7#WZ3Q0jrZ)6fUPT
zjcDM5!?{fWf%*JhR6(l!q6&jR6+mfJO^IF{dTAsqfqUx``3uttko|;Raf5gn;T_@P
z6B2cyPG45STU!{0BZ4B4VJ;SIT@Lt#1%Itc`b@yBvW#o2XaH$9l=6M0V!cK=p1I%-
zYXU98xv;YBd*GOsxJ$I?m&hbXr)(_o1HuCyb!<xhdJ>A@Toh@?Aqelu5y>R-B+<Y*
z$CGqCsZr%-NYKx`Y$jEdvBd;<1`@+zYiVYKK^I6p8?JOWVpSSN01eS7w$yO)jilk>
z^-j^?E7u_jUXh>2J*b*UgMhSAvia4EGAaMVMCE-bd81W)G*WmWn#@I#d!L{risVjF
zxbl#z(6Sq<v95kNIW0qDZ{S4nfRHBR9C&VSg93xdD>&36k#^29KoWrjI{aHY1H7f)
z9CzAFVAcRa32kPcB&R<szy!yP8w-0kl<saO&Rs`-Yb&sAO+s7hXO*Q|>CKR+P1XP!
zN0&+pV^O#Xc(Mc}BfKJTQ}1Wqn8Z8}T75FP;^HsmpN3rUz3ck}=ak#gTwJb>u)iUI
zTKM;?LD_U4${2~Bm^97ATkvT=h)5MU=vX8W0(81W3N>NlJE9VPJ1zN=nt0WL1~IX?
zFE~Az%rNa^_(XpHMqkEO1mQcEeD6Tiy;a%v;}>Q(C);h7IG6NO!|xQ&3f~Q13(KV|
zRv4T}?=fP<F{bO%xgeeIsY&EoGLzS^k(zi650k`<9O8U*xQ)4d*6_q>=;}p#rJC0l
z2V6v;^s*_3RWtQsLfJg*<lLLg@+u$?zm)(42^z%=jv6+4#M3B1H*QRc(45~y>vVt=
z7NuLFU{U(hkPOh1;aJa<miy}opZrHLwU1(I-;}L0s3Bd_Z}%jW(nVELh>^W7rCS-*
zY~s~=ySJTf%kEd{c4gBVXSVG5OMcJfM_?`F{Tj32DG_H8{@|`SsfSc|K;jZ7y}5h;
zavG(amg3Elz<;I0cy;*SGD`*lM#h3Jr)A(v#fHRI2}?YLhm>NhFa}1x%=A1==8GYP
zj_j3Asv$961rmg>Kvcq&B4i<ERh=qN6D3L1B9qw>)JI9(z&VK>KZI!mX@jp~##U~j
zZ|C&Hk@Iu}Ko$nY#67ai>;S7Q7uZ=O$9o!M4`L1|gd@^^^pITuyug&h$uBKS$iNCc
zIiIS%E#x99ML<G?!LsBFSvqUBvl4j>>PM@jDo!O*8kclRJPt8TXrRr7rHxy$jN#9r
z*4?mvYAVZ4=AM4{?W==Xh7={!pBNFoYVph)z`}j+*2SmsjifEK{V|v?AVAarjNKty
zczycmNipTtK<gBrrSlFh%Y(}zyevYz-EanaP9j}eH^sb*z2jbP(B6Iz{e$7d1vP}f
zDKf}$Z~oBdef8+B{K)kRnQI})Kb%~8c>Cf35MfUpw6{Hcj<hqio1mvWDq_Q*!+ZYb
z1wNwZ&K2_Td}+=T{ign(|M&kxef+|UvM*K=!Zex!8e6{;Z!uF7ad-MMQ=)uIrxI}?
zcTG%lAZW*~4i-5u<8YtO^Og~R$R;bstFk1&OobGxuVs_O9?vGbt(;Zm(~;r{92Z?7
z6P%IITO$;Y0eT?!8VU+M)6+9S+`#CuyI@Gk`w!m`ZIS`mbmm-qr_NGtO6E*&)HQb|
zAs|fTA|wHo85yZ;Kmq&Bw;;Q3Hhh_!VU5<lK3~q7+WTT4`vy9sUaMUfz}l>OL(NR8
z(JVap5kB?G_jjdI8mDAKf%E0^xm>nW?9@St2p1}6redggFUi<a&jA9RCa(jjBltv7
z2c~xclY;ZjUX2zs-No+g^vBt@E$Wf89dAXST$$ph_DU9^afx&+OP3d$5GSvJV!E-!
z7HA`xt8Pt#V6COXZHl|JBUNr~7^ihqx++S%#e+7{+*Tyrven?$M0j<+0!?l)Raf(N
z8ESSj(Zn>_{qvUx5+d;9&eKNx5#c6hy4h60t8!rMMCsU&lgHkPqb{q-THYIJhxJ;?
zV(yTJ1OMu^l-2P{O`(HSpl3VVOp{mDk)=kjsvA4aUS%%^8ot`LHJZMvc57?=3?fNw
ztb?i=W9z!8`UqyN>ZA-Je{HUtsu<)E>Zr=|wA9e4Rs!lT9Yf`7F4ggW20WBX3u83J
ze}4YrRX+aLx6co{_&>WS7})PWh{L?X;4sJEJH6&uFg*(QNKM0NN{tG<Fje`JL>J1$
zo#dJXM7cj;m>(W&vZRLaL((dhb~H(Yp~zYd!F@2}A|A`X|4si)4;R|j2gpfV4ohZ|
zM(%DemQU?4Re^nK8(A;nD+=~gzgs4ef0}n>H(`Lv-UIpcU31?8F`+LF9sl^H08Pi<
zu<bD@$IHu?mGM8J5dJ?rdU5pf@HycBqnAg3|6jH}k+Sk9$Ny#Lj|jCdTx{3R`jeKX
z_^$`gbNPP`zkT(hqyKhNcy@M73Bjhv4xW4mbpK4HB>sO4|KI8u_VEAZi-T`F_`i!%
zasD4a#sOQzvoQJiapTKifBxTod-S|J|6LT5^G99p$5dVL5vvekFu+R9V>ICZqnG*k
z@6TT$Nzmc{9TXwIrZ_B)JaZHgOCtnM2O@=Vc<lU(vPS56KG<RrV}e)wohSTAjdpmF
zPA%aF7Cq+%?`$#1Dy*cZ__1?!{`&mn`n>=4<jr|a18&(g>5m?cou7f<t*OdWjug^+
zkbzWs!)rQNsRSoHY_qD0jP@X&aj99!5Si+H8v643hI7)gonW);%ac>SH8Qmq7NNh4
zkDWvHOHly{Uk}9RZ2BiUwqkD8wN7i}Ly%$uZECq2Rd%b^oU7ICYUPGm-ZJZ(mc1A>
zn$)FbGxOY_4(*tfJX+;cnU>w#zQdwv?l=BBF0^8uyh6V}jwXE(>aZ{U7QTNuFRd%I
zRDImm@9Q5-nt!dn8+tz9XJ1dTKK8l!sHzu}L4|=(A1xxjKSqO~(rPo8`N{0}wAx{=
z8t3U8W4pEEvRme)5lf_fp>9N%tIKbF-6hv@@8y@IE*Vc+SGw?G{<?fAX2MHL)<UE>
z2UJ7+<R--r4rMVpc81u)!|!F^<(%`U02>&1iO2ji*Jlsc=%YOWi2S^`wuKvcWJAPj
zyv$X|Dff$$tg@RpcF0_!P+vEXC|fdGOqBhOXLa)Wb>U07okRhah{~EdL|qlMdO!?y
zP~5Mqbwk-qd49{Rk%LxEGfge-Q8Cq+0XYBCWZc@ti2h%n^rzB5|GzjoJj~JmN8f(i
z<$u{p>F9q{N>?}78NL69r|<tz^!y)}e((3wFtOhkX&NIs^@|apwa4^DDbS9H%az>|
zarNN$OC#bhRE+4qXcDhS`SDUm{~aD2zWDY<A^-EsmmU4Lld?Je=TSUl{3{;ZeaF$C
zP7iYHDrsB=@0i%)Fes%C3mJ;Br2I#J>IQ^rDLJX|RMv3q;n6@s8V;<*t)|dorCIF=
zSZEkF4G^A=kG98&I|T&vAt&q+!XF)ajeQTW6OR>@g=zvO<w2c^EVx|AR7oqQMMy9B
zs&wd?uJZ~=NB3SFXn{;vNfLnk_=^};?xC2Cc4)X|VU)v8ebqr8L(6R8D)hPfg7)6O
z<iEa#A61Qozl@llJ?-@LW`NV*W+#UeiM1+TFkSjA%Jd*fXAENp8!Y#FB7R>LHmvWY
zv6ldmqhRwC-Gqyq`j0paF6m?j@&Rx!1Za!FUjQV{7p2$a<fr@zb1Vs6xYdI|f60=9
z-}Cv!zx|JA|C3BqzyH36j!_T2Z~l(%F0pu)`C+fAgVK??n}POe;w~Z=Pk&ON40va&
zL*_4LOs6elfUR?u-6q)f;N<e+{fq08k2s97i_KgNWR5t67?Zok7z4JcK!SeAvw4#1
zS1kNF#i8$ufONuqQ$<ObP!M*sX9TeLiSEXgd;7_`<@r4GFD}9$pygDV1~|(oHho3^
z>X*`PxFNg;1kfnbB*RK^88O@dZ5H?O@Zxkc_^RP&4984<C;5r<f=mUv&Ir6900)Jb
zoCe<SY6KOog@;Ar@rQ7S319GR&t?738OEz5zn5j8^(xHGO542Q!JBTwW98yD^%99}
z&{%beQHi*m${Q^)jMQ-Au3Uc@d(%FP#xpO05#c6K#0y$fKo4OspFB}se3dk4;g0h{
zAZyKoM1Y1)G)(&G&<3REB~5{^&aZFMh&6Pk!fhzM=k+IvI}V#ifjKa?21Y2tp50)w
z2+^sG>~#riIq`Bd_mWsfqrpQi@BEYyHAM?uOvvr2wAw`gHRrB>N>;yRHMV@Vcz$so
z56b#<%fu4dhWsFkoK22lm!%3~QE(OgHA6)&!k3nyc{IFPt#a8e)`1)>Dg9Lb-R#C<
z`8DQ|Ik`MZ<TQvP{P+3wJ3YU_GYqW+j2Y}K`tT0Kf0e89H<e?c0eY@8xVBu>lW1n<
zj5Zo$5a?COtpM%Ld4ic3x^hMgryYt&Phz(oDke~SC&X@JY+bXxlpB^t71hG?MtaJ7
z@e@5)44di}FBUIz_W3eBaHlAu5!JlFq*~M6!NTs`2Ta>gT_d;Z6VV`DcFgylkSATB
zhhVIt`f~R{)#yF(9dbiz#x$9`KL4LSoGiRwuU^;Ju3F1a9}xRGzeYZXp(=W<S_iBP
zPVUwPRtioXE0x2%v@~8ewS;9NLXZRLVK;whsh`6vyw8Rz$F31#jwt~HJuSKBrs<m=
z0G3ohiZg1iZw{37qIsy)tP5Sa766DOlFdp|jRxW_$8?`n)NO=46Y1!#Lf08|XS0u3
zcue(+Gqc*coy3`{jmYg6igstA4BFoJ%4xV_F}}yL0DeannFMp|EFztEpXnEzleyeO
zIZ(^&{{(m7o>hVTjaL(!zRc3K7+!5GJS$b2K#N!qDZR$q%=8n@UTf#CA8sfBr15CC
zS?E9!sWRXJeZ^CMaDk2me#QW%%z>Kw#^ZgWNA*d@JyLN8VHC<B!^57bVfIy6%Mq*(
z(X8=ExnxY_*(W03o4i*nwr>^-?1p*e^=}Clq@rLr>Ff_j7(GZhm4i@EG2<B!x`Lw>
zXpCoOx(?@Q>YiA!mAoP+Rjj5Z&J+(1CPR^xVoZi1s2=1ykn}Y@1T5CC6-!_Nc=)`v
zqsT{6$n7UAgvY}Ho+~2qZzs#)lE58ZuQXqU*n^tIi+FSsjH)GsDv5l|BGW^kCyN;5
z{+8FJjCZRpLNE~&r^v_N@@drahGiwItJ*CV$%X(app!(q=}b>im_;q-J9<$bdql?`
z`=vDm!sBEYVlo|Ow~NurhZmvKBobQkG!^E^EoBriMy@`4g0C*yD&}F!iHEXGizb@^
zh!ZiOI#-U<Kfy#kVH`4VE;9y}NAs~7tm4pMb7Klu>ihk>AiNLs$lN%(JD9?WUtOPI
zfXbgvFP#q}I+k-W!7EZJBq%R<uQ+~G+pP|oEfze_rxcs&`ith`CGOnn?AAmivKfma
zV{*B5Y?`53JFMDaRmV}3q4`ntX|CHr+IF+)D~8>$y2c$Fw6L1H6|1_=UA~fPGm2m)
zX=4iEEeH$A-BH+1Lt#rsnqw!V!m?8V%Z*|QPDD2{(`|wND5zW8S^$=g+w8c_tu3d+
zi=upO+$INYH`r{;Z01R7Lcwu?($_r&Sn*V*Ut#$hZO&6&1Wud*8T-yB==u{^tjp)k
z;YTOe>mY5}ygNv%mk!c4G+7JMUb2YIJ8)Z8I&j;8+Ya1z;I^WPF}Ss;Zd`TDepm*R
za_1zy*xrE4^EX4ZNqcn!0A(DaRQUA78PQl=P5^r^(m-jp8p4Pnn;47?$c%I#BBSO>
z&KSzU|9R2~>*t%B%WLJxmI($=5_X;eA;MG!+BBLk7UrritPFd+d3}v?p@4^dZMsvp
zVKisSu`_x|ngFKpl^e6m28%vf3eZa#?MYQedW<4NmGMC~3~gm;WriLLt3f<R#^hv)
z4A=_O3ds}-a;20?f-i303FYPE61g6S;618j{ALZIf+?!0MKQv3n!Eteu0JU*&IGJk
zPuv)(l+K=mU!3V><`~E<w)OcYhN6MORB2AI(dl;bHxMt!GjySl*JB^GZ9VQG^@c5a
zCM$4*r6B>`7j%SSWi^d<x6xcdV5p|(n>;E*%w{&Ze!*_Gsk&~XT2t3(mH;$IY*cD|
zFH6?UmDjhkI2LVA{ct&H)!^8`!nJJn(pHyiNtk9YKq>d&$WU>>{8kNfqbRQ3=JE;a
z>KHb~`6g;V`R-m_U7u`2Hxqi3v4n#sQK=_YS+OQTaU2S&fZp)rNVlz#FpJtYR}#Y;
zhEuaKwzV9?Rv(%>LyK0K6ESQj_Sdkswp))!`Kkd31!A39=ucv48Ks0jJYSxIhvq;7
z%X*5^U)+a_Gh_FJ(gh*`aguh{X-qr8QYTpI1WS#5?M#jjU`e=Pwg>0L#q3~R2kSam
z*TK4`zP1kQ)-!9&Qh&Bhb3pYAiTWdV3Rkb$;ICBXa7B$ZSf%8_1~P?onvExGEVo%U
zutt5g-i^gH_ZD8^AFl1hGf-cEvo{p8G5Vr18Uv_A@*6#p0|vH0jRiTSx_ILmpuW60
ztCF95xHi$^sO-G=uz!;~nU@eFd}!PrcT#@<KnMtT<waqjLbBGC*mcuL9GE(M0K*K}
zoc$gKl#dfe?8Bn^Qw;OPBXQt{_oquZn4vshIKMvB9L$or|AZSNJm7EI1X~ng{o}qg
zba%cONU-3_@yl20l(H2Tx*hkgg7rs*8%5`2)HxYdmCnhiBbWcw<nrTkGJ0HoJ%Ac5
zq|Zp|8KZh$Mj<-&Xd+;Y;-vf0z^~36?ifNkPGnK!l`s;zW{$G_hYWGm3B8+2CkW~U
zL0el+huK8=x&%QIpX4Ofo4~m|B=2Bd2kSam*TK4`zP?J!aV}o96D9-6yemO6H#xGJ
z-W4?9em?ZCldHE{08IY=@<LiJmSAzbY~+xP=Uov)zjo?^*H?mBK5r?<5rM8pseL*H
z@YDl)HVkHFn=0*6W3f#J4ajZGh1ZykhhJV=)*<j4+)zpE;l@gY-<Oelw=!2GVEtd-
z+bI*Uje~?o`{8AG8=DmuG5}B^z3rfyxZ#*|VC*fJPwkAX*=>j@9wYq1NIFtvb7}u&
z7ZM}LN4VfK_uVR*a2ssA1u?iTrhbG(V9NxcHGZ}s{B}e1t+fOzVsG8+^H_<zwg^1S
zowp+FIH=*5WCMtGs&&&rtqy7#&9#GC9n{KIZ<oJBFk=$JN9@sYfkL#QQcVqC$p23=
zSwza_>|DeF0BBhe4KCnl^S-}F7g~`b2wjOyxUF7($vx+p*p6>7F9(m7o&)7TIzLO?
zfFX^#uc+1i3^J+CT%rxmnY@YA@b~11;&-L`NA}p82C2$^5l)<EvFkdFP5SUh-xD>P
zhBfCxt!@G~$t}j9g*0(6Y-0SP<YqK8A(<O|aqG<C+zC||P5^}(#Y5Of(<w>?rscZ9
zSo0}{YgwjYZUAKaI<NBsXrcN`Oj;WIqhO9Xxye16rIdwM&R>N#IZ`WwqqUUYyD%{N
z!iGg#FetJxBw7oZni&qY5;34vL!lkT4KTdikC9GmgGT#uZu-Xbo1`)9B98DzXIZ(Y
zWK{WAo}4Y1WHR`*B`h@FSR(I!jeM)+ak=c5NUvoo6PL@{RNj5d?rI-(W?O!Q%KC{j
zA?7CJiWvgEF;dh+9<^n`yr}M_nPS(f#D{t@gz|O*4rB3#CE}p%*<R0Y*uv0uOiK}L
zYrkO4@>^;`3yH5=n~aTNWgqWAGYx9XRX5QLra%B+#-;#ZI$p%J%vuHl0BLvq#!A`s
zQy5NtSHv~B^jU&lD38gPW<y6A*pU{w2rJWBd+(0Uj;gbxGAf-NRcA+)DSucyD#y9c
zNrkondc_gE4mmj78kHr+*<yGlH3ra(xV`3yN!ExJ)p;X!-iXGf^F}l*oi}26>F{r5
zd0gIzwy{BS*w?O=Vemc81~o-k?UE|SRTrkHIrCZ+LYM7PkrqjrCthw5tGFFWr<ruZ
zOMEsm7f*P}Yc{fzPw*!1S>&;i4=uj9EFx!w%ct9)3sFgl87`BHkUV9ZdQB@S!Ft}S
z6i0JC+AeKhBYf!ce{|A^vUzvX2fcLEPeYS!NFQvJzNT@>c19+oyd^6o8OT0P5)G{>
zbeER8T+Atw(^BWqB~}?YXX0YwWs^atIQc=brgp5~ZHSv@bjIGuT(NWUgPmFj>py~6
z^=r{fcm;6&az&zQn^e;-^f(KzQ{r@FR88r~sE&-vl#YxdAx+C<l#u$^+L#GJt4Mi<
z$8a7@7NG}M0DmLHW<<g=bEY^v;km6$C#2L}f}*dFOu1W*+$eC9dVG=DyI)ijE24#E
z8uADA71A%6Wthr*=Ipa(<>eeURrdm$>Q=tnP|@0sc*bHLm5sZ<oI)QIl#Tz1bPJOK
z;D{<hKZ&q8u)#W-Tsi)>eb>4qx)r6P{!B_o{dLq|rhHx0pOb?24$zjB4$yXhwga>s
zpsi@Kt<cW8g@ZK}PwZ_hfNb9Gti+RdEg9ryNe?<3L(|gP7<M*>m8G*WEH542sw|Jo
z#?Y#IVrs#ZxjK}Po_ozw2L&H9WIVQj@J23++-QBPtB$oQDIIIou~u7KPKTmI`NOhS
z7U8_-VdB0uy%Z|yn)ru}cIt|T(l)y+AT<TQXh-SDSur=VQlaHcyEM%h@60)wOyFZ<
zx;!fl7W-itOq!#X7bbgp!W(krG-9#)>ZlLMF+{fE^n_Gnh#dj>8+6Ux)Q_FfgHd&>
z`#xruLN98)$fudSjqYc7^8xew;=T;LaJV`c91RYKNDB;~lvX%o{$j=s2d5`;8c(-C
z2(25xR3c!!a6Hxtpi!8lghndrJcS{IR|5!l-w6Z%K?Ep6EpCsamL65If<Ip(Rw#!|
z(wNg>NpYc%G+O9Q24CQ;FEhvEp$>g(b59H+V^&U^<_8CmZga?)h9$sY7ON|?kHU@K
zDM7+FY|%4ajai&VS)>KBMFTaZ?QE~DADA(>*f)KYRs?~8<uVq9vQxvDff@GZt+#+2
z)1?}njp45B(#R-`*ti~HXEyE~Rkt!O5>2*}(xL4roa@_7>#J<OH5a#zJ6|LZ`>Cyc
z8r@bH8V{Uz3m%2ahk7_hE_7$w!st=5U@`=72wg`MAW8C{@p7^7JuQz7LQ(*(GW>%I
z=t_1))Lf1H#Z1F<7K1Y1C1#jpF<#0jTuw284A38mx5@-B+D63pTR0Fm!hKm!QSxKj
zURphBT}oo(<njXdeuXkHptCx$O((V~n|CL+(Mu<`X=q|$dL)3)y8PiKZ!WxP1g?qT
zQ6pfx_ND=z2Yn5k%kwvak>Bt9mpk}pGw%-m>7|2z4NbNdUPYte3|pk|wRKG_hMpc9
z!L(vP>#>5@q8sPk>BX7wX(o;!4T92ojCJhadfLB=NwGl0(%>`BI}HhQnJ*Zz+|=ue
zWG{U44Qk?^wWU}Yhw}xClDXT=+Sr1r)3j@O!FbjgZA?12<^#%vPrqEoGb5Rt@u9lG
zIC`Lk8Q5LhZo|3Wx!ef4uZkp)6^Kv}#sO-(zWDAad4O5IBfH(n3VfBwgG+o%h(Z*u
z`0j1ujC>Z{amfkEbzmV&jKtvi%?WiTn9_Cb1+Eb1>ynlMObHGt6w(<<VF5NIaf(XY
z0yvZ;V2y(nBrQz`YMMu=*E6VupwcGO(1jo|ZQ4lV!nQ8l8o8TA-e&Q-cn1Q5ahPL{
z!n&+MUDhC@LAtC#UDlwA>33O!{+L;V2$xua`S%k0D0=Q`oT2^{)57soMexZT$6+$c
zJ-=$u%^K}0Ds+HCnoQh9Si7@Xi=tvSp1gWe#0<C;{X1tkfKl9lM;G^CjWyV;1Itz;
zH$m5g*qCoDqAjrd1lxz{R&;SMJGpTuH}2%djeR{PbLTG_un8dq+TL2BtTWL_N@OtH
z3|*79nCMv;+YwYHfh{ZWBL%qJE#1^$vn8{a;f^*`!+qJ5wrZqSODI(v+pnKlJoCQ7
zNK$xb-mCoQ?S{Yv&ig7{!$#gzu)(`8TNPgsKN*sWE*6fe>&)Hpj0IjiH}f%5`xH?R
z!9=nobRQ-Td9P`Pl{pN$4I``tYrY(^C}UDM4qU-HRHp?(y@aU=&aJTXDPii2*!T`J
z!@{$gqg0|Xr$Aa@zv+DUQF?Uj^u)TFCBVE`V?pe^IXSK@>+TzFlAcX>A_?549VDq`
z>?Vl~jkR19>@4*|2~5p9d08W`(<U)%ZFV*5dwRz$Zj`erNr7R@6U^k8-EHy4k#jH}
zt;~DZZYMdf!`)Y_v@HmMfQJkT+EHF&&JbzJGD|akMej;ZlJU)em&Jh|-;9o%?6}FY
zd3W5TUOH~Fp~=>)kdP`etjck^VP$j670V^A6$jPuI`a6aMbh}@^)-DHPNuOldLY3w
zUQHfvPxnFH*RAk*xK(E9qgtE_k{WY2nS~|?@OY!Mo~ChV$(dK%mI5V^vLaOfy`d`?
zFY9g{mJSzpxVXc`9WJhDV&M_7GoCHu<W}U_)Da54O+#Edu1dmn;Hz6MKiUX`Vd=nd
z2ZlQ^+=1bWCfkWg_mBInaTkBRFJ&$`+|)P<B{Ki(hZ_;%PC-?(fj-;}-(8%Y?u>s(
zLoQ^^=5`V+Px`?-C1dC8H*=93bgN6W1L1-}xZDUNU5hZJOdJz+A~heMXa-ljt54{}
z_=k#PtF}G09u>$9<-^jDlq93+j^a+a^F<gjz?H?*u$n-|;I`5nR|Qg>;1l~)u(|$Z
z1FM`&x<lsRt0X0ZuonJA8q-gRZV~h<@w3esk2|2P`+4C-1Wf=Xhrwj`*DalalXyfr
zA(f3&F}`_L1J}R|i<@UPWUIII@Bp(CEioL9MISOqninLmj;!w#v~s77K4xjL_Jq(&
zS$eP(tP@DmxSm9#ESZM5a@fOWuhs$ASk?mBg%w-ABP=@&L5}5-gdxYW1+NFatO31g
zR_j6Vw5c5w$70K$VcC6nax80a&RRShmQ5enW9Hqkw8_6wf9su)eduy5R^iLj*;z>K
z)(fg$Kw{exDz0V71bpq5`LLW36Ed&cvtNScY}IyY7nVz01BUxV9DlX?OY!r&Q-M8R
z>m-fcS0Znu`w4c%=Hl;ExYDZByI%IvSp#*V@3MJ!qHn!CX7cIl5`AyU8pvuEW{Ik0
zS?AtpA{rC<dXZT%8igZ^)P7xFgGu3uiaTQCB7nsf=o1ZfxehUy9?5QL!t#SECk=BX
zpYf2rba7ubg?N(7!jl(b@!NGJDaSZo&fNjDqF+WH%0rp)V82w!!K4du>{6In5vDox
zy|HI5Q2YvrNnyEO*lAX?HAq2PnY!nFjb*45ZtadzGR9Fq`b{a*b*vID6HeBeXL$NV
z@amHc9U$I5jS>c~M3HJ39tjD*j9_sS8=@E+;+Day@ZBgQfbZztj@~VscSrB)rK5Kn
znpj!ft*J_C0fp>Z^;Dr&(Xq#VX$^txI7N$SOo!PmqO<a`eK^Z7QW!`i7%<0dyjLmw
z$>@6#xVmhsXs1gU+$9XQY1SnSb~==rDP6+gwP({$g&v0W4ZZiRX6;YdVq3DT*U-0-
z6l*DhS`B3cH2C60hB0Na;FWuQc5=BhE77&|mbllu6;hS$NsF3GT+r48Q;*r-MBP(K
zt>8u*4@hz3rA=S68m{CJjfd)-R65B;<-9w|g<d)`tD%X7<U%6!ZG&zV4U^1I2v8Dm
zrQb>+Y!0kGS}T+-#y*gT(>5td9Qw5l*3N>UO!IoW5uPS~Bc%onyA7S>y1BnB?(ZW+
zX)U9(FPE>nH59hvY}FRm=dq%!w$RmDf%T1`m3dAe_QNumG^@yMj}VjoxxqL@;os?r
zGonEh%33ksn;^Q<?Jo2HBLnB1%q8DAl$T1-pc9N4>Zz!eH#e8p2pE%a9Qq>N%YsF4
za0yQ<<%wGZj85Y~3m@1c>Qi-zOj7`REYsDHl-%X1<KqXoWOFA9!%WDT=4-~HlAXdH
zF}961U_(dJFKG187{|u=B956%EpK&U5O%2)?~<oXuZ0LWYjiOhhP6S0h6u2*5(>XC
z!w~=elJF8NOM-wjkv%3l;tSh%LV1}vqL*3i?Q*bN<fPa*r3Qx_G9!V*lH%eXQ8JC2
z3^2x-US^H~-?<S9Wi{W#AVpT`RMQ+-a+3W1$II~yLlesDv5yLx9?yU9hAny~D=<qa
zg{5y3MX~RwX|%hIEob+j<a*7I${0NYth#5><N`1mJad5O?WfNBu{ea2xV|3?7zmd`
z%mOxxP5SH>NtgS`OI+zN8)wWIn`PqA4Prm8fW?~_d-DZAD7X#LgVYU^jL;9mg+QBQ
z7C;lYF&H8oU@V~*)OC8z-ZKPJc-lMY$qm@ZcP9e6BlK*(*|Q{B#K*(o{r&xbJh$QT
z;OPy#a5xFa@lXbqCDwHqxeH&gu}_%qhxZ@F9>VHAt~~Z}Mtfj%O-5k|J611~G=^Qa
zx8tn_lzG+|HPj%bk7F(%5SD+pE=wpxwm3$9kIsXHQkWv5MJEi}mS$pvH+F-S7li?)
zaiq(JmH=UtAP9kxoHtO%>x-<G10g*R;zI+F^#)^(vk_X&1?h6|vW+k)AlkQ)xWDlN
zxN3dFw4=7@9us|tHHnP63}Ny|nhF|49yZ_iU*0Qy2K;XkdV#5pZIA00dILf^tLNC2
zuqAPWDdt0@w-*L!R-)bz8SoyTM!dYe^*%QagT&men~Y}&He|^7+bEo;*^pFvMU0b@
zw+t|$?vbb#A`uE9pv*0CqOGO)L*V*1;4VKPWNoA#Z4dh@(>okNOfS@nL!T(D0%(t2
zfUb!*j!hyGa7qG?VB!H&3nvR*3NF{tU?J=SiJM>-T?WL4z#oRM)C)LEfgSM|>#pET
zmW<dSj=RPWN{d!}#G6BT?U8Fkwg$#IMzT8lr-JVk4>@Je95$Imn6Fs!J331vHH>n>
zJo~HrnE@Vl2jg&l{N3||gWlk2Ten+0_U5GtUGD06%MakafHq>E6nHCzNgBxk7s&Nc
zO6T-ehdsxDP4BIq1Jsk_O|<wL^rfM_X-3x7p-H8tUEF<65`O<`DjCtn_wHyGhIhsZ
zM?UcSRw+lAGj#(u!W`c&JPQJoV%(ZxO$7j>aAKGK`3Gpwo*3neO5MaRc5=6D>Ev#;
zSEG}>HIz>B)=A!)>vfVhBgq>V&@{plAhJEqUS3+jAB%0u+@YWOq}o~|H?XjR=#r3n
zV`7_O!TZLx$&Rn6i9mJ+xtVOx!$0CMFm;yBOzN-DP)SkXg)O6i<BE2lj`0Btg0^ik
z?^@8wC>ln23R+YM61kbm0XP`Diqw|!7_|6I{WL^xNXp$V1HsP5gnl{dMf+tS_5y;T
z&|vDV+`t4(7`k-W*|M11RAhEKm8~KtBGPc%Y$X;;9loX2Z!Tb>u=u#uPhQKoY}BQ_
z6|9vF?D{5(kI-0X3)Zh|m?zp<zV6EIb<KrX+PtoRogS<4P@C4S)@NX4@MvSBY3z4o
zlWxk|;HlYx591JrOFL5MhPP>p*jh&ZS|lH|!>co9zQ0?kBBu@;D#7eF6)HY3peH^9
z=X*B_KO2h{|3<A|^Hx>@M&8nqP1{UvyztJ2y3XpT`HTjqez=@q6ndrfbDojc?o;S^
zFvhO~zFC97O^%O_UOfG#t=qX?US@!TULd@kbv04o0uGKbf_&akolP+(X_7mH7MTbf
zEsVV1-N`TR!v<#CGgs@12ow@0<vr?+oR&HhZL_6xCfY45p)=9`qnK##NcNw>KHF6Q
zV7KeTWW)P;lIC>~IY6YP%Ts`OPg5(m+&eW3Z*mbhaR%t^i@erkij@rr*SYU>xS_)h
z9d2kDH?(9HVlY}`6*3*Zc1aUZ3BWQJ=~p3dRva5ye^EymHwo^+E%W?JI|LJOIcJ}*
zcz1O>q~*_fQD?7XmM@1k;sVXo0I${!YjArScD?@i`*jR$ZO>>VxGdeW5^?l3GT7JD
zBEtoSBcdQC+~hC|^{7qRD{DGb%pFDQzRCk_&@Y%FS)awpO~itj#zOH={R@*f2&t$(
zN|@?JP-b9bj*RoPVPs=T4~v_O{|vjTz8uzFHLLNBIx>NReKGIaDz)lsV<1^2gRJSG
z;uC*B$4(Mu6qqQ|!ixd$(T_79mLrK_a|a|2&H3lQ)zAHm>Kvh3bQ=20dH!kjQ*Ep>
zn7au>DsO;pAo6WM=kvU60+C71$xr8{E5&zGJqVxdAbsn<{f}q=bAT<s|GtNI)DOLH
z{yyMWx^&p<vZJoNN~L471si$3hk&AVh|}r{b_3Nfvh>pO8BiUwp?QPV;RsGow_1(I
zGk4Ci#|_{yIJvxd|KhsjV>JRmBXe${&;3xyE5!YrU?c{g8#Br9gLr*4XMuf@%2U|-
zYMJ;LnGBLg%O?`!VsbssH59^G*THqR@ZMKjKbsJ@xFM-Iu|jdeSQ&8~ZI<F})MoHi
zV+_$iJnwSalG{+mPCN^jJP_#$Gjd1nIGhF~cjO}|M=#P(Cq#_U4wF`XA3ZEe`$z65
za>=l48ECyyvx?Z@%H;o8ndMKtWN`OgjMn($a6VrKUh*)caMIpr2`3Z}C+^Dihp{*9
zvuHd6WIRSsq#+zZpB5F+T_4ORPZXr81eFzF|IQ0aLA}XA{^Ie#U`%u_tQpjK$=E4Z
z=hrt{jsQGUVV9TQ^ZJv-9f!>$^9WCP#Bd&32=vKWfTwi_xIOohSoh{D@BEY^c@ks2
zKp0xV=3WF)bME@5EUpmRZ24^Q{Ng?yl=bOK3{!T(^+fB!9b1vCP(SmUp&|)v6ur82
zTD6KDf~{eAMVNESIb9vlqAE*@u~I*`0pJ7QT`_1y7OzmN*mgaV*_`_?j(95fK=d-A
z(6nl2FxHJq<UF2*VeINofbb)1GAfXqbAd{v<&#&ZZ6Vc6+1^PRY`s&EB!HT3TefZ6
zw!3V*%eHOXR+qbM+qP}n#;M*jbK{<v^N{(R5&4k#*ZP(+YoP5AehH^eB*5sSvXu$A
zoa4Ci6x_eLh>Mygen$yHJJS8tS5puT`%RgOG|Mhd@NA3$^lfk%j%Y;M5jzLOL)p+b
zdLwP$yQc|Z7E_!jSKd6k$BrWO$`>J<IwC3q8oR@;kxPN8sIbLdlC%md7XJ~_0~rSJ
z;PMp(T)e52-xA@Jl14OUup9I?9`qBli)f5c5IWJd5rdlAl&)^;bCS*pn2Knqpp5*?
zUVzNDgvyW`i)$Y{Ztk&dXsjr{sOY_2_iWNP{KtQI2fp1%r-ax;bWc+&FKPdLHMyq5
z3dK_ITrdve%uv**2j{B&1!(k-@%O!{WJJG`e2!CxVFhRLBT+&C^LFhL$CDgJ;)eG<
z!QSqxF%ZA=+tcL;++jYjCmRp@<vZ{i&iyzvL_D==77@|{kS}u`YRvQ4NKBbAq|git
z1Q9!1Q_QpGGI+;!PQ3AoCHObIa!gYPCWYMS+pCe)Zh^xT+N<qb7)HGLb9(~`CsBhC
zbH6>^R!F79*^uQVARwq`(a(kg>!<VuEDyJ9hQTkFnhOIMPBoyQT@Hc!uv3k9xWIs+
z3=Y~EnLB*zxvM~J;1_m*=Y4K1dV!(KzaR1E-MlM-@4`e^dyOP(IUqIZZp$xg&<=F6
zI9Jqf<i#PAXDoWKIVOdDJS?x=T|Z%Y-zX^z8{xlZkv#&cOwID_LN)(V>OA?sT$fJo
zVJwy}n)terJ7&i-<2eX~4`-K(ba9NzTBt}UMa%8{%pxb5X6bShhs?u?)WHjesb0G6
z@6uvfX<|7Aw<#6cX$}RMjqQl601qVVxHvv(1UAYhvwv?uOP8g`9l`)4z=xVzt$Gk)
zsbe;li4uM5Mv7MEAO8;;v91w5X8!r$52NK9?L~)z{P9iWEU{NijG_$oGYFz+$*3cb
zXk+D~+~BY{rH{5{YCe+S*5xo+=^;x!<71##qNOfMt)aQ7amAo;&gN#wCb~K|xT^U9
zKc#FfY}5U=QL6+q^W2m&`gzrk(HXd1Wto&T)js_IO&8TndFPg!vic2q)zfJoQaGH6
zxNl#Gq_UGYPPTS<aN^+L#L0;l8%&Z?O-nA8D)SI&iae>;aJSnYl&>0FBSo=Bic(4Q
zTWI!fPJeOi&Y2t~8K%9ojp8t7eF<2jw(NZ4u)N|pBR9Gp4Kk}e&=*_OhjMbrjOzb?
zKIiE=XzN-&rvZ=}wszS#T1uJU6;bG7vq=nW!tNJHQeWb2z4Tx-G+$4|lma*B7XP``
z!_BGw=QeHta0|Eb^I!MBvp8@wZcC+^0gO#Ea<`e~C|!tI;?vm($+3uq-#|15+k}UG
z0&_^&wC}8O$;?=YLYW18o&L%1!;+T2NzMk8Yaex#wRI2(OI1Xlwxs?2n&qz^N=g`e
zahV!Ym^352sn{X0+PfNDy_pE&k4B|R2B|p2T5Sgym%-j+yCubEZT40&zY8>g8t`fr
zO0k=1G~P9Jwx<>}8g>Dp*BhLgV*JNViK2sAJwnVwpu$!g1U{|zN+}{Nn_Ip5jPu+M
zeeO0p+uHb6Llh|<$P6J3<no82g6dY@qx(46&46zUj@ye@g_p1>p}bu)sl!_{6Qh%>
z4>6h|RyHs-8^*H2^to%hLmC@5J$N*AVFf4<&L@O?^O0gHN|EI-%69TNXL{;#LY~l{
zclRc!a4hxx#Rakovz^P<Wb+p#8o0t$4RyJd2uer*X!|(r8M*&mli`+}YpP1CEBo6X
zFDUC5{#eiB$bSlPg^XnPEm}6Q&?IweD;UD6QVKTsOA}@v(bcz%Kibd~w>H~}ecM@+
z=lH(?Wp(NUX0|DmGhv}J9YU@AYDdW=Uv1L9<;!7ASQ)!9c^Tzw^}x2IJCkIQ{DNQ{
zvLxA>@U>INp+APGv#}RDp+}WL@~}wD$ukUaj+rw72eH&h1$5eGAVtx}L1xWbDCxy@
z*&D^>N5*sfiQ2j+`GX5k2((mmP{1$<M*@~#7uPb9?{eVvFaWcec8B)r;Y@`x7~rEV
z{t4+{B#ey?M{nl;-3N*}<_dJY5SkIF!SwvcPAUQXW0J@GugccO`;e2NIt+>bjngYJ
z-6Pdn1VujXcW1z>Y%sp`G3k<f_|Fkqs=|=_Yr$%G{|?DhJ4WN*5&A`(N$cnsFZd+6
zD143)CiMyew7cviVQvBdlpua))iEiUq%>rW`%qBn6vQH1z}j;Blp&KsH&sApFEMMt
z7nvh9^Z>Ww{J&4o3(K;4xEfP&;Zr7lQ%u7bjchj|Gc&vKOVAIu*2EIgO^-b<^nDP<
ziA~DfDWd8B8Css+VEJHmDflC<d?LeV5$HWY=@rC#QVt?P!gCQP7z!hKv`Glu=`@m?
zH;VoUoOlXg-PnL%rSe7&uE%by0~yq1y$2vo3Orjp&#=W@rP-LXSCurfv9V&|Q8-G1
z`**=ywT$Jps)<!84<2nzx13YgG=s`GAEv$1gxA5;DmdR)8C;%Am~9CNi3+vhqEy5h
zJL`Id*U_8Zp8rO?Q|*dFyEVRZJB=`_UG)rCoz8%=!v;CS9}R;s8XJd49!eq$=>tQ$
z@7@2t+0LA0DGgLkqP!n8f#-;yYo}ii5mDZu5x?X(awm#+04aSqENp1vd9r71kk-O1
zTY_TPiC24zZ}~0?k7Oh{v=jy^Xz6s&pP5lP?|^+Ej>%>Y?B0FywSgpl7%c}00$z@e
zp6_nG553p9Z*_fjnfgJ5Z{#aB8GRBXAy&xkwIV$%MsmujJjZqX6(R=FZWqKB{`9PS
zPz#n^vUlnZ+-I6WiLAMf0Sh#TISYzF{o9`()jYX3HVRMp-k2S$>@6!|I{$7AJKE@x
zrfY~=7fcJLm=-q^5V3=c$p<HlEkhxYF`JlWKjkFGa-KA2|3%|$MMQH);p{_ZmGPkh
z6E-mYRrl#Kj+Ct>sk)G^zk~)Y2pAorrnE>OeeXTf(mX0SDdA#VBDX%I3kLPuMY@U6
z(^_It>8_Oa!K&bcRc3VQxZb+LeA0y_Q<ek~+JOF6m2RV0cf-VK$t`aVkJ%Mk=_X=^
zS2$`4kiiqW1fSNMUG^6{g1$vBx)<fVfRd%k6g{glQd~uGN_y+r_4r7qR(fWI!9O@5
zz0v?1oHXFlRDR9+jZizxg*qM|)$It$W^_dh;FpZKE``G{tZ6)I$$c90%*EniCOJ<Z
zeGvT!7a%8|I%rCf_%w%Jbg*i=0UW)sL9!U~C3#X!A8B`2TGHcK>9n;vf<?_KV`72L
z=o_a>Qguj~<xaj>74@~0+y#f@N{~XFj~l5vKosu9w$czI+=a8;6t-nJ3uk$1wM`cH
zM(i5cQ@Yh)Z5=TK=bkc~D%_egKb0zvc1dFpW-^7BK|EY^4n1tTjfKZ}qEln#6izuY
zdjJ4URT4u4Vcj2=VVEM#T-GBHdt<o8dzJJ#%hZ6ot9N0IXV*OD%BbsJ8tC17(B|5d
zV*Bi1e{DxQsp0^Fmoxw6H>Yo2*yIn$Fuz2U#W8KL?2M85up8Soz$nw7G2Zq+AcKfb
z%v?&4_Pudq+gIv%{B<;?fzCMlHxG9~7JWX-x?Ull_0`SwDA5B@&J*^co&YyXy)Mxl
zt<Hv?VopRHbhnSVvymV1eEdnktZEo%c2-ttD+~Xx0psSppZ}0J^xD8s?&?tQz1Z$H
zy+dE^!y;I~`+JMm8YrdhIEhHHWE?qQ89$i>zBw>sKI~YsnCUUf{)nG(F1XO*N%xai
z!|U?dW|g>XyiZjx^XDl>w;}LnPj&c(`+f^&C?=Nczx7SfV=vK3Pv^>T`38<1L9_UT
zAd#^mFQy+m*=Lr4L-`@lI!Dyl{aF~q;7=o;J=ojsS%jE;YOqboS!v4M<Kp*Ad1xDG
zZb`2dl=9C?NOEE@j?>Rfu%@2AZtQ?}-97yb=Iv<SS+(As?L?EYJnG$)M7UDrZNgWh
zxEdazYwV@+Zf%(#vPvp7qwr*PFQ~8ZP?_`ipr+K=9p&n)BQNe>kCvTt+YX0(XT7Ub
zoo?)(iO{MnLTgmao<L;QINOoTQ<OqxTbvj-wk~rHeO*ofNVnz;9t(MM5gK0M%*&uh
zY4xm^7h!onFJ4`*02qH0gt2>`>_;~9ynfkTfNsLIaYJ;cUg?U)HFvk%<&#oJ95EI~
zd{FW$)eoZG`65F)bxsK@x-U87DQjxVnktY?sva*GV`DRgEU{7>u=yclLzHUj;$4Wf
z5+aE;<ISOCHO2H^>RDpZfP{RgZG-i7F=Pyp@*yMu<1)V-_U=~vZWID0N#mR-RD<3*
zpMlc#p?ygMf;l_&t7*rO$#BwpN+#HHuNnBHWex<HgZ|74(!tz$)@#+x6L^(!eT8^9
zc(N7i_3z-1Yl1h>po%P3R*1erw95(^l4feUg*c63+2_im)i!>RGdKbSa)*h`9QssJ
z;09YLazQl~$TJ_F=gV`l&iSuK{5;?$T=bfN>rrKz(hK{=A?YlnG*@f70A4R6(4vTE
z`PpO*(S|~vX4RLx<s?fVnc-YT`%b%kT1KHuL`az7C?x6_?G@gwfyw&>TA`qd+1L?a
zIw8Dmr4yV6Z)~Q$RwNt!jrV0_RS1p9gainWoQ83i(NG{@)B8~Yv9Hk6WqZD{;d5qD
z;}^s)_|VaI>`~x1(%VOAE>7ZO@F=rg#bQs23dFE7)CWJUi0{WdYFft-;>MqSHU1G8
zvqikN(IMhWE80PGEdw}w&~dWaBW^H%D85cmug?-49o%P0!%q_il#}Tsq(e=<7R-+9
zNy8P?D>&OqXo9)vo!rEe!AE+5valo|j?#nu>bFKOC4m=m8pgM=)o|<aQ+f+IwM%b{
zqgRV&YML$+Z^{{P5wNsPVc=P^xD5x+oBK}S=|nN|B8Ted6Kx;lCgD?IW(qO!C=<Y)
zj%DQz0$8p|2IGVZl=eoqYl4AzqYV-NP^+s8H>V!kzWKci3A?Nnt~+@#7|}q>!Ep|F
zKE&)1MI=u66x2g&&h!QUIZzk#Hf%CD>8j1<^Tmz9-%})mld7|~9PMz&M&2$9{*nRP
z-U*<41SM>`hoPmG+qLWO@trAnNSua~XcMP$9E&d;VUV^hzQmP+@glE9iOEQT7R$z?
zaMg`U?TN3!$hNUx>h$g?<8@Z^B%@|<tnMcQX2Vidoi}sE)^gG8vEcB~5;t45GH&|$
zEIB+fc|~3hRqKzc%)r`u!TbRL+C7@XRKztL980XzAd#raM5ZclI(D}|)6eNcZe+>E
z?U4+NH|!9fgCCXuc%g*s8>1|m9<qvv7S|ruJ?V7Jrn6AP^a)5K6abXZNSE4sWtKR4
z8-6R-Rjxi-Dq7cq5P_2{OU<C}AO|Cy<kvYVX#BiwvB7_RKNK`*0^p9d4|9`Aj+NA|
zA$h_Xhm6VbdqD`$oU8B9X;jRRpzyZnW(}tLH3#0Pd#UyWAt&baQQwR7PHQAXRhD#w
zLRGjb?pA7`Tw8SeH~E~sp$ypxB1t{We~~{S`Ak*54w84_;v3&++vp&tvKoXj2K`OA
z6F_rez-a{FLbS}Hu`kwM2-tnvjXg5_)m#lQ<*Un!*@3{jBZY0uaI~cr@4G*Rp7vJg
zZ2z!mx%${9mF)HE8v`D&PG*w1_xoq^fkzv+@9#HGb0cnXAL3{pwhA+X?c<=<ntB!z
z9hy(44xwY1X-8LbD#n(}s?Bhff#@m7)?y*@%(0Jy`)!e#iq@C{4)v<bML-bG{7|{X
zm338C=g^BiCL%Vzzp#~g6=~B=&cOxbVac2iqK?0Ua;Oty5<0toD!(R~4Op8r(|8Bz
zoXGCZR8TFmK24^pX<td|@ED`sYnwENbu@+3&LSQCy+|OHU673kgi$!gak@h^GQn>q
zDJFhgYYim;oqb^R(>E)!4`Nn8^(aJDPI4B=YhV_{LJaukh&=;}#<oYVW%r@KbE+FV
zz5`&ZC$|Zt{+SQ3mhHV`xl6#zBOtNAVz1Z6*`ow@z#MaS?KQBr%mn@YVPkoCSX->_
zLFFl4<b(jjFL=<3shQEFlPi++5Sk;>-I{?OZZqfS{OQmIf**z%Vn&ZLmhSsKLHYpO
znHAl(pY(kvs*_i}cO6?C#jF;VtN}7$0cSPkMH@D0)66BzZ9#%<cWa_CNAUCNrh*uI
zxsaMs3lttOMyCnUb!pSk7kBNHG_gt-iu=#+^on`A^`U=l4~!1%+rXwSSw*vkC$);p
zO>c-CBxI+@MdY^<$cG|7a)YuEomU8Bb|P0Zz^hd;Rki;nvqPpd!h43z#f{^Etz)3e
zgvrsoXk>(J1|kDPpa0@)`ZL||NK;fy0JVKJL_ihghxo{s8Av(Xqd8NA)kJwp^lZYd
zv3wYeMuGIDc$H-)eK}O?=>0UFX?YA{mlT)9A}Qfg8IGz?T_?!Q;a=EUhJ-)43{)N@
z;+nA{i@a`bfFG%Scx!1eSx-mHv%V4ykkHT*{UWE{6`%@yER9U(8$s@R??#}2D%r;0
zSXjiQx#!doX304`G4>PA>F_ZO#`T5jFO5CrXS|;%nnp4*J)A#y6~OcNG5ai8sUg;l
z^aykH5en)V(l50|@l(NFD)HkYmH12Ylb!fWGCOW4a-`lxM;fm3_^w?RZSALH4^kbx
zI=y5>YLL~8MsL5#NZ0B&zX9$Z{UTvKa7H1lS7CR14W#D;$WSJU4p7kF?Q8Mz-U6hz
zvL<j)Q~kTVxp@2p9dQXANrOgO!SSe(BB;tKl}A&sqQfI7@SCm(S!b_4zSXTyN~b<P
z+be+GogU@sHZ@h`z)I!S>D`f#in3PK*a0!&ua#1vEh(uw@lYxD@cDXqPT{3i4gX~!
zeD*_LBHs^wDDoft(27FF(GU~9+E_z(eMaVdpE#QV4|aHM>U8ktK{~x}aH?Kv+ZcnL
z%=U2lJTboe9Bx>L?EC!&k_J2O_n*hsJbB&svH-qNxauM~3Y$qcN37uS!9fjToe?DB
z{P>+-{3j6@xmxZ8@=`xEDLq9}6`@uo_w|Ji=DzYNHv^SnS6j+Os{<KRGu)Gc!}S47
z-jNb1;r3E%TMz7zj><+uJ!bfGP(SL912J`!%4Hi*`nyV24RD02u+W)j9QyE;GnU|$
zfxz}Q2V#91mYmjoZb7avUUsG4=stuhC*EJRl#Dr55y?nLA07~M9Wt)`<*)e(%&AzM
zVo3(c6=zC)0GF@VEBw{4+~T%IReYT<y|V5RkF7@!=lha3P&*%o5yFeb$T{`X88Uf}
zE6SVDR%PpPFMVqx(XudXFjBiEa>nr9SHRM677d&~wWzF22*?6RK4+HA?GV7k;iKc;
zpa5DM8OiRQdEH3gL|2k#)b$Li@Fr_#hIGho+0Ulm`dXpx)bblYRVMmAF(d(J{f=x^
zlq<R@l#!>}difJ05S5}tL?@;I>DT@-hzcYbPea#i>G>6!M)f2XV1>tn;-f+HJ)zoJ
zCbQy(U8UK6(3O`ridXJs&=oicGfdVrf1{^sbPE^S42^cUgN$bB6Kn!GEx(%1q!jDo
zx(yd$+enJJSO~)AurODAlMd9N_m+Ste$k*cFrrOSjN0`X@Rk)Cv2`F5bELNC#RIk>
zK`Q7Z&MygMvDF>C6!VemaWx8)F`9m5z^||%Y57^KmI?KXD4`8nC>$3kZ#z!5PYM4h
zgIebSk$1cOK9kUQ=LyZjmvtAXvpX}jBw0;8MJ{tea@vukYAMZ~!rV^a2IHcC=;tMX
zHMkjdhSjh=jpdcK%-}ia4U{Ygg_F#s%F?oihStHF2UTUXsmo#B14Kt+(?Pn?X>!BU
zIpeda1*4PLxQ_U5h}de9pwP<bz`WFWR6RLqTqGt_SxQ8AiguQ>1Ux1niDO#7i}>+;
zT+q*}w7`ftMsTtsLpZJ@0;R8-34eQ)D9Q8|TN(P`l|#c<c<j$HRM?_p7PxFJcFgGp
zE9;H#TwKsh;)G3gN`D8ogA5xnqpAOpq2&tDGR)2YgM<dLbydeGKiygd*alXK1lgHB
z=qYcWb!8qW(9_(RU-WUzscwJ5*z)OhNn3E=^zHtv!LxAS5YaMtDQfP<y+&ek;}l}<
z$N-gJQE3+l_q2;o#T<@{2wPDqyst&BK>l)OwxqS^PN^id9X7D-vq>Ak9hXIJHDr`K
ziW#KJ<F?gHT)-XQ-{FN#>@cj&7l-j`sG-OpY^23Zi-+%cM5}RZTVRt3axtgI0xO6U
zK^}M=3gNn*V_Q<q_gHr^l>WvU0=w$ogOXs<tHpWUa?8C0YP}Y8O|zH|+2L;O=)nx*
zxWF6jUp$(bGkxH^OXk5K=5th&`9|Y!<I&;1_fFU<TkwN8)k?3qRoT>V;QHih$jprq
z!__4ZY9@?WD%OEei}97&1X!Np%>aC^8^wvINd?K&&yN)5e9QgQzzz4;|G8a?O|d0U
zU)c9H?1W@EA*NCNmn%Iw5bfm}4^dkqG;>ul-9*bJ7Z<L`+B6z6AH6zGfv_HKTv_j!
z)NFK6N}bk(#^_MJvOmQgp_5%%pb~D@+0FtQ5F#bgY;G0U=NeMFRxqvN-d*x}D72N~
zublJv7?6!*dMFAd&Uk?W6eUGPu&31&yG;(xO%p8wpxL-E?q3jpp|c@5^R<mFnuD-+
zWHq&$7$c`&*Cs&#iPVZZ0AX1NU99NT?QSPGLKQBF9F2hD!B>VfYwSui`4R+}&;Rbt
zH1D#&0Ci+7lcZY2^Xu>rCbRKsn`PWupuHiVRwrVq50LDO$AWhyY+~L=4_Gc$@p$!*
zL>b+;VE@&$Wff%Sxc64Kx5)MuGu>8TyPoR$MIW1dG<fH{>Z%@!N)Mc_8$+`#8sn_}
zCp|!bJyLw#xW=8;2TkbPZ+_BRVT8J^Mn*}OK9%+lNO4*=TLOCer2BL~{+RbJq2Ob-
zM(Imf?Ksg3#7z2fKy^s^lxq>yypBI$Yo`SefeDDiz|dn8mquA+nO6K@K4kU+dQqrM
zKy3wXrh=|9Gfr2F^TsQYyErmgc}otoTbQA3?}xXn$cAS=*g}+3ol2`m+$zY_N9|#b
zNKSU1tQlJH_$kaAi~#^#IShFn>>0KnAP(x)fk(~*fAM8euF$z+{%;i6et2r5jH?O7
zqpErg8eH$q+2tR6TTD0d&Utn@288dNDuK@3anb}p0fxr{#A<mfi79Y?`A3KGC8n`>
zZtoz#{isiO1^<4S>+KF9(@LZ_L&?&QMCodx4)Gha0kG@kliq{1CEsm48FF{^uqV5?
z43`p5jBLc~hktL*d8#&0q=_>zVA=PAQHCyOiR85Xb@GdC<i9Cia*+&r^(1xEbVdNB
zzvjz#0r63S_=#{;uYOfYrj&7zspD=YMwvEVB{mE(cxL)wgkDz7yV}><HXxg7B1j`p
z8`Ht%Ws5G}x0?z`LD<08VC$QsTzp~vg~z`j6~gl2Bx{-PH0+wEF-?=|dW2HaJO}ST
zhXl##a+_MwTl#uMVI%R_7)Ut^?Rtx168eCw!kpsCh+7ZuN``ukfGmfR{V6lx7AE8h
zt{*(Wk`a`3#z3(ax)Df<Ww0?l3M!$|Ta^M~5IC<TtcY~cuLbmKl3Cbnxglenfvnb>
z?X&R(+I>g`l`=|$5^7ivsEfK8b1@|#UI|lOJ7x59RWLH0OZKyas$cu^ESnIThKP(N
zHJfZq@+>qXL^ln>GU%wBl~(PQEwHgRdSGYLG|99LK##ViE(%Us|JsMVDM>>QE1^nc
zyJopZ6U!q9?-suaDW633y~%i2pjoFHTwP|?N?`w@R;q49I8^-w)`&}2;uy}LC3%cA
z+lR!J8YXs$l((SLlzzg+kWP=AcF}XN_EUL0C;&@j%Tn||V=-3(>9c0kV%8d83Xrgj
z5!epFwTvvzsQ18@F?4~7wcDfXTbmru1d)OkQPuaPtb3*4USY=Rp(vOx7#D9C!m?WO
zH!kONW6hjw+@UK2f$)WyuPku^I-9WLV$S+u8BI7m+$%t!QmV&cjxFuG1tDfpbfeBr
zo6n?K5}<6PLBy5|X|oGiCxbYH9PRh1ZirPkYcbaR%o2ucpw}!;>5p?56`Um&D|x#_
z>e+C$Muf*GfV@+>B-bTCL!ib$yY0y-Y_SlqU>`>vb)9pm_Gi8woK%9*!x74i203vI
zdo@TWpdG~gkH#DJWS{0nb+}f?4GFFBx-SM>sI=U=*~B7ggI<G7fMb#vG>cKqx;q30
z=ySQgl&o~1?lhSb>!2WvEH%@?01W(8zFqE)8kr%7r9Mc>xaSdCHPy4kKY{FOx(&XN
zh#TA$I%01;uxekky4wDrW8kBQ#AcE{CxW+l^pL!N0dH`wfV&>%`!YC9{et`v$!j5q
zqmn6WIft4;Jo)orrn}&8uJC*8ViA91MTPCsL#mD$a&_}9HZK$0jmU)U0V^7C`+HV5
zZ@H@Kz%Zz9RlUD^Ub?{QYwZ(eP0Qoki30_4Dzc!_r46Z(M-|iD`23Y!@8Z60=sLa2
zRTMk;jS<>4ElN1V>AYjfV~EHv>@~`m4ZQL9b`uM`ik`B2->P=TRhujtZ=18Tc}Dq<
zz2VGt6Xk6ZnpKH8UV_ASgpBz;##Wx^w1s&o4KD>&gQ)JhX3U=vRVpV9jIatAIL%?H
zFc^WY0c^Kr<pwl}a71T`GdV_ICYI!;FcLKo(NqFMF(FqHr+-fkt-^6VA*{I`ax6I`
zFo~Lzayt@H$lw0Mwt)HZu5uZ9cIgm|Q9*{fWO4zV-0~7Lh8#Yy-gf%?J)FqTz`ir?
z5aB$qEfDK3sp!#tt5$5ph|_m_(sYBwXP<yNkrxiS1MB|VCw{h_ESJ-1ky(mp5+89I
zd-6^!LD+s@aP~?~1=d_uJe_miDrVV=WMRUk4Bs;7Bzr+XHPcn2upt09{v<MfE*N~f
z%%{MhtKYmZ8%wGq$0kze+T*IYmG!-fHBJq(V&@f|K`~3GX4%6c=PTj(8Fyq4N@WFk
zIq|-cea_g><QsZJ2Ci*UX{}yF)`mqw3qu|}z4?H{{q<4^7RTP^06CUQHi);e-tb`N
z#r(A^r00b(B5b`=H`?^LtcFcVF&XCikhrY(C8e0y`!tZ{(d9?Ewpsz`v2ZtBPjd4Q
zeM6e7T1V_hf5x@@BNJv(#)7z=yg#`TkJX0=cI#Opn;4;fZ5ux(P4Q&WWX@Zf7Jr3g
z9Q2W#7lL0i<68mQT%rJk<f^YFNMMj?(x!FfiLRtwtaPeiZ+C@A)?EDnzM{TQNV+cA
z77wOq(`!GO#ppzU0L8Ag6^iBH-%!(oDlMX1o=Oq%uDVTBUHJ<O2xVMlRm`r#%xG@6
z8&NLG|Cs+0q~imCP4IXREh)h)VzeefSvvLm!#ELt>wn09%4wKXT1HAQU;VviUos;0
zb}L}3;RK_N1aXoa^aXqNHQ!Jwr;CTd?@7jdw_38^8b{_UsPVS<kW8naV6PtOsqLCz
zge3{c$4~(+x;D&jdkTMZ4i}xJwK?bcx0MU?lmca-OG}wtS{nWR3!Q!m0=(utMdk?~
zsNe~2xVY0DX>%14wx1yZ^b#wPa639V=t9%<F&)I$Iob%wd(#yNAlDp5*QHhwXB&lV
ztp!8FKeb-JZ4^>6q-olR;RAp!?1bAeadS>?gnyiFp1f2zITn^xO%%_AblCC?aOUPL
zRw&M9QaHg?i*%ZUqsPXA(cgxq4+6c+H%<1K^>m(_%gD_3?Ow&cx|UQUT2q@wXc+`j
z=LCoiAxiz(gLPN$yeh=@jd^r+Q^e28Pr{Ge?80#qDbCGsQlUEB4{LeLaGk0w?on3i
zWY_xfuu5VjoR!c6Mf+t#9BSsJdi{3-?ZExG7;M?D;31E5{<|S$>kvo>9C*y)f9tkJ
zb!yx(9eaPZTH*xPtQ&SY-tA`KRbZ2&@PI1W=^=l7?j1zqZA?mUQm<V`RNL{BWAILO
zb7(<-?>bG3pqI!B^&35O$Lt^CGy$mv^fAx3TYArb*>~gdJIN#rfHS2|6~E`s7g*uh
z^oVxV9ysDEn`PS<JMe<G&qa7)vQ7JBqw3d=fhn~TNvTH}lWQ0}+yyfaosgRIdq(Nd
zFpV0SG{WI6XJ#0u%|_BH1RA@hn?BS%9aV^&=&e5Z^O^*JOJxefKQ?bcu8vw6Gmcp)
zWo3hwx64AAQzKVI9otR`K|z4(r-UTIY=QXeMyAOA#CS)0S=$M)GjWJhx8_Lg6{}}w
z%@Rj3*AUT)MJeHe>FH#UQB$&lf2!~!ouuuuN85<+_-se-t7ep$;VLBV#R}7y`r(U3
zx<5NBa2DvMs(gY)<$_TT2`=i$S?=Hq=|wL^HEFCfL&T{4H${zf5xsSY7Pjdg<_a`{
zMFpB)xys{M2SFhBP%VwX)YbLbE;n_7sVYT*se^O9QsZAPQ1p~Il%P5rIO<h-aP3QE
zGeFAD9Os0vEUmzVn_$^HBEXqE^2280;oQ1Gh{XpDsEOl9?V5HJFy>qUSN1(e7taj2
z9Fjl3uS57G?-B`*Bwo!=Wj6BIUrS(L5dYpHKIPNXd+?-@-XBSynxDo=g=)L~JbRzU
zMT*p4jy;KgIXd9$)^JY$Z7PPl`IqATsQRxIZ_~8rxuXO)^bbbsrk?ydHDQd*z87Zt
zKmemy*rhZEwhMDKqgQrplH=CA2eiWlxg&hl2R_n+gx9v}9(Y$7p2;vBi;KdOBD{({
zF%#&HBMRLI*8s|c!uFHn9Wk^_5W^Z@P->|e_4-@$3eewC(bAJ-FM(gp>0sW>n<tcT
zIx9}<dET>koD&v&C0$_G>h}$FrW@47E~<h#q}yRy2)*wa5xtvBl)S3l642g@68GWK
zG`h5*VQsN43KkM^=-jjWFUgy>eH;ywMEs=7zhMVzY|&=SHWQk;+a6gzpN)yULHT@B
zF*iY>7EN<*kmd>vXec=}Wgf)J{?u`WR;qs`4>B!);gTj5J;<m)KKJJfd2%Ph^>LI0
zHIT*<vT9kO%Qj$PvFWdesUR&Hka;n81b30y_n!GmI`#?Gha_k>Q!GKpeW{-N?I>LB
zd7dlaKwmk@va`PLO?b~7dExJPRRtT%CPNw`wV=qs1A|~rc-e&%;uw$xi`j21tj}mO
zOm3O3|7bClekO2%qgU0AT)^bFM?^KaGJ`KBTCm!{i8MA%i*d9a0S_Ta@8s;H4#&Gx
zuvd2N(kb!DmkLk8xOf197&Q8}R&P76QZf2Sqvgcs?@*N+=GIY}R_4<w=UlM~5LrhK
z=@Lx|=Hl$3uUuNyQ%mLbk7KD*OXC$z0ayihZq}U_rc3lhwbr9KOHh}fJg+J4BU!Up
zOk3-bC!pi27A)1j2kw5pF1E<c9aQx3tB(@7920jKW;Q+wqmGdyxI+c}u5I<zqr$LQ
zq^;4hSr8F8^#UG0+I$5&J7i3h(@nMANg>KrpCmf0Z7xEY8Q>>t^Czk|V1W`tGZ$8K
zhb0Rpr@9K0nbD?c68K|QGVUDK`ylQjg`9$~%xRuR{2CQ{Q55-JMmdnEJr&-8K&@hd
zH2EtB3fN4fJBlZ%k!|o!cAQ?tp(cwc37%>(M+^F^&C@_p_?-HJrF<2ukf5^f{jhQ{
z*O#^rUvd;f>=Q#mJNP`2Ga{^lHBv145V^NpZmwRW!yAhfMmwBnk>On#`hQt28~@94
z2`150N?rhhT5UWl6{^fPjQyO$V){+4&=5A{l(tF4MUB56S|3!51Wbz#jc;lZY>N^c
zw@3=D@`XPpZuEDpO)S53JwN5je%+=aO0qdO{#^b{Ek<#9)>^}CqlqR@Q3$^OE#%dz
z;{S49perM9)k9wTy)k5VBGK(-g3@`Qt2WN-6UVbPTB?eg2RgSZ<I1e$G#9k@0-DIu
zJSG4+7kQHxpllj${fwmPFF`XG?MOq-c$Cox>l3w=r`i*>Pl|}^e@<`WbR<ICY$snT
zQT>zuOME%<{Ezrz{%EkwdE1QTx0k0r4<65N>Q#7<z-I#JUijB1kQwbjXCAo2ky5-5
zK+}KKQxSpq=vj^;#pZX4ysTn;P}u&xV{Svf$iX08^R50*yf;%2aLXV2ANg}s1I7d^
zq_6bT?k&@2Ifh-heGA71(DcNB0HO_p_cXC2{42pGbSNE1CuOxoTdELNmXwq9{QL~e
z1x$c-;{wwW_b%6Fk=@@wTtK-&F%1YvY@e(RklJSwQ_L%UpBcBE|Ifn3x!m%M4$r7n
z?;IH568eQ!ZIZFf{L9Yx2HX71Y{i;ljrOF`+5e8Xa9*=`c4^GA+eDz7cGlREwl@M#
z>-mjGm8*glYvPAvkY~t$lG>4}++C>7-v!&t7$!3AUA<HtBVvzjGVq*3(^e<9W_0!#
zHlQ@4^aRPSIh-Z1?<$mCsVh2k>O)iD(wA}{h0=;Tq=71PsY_Wiu)i8o8NLAD*~o<T
zvaTLDe8m=k+((c>mzB#xgw3bxi+J4vq4&38tvZgy;kX9+?wt@CmU{f28Ld{UcE?cf
z_|3n)p{+wqB-3Yq0_{E>AX2jp04$zBOaP7m7Y$77MZjJnw@8Xa2zbG01-%Lo9}QnL
z=92va2r#)3-p7!r(15w1*VEr8s~?-zri@*aM~u0s_b`)Iyzs&qwQ7t~)e(-Z@f%~n
z6na+Pd|=KJ@O+?#R202HUmZJtG)|qW0;Du2sVUU>BwUUesFsEk<eU#SP|Nl$gjQNU
z2sMr=_`1;v3>+f{U$F!(^ft0W7LL3jIowu-!Yfg5u_af^TafK;Ly2Pp0WcA*_rZs3
zzW^!KVeAyz=V1ASfBr2-;n4Z#rWuL2wea@ZADN2LN9*F@wZw~*`Lytx6$zoecaCBe
zYmbL7>c4knaEh?8KpxE>nr@f?Mm^DF=m3JjYQfp5%%Ye~-`RX<;C4x>uA#YL=tI*$
zt<W+bR%z!ZpW{<om_ih?Zoe#WW{(+hgEy(R2L3gEIeV?c@Cqepd5QU9&@+67pm&BC
zTFL-6AglAjOO|n*{QR)2!*j$!3X(B$1nwtolue^fedydlN(e(TP*6^h6?eQ)JR!>8
zTkclG@RsLJGNSqrTq<<h^k8_cZN;LgtZR@vmztb4b(Q}Z!<0yaWGyvtLXijmMG40-
zM{!^A+V*v?21&f>7C8Yet_tU+qqu;DIIPGqR1<O>+xO>scoIUju)lZ+p};-6H6IvX
z*SdDxXAl?JY8!P6(fb94(;3~@st!;=uM7wtDAAj{7E~!<p+m7rQI>h9*#FZ5W7sDa
z-Fa)a!}JyySrczs!+TOGcI602(<wm@<(qW_oxy7d`0ZaFBNH%S{~v>Aa34Vytqp|;
zO)N0D2ELHa@3#}9PQ`y4JoJJ8pTYA&{~v<~N9X@x@a&?(a~?u7Mlj*nS76X)rzVsE
zwd!eJ^n6YLz_(+ZzPz*_gM)VpD%lzCuV=qh>YieEZJ?YNpF#@bISF6d4Zpx1Yu|fy
z!3-F09J6@(SYi#Mk`R+I=C-H)EJPDQL&pd88dwUW$q@Zi>HlSZD*^MS5LWE{aT2uC
zH-qsN_c4HKTUzig%gL5!h#j9ZaI@Slv`O$)|7Ct1cUs%xAD#grB0GJBc5Lb}u&403
zb+(QA<F0uY!FQb!=qUWuGTI*hfmuXWUQc=@*@aRSzpYN=n`BwQLZPe08wh)c8kt<@
za4w9{PPzn6-7T~J-fV&IQ@F3C7dsVGW}A;0&T4wY7E`*WXzVUQ<rGBg+vpIKKoNYa
zLbT?E&+0iNd?Eg_{Yn0A;XYjDx`KDEFSA3h$}vk(Sp5WjwM_7~p?4GYGLsw1m4%ZZ
z5$t%qI%RF0R~%s$20It;w*;cuXY&{4Q$wCi-jcfNxmZdU8X`m3`=!n2$YpEtB#Ec3
zor<nDXK7%r&yEsX3Gm&#2X_?RAP3?hi+JF(UkEX%?TL<8(*G$=cSA|l{^KYEEv)?+
z2Ez&*=E9Nbq#ppVYf8ty3g_^(k=dVOO-@hvKaP_K=L{Jdfi~k2eYm2qdx5|hrX^%;
zgSQQ<K&Yg0*Fr<)NmQ*<F@Z___R3HJ^FT?($1%&m&fA-)dV)z+M}r?f+Imv!FaCRp
z#zs-P`sV+(pqwr9prYf?n$t&6SrJF*%(uj_A8vlO6s3Q`nUX!KnUy4+-Snj>^w^8E
z%MHKyfeNm(rMuFe7&V{>NgzpTf`o5K9|GV+%`4|A^2X-yWXwc8hZJsHG9j!@rp?fc
zb)KlAS$Y(dHah?#Gw5SrOv(-!(^-yQI9XT(W`)JAul{qOwzlRnsZ(8~#RF^}6Pslw
zY_7MA4mTRQu1ASch-`W*&0)Kdxl@aObFx&nB1oAQKUU8hqEa=T4jFlasYVcDUt{l|
zcz>dRU?rHN1<V{Vq@_`^Xs^X{v3JO54J<L;Efc-w;_75G-hXaNqH;Q~$U~Ymm&)Jz
z1M=Q#AahP=^b|i5#ZJh6Mssn<aJ%($*C27<$>LO^i@6Z54xtUiTJ2^-zsr`7_n5MC
zJoX=gFso2gD;#5r40}W2!VkST_cS{qw2a=)&PM*-ZgBQh7_nkKMsASXv%%JWsa{6~
zqtiRZsFyy*MO{rI#H!|uL(_o6;ruTrDzl^?al808B4>fsL524+w@CG>BA19QwA2Yo
zr!S1i^%M&zrgXz^=U&+fQMoyu%MBrkRtX-F@vH?As%P0rMJVlmgJ~ZB2GgF9o8>0S
zekK6?xHe{XL*UpOqOdiYh-&o?KkU4IL@%v7+iLf6=QOs}2EzrjGu;pc<j@&L)ATvQ
z9XP=1&LB9zZ$t#U;VjhDB}P-(P;9P^nqDNXjT^BZ*mlDytn!|%-qR^MhC3jFq%zFI
z0%hb}d7jLlkz(DO9(Pless3QiM7N!+dl0~QM|rz2<aku0CetnJMg2R}T?7>_!U#vF
z%Y<xAQfV7?1W}vZ7zTDS?Mtnr*JRZ@G7P;bKHb}^Gq~THiT!sv3+{<5wm@iWVa16u
z?d9GGu;`^<qR;1U4{JG$`J;7C<C0ND6bKuvjUx<AyJ2DZkg>4|pa;pl`x$V~6KGZk
zuR5ExYLmChmYM0NL{WzDfh;>K16e~66L~2Iq^zX_jM3oXvGLMo)W;io^`@eiFEp|?
zGw7*9LWvO`^5oaN3H9C$YbBM|5Z%WVy=iPwR#v>ddt{+p{Z(bv4bEzl#kZok>A3}6
zX|C4Enu&IXRw~BJO7nt)<X;!D*(75apu|mmkqR%~oC!&?S6&0@oc~JMx>1r-;5>L_
z7$deXw}v=1B0SKEvG}2V??=QwSU-Vk{+?KqPeV?>yR#FBZ_k&@ap2ExbseAgkM(XG
zyiP72H@HQ(o#$h*Y2D7ZNJl-sfj3YJUNp`r-J>nHqc<Dl&f;rbbAMtTq{O5s)1N8f
z0iJ{l!ttM<Y@q^~^TvkIaxb-bh5(Ij6dkhH9ROE1>FqcD;4rgd{8O7jgxh34zK3WP
z9tac{M&auYV_%BVK}>e}{qiyS^6_Ugx$TrCmR(?lgztl27s6LZF_pdAYY(_R|8<Xs
z6$Ni{_G0f&HyoU9X_+16QJ@<e&a`?`l2dl+ROoW*qHUVgm=ve_=iA*uk}YTi)&X6_
zjK$3r{31Oy{PBBzD8s>SBm1+SLnyc>($<ae!ztqos9QF7CabLJrA+G6<yw*h``?SF
z3Qn<dt%g~dx(=Bob}COqvj$@%MVw(PD5o(R)gBU}3W?q#NcFaoDDqRaH?HSwAAH~p
zFL=F=L&4Ky34~|+^)7Y~0AS~B@LLP*HA1M@H)Q%ZpR@_|UmxXRPo-NExZ97U&Cj3X
z?&g)8b-ep6v4Hno{9ji)?RP2@+DGK|+w&Igsh+m79G+a*Vs1;IFqz-GEf+{(Hgu_7
zzL<UcAyV%D>9)87jA{S&!5ohTgD-j@SzOf(ahsMzr)fv?RGRXMyS}e=bkvkK*TyLN
za9OC%HOGL_49}AA!VE4z;zD*m__LuXLJ6wu{67oDODOwPZvLTHw5C<l^6#O2friKK
z_SQYYZo9&ZZt3L+h9{cz?i|710htO}B%mXmQ5~oZPfE``c+7w7MSoTmNFiY|UpgTf
zL{&DfN6(jo>08)Oe0)(uMq?SkuSRtINb>KPIKqFJ0@bSW013VuCLEM!Xf`99DRjG(
zW*v7LAX#BuKzU%Wi>P_ZR*Ui(-KkA>h!@FgKEM$vpO?j&UpnJu)ee?W)Y-xIcS|x?
z{U=p!()M6<-K>MeUJ{@jzj=Rcsn|b$JU6Qrj@&b?(f@ifpX&E@N}%6HR~@3p2E$10
z1Q_T72{x1dR=e?a`@>h9Kb7>T6*_FT_YD^V=kS5g;1`Pf-5iNT-w6T=W7h>D?DYCX
za(IyROxd-^w|McF_1#>ijl|O_+)d?x8zx;EPH%5z5h8`p)|nP7-iUaaR#bfyQHp|?
z|Mq$n_?lU^mtg8cS;kA?5)3+eY%T+}c<<}lSe0*b6uhtp+#wX~K}}Na+vVn2(8h&J
zemK}N&;(7jjv~jLWV4<~p`~5oIAls1*U(oC1B_H`iv?#m0HVmjL%aYx=daVRsz6B#
zNy|^6rY*hlv6LcPS+LWTX|K=3TC9x_uL@$^@zEioQ8Q^ewzvpma55?0aCJevlx?|a
zMaz~<%nVr>*Ff$hd`*5KPJ!3LdKh>{O4!8dCJc(EBlmU&;9#(B@Asdcr3b0k{k_g1
z5NNx39g~9djuL`TD-(s5`fB-I@*xPge3_c4{9^0lDwVdV=m@0)y8cBT%Cu0i{IY&u
zaX|5BRaHjXer-LD`=>%!L^{V)v!7vvrv)X~Yt^4Wdu&fS;}J7UU*Bq3FS0HR7I(vI
z2VE@QYsr@>RA1GkOR<u`->x7RIzO2)9<G<B{cjfqrjI|6=g*Hd9=Nv8#_rsnCRO`e
zTvwH}SC@#jmd+a!bgQZTwDt6v_tYvdV}BBe%|k&?-D0X1lBnMJGX`kozdBfEzC#6G
zj!(V=`wL>ewk1YqzU@vxW#B*9P+S9PW?bbS<T}#s0D)%WTMe9HOX&LjN8#oyfa7;H
z$Wx&DJ#V#g1F3U$)|PdARQ+gi(LnV3D!0dr^UXWvBi_WD_1!L_(ypu+47&H_`XJU&
zgr%b21+dKkI???dxH5j5GE~=1>E-CYfw>wdDgu57M~@A=V-Q@{s(gO$Hg6y8e%}`q
z1j2n?=bzl@;<ORN{r&|yl_Na|yghi#C5_OE63D$wIPKu-;7&*rM)A92q9j_QRpgUB
zzbzE93^L&O=X_}Zb&UE)Z3y~ru@n}<6*n&<H^Cy{mY59&@?aa+MRMQ{X5@6=ZGywh
zc~4?RYfQG<Yo`FXQsn1MeN=3UM5L!ddqN<rnxbzVP&qa|vB<9Ol@<FY;-}U67V3H9
z&9g4xH#8l8W>1>Oi|@<c2?hN(zuV&L_eJr~3pUXxL;H%v0`;W-#O@X!+<p|mKP!NM
z1-e$!{4AFna347@b#1dgB7PK^rBbctdFO5Sppm0;6$k)<6Wj=A_J~WIs-BX(C2YQ{
zr4(Qx|Ff3)uvjLsq@G*KB$89wsVLHPkwl&CP&DUg@ad^l5D?FP9a&<qq>e0L1BFvE
zT<9QMJyo_8yeK^JjO5VXf%oOfpdq@K{|E<9)>(Y!hrjWTzoA8-mp3>r0eZVeGBsM%
z7Y9W^tQ(j!OIegdx{eEuTol^-G@K5?7>oflQn%^f!J*SOo9xM*Cc5jOz=WZ(5jlYj
zOy6*c=Itcu(U}X?l&zv&`1)(R{zQ&1AR(tgOkq3piAl1}z4URe2NsuY*1KrIG6ost
z26(@q5K<~xEr}ICBb1vq(8E2T!()kPU7f(-)!fns7vxTX-9Rrhrb0Xd8{bq4ya_wZ
z%DFK%+LlE@jOw%zBK+tEee2D6M5xU0I0@c0KE`B0or9YHfzn1-H?sn@aTbD|dEOG<
z>#Y9D8Y<oaiVCy4Lddz8O|4@*<QFrqcG`f*4SWQveg0_=n;Y|5g3q|&V4j%a<8Xy9
zcJRFp=8`I3!mmhERR@^l1n93;MGplafBZ*@$~>;kmx>&orFkZ%(*)v$Oc#x@w6#VM
z&sJlpnhFpL<j5K;Ig#<2i)Sq8TKdNA*pb|dH{~TpnsTo6g`SIeYj@LFRYfT5-l9Y6
zH1ATy>Tmbky>;|z@oz`BhrN@--TQ7FoGuT*MefgOxUmIzv5)xwl(Ox6TgXTty)ifM
zS6(l#AI6Cu`cL~Gfr8Wj-VlcG?2_Jbw|5S<aKJD0=7dSPP+`V*lFN2qYu^)`5+zU+
z$kUWmrz=!2*<NVhnk=V@A6~Vq1GRE5|Nap|Qo%c;V?+C`I$|U^$cBq*+XY}vFg9Na
zGf%ptZyAEQ`^gQrjRk#MPw2(lzJH<>GY!0WbLO!`m6gF`Xp8n)W^xQ}?4g?g;vy#>
zfS**(xOm%iP(%T}l0iC{z!gXrmyZu!AYi!&bu+uaTAZ#l;=*!D$&@4Y-gkYGuT_Wo
zmuAH-YJSuZ68vY}?e_i%#;Zc?;leJk6^`60I(>3V&-U|=15$o^u^PD#^4#y8EJjX0
z&EGVRpaTYl6i1yOH*rInImTf7)}3jgo}pt<)BR<yMQtr2(#_KaJ@0&fwhgdqA;azL
z@AK_AvlUp-x*`L46)?M@-`wQZE=Of=m%S;8^J46t0=^xm1|=d-*g05rRFvbkUrj{<
zGo9&xTFQI6({mc-+e0>W==L@Ab6yN>9NH?0z=2CqNyLUUQVitGN2@^3gysFDueb%1
zXBanyg8O2rTx5>aeDcYW@c=MfQo#{~_`*ZGhk#|L6-2y4JqJkpiDC$Qb1#Yy{*b}n
zcG?lcT%7l0izvYX1(=y|IV5^6!!|4cF|=S0V7PHZWOGK~{^^-C@J9wS2LtkQ4)%A;
zH986Cy)O!y4&>$A;)El|r2S+om(7~6vgO6E1~08*)VxZZkO`+e2LZ2yh6%uNcY|fw
z=JVfup8F%~o!eO#3)x(5;5BiE_~WgVG=sHN<T5lYy{d<>2@o=%GP`0zr$}TS>cPJc
z9oe3kx*L#X`VmmWe1K;NGYq*M6PbcEAm6r=o2wV{;thUVW06Tz-ox^cri%pFYE@n3
z-ed_&`jz9$%HjsdP9;qEihGT97ZLLlG8{}IX1ha9sHZbUlH=VY_iNt${csq3u<yBe
za&s_2;moo@&%mAajuD!OP+2_g;S9BTVk`$$d8S|ndSb@E2yb!*nDFqj;k4l^gIkIM
z*COy@*3|>NI}A^J$JE(?fFtkrJq1y80IEjpCi2UD;ol0^MEz6>2|L8ug6o6s7#$Cb
zvvZmD$3kl6nF2<AS;wX4l<sXO%avS1oz?Dhk|ty&D0f3^1l9iA3f}CHXGJ~N0hCAz
zmsoR)oA<aaE7kS!nGQ)vHWd2~xV!>1f>rDd^JnBbO>au;LtH7LP*HLLfiY~pnDhP<
zSe#1y*UE=ms{mvqciyt_GD%-3WZbR~SOfRhL+&E@4#Xw`SNz<DRFL{})ir#UQpn79
zYl}9nzV9y%%YXGLF0lq+0b%lIwV->c=2o}(q-cVD=f>5Na$-bBw9-E#X;rl|^G5Fy
z3{BKkD2Rq*(BmLLkqE{sRCHEV=M_7M#_>X5Y1qc{lGs0>g(2~g9mdv1cw{3hN@aYd
z$5+N4Q8-2M89=gvUBrpM9(m}bI1zH3UI+1u=TDEqg<L3JkX>A!NRrRr+hG#WAmpc2
z&-yn^;1AfKZ&Zg~AMzvw)WDATa}w)cGg=b7<YrL;1uP6U{j<sqFL)!(0PbMF8Yie%
z37%QFDOgn<6flq>RhX0D`0KOd5*rl#%dl*4YM)1Ua@!Rld7c^c$YO2eU|4hk)g))T
zfZAYA=VF;(AT0~neUqp%TahQJYc0X5j_z_sIcVM!&mO`vLiB3|qg&ffV1La^jJ7)7
z9?b}6lwj-=Jh`25wfiE2<Dq4C*t45x8Nm|a&)B{oX(59&7IngJ)#@LWW{)JAof4j8
zU{z&`nxy3<^LzO0ePB5h(r+GqhY4gA^zH)k9oR`Q0TG3iILywRhAWxxB$fZ40MQ06
z`3!j1_fb3{b12AN!vqu3x)i$`FP1pJx%hML&WZDX@%)Xa0Kc%wt^pbN0;Fltb=Krt
zC9FaYZH&bD7?l*xWu9(EAwtgTTMn3}nYt&IUT5|tJDeRh-phmyMW`pSL7wTti=uwh
z@1AJj$h19_0(Ts-g{#e2hTKL&wOF;mG%I+XK-5V+%9sUD6P{lUa}TXJNspi|AgV_7
zgojC^h)&>wzf606?It?Q!4+!&nK)(e5smL}z0Z=;0UCogTdi~!0-cy+MMTe>O+mQ^
zeinohf3iSG5b+d~csYhupgjuAcnVhuMKsQDqV*MT4PR2yDV?q&ozkC%BtB1uk}jhM
zn)~Ys-@}h$Y9GbakeuRQ(ov<94ps!nf<JbY(IKzGZ+HZt;PbKbZ17*cQNPglIgyk9
zaVUP}w>Hfe@PrHO<wmD0ka(7W7TkoYA8Y)P+}x}6c6B@3ncc^42*Q<ZU}g)P-#&gs
zwdco_68;F#`6CKdX*d2ZH_lx!!4>>p***Wiant{!bi<$%VKh*EBKh;&6Hn_HcbTgo
zIpkiX(cV*1L?c1Y3CiH(L_mVfJ`2b&!AYHI;9x?Z3qCYRl|lf-oO;OkBIL?Et5^|x
zIJvZ+lKB?ll%f-J&bWD6b*~`c-pk9k_v*#lds*o=O$0DCKou`U<O-A;(k*yY$Y$~%
zNw)G<QJ1RG#EYZlf{U4!6F6+RQiudls04f^kQ#pM*bBSi(#6BH?|6tr!kPN}2O8?Q
zh)e)jc)^L3_j0SDCzuTG*MRB2@&y2b%_qYP`7dai>j+M7uOtlmp3nf+@<~NU6ayYf
zbTk&MHDL_|^qBjB<Ojl{4XFt-2iOzw`LKdYKIima&U+PI`Y<OpgNvbX9${_GSeW{S
zL&qnVuPnIPf=;Bc506YMQj<(Z?BJOf<-+J!oNQ`^A&<C(Tj7E@%wxEWTqy|n5&p!S
zj68`aY5<Dgi{rwn%c}&hKn{f<O}m-cEkKIFUPah`rTbZ5`%|m`X+r~~>ws*uKv_+S
zmUBcG<#SpwBcXSkQgOaEGza9GB`gWzI39xW_at1G`9QY7br--yQBt$1tfnwTi}IQ>
ziOo7Pn=+}*T5_8*$&Iz_W;@awO@33N$QEEqSi0p&9qd@QO_P#Dk^NOj>~ZMP(!*yM
zNHH)IwxPg`0?a}YV<;w?>F=3f!Z5EVr~X|3;Tzg-JYYB&V7-CZCA&}2AzgJeZqK|S
z-Q*MY9CnBUgGuOePeL)0=p-`>L{$I)_JI{lQAOS+kB~(f#g@I<YRYtB1YWJS?b9xx
zxL%?^g#>W9sHhw`Coy17v^b6lT+P_ZEsTIk=B2Ho=t)d>pGywt<g%L!mu<PgE+aYW
z(-`{^*B#Y&s09+;jUKW~YTh)3VPValKDR~-SnN*9RA`G&%iNHZpg`o5Pt@tt<W&3G
zNiH$X=uqo+DB6|SlG0Ru6rKR5+Ds&xhCNCru`f256bod(Y%wj77JKXt*~077Pfzj{
zSBC>`ZH=&6bgN9NQyZ}<7kcGdtIyoHJm>bJfJecBC8IA9vLVa|E_g+F*#mfpzIW>)
zwfT*Ney92~ZF?8A&b6(0;=F?!{NS=kb0U_>cQtpj@4kI?Fv~3O=kT7tIKg1kW8>;0
z36m!JP5eLq@BfF2sD&3jsBW_0Q-uH#&};l9wgX5km#c_0A0Z8iPw5s%oQEAqTgC#>
zuKEM8K6Z-)4d*WC9o#ZfHnGWy@v1DzFCVs3bx5?ZJfW<IU*>#()0Lw2qKWuv351Y+
z7Wm(yJ=b27LDyd1qDxJylJ9k#3eHz+xHI0Dg3y+6zoiJS$N^XIz$$F#G2angyiycc
zWJD}m6ta|yS<D43#hIH6TS~6mUU_0Z*<*yNs#_9)i%KZD9k~)|;`b~^b5+cGK^@@b
z@P(6|mak7-*7fvUg4R`<uCyyFZI|dK)pzBmRHgG04KrG=nzmJ%uS_?(?khcsQdUAG
zbK{h5K@Zi?Jd*;rMg!K+%_Z?cWqL6BHLH!N)P?aua{91}SkopE0m>o)WFr8ip8t&=
z{}rD8W%{uSEf%kCp*ky9p4F(&=pkn{Wnzw+woLY*Y0TtLS*=+%B}T0nP{*95vFYoj
zf;7FQTM+I2!6b0omrv=krIzJIo!F-n`)pC{(+0ttRd{5eSE<sYRE*pa&K==wN;rRM
zx|te2F0%P+p_@Cxw<CPhpR$B+j^y|>3F3Dg+<w9{*Mcs>7jAByu@ig{kB2mw(2Ybs
hT0^`F@P)29wf)lGg<a`NR~~cu{{eWSpxpqF5CA@l4-WtU

diff --git a/golang-external-secrets/charts/external-secrets-0.9.18.tgz b/golang-external-secrets/charts/external-secrets-0.9.18.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..7aa6d4505f93b7754cdc2f6c712ff8724153f85c
GIT binary patch
literal 76336
zcmZsiLy#^^uwdJ^ZQQnP-?nYrwr$(Cb=$UW+jf8Rzqgr~h^dIIirm&Fv+|rGjD`aG
z-vxTz<L$mBp2oTE|D|k@nQ461PGZRww{+F~G4m%WS?#Nol<M_0lZBE#DIo$1j1%aO
zrsSFN4d%Lh+uN>J!F?TxP}D8jtjrh*%u9!=>mDM&`IHhFHoQ_m_L~+TPzpGs;@$K8
zqWgWj@3POo1f<UCBjopaxV<0VZ#<dr{hVAJJPp|+0uFt<LOWIRRI?g~pMIO5%A5tB
zakpH10K$ZQ-GDLYG?QZQHYjggP>%PJr?c2Ez|NA$CZL=Fq0jU85a|^#vUHdCGvd9u
z1*erK@bTMhdOsk)NED~%)jmhic)|>Lx;O{m;QziXOv{%`HcX$7sULQGe0O`mVl-O&
zA4p`nqf_o)t$^u$W#;o|jllv+Ip&&7Kb?4c5t=@%n6pNs9Z$wn{XNiR9RGY+4&I7?
zKdD|)-ctuJOnc!lXduOEW-U&!5`;aleIrWO{VXv5^K&`c+Z&mn_5H9o->IlXq(Q~;
zdemQ+5;}hX{O<DL;s5Fvmk*W46CP+_e+zVv{QA7}_+0F~8)At@Q+37O0iJODhbjdg
zyCaBw-lMZ6zUwFZH-1q3!gQg7sfO@9TxcLMyP6Mv)rrzRqD{wvV15)qyuSg5_aE*E
zfV)G>4S@R{gT8J|)7(axvC9DfGn_%{9ngg-h=TXKH=w-hZ$GPKfB2Qi@sw`pb2r!R
z!j}7K>D3A|<joKP<yb1s{?fDO|90&70CAEhUbWMY>*@df;Lq#jg5w!r`!hUcgmr}T
zsZ}cEQX4S|4tVVEidWy&MGDh99s(<1BXY2Bea;xm)-iEB6aevZ#vA<oh<vS12g=hY
zXY8W<oA5mcM{!Q*k?f7Q34{>(kn#4ORy%mzxVy7fED^tJ1SteYNDsB;b??8i{bn|>
zlA2GHC=!z6^^p2&df8}kI&;L6Lp5Jsz3&D7(;pr!p^P!06v$pz08NWkcKRbad`%u?
zKfF=f2V4t=WE(Z@z3zYW3jjIug<dvGq2o9L-?{@FJe>tx!@dDFmh5+a_GX^G?v4O2
z=PPIAc?P@}9+nRtM}6fk?1Vq{OgYng{)8an9U!-52W5!ehP!YK>AYKa4Py(C7<E3o
zk9-Y`l8jG1{$83*QDwW)_UHKnheoch=svFyLxGf^kA_<Ja}umG#@&7V+j?9e5|V&s
zBSQytpdujtNDM}==Y=z0<u5pi{t+UxZ03EE9yA7>*_uaF5yAsFdY0`SMh!4*3BC>9
zzde)z{77V!ck~T(B#AB;^1$XfdcdR5zG*P)#Qrcc29t$j{;<q(GeF4w`;78fAruT|
zTkwW9Iw4LDr2*9X)csKuv3IgSgk@Fv{>5V5-@88MPh8Xv_j2NAcxvC;Tyul*Y026Y
z{jU0+!T$2$fII{#-v^<YIn5t|j|-jy?__0x4)T^U$c{=NW0U|4pnQW2jzbl+lj7xj
z66hq&=DADTC2<b+d0@2wq<oXH$&sEV1Xd$h;)s32G7&mED0}p#NWv^U8>_tfw(jgt
zp(6msAm+6RNWsVk;_qA_$GfRPyxidk2zOCsmJNda_!&%z0h833aTdSgBT-gZwdNFx
zgbxZGyz+Vm6(gGcupsFTLF5V{)d$`la4+tO(bb=bF)8k8PuQDee~`ME=0`tu?*ri<
z8_v!%{0UU&1Il(GKfT+4ctvx2srh4NOq!WP{|2!PhT>NrHc%grGx<|TpJvzo>cDM?
z<w4Vq`vY#-XbuD4fK}S`H^3rp1R^Al=I*k56ER8!8G?ww#xEBQ;`yvLjnDO5E^@%u
ztbS!M!5lGC4lEO{bCPl%puz1^$9>&Pl<RK2!N*{Z8AJBxaQ6x?tF1`RrYDqZs<)l}
zt<HIA3`fe?rY$Xph6dKQvZKj{J664-AtI5Fh1>f102y$ro7|vi!=Cl1nIhUpIfFDo
zp1H6ln=AgA#I~yHCV&LM!g8ITU3mo;xcSB%XzcX_<;9i2b$KyIluC|s16#aoWd))0
zbK8DSWeS-p>2L7%4$yvH`;#@ejR_?J=H39LMIYcp<bX;|3nZ+wGud68urpdcEGk&M
z8)Z<IFJ6Qwnc_TgQ;N3h!GpAP$O>fQb;pM+V0w+Cfm$j{^h<T7)k`0*5NPJuAS-?e
zbj|e*E(>fV_?liAAI|dtT=iQ^=-J-l59FM7;)PHtz!qpLyyLv@l?TLNl_9Tep8z6{
zqC0eGffb*1FTTN?(ib<5_sR7niU{-9Ym2hzK>)n`(e<Pm1}qE*s!0{4(Bfw4dOx5?
z|8rr4w_~!K=;YE7Xc}$Bw8KdyPvDaa{Jig&vMdn|tnw1tk}S^Bf#4<nS=n<s%?2ez
z2%|rjo0|vSJ16dU6e;W1B^7Mr=TBI@@^@Cp*-$s4)<FYUFt>-O$pBIJ=oc?We-7hv
zFjVpYbEJJRc9wip?XftAa42C^^r1TF-2`oh*$4OX9TzyQoEc*(-S3UH$UJ)t?ZLgh
z&1hP~lv7Cho_DI^3p_Gv0%|wH5j5%1Taqd8&9d*qakfw5UH-e8FTBqSD!`wX2YVrl
zezGB$h4%$g-&<Z`VMV*%CUs=J@*)<=*zc!Ri<;i;yRX~XA9?TcO<~+#DOgsUZcClx
z)|){OO!MSyK=o4@r9KVRKB1<l`1uUY5f#wx!9@EED;R%R;{>&T$05}6`JJaDu5?4%
zb%EAJg-CC2`f^wH6%D8(oQPj1do~9RC8pWqZ^<;XmXH3ar;R<UvXOpkK=|5g9%}jl
zY&_ZL^*Frt>GB>DkmgzMOMv%%htzpViuae<L%)%cI!5-Ma))hK!yRv<LERK*6J_;0
z%PkXowcN9GL|}VY<`im)S;{)ppqBS+Ge0fPG6D0Sz+|R#aWSnjhDtR*%QFO_7sdBK
z<<wGF#YF|o+$|}B^_${pFP75+i1SmFSXSc5usB<!4k<10pv!1a{)K!(N3f5Pr6@{7
z`s41`{m}hQjP(mvn|~#!y781(3LY%)GuUwX6$fpi%czd(#)D#bk8m0qiP$_y8fvv2
zWzJJ|1J0k6Yq=iP?|}(b5(o($d2^g>S%^tXucqaj^C3<x9S1dIrk*e`cd!pNmfyAg
zm=SNNtpeXvj7-!sEXf7l-@<r5Et<b&?tLh3+fqzAR^=Eeb+OUTjGlHE7uk__y8b%m
ze#+Z^f1?UycorJx`_>9qE#w&jwWLcy8$oQgt@&n*U%JlC-x-;Z#m#6n`)C&?pw!pt
z94;hcQC&3jik&=^J7Lzmleo&ew)?MPQe9J8j~*qwpm0yHD-=O#rlvB4U~{Vud@q8p
z_o1u#W?K>(cESL)?Xu_L&=F}-v5m%WJmy|;H~KqP_PPw$bKsCQ9To`?pz%LJ1PyR-
zni{;@f}&*OL#K-tG4=;>PoSK5WA{m9O=WeLsF{0fqg86;uvyvLR<X~Pm(6$#vtgI+
z_21|Qo@{~2i6#Utl5Mgwcg_#p_~zKv+%jvzF34i#lRk_T7+k%FbXjBeyU4zLhf*ij
zpCU-or0#gYX<sumef1!N*4UHAl0s5ru-JaDwGj5J!zWA|dHh}r5nJnhvk!nk?DjvJ
z{JTuB5)1($xsI&UM<R$8^wS<B%$m<42qzJM*`e-QJB-GLZn?9zf*6BDY-gx7yfc&o
zmpdX!L%HKgU>QL+duWN*`%E7{Cv_*v34JH-t<GyP@?jV<Bkvcvf1ldo{DW_v&TY8y
zUCJ@q_ST2K3$B;|PRsis;)Y1c8D~aR%ImFV(fpho;6eENstt=HJ9eh(qMegOxTAJq
z1)pyz1GQB~q&qK7sqwRYCzC~|4;F>!*rD}qpZGvKbEf9~^r-j~BE!>`(f*Lrdhu9^
z5h8JfU54>(zEvmwFs)9Hm!())fkNM+<a^a;M|R~Ro209I@bk|;ufQsCisLZ7R*p9M
zz(3Swhm)fx@lx~4af(G})X>M*zfrUVoI#0G7+7FC_R02BG}~7sId*N)Cp;~HH}Vcq
zGfN79{A+lkid$rVQNC;SIln3Mw$6|72{7f&2DfY?@t!te>w1NU2gZN!58vbWS6c-1
zdAxpWmjm`jjB5b)s|vXlA`hSfXu@xey%PqKj~;fcoYe@6^)Ch;IkK;_K}2k|_#M4w
zpcq0fE>l5Bg;V9_fW@eXSTCA{Vz#m|egIzMA{cC+rhH@B*dUp^ZQQ$&MG^R~JcZ3a
zHKPQCZ@>&k_+H9AfJ45|_x2t@pC|hufDdDh`p^(^Uy0c^dD?IHD_-+^ep=7lE3^ny
z_{a@uSl~YOfRW(d1k>5U{cKQp%ufn|<puf<?j6_RkE4GPpqHisHtz;A6^Hrg{<s6v
zAp+Oh@scdLi{)@2_>0RXc^S_$>~UGYf>Ll+Es*|bdZS|=O*9fo@#`AU6y3%n>)dN<
z$XKl4?FeI{z`J!aooxo`;fY-grp6IJxc*skyNYwUYL6AJpE-j;f^ZVo&lP)Qf+0%r
zB_9Zz`$QdB;731n-~cM~0QwD7ejhD}#kk`PfcZ*ku-Bw(sVW-bUrno{=mW7PRZw^L
zcWZlw$Fk|%FM|J_GHiK$Zrle9&u%sc=sp76=kn4%`Y`2lzx$HSm4D?oYmX1sHD1*%
zbabBcz<;&{+h7g%CixoRq*nXXiR39MEk-XiRlU-UA*Tp8NTBXq=OPa6!I67zn%PZ-
zF1iG>d>;F@!l1`nNP!X<0Gcx$lbk%)Ep}<`LLByL@D13fDAOIT>KwgkGmT>4qW+s<
zXSi0l*AIOWhs{Kwy6=DuLu`P*_xUkkhd28W@VP(v!Uk;m%<#d>Lv1jWdYite?zVCp
zsu94I`7e66=O&~Of>Il9ja1WV`YTw#_FW+JB^hj$A8_R!E}!4|UEk&L?=@c*Rs2GL
z<=IW2fx(04$NzPPV=winFVFYwkVgXG{*Z#@Bqf9rHg-m7$re{#)v}smS5n50S=EnP
zT1Jm_t0kpK#&>?CRmeC)RvMRw&ifEO+w4g8NKVDI5+G@5J7m_pbgphRXMGqRam^sA
zJb51^8?MaWEp;fyHWw{3#-X=X{SOQ(*1IokEBeBWqM9h@VPo4Wa~H7>pHH<$^<lA`
z^c{n*;jm;ER6{C#O~-O$LCZns8^|DN_KFkQX|31L(na>g-NnaGl!1N)cG<SC&hrDp
z?+it|LrOzK6QxJ`jHs>0I67{C$$XUBM6we#<+6+kX4&e>ES@(LQ}Lpk>#secW=Br5
z2$KTLxJhBq5-+027?b$`2WBZ|p8DTDz+B<$C=K1F^dEK5vTDvxcorl=={w`Q99;X`
z9v{ueg9{puEF-Do2us@ZY8Qkl0%I4j6NCYcNEem&d)=IYL5jCYF1a$Ulcj*G@TcIy
zdK7_NZ=WcaEvgr)aFfC@N*2O>!3il*j8LF@&x9R+UA#{e=cXvGC4%X0O&`n$m)Z;v
zEpia(A8i3NPkC_<1&QU}^&LyF+|nW%8LI(hvS}Q(VWC+}R<GxZ`IXSSAr;1S4cQaW
zO?0x#BS|cI4@VFiUVd(F>|Oya)29WaGS_w)1Aa-26uvOF7M=H=pN9EBMNg(-98VBL
zM>8gE@LYksPDmi&gpiqFKBS8V<Vr85OepcxSw)i}8!Cr-wS(!Sb@pKXvIkeR?=mm>
z6Mp1;;4=yoHu7;(0MLV5=^c1ic$|ZdJ-Q{|BOdKaXNAmeXl#NBY;s5K{E4d!7IQ`o
zl5VWIhsLO-1E0x+3xR<W>Slu}W66kU$hKj8uM&IxV!zJ7sB$}+9x_DpHm#_Q2TtaB
z0t5RV>NoU&$M5AKv%I(5*J%46do57nPHiYnAhZ+KK!!v{#rj2=$>x7yz>8ZhY?@%$
z1knKC3iFP{mALpwKU8kw<lUN0F#2t#f{}YH=)JnPIHe9mN0Au!dOTU3?*P!Qd#U&&
zww+rN=Dq-eWqkC`6L8ZL%RJ8C8lm&|_u{L>Z<w3#4xc<Y+_>c(JP%EV2}zK{pG)=<
zKi?k=QrcHlpJ*#kK;5z}s?-o9rPfdD53Y~sYqGKs%_VN?KA`O#UYH17MY;QNxr-St
zGE8xcdVbn0CZ5c;9KCy<^J0l6Pu~lBbs7a(4CYKA$#Tlq9(&G%4xB7iCt9X&EOAbn
z5oy34yXQeTC3{&1_yg)?0sEN=KCM4G(`HWWg4EaFL}~Gx{5}l~9HUHolXkWb=F4Yk
z$#vl6Oye!$z(@UQ8XS;Bf}YprRxJ`_^jdKaMymA4hlptd5=`~S0*eIlh7vO$M3nyE
z_~B%HZVDPC-A6(s7I}pz$Vhw4qwHzyY}9@jEmrz`UFBn6iYZNj7V$J+;RNkF*glA4
zEnfK!RVhuL*FD*dPGT1vgDOE%NO>grA?$A(W$%IunE&k@LInu)G|0GLLL_}e2Bai@
zW*t8S6tVx`$42l6Qz}mrXgx;5ZkR|!IBDT@Gn%DSh(J30c%4N|Ya7iRcQ5=0Yo8H+
z33fOHU?&Y_yD@wxXbY83Z9DJGiAsO4k%%hgBjZ=N6S*p4!Z_-8Vhz+SJZoLfm?Orx
zGsd_fPF&XH@^;VWFs{B1`n8x1o573?Xf{G=!V8^dpLW~EG7GxfMC0B+?lQvc4Bslr
zrvF+Q7Cm9uQdPWnfyrRT32(szOW;=cu`JrMfEBAsKq~m#+JFAK)C3Hn`{Wz+%RA_5
zHV~1h=cjeaB`f&JT{(L#NgD6w5{3<BL%B9~qKAu<#SUM5j3853{an1)coFf0kJcW5
zNe0TVtQbiz<DC`R|A7aZkx%%51+B7;HP%RKcpb?|s6;?1-3x{PoBD7VBbjm&xWlp7
zLZ!(ZV!?qt5Uw51PO6SCtEK<7V4E<Ed|J^x?8deS+u!><tCq}|K@k2>C0A_XM5~7`
zK~u<B$sO?f;z`BlN{yBoVQbZuKdJ~8T>|&MP=m4Je0lbx&|rDelPnjTMs@1w;!-qP
zFM#FYTz|+IbLWuYQ>S5~0A54jK`YZZUU>&xzFp?p6BnK#j&%FC%u;_vJ_g5fUQ%N1
zLERpq&sU9y%XSK(JD<T%IG4_s!jC%-5*ZcnJ0XujYqhB-phb5X|JZP3U=Tey4}bIc
z!OCipZ*sMga(VyBvg_+Xh3FTvrP#l0!H}Z6<|pCuKpjWvK;lumiF|X&N=328tOeFC
zQQrxoxSvqLgDp&6T%e7E@E)>2&nr&a=p&ibZ01qh2TxL*IT@?pR!@>fZp;)rvcXFG
zR|et;XQ<Yvg9?Xjr^(<R<rUb=z8Qvazdmvf8fw;<-E@MsFV%FZZj-537QRM=e{yQ%
zN8t-r$Sr`V8Bk+LQrW<UdT;Ir@w9q9`)&pXa1Q404iG%1!XwoZOJO2J6&-5}r+p$_
zE%~N%qU%18)I-%AJN~9)xP?2{;Gpt43*ug!q;3Ps;gM~;Wo(h@$vj1<oXg6`t+NAN
zsQJMDFu_W!k{-`D(5Esl``xlqO2&sn|D}NotVrvybTB9B%l~%YMHjpITzexTvZ@mv
zwEY{G=I?S_ymKou5F09Tr1r1gp%$;*&|>KXw={T--=I8;wCTJ+_lTiXwR5Tu<>M>_
zRahi7J^Z!T`@MV$pxm%90+-}_3J~!5yzVMLd5=GvL)85R<no4=jHpu1*FWi3Ur6Xj
ziVUEau|)!MhtBhd4O=jzvACk^PKdQ|!u=RRhA`zRdgl1VthZF~#IMqaFDzsCDqO&)
za>cB9JW71TM`#ID@x>29=4B0tn|S9>v6eJ2s2=Jq@p6$vkK|(g44E*G&oU?>`QPfr
z$;CkSIJ~qC4Wy=(U0DZ8^&!}FrQGE+H#h6tjXdr*9g#`^FNE^H&LMlgfS-Ll<q3q|
zU;BkBGZT+J{+#ELT%fp(W%Tw}tcfU#Z*6j+6+(*V(Pd4Iv)f97v)hYpK0xX=pLL?x
zz)13%qKxFF7?=c3$>!W7l1(!g`o-W@n5$}8w3ak9*oiXHzelpy!#L0!(i-J<*Ns6d
z>8q41i;{+|hSl(PqfWWGq1kd>F8%c_cX;+vH6Ep}JnG^|JG8`nc4sXN!HOn2aq0f6
zG7D=*h-|{CGFYX|31~fppHC@Jkr+p+jodqDK=xYIc)JT-p%ddDoBb=6IyhO2{V+!!
znbc5A^n=C)vL4Fe+k;_o0LS-FUte9mYqRY1G(p~bH0KkK54eqN^jXtV5^y*og&c3K
zL_m45z%3gCzc-0SMWe?4j|b}~jzq^}^F{ZLxWz4VT68|9Qs~-4s98ME0f6ycF!*wA
z5Lt6M!gLdjmn(dhAUjrQ#N2{cf*D0@fHlwcD_?W{%Di90sAU6Z-WT%vDXbv1*dDY&
zqMsa_?HgF533HAv>(}RZw4xO`fcABA+_MSje(kphZ44<rF*)8LGG+Y=$XLP*tJ-Sc
z*N9(zf;&=1a*J1$WC;aDM3|3^tl`RK8XJ3dkAb`i!{ir8!6*wNgPIFN%xi(*ht$nM
zFd1v2TGC?4LhCeqse;GmFY2YUF<Dz1ujJ!p6cP>vA8J{Z$OJl7)3|9nWra!zOWXG+
z&`b1%RpdsAmWW-=nu~Tlj)u1+%FbGyh4vJqbNB!YuzF`}Y+*iSA9Q_JLKOa#BQX!1
zgHD7G(4E7tP=kT+#H6vyKTbrY4WefW-g~Y;&(ho41iQvSIkP|eRiSwwjj$V)WApeF
z<j#CKg3sT7_d^`VK&_S+P!C%0a=xn)34w8@7OddlH$5A`ziK2Mb`7nKox@~H`Oib}
z`Cs$41uTE8ZRn;TUp;y)N(rr;jQ;RbR&WZ-e#O9Qd~%lr>juano)->H{E-9)yzGhV
zZF*Rg7MlsTUYT!4IeV}F^vH&YW!JU*DweeKS&ww2^c7Ys^Q9yrUGcq@C^jdbv+Z$q
z8jF)^gkmmNlhT#TZB8UbmpMRi8(Vr|QZ@%W@xu`9QJf8Vag`Yo&`m9<Vt1{BDuaa2
zCA>~m7>0XS@GAxz(A;J(#=bvLg<f5@QHcF;#;sPXNI`dsJ1-SVCdA`&Ydr1ahOKyn
zY8TckSDxjc_YFc<tKEKYI{e8c29)>$EaUCgyQHvGk?|0H>py$w#o=WsIH%bRYHQJ!
zHVd8D?;-6Gl=`jTNx5+|&IPsUCnL`xKOnL9X7Bh#<YaY?XJ;)zA|i#CX^w^a9VD)y
zLp9LRTnZqc9AmA6)MAgh*FcYvMFo4mz1kn-ZmO}xi)eF~;;__s$jD4N7hDk#HEuGT
zN2D>xKn63OiEl8FOIU7b7A|OCxd4<Uy*iv&RCZ{{+B0+S;Y%UhvK42ng>tButc9s#
zmcqFdEsxhas9q~nB(-Cy27QzD27~wNGM7*si=>j-+hl?6Lh0m>{;WpQe#3hB@`oNt
zpA2~NkBq#LnY{%-j@=WM@IgqEoxN;A0S-WGHHAwRv(5f=VWDAhhgsJ|zQ^QD;=0Um
z+0hGKj0bjkAw|d$+pzVx$LyU*Knw13OS6S`wUNs<=6ssWx_<gu#JtJwk_oOlIWHCU
z=USgMJrqA<su0^#t@)Dbhhn$CG@FtH<;E%PN=pv(VH1dnGE=n1J_}~h%#b5p4C#hM
zEGS{uyYeN6Bi>HvWK`h6VYD-wszu_SJT?izTvi$qk~+J{%swj(0%mDR(sq7A??VJd
ztd#K9DeKOubm}R`F_EgVvp=TeWxvR*O4%mNDfn)w?8eP)H!bPf8I$*k(Kz^H(WU{e
zmT=)s%RW;{dcL(GZ(-w@vG_jdSGN;5Q;iGp$x$0R@&ahqEaGe8&+s^uv{FJb97bjA
zorw|gx26rDII1DNqBvUDA9jn439e;iN;wW)$7**KcrLZgwl=6wR`r28^+DdigJHD!
zKK!vAY6qy{4prE0t-mF4(s4bM>N0ZWd)~$q*)HUjn@z9@w_Qn6TNO=1?k+<!lgfJA
z!cC_ntZ;6@Gg;1An1r0=+g#uXldO6&qOR6*MWw)C6ym(3pBNKDM*qg~d#tm_W-vC{
z%HuPRX=}k%Zp#(&v=tP>T_{((X+8PIn}~UbSgS6O<R3=b+*<wpRIWPyy29`4Bv=ug
z1s&@o<iIMaYo7&`{Fglo(*Nb-1dohCWUdrxwof234VN92T4M3j!&Atr-v~m<JN$)!
zl|l9rQ`hnebiSf%3LxkjRq>JPD<upyO;5T4g$>3g1Qwa|tPlQ!kLMAr%6*^LPlxmE
z53uKc$MMscpL-U7{m%a=XxwY({qej^F1z9oh-54O(=k%y<pcy9Q${}ZWN55ncxFgv
z2Ez1swaLxSHc+UWu>_%Shc8_hj2k;IgGq1=`-LqtO7`Rl>vuIQa+Adose=Pqeg$fP
zG)uAj)m3qlH1|Efrk!sLGE(-vRwhyF0ZQL_D~||KHLB@8QvGz6q@)V7<As;_OQuf$
z8M&56D$Gx@RtGk^T1+|b%Tq!}Ly8`z-Y>0246~b9V@2U$sy5$=9U^$~_RKW%<tY7S
zmwnsd{IE;`JW<Qn`8n?$-CK!o%MI5qj#cXND9hgQ;&h*O%HyMi)#n&)nU#IZnEzg;
zEyHrViIaSD6;iwa0TDeyJ*471>T;msS6G0rBZ=A|1t?rzsRGPK${lh(Ya_IwKU{LM
zi*C8-Y^t?{8mlT|H?(d|bq~T@fxxHf@fvY{{{7^Nd*(`AFZ8o$$i(PN30FVgCBM($
z05-$6CN%YoVorQ2W!>P9(rqzSNu2YF1KO(KJds!fA`^kn6HaJ<!Crkya~u4j@x>`s
zd7sP}Jfp@(?;225eg%`HYOjd<nfrAaVX|{qcY^VR3Wb9?v1By`g#*4oKxKQ%U1UaT
zXTRKpJu((qATjHm!l@)XvXh5pznY2p)}ZU=QqK5oF(F9Okf6X<UY8)pAT7zJh9hH)
z7nb!+(_<NDQ?uwT(@ttlnwn(X&C9mgJF~A_T4a=1D}lFuU$?aJ{P)>DJ+D2#3S-ZE
z#g<*qLi&q^@n@OP`VQx%aQ%dIipwhFRixdw=`+LY0we#xEBGM%+{+zpX7$rg_I%Tm
z>{$6G>Q6;>4)HCu-?A<VjsNrwkS72GsX25dL0{r%Rs7S>hjsvakTuCn)<<`5R6#O!
zvi5PzP$2wAi{E9v{xfmNZ)FT6hn@eQ=d`LeKk!duC%MRz9n~`>rf5u`r-+X~AYwPm
z^NznmQzW&Y?X=@$F|4X;9(=@iRC1?9HibPsWg|~G=IPJkL=Q}$=z?16<zMNtXs5@+
zf`L1A`T0=2=)1{g`AVDiIV)YjzdwgTrb{2yyl4aCqB_43<#l7sxD^1h2q=pLb<_iF
zy(9%rsk6QW-=Fgx$>yUXS&(D3lTF2`Y0*dDkFXZg$*GhtOgur*0#wNEAQQ6fR<WZr
zL)82z!U`mx@9xU9K%eRN47s{epzLg3RG@IsUqRTD-X)`pZK@vry}n;8JyYmXe&0y+
z<EJ7>AA5pwyiE^^vjL@dtS`;mh0Rip!&^cpAU|$-QW?mE1AjeVga!-{y93GV@_U+}
zMc9&eu&<Eh`{;pUd`GajfO#63{!lcrTy&Yj7t0VmB%cXgC|&oy0bq>k6c}MqM^-R#
zj;?xqp?>7w`GJmC10y2lvwM#20_ZAv^IaP;ShFT9J;ocXaFsr+wx!hBt-t(CWm9D#
zuTS^lo+xn07YHNin%x$f*_!NCZgL(KZjFtKhy>==bcq&=**j?tj6HFi+nj~Sdar$?
ze1)h#kn(G+AS9utCBl98a$wCCJ1uan!^95t2gdp88zEPBPhfeRR+(Oe9_~+^C&QB1
zB9QlM`vofmCHm(BmaLo#=pZoZDv63ty4dqw1KctF6twyme}Pjr<yAt(YWV(?DqMkp
zE~841N9+BOLkxWW?IsYXTOYqJP{SgdU0tvTG(RSLORZ-otEl2wmW=dOqEgIy>qb)k
zs&tHhg9X$KCwh7QS7Qk1V)9FB%Xm-?OSeB2akwLlUVLxDcknW(&b|}6n}H*n45<hr
zg7xCV+1DU&EC6j2lG+VWX4@@2V*?mmmpAvz7>q0j)i=a#pu1jU+b_58*02a$>ktMv
z2qs05y2(rIE46M{x$y6{)q)AHV)d;$puJnWR0H$rE6<a+34mQH$X;)P?cwCU>Og$T
zT|XD}{N0&+!a3s*$6xTKlN9fQW5}p)ws=tU1>ezRNfO6;#qQ4xLaWy2vULvD7LzHS
zIM1!YR_^Xxnlan5h_X>7vTX*W=vwh5qG3idO^p;(GY^)xat`kMdDm!IZr5l#O-&X%
zyj3)CS~e^CA<59dDPJ74!;(9g-jN5gk)TT7)x+s(oHbjuDQG4n5uosfD~zdVVES6f
zJXOq_)%;n6e^96M)hd4Uy`#vhLK3#_HnG&%_0;))B?~urcvTVBNswh2UfAlfbdEQ8
zoWI{meGBv*DGq5`^P!L*>z-Wb1-H4+tg3P<bi1^`XB|`D#h6a2SRKzDut(oSZIC^|
zu_c*kZ6|A%d?!@)!i0OX8hXFJA@PIUGww;HZzG4-1(OBD4ZS;ThBWh)jdLD%zI*9o
z3cDY)Y&EpD+3)<nh;X-^V4zRg7U=AzG<VcpIZoq>-f-$$In1etj^i@IAv9LLr!V%U
zIg4nZ-DDO5j?3=1tcp|uKXkwqAN&AE3wM2pOy?HEx`E<LCJ=z)$F;a`sA4;_T|$4}
zMdho<I;BjI)vt5;fSG@V`giYrCl((PXTP@ldy(tVw(MHpK=lrOGI_n5E{3&24?)SG
zac^ID{T#AGE7NZfsoS*b)r`Ytp!Q%(gu9l?(_i};pgcIapjQ#8^Uh!o@^}7f8YyWQ
z41|-<7qK5r%t3?=S?l6oXZq|ulhN4Hb1g10Jgj+-Pt?0gApfIL)sA|=%tfEgJ@keD
zr)H@D?v~2`I}f|;^}bK;Kcda$_3`|kzDEx9^Z36`yD;SehkQFOjudk+ONCy$`hwRP
zL%pnRS6+Zn{zEmANFS1V3a_LFMqYja$-Y_t6U?-Xl&p0R-e|2uQW=&I37W%7I{RO0
zW-Pv<48OY!X2x7tAIBgc4#&~>=Z<8lX^7cW(Wb$a7PH4+gCW{q$Q<R4M8Go%7V1a9
z*`~Fl?{Pi|nC`e_FQ&Q=YiRUGnh_joF}n>rPplt#=R*aztqqq>L>W+BKo&x|&3~iu
zEQc{d|CqHAIdZ|{!TtNqc=104@@hhyN6m>)8(qHK+~01`&xymas%VPYeV2;VlU@3h
z4^|(G)z%~m<a>55?*HOYV@an>MRGNwNL9I#pHbK}>Tz+p1KpP`pufprt<?u7=6K~e
z0hx0qSyAqSo=mF$(a3qC+|j>^Bm40xi69G04F%}1j9U|qcy$<JRWCFSCg!5>kAlkB
zrSXFTI%^|M!p(7hUaE!HEPQtcg~oD~5}gU3`hbUH0g3mOw>`vJrpn#@D*%C`S`+iK
zm?nMofwWl`Z1yO}J%Uu{j8cCqEZsYt0TzC4uHSzc`ngEY;g4DGd<ob(ZVKKp)#ISY
zB+G9h31~Z9rh_Vu=rQ&&7bXe-#-jtub*I0EjwzHK$|>KZtxBFGOBRzpOEl^f%u#n!
zCL}NdY9$r@P^PdgXn#mdrY`R+8dFlXe*92;TUQn4pP)E{WGTttd;Aile{n&3DtFYE
znd>3b#mdq1Xs%3`F+H$ui1-H`yVQ$bHq3-QBek$a)$jk;qhpqoD0?spjP$%63uy|P
zfI)XW%JjbqKVt15Xfol3tn<tou!{%Y7SWO!Zq8va)2EVaO{1wZEWc7(aIsyrPRvY1
zrxpIliy+(H{iu$XrgOl5i?vU5bIW#zC58=nMExz5@&NP5Z6b7HBXsN<FJ@4v4i8Gp
zH+xZ=Fea%$BkUG+Q7newk1bdkM2y$ejhmsn!@pJJ9)@Sy?J2WZH4`f$QjOiJHN;X;
zz_24_6{TWd!)r4ET+d^|ICa-qJ5{#8tG`n~|9-8Ec<X+AfvIkDFc@ytEf6rF0Qe9z
zvq%oA=X^uBPn0Bp-9^nB^h;(Ash@dKt5#D|498t{!HE}T&!reZf%zt~gxjnbGWV-d
z?F6c!JW@c_g~ikJ<GbIO7vidLTNS9ftv=bu!~Q`P)lukX{c$_m3vb~1@0Bi5<k&l$
zGQ^&G(Y5$xQ3XR%laM<h@EH(@s{64h!%KUd<NxW=0_Vr?Z+sn7RQ9+eQR25dC#g{f
zpgWsY_ETVI4#wFRUlscgw0^(3k(JQSV)rf{$bQ(kJn_0kW7$gm(z=Kpb9+0QDyFgJ
zNbboYYC%+|xfbAfLywD~bi&qYa%IUe1?ry>VUydJvQ$Z}5cf7r$_K@(CIL<2dV3k6
zd@2Xv%*xSqgXI$=<$Lm?<|2Y7msF`K@(QXe#;%xTTI720uMsaH(wSqLBDi+89LP7!
zxr-NCtI_<GwbQuyhEFc()pvrHKIJ-8(=$Xov!e;^w)s?i`Tc!JVlKssby4l!S$BW%
zDy~LAO^|Iprdo$-j&eTZEN<jqApan%g(aDe6&Fk*cMih5IylURu7RD%Tlhmx(<p-+
zinJjf2@*}T?OKhh0|O8;3?DiictaUWX_z`%{tAgHPPhe&ENu10WZFSEc2yW*5ToBs
zXoenDM)3~M21AWBq`;a_m9!JV5pPp_9Hy9TIaHlb3$s2vLMPhbB384mmOgKoZLJwP
zd_T@=SE7E*8u2P$L#8xTR|-s+h^AT=6InzW@TC5wix2UfcG*BkmyeI{A|KZVzbyk_
z{)ZbQPfGGZZlfpk^G`F+vPL-)E<;HE-7pPuh3QAgHd^HrM63;xDlX3atC;si<Sg#D
zDFRHbgo#v`3pCC%=tZ*~yd;fKn|eU48OYUfbOUv@=UT$3KnbKxo-t6~!C13F;i7ud
zp|ppUpu*4@D4{~|-_wwT2kMA>q8WN&V&&(+|Ih-j&tDgxQ{R~6Y(_JdJ2YDYq1t;L
zfXQ)$;B5~|x0T3-(}e^JJ#F%(eAR3h;nX+2HJNY2Ow~MTD~&@`+~tpDMV{>p<q$6x
z#_+Nagb4XM4(m$EMBM7AGaJU8&D?1x>%@HoTBdv#lFKkT>3h2n2>i9!l0^oM+5JXj
z(ScIqx<nCdx4Nk9)bkz@ens-EO!{F-GeO$^`Es7LIUb!ZPRad%c`iQp<jgrql)`2x
zfpHG8p-vTo4tJ$l(>N8z>{9(t;2ZS6pW)bs$1EqjeHV2E9`5V&h9mCvhZu4j>yb$O
zD71KyMA`qM?aJW~^W9k?YBw%hb`zo6!gNu;>=;6Rj~9>lUJ>RTFtLpBvIzm9Cn}D}
z%0R~m9{Qj6Gdarbec8N?h~UNuPIs8g<*DdTZVB=+OhkY{LL9q)S2u5$AX(PP5+@lt
zU**1UqS!G(-1MNd5wH9Q+9o1=7@?|KNRMuBr(n-tFbBlVt111Fi6B#ko(W&;1=8YT
zR#S7jU5&>|1N;*Q@|CL(w};K$Q`}YN>$aq!zc?jE_lZgUPRFIH)gnky;Q03)KAYT&
zyzrcD_^jcrr|}Q9?8M-;WP%-KNoTB|!saXBFKMkKSQl%v8ev+WyPCk;Le5z$Y^N4U
z4{bOR@lQYjrv^vn+`5M3^D4GKz*?>lV@(7j1@+9_5UR@_B5W=K`^>VDi<R{DkuR&1
z%TlH?Rhnr(7+YDFy+QCd+~(j=wu2P0rtVR8VcoU4=H>6FoH6RndU!lMyl_`$v_GVs
zVR@FX#-gwH_DwoXpCu^l$wQQqN?p|A691qBs-Vg<gK)zSKR!kj^IrovGi1r*xTUzG
z;|`2RMhyY!7ID8!P`*)b7v3Rc2tT&dyeAWmGP$^PpKXo#sjp-A(ICU{y~vEL7L`IL
zhOsW2p=uR#*<%_jG^s^J3TF2vOfcq|x=udV@YeM|UrVT@?KhiZ#DV;iJWd$w<wR7o
zD^!1Tf=ZURrNZGX#6m(|f{TX>ojoQGDhGA&^PD`YmVKn_OvU1+PMc9kwhN=U9_kPN
zw(=OROm3Y$7ls+9#5IZJ&6ckw)=ddAG+H53g<08JR}<gD6-x`~tydBj^a%2ikWbFK
zBI$0-C~_1^I2#l3SPfAT&5kKgC4EIz7c8Rsbe}iD`~?^2UzaxL*dED}xVKh9Ms(_d
z3;_?hWB+>yrM%%9;owK$C=gwK0TqVT2>wMEC%)vt6t)o7ka56fc6fmN2DN?g0>f@V
z`-c2#2}LLIWP|KC5<8cXZC4>%2iZDZ@1DD|1=qstkn=uJ<=T6v+Oo~-Qfjne??C7d
zj7kv?n~~7$0E`;<v+e!*bO1_0z^?~9o*G()rb$DZG?gzIGXRsdiNaES-UxDEU3Jor
zjW=0?L^=37E(vp*xAM1EdG<11*^9GuY*X4n#k@Y10Oc;drRwUig89_-|GCXGy*3?L
zi#j0iG?%SO`CBO?-qI(|XU}VppR4ol+%&AXz2c^##OQNcS@l|!umv6K$B}k9_3=Kb
zf$=kHS1gi;OR~4UQWH0?q^`8Uf4+c{J$-7y#f6MP9UqzU>L#i+0ltft4@(<MqWzXO
zrLT6?!@cb+s<y_PD@3<R+wV~kqdoo2;hhu0;feTtuPG=Z3ko@!)6zT$X^chpT!P-R
zX_z@l@6Af&iYR|D^N-Hq`9~DG4;zub$h}MD5;l{T)xsq2QG=Ip9nA%C<ua=;xYU=H
zSnNvIxG{ca1z$$_RdQbV42u6R4`vfVTS&DM=|40LMP)ewlg+{ZgCPk+HcXx7gA0}b
z%(ji9Pjj!wW8>Lluj=1+q=LY7SlKZg_$EpVu%2F`kCMhzq;DvZXBIFTha~tDcV7^2
zf5oz94eD%YK~dWW%9Zu5n;EKT0#{eOUD6d}zMH)K#y4sv@@|Y3k!CBBC22X@6+0sh
zdu~BDvjZ^`YZs>D!b7UhnOd&C3-X%!*9?5}&$K$QZ$KTRN|ac&X+UR;^W;)8t^Mh~
zq4N~|B)+v}zO@dP)>qN7895&?dP0r#kLK<re+j#>1d8?1c^ke2!MtIKxdgHZB(nA3
z>J3tp<FkW30+DtcF*|3&*C?XxB<u})$XbL%Qp*mnGZ0|Eq@q1p7|(wS_E3TEsT)R#
zFp7Z`2nF`V83l(S@(RUW^L1EMohH4pj{Y@jhgEM}N$3(+e@~V|r9pJRVNi)tY}RGE
znU+>FfprHB6-Hg1Ov)dQvA&bho@`Q^$Pq*cz}IUk4Z25A8&w!vyD2r?+K{xfy0*4u
z08)lvBeK2bMldTLWm7ysfr&2v{4f34>z@p6XzCyxc-#45ZEE9jIcG0|Z({g9tqHc*
zhJcGrf7mPlD3pNH#`sNy=g#$P%jkV&mrD3UDaT$KQQD!G4gk|jm*=j&X!9IN4W6+V
zvDn|^%v1!RD`8di1w{-aVwGmJ&x{`t6T;@DhnW-;>iqL(Zeeio>0VKRz43=!%HlUv
z$cTC-pMjF%rvXxYCXIru$>9=RF?Fx#fIQKQledC|^3-gz-L8^%T$r5+bt?E8K6`!Q
z<U1LW7WzMlcPTt^KzcUXCu%5E0d~2AftkyZ%KpXhia9Omrg;AkM-JazivJdgOIP=e
z+@+h+TYk>cx&9?P+jr*i;|6!+><PV^bln7{B+7N{e?lLuH^HetgC?bP32b&uH>%_O
zJ<vo6ea^EoeLDX7yOtB2>#aT`6ANC>uYoyx|0`ljmj_)hSUct!tvYem>p-r}l3W8^
zPGZ54<F(X@<8_p=x{824OjpwDNF9`ISgd`#0$5ZMBh;z-f(<rgL(e-dm-lJwQMr?|
zC|Wslvh+>8DCyS>&UOujAIgU&3q3>sd8?J($e)J6@NXp_VqOu$ON!5!|KOMBjz_qy
zZ18wXr6V3CYtv(GPIHPm&7s}r*gYRP&7nU@eZPqk*`e_K9*-TOT3hS=gkw88%~8~Q
z<d~znZ2VE3&Dudnb$32pnUIpjI<bTgo)fEflt>&O?Evvuk9Zsgm8k1f8@jv9p*}T|
z@dif)#pj$>ew*K-_1Tr`8>c?Q+0}_p53hu})ZEaQ7dFR?Ot&J;SWwi;<2lb~2MTJi
zj8A-s#bNWX{OVJdqfzA9FbZXwO#_$&|1bJ5%1}zfe~fi6)8^l#9NDj-6*^Zr@iWQ|
zTcjLSf-j2*2B!Y^@Vbt&)6_x@V>juY1$%IMPfBUt|1>K#d`q^bL1Pl%q;jkjv@iO+
zgdhV^i8uWGB+76~v_$>*JC6;k>AT0h&6N+Gxy+iR8&-<(u&&kLa}MgH7ziU=Sl|!u
zuNUVZ=MFK?9^b0A!6F#+XV(rcK4j(h9TKO;xjEiRScgJ~ozMX#1H)vm3L6nrKN#CU
zM1GKZc%g43m55p(ka#zU|DtxL%-=k3IoT8ATnMJBqPL1=+|$8%<5>7;Y(xTHS9i~{
zT}?c#bEs#afpUXcPGjC+9LS|t9ykRD{2XM~ujsT9WYp$!!)5pvi<cT2v&8!hS|YWX
zl1joT(kC;Z+&uygi^olGftW7Ka=xeXB2{`@<koQo4Ym+S9S6&1LYjbb-j<gq6-9j(
zttW4Lna67HoU7`qe#mn4Jb#TccL<Mv$2{G{4qCV#cNsk0(vda|0i`a^ADFr6QDV(Z
z1vKaEg~wz{7}DxfrdSp)U`R{AkI99*)C)u(QS)b3%enuS(s(;e=oo4WMwECRB)k8O
zmi!9dHSf12h?dOB^s57T2nb=V)13NG_oe2UYq=+N5a#BR#Mmq5gLcO#OLMk{{O{ID
z6Dde=H7;-dt&Ge?bS?yfiI%u1=73LpePMf?+v7z8wh4-fdf|}HuO8locT3H7$0r*!
z%7xuB>u6-Z$|GaVeKRb!B3h{&sx5}O`*pO0icBeq=a#oz(C*W{UcaK^kAZ5K7?FF{
zObaOn<sN}=-pLk8K&%T2=^#N9GE)ZgZP~5SM5g_IV-yH4#WmZN0vV<bGCx`*YYFK`
zJaW51o$G#?8pA#nUpB!<S2AS2Vm49#EO%1$-`rV=78fZHW7H5l3o<YyDZJ}SDnq2G
zB0|N8e@%3iQL91$>Zf`-JB0S%!6wL}asRP8Rw#bR4LH1+hLat#Xs-hKRaPjn3?w@#
z#wOInKt$E5r<QMlVabjqenpX{#TIMwKlorF2~bhfGF5yz@Gi4WJ#JT9uLxRe;V7?!
z!?62!aPR}p!I+Q^82CEj;OhDLjb&8}2Xvg*Dq+wA4`bGEAtkU8N<KMQom8Vst{aQL
z4Q;{Ol)0@I_S)BOxd|d7zz&4XnSC+1h3e1W6>5TivYSP(?=#Q0cm`&9j>6w4PB)x(
z%bdr|X)=`xq)F&$S(Px=M70Jxk9;=h^Rt(9G0rYs(!WHzPnrS$rhH`+f;jMeF=8br
zBHsnAa2e^q@B?MRCp>eqSm@ZGw{R@b$?dlI?H3QFNojhCmbJ3>Ki5ulwYYk5?B+%>
z&+KV)A@%>JVemo{s_-rQDg6s9@g&gx1j~lH?cVyQdXMgKo?K?v`K+RCe;|KG3$rNZ
z9uplTDXcHSGSRl=H^&>5vyihQg;pa!mO*a4=kxI=oEL~^b~7!Sh0M&H5ubQMg(!!`
zb2miRzJVHFClOp~x7M@d336Y`+ao|LA$?b{rc@Vof{+F#B)1LoFnNxfQ8?gS^~)?t
z@j3{@a#cxSO6DVdrRlJ*3{-&GG4m+ibSK8unJP=T0jtYxh>ujI0mqUYxEouoidtB0
zdnpd(--j~hg*gHnJ?8y<JH-v35n@8E(V&vbT>>m(R^rGYx#mNx(x4F@kb^R3(;<+9
zQd)9TPRdD1jjcxnk%ZBF%#ucMn3*0V##H0%fw{x5hh87`l;_83&~Bt)>vHyXvM^da
z?i^p~SR?*9!8orhQFDZIwH)Zg&*0ptBWA%HP4T{C9!+8pfE7vQkJId|@)sfmF~zqg
zq|7_#KZ`ar2~2N|pyFt6Sxk4LE3_cHs;0P2YT`SK5V3M{O`B-cAFterO*9C?aPFD3
zLk08y3VMZey<)lJlK!37*($(KeX7P;r`+*es^{x1KAq$xc`#%r*ryw>Pk@hWms=n&
zTmy3_vn@+dYINL-%{a~HR7!E{Upww5pmPxxftG}Qk1>`2bxR2UukAM_&QFf}6LfHS
z@3~Gi%y4IV9uaTFUJ8PD$;nh<c)|nb6sMu!SXBZCLHGXj`uSx=QpC*trcc#-jUV#}
zi(VlZ+S7enB8iTNp&yC#HYHhb1byn~atq)``ro;~9t5-@7*Vn#>(-9rq{M4ez&ggU
zkt56~<&?*KT9>_JQ%v~P4HyCc$R#q3jJDx>j|?-K=tlIJnmI)8eZ97^;iGwN(((Ip
zs?o#(V<Eb1&^W7HoF!OU$c?O_akSAxqj+<ws@68Vk6YR%Mn2zP`)K*Oy!}t(NJmTd
zR}BupG~UypG3n8M^HxjyM-^?LA>EtGs+p(dtLpDSIRkdYXVV^hS4zh_R{6+`xk*K7
zll;83cHOp@)M^|J5u}}D8WmS<K|?#fKf1=CnvZJRMdctJBNS><SoREq)b36%v{_%b
zBCDcCrBz})1#fazwXHL`i2dfK8-B<Wh$FRjdD9MNnkhiFjn6v}D}Gy7RGGicTv%B?
z<2<-}+V2bsukg%oz$w~1wVL8}Z+QlX5cgQdXDX9!DK*%Sqg(waY`NKh{B_czL#Vfa
zAqtg;T2=NBjrDsaS2~_nRvpGKRBw?!1@Pr-#)4pdwhJG#3)2ggY0+O|obUlwM&+a%
zswE2EAQ}Zzx&lGDnf1^PyrVx$#10Hb%V11$K~INcB;;=0lblx;YOY792U+sW#~Ry)
zIK**2l5NXKyxP#cnf*m(Wiph0AqGK91fP;Zn%D1=WAfa7ix0`{yUNxXEbO9hU97&W
z6(6oL{t8>d3gokVB%KQnHu5IremZ&qI*PD~6`L_24+NzsB?c0r!{^Pl2~g_a^XLM!
z{)bV7TJ>Xz-T%3gweN+oX5v&JaGN-yFt~HfIgO@!pV=Jq<%y?e<Vo`}rtBmhsALeH
zsFslqA-g$vxwbpWbDI=lj61PLWp+P&nj;R#Jv7Fz3k>?Xd=unE3b7Ey-@}W9)mzuf
z&6?svoDzPNBRo{QjjU-(-DGuJ!mZT7c%39jPNX4!`&NubP^h<Q;zQ_$m8Rg&qg6>Q
zUj|cxFcc*YmfUvX>acoAO?luq%6qJHxoN}B9OwSZ#+#VEv9Wm*)A3YQSbFfjCZ;?K
ziPxZVzA2Y%lz24Eup0uC*T&q3U}C449H)g2z)42fg|DF^#dN<l+1Xw(3e}+pAu!hK
z6)^Yd>gDMYF;D&XNhpdHAf48KYSR5JK_mwb1ydVLD}qE<A+UlEgNNL&oJL7RS2riU
zQugK$fI+k}7TSV(BN0K)Hb1b-*dEHRAx#+uo)L?Xp?PouGplH7T6&#o-}AS_qUD25
zBnyQSbnv-hB(>Hl(>}$oCp>6UTdv!W>#i`O=>bnRit?_;p-FSW<S1z3bR@|=`(vko
zvk5s9q}ypMX@g1uqa!cC{EJ5N*|^o3;c18w-2;YQCk8>#u$j0^nEikrnpq#>t`z*O
z$&HWBB~T>-_xj$XbifFD9n6iZGu=&e(KXbu8|~P7lH?ss4y3FBocHe^LR(WI?_;1s
zU_C7;uLn|g=%38~?ue63`3v5uw2P^S_uE@LQRE^AXoqxhA>O=^B^TOc+9Xa6xo^`y
zqFwbGSflQJP#ptRex2~^49;5KXNnoaOoEk~<z^w)Hgf$u@RpBOz*Z58v-V{=f*AjY
zuy+cQtO2(+yNoQ`)n(i6a+ht}wr$(CZQHhOv&%L0o%6@cM9jrp<z;5<n~eRg=UEF+
zU4?goe5hiT)>~Oy7&FO6&_6`_95mP&+}Gz+w1po@RP`$y4p}|;fOy~nzQENcPl_HT
zsYgVh0lO#!*Yud?c*F?#(J}nqXjd;?w~ypef)Lg5MC9FE>!7nh$}Ni4s}pr2?9Fj6
zU3lI8T+5m=<n97qyaevMCo*7ku*I&|X)6FRE?~oCHR=}sw!os2M%aZS`aT>vfC0J)
zgg40XKR??V7dWk$iZ5gO?rnm3SVgRJv_i9#Q7M%!&ywPLKQT@W_52sKsIs*!dta0U
z1%dnr#9v)}M51PU6IN_@?Nii0S@Twad3Iv!V*hXje0qH}$%X1rW9c!(#fD#jJgYpX
z(tmxjg9miC3YCFEUtvPKdY{1Aq$}oWtaE$-wK@z)`0P<>+f))#PXgA#Nlg>wuq_Ph
zM~VZkKKOt&NzHN1#Jg3?WZf%a3aZn6-$wN@;d^M;FB5R)d3>pZp@|+|k2gnp_s+92
z)Rbl~j(#}T_sSB%Pkvo!AmpHA^SdySw>{ezAoJ|bzN@|73j_^_mYH7~V|B*rn><}+
zugisuTUUB20j#E1q&7T!60oqGuTxw;j4=n;1%r?HZW<MfkCPqGM0|bj1-v*G0w(&C
z!30u)J7U~SbZW04%-fnux4+YgfGA41-W<-O)th(BVj4%xVltmc&0+=zP~odw@Kfh~
zBUDX-Tl*1Ef|%~uc;lp224GKyRh1bjY&tHlg73A>6-w_i(*XhtavB3DQs3#rabmSb
zdW1e9F^S5*tcNJW*r%^gMzO6jbwS_t(`Z3;!YIWTp>mTnYZI?BL3WE5RV>RE$#NmI
zu3c!|1)5LIQK9B&NbE<%aNk^k4^R-b1K_JcV(mMs8~q~M+wlF<qB?)gX|9B5wv$7c
zL$i8PUpAs?#}|R>_nZ3^-Bc=*)HiT(!3!9C_dRX)JWu8on9T4?tk5~s^l81oR5Q2%
zeEOcECwMtsACD+Z!E6jd7!`8Z3RWQ(;(seklV1S|rjjvfr!}CYbbb~`PEtZusgb{c
z$Mh!#?L9YXW-geU{c2EC8FQNPwe|r&yEaDhVU>6K4Cr<p=&6-=y`$rKHNzLiOzET2
z>u1;&;EkBG!>BP%?NY_`>m);2`-j1aD|L4j3Sxrtx;Ak#)8qE>R7^J29ZalS@*4>;
zww;6E-tW06)vNU~aiY2oPeU2l8Ge#A8i}mW=IgS_r>A)1d~>Cpz&JPWkCSN4v~ZI*
z)U@!AH`C0g(-?6M_c#uAUW<Fg=-h($#Y{1oaq@`9v0cR0Z_uk4<4}`7?{y)~V~gcx
z1|)|Ynx1h8ry!YmC;)@=<@~a-XLGeSo4LavaPgCrb?%~OSs+U9*?v$v=7`r5$Y7s?
zI>hyUY1jR(Y@%_=YXW=sobE95_gCK8%^>{_yLJa}+*NS=25MhsRve))^)r1?hRX<S
zAKspAGgkr<jly~a2AcqwYsH4|L&=?Cx-3xY6TKCC60NgBT{y(PmN*BfJ1%d5(ioaK
zr`3`deaSh^c_JTD{E0RURgW`H68op5otx{r#h4zK>|bOhEf21>Xw&#ZCKRvykO}m&
zvXgapP6bf&kQ_^A-B`SpuW9)ADcZ^8f~e){wgy1>L1k}tEOCnBAkDwJ|GneKyvRE;
zk?F@DvcstWK3Cx#F4Ec5UoZu)O#-V=?mq-d09(?MmVqvh3l-zy#_md60wbRK1s~g=
zD?Z$>Gl<?#pZ`D}KRfX~KX-_{KPUyY5?d;sAs3@Z{?pWfv{%JjMxN-VxNLMJk7DoS
z&b;1jJNK^kK%E8McZwF;dURi#fw01(r=|Hk9pv2Q1j<J;A?9w0-#YD2bg#Fi;ZD9z
zU;?rQufGYHboa&<JQLxCoEY}<OHonv4_Snx?{oe#g*N%K8)%LiuLtt3F}}#&<gN|P
z5Wv{ahzipL%8<kZ{A2W&m-b&N8ECYKt#y-%_Gt~uQl<}3XDnPIz_^fq%uCV2_5H32
zR|G~1W1$A9bVGKYKV;Y9JENCmysw*;gjJ$%g`{AW_srg9-2OEIKM~^!3a($toqk=o
z|E0I&noz(Pv@-$j%!dXaPD$TWEXe}LY!d}IL*)Miz(OM~jj3Kmv0^mG<$cX;{EB_G
zS{YBAyRTNMr?MEyOWC8$ASX4nv`vcBtv3BU6nq_19YL{Rf8vrj5u%?oFOlDL?q!aZ
zw1A>${i&BgJj!wL74+HTK~h5Z&54;1(qs0PgGZ>V=5Q_DZfs-b39Li!uEm6Ow)>2~
ztj=Vj+Sp7rTBBxT9l^t$HlR0_e+=V$Olz(R!C=$A*z^SMMI%sC&PN+ePvL2g+48q4
z+!IsMRAo_)WD7JNNpg!kf6!uYSr+_~2X<*Mo@WSeP~UvmJ`WPvPDeth^u(LOqMCpt
zMX$w)?5)bW^p&8|h_%T>R5MjGwecEGLu9_hES6`Z;y_>#PfnjF%sGj5$9}A1m9NAC
z_Q``#lPuD-5@6I#3SsX%45Cl;`#T<Ym-(VkhVc*68U@Sj3YcJI8}fB2;sbH8DNcm5
zCJJMyGRi+$W5ZbiWW0zn{ph6?1JdcHdUtEh@p18SMgHAHo~;nIx3NmU^%6Ilvi%kD
zsbEtB51UbR%}byw3C`mby6IfYfA})fbT^^Gwd30pkn*i1`j5mM5s2*$_JQxtH=N&B
zLo|G0pD5l%I_@DvIrq)EqaGy@NOlyl{a!56WJ+oNsDpVdw{W-caL`O!xsSXuL-c?@
zOQYF8eAy%V#AUZL4v^7{AjEyJVE7)nt$)v+r1PjOZE6)#bXgp@$(Iv73zpR$*~+O6
zr0LQjjA~(@7L{F!+1tj<0C(RL!rZs4XU<T>bkYWKy?=(;toXGTU%8HhZY3;uet`|b
zkaHWkD%Z~`pmS?!<#<x;(4XdR{X04_)_M|u(+=$-B$RXVjY}_RzWofxR;=#RRy`LW
zu8ly{55y?sh&4?6Kt$d`1QO&JfnAXs0QA9<>v)C>a!zh&iv`Q>Rr4Ek2nJz*JJ%)P
z2@|J4!ECYA76-_kw1nX#cg0YSfwFDuy&BmJ6L+<mtF3u>eqlV`5n2PbMQB_%Qy59F
zPt5<@+v!fb#^W9|YKhJCvUOOH>wkfQe5dMdBEXDt8BsWp00jxaHM5Akfk>FUiUO16
zj$8*!FW5am1${ekFVP^bLW@4xDb{K$(<tIyAOuQ0rVZ&XN>xGRl@$`%P96KOK{toR
z^K=R9n%2LxLJXa2>X%*M4^$u>D4JiF^qu?mH&OV!&qwz0WnrYi==R|i+u?+pBPoYB
z9)52|Y!p>o;5hq44s}z(_ntG?1C)84eF=D7EQ<SYIb0A{=gFN`9D1b~5yi@yglv&O
zizu#lY*LwxrlIuJO7!{U6GcWn#krZZOyv=BW|q1u6t5s27bzz`co%wL*Q-T%U*OI1
z9nIJYr{P;3YIjXyA*;Lu_7~{8r^#U0jf(w4NKJHcbqiJO@>lEPIc?M1Pta7h^pCr#
zohr8Z0oV*|T!F8#B5wJm70awzB)uZ;n4?_9y}J_2Oum+-&hl{HP{$Zxa5w#InT-x&
z3wop080jzu`Sl~Q<uzj@h3SLmWRYXhqDFWTx9^rME<;^4W-;?hb2`kg{d|$5`AiX0
zbTTdMef3_$G@KQkDN+tE2-%(8>YOD79M^L#Xb5f(#-(fUs~K+i;7H!zh9Y*9wE-lY
z@J$PpH5=&oZHKIwxt7x*hlIqFwgo6QSDV<M3)JDueD>ES355<_n&d@r6HLby^O0Mh
zTWU9Ji9T37p`HIz`QdCA=|{76UrJKe=C2W*X^+3U(tDwsW6t{#<Q<sTj>J>iO??`)
zbZ<GlbnSA+$w*zM7Uf)Itc@3$sJgRI8H)X~M+%P?hgMgbVnb})Gb;Gmh00~Pucz|_
z2^pZN#<e2n`A2To0m{T;>yXoLV#`KJiM9u_+<ZOk=L^3OAsWhryhOz;<VasvhbH*H
z6*)ggem_bfjcCODJh+~yv=VN^fyIpZd>iZlEi)gO9`Zk%yVyX20m)d3c*~TfTBbp7
zoo+bOiq>vLJbO>mDASA`hcBxd_uB9OO2~%Oz^NhxfV~o34kg{Ci4-y`7Dm~lB+J^8
z=GBkluAxN31W#@g2NZ(ZIJu8*70X_eJ=el<Ql?Bugjxl&ocDDG;>`cOl_#~#oC(5?
zkQbSTaA(O_ZGh<>tuHGJZej*Ecz4z+@cr@dbKkBH)p{4B<AhB5+Qktfe>m3{9lB|q
zbK*29<WD>czfE#+{GweF&`es7{-{%!OcJS=biJu#)}lce(v-V$`;aiQ3&>V4Hr`FO
zQVOry0@@I_S@3gWt6T*N$)9i}s-m~0?Q(P;*qe4(H;X5Z5$c8@hM(;JPmwHEJw@>N
z<c7dihR5$iAZpg_8A43nz#A|XRGqx##M{BU$8mK19kN2j{>#AaS&uJx)}DC=ZBJ!W
za2L;qsY1<I^ZBN_X&t}|o=)BB|G~H{^7oN4+6GTY(XPkz_Rd9)hBPL^Jg&i3jwae@
z$0PZ3uRtA-w-odzy>-T1lZ#-?OTZu!XI7#s?wJGO+*L_hlS)sPyOjx?N=`sAd}o%w
zKv{n~KoORfYkWq+Sz5CYjvIU@k$P-rFOPKlp9q{@C8Pu=o05fXSmBU?pBD3ih$7<N
z9ev#wTbCim1gZKqS0&4m>J2wQwlflWv1`qC=*97TNIGUa+RZ8EZl)~fL+HF#_c?-f
zmX7^{uJ$>PvX~#5F{Bgs-g$I`;07YpAkHYuveFx$PO%ID-j>GbJti>A<QNE#c%+Lp
z6uU1t<Fc~2$x4ve<$^gINo{;InAFNRij)biOUi`IGNM1;lzS$k-(=jDWTC%2P5OhQ
zL->igys|71HN!ltGm%2!c`+ae;@Rdr=Or)a72gef+`$KH=PgXDGXhAvUA7op6;B?H
zTZ9QqO@c7_q%ZQiY!Y1>%sbNfZfo>iwDTOtWITVwP;YmfHCq%5#91#l5CgrfKW6d5
z%(4GkK}=PF7)b#wc+2$k5t_zln>zX66^Qo2R|ALi9}>&BlmfV^-sj7485@)ARf?Z(
zubZ<P#;YfqCue+_{=^>&wh>X2lAc?IKC+ps$e{(cMQj-1&+5IHD2Q>$3u*n<vC1qt
zDf4F=syKm)A<$;P=>m)l<eGcWfC7L^R4n+1xEiUA$7~sNiT<^M?EDK-+jXYKuW|k1
zDsN!hE0rt6Y&+&W&W3wFt3Va^mG0{A%3ee?g~d{k4mTU;i<MIFlQZr|aBZV{EU9%`
z5_8ysj9Cq;5jvUM9||Ltm4@mTm_=M{R%SBO)fdU^kK%Kidj{fTO<m)sqVgjJJ%3tS
zy21rmd#ZYTx`1f)HwJo)3_za9ehFBJ<dA^-<=kSdsl1rUsL9Iuc({=bTbW6|<6{*(
z*+J8ev^poe=(fgQrmmY{oOwWM7ufG9U8t)BrPC5ONHzxV;EyNTtu{$+@HWr6`9Hd8
z!Dw5w0X<bn-^a_7RtOv2U%Drpp*yanYv(o4!`I_tyN68*!S?CBPpTpASk(Njg^AxN
zZCNK0!@=`wB5&)Dh^S)|U3e!1x61^Ro_x_0pMO973e_aKJ7;a={dpZ(1OZvscxB)2
zil1s`){;uz8!G?QWHwZ%TBh$-MW3|s%Xt9g*cFfL*Bn=eB3QD~ADx&BgR1Dz9IC(S
zdeh+E*)I=jV+MGU-fsnK5f_LaKsdZd^l(D#aE8sSPem<3yhXifQw~(ILrih<?Lv*K
zj6(_A8OH&tot37gk}QU#d-;h#HM;I}!XePVLCjl8ymEAF*Y)0km}HNgTDhc;5FRd3
zQ`m2_Lyvr-jzZlS#*u7B1a88F#v#OUc*t#&pTN?a{My2V&mO_;neRHFD+QmNY;lkH
z?Iv80dBnVS3@lj#`GVu&8ez?h-x;>8EVb4Dh+fpgIVf1fq3u|BX3qTQZ_6KdWJ}*y
z>{E;1Wyov!r9C&k_V<`fu!p*a88Tl0Us<E82_>s?N6uAtSK_G9f5&ck`WYV;%=YCS
zMZDtRW|g`%>QEFisM!77iP%+nU6{jbHP8Yrk=`Ki01DKW*B+_*EG=+41Bc4UjL-`x
zBP$Ha&0y47#{cz33<J=F44#nH5QniE=jWV0mNEuxa+;*&H`YOJP9kz<|48OU<V2tF
z4-WSD5K8#0FwnO#7(+m7C>Jlz@#ffw3N{R3Xi<cTu469sKe2a>OBtaK24(9iZ94s-
zg-x|dLFYUyP8eNDZJVMQLz6pUUHQ!4tW&0MC9Q7PBL5SU6wjYy8ROLAfsOY2;MDmd
zbjnJ!fln93V`lCmSnguEQ{N@=Z5XQ5BSPHgg?aIvRNs<P`;ryCA#PPKAD9A<?W<30
zPWaEg;s*@}bZ^o_poywDcB2<|2coB#=_?0Rl*(im)-K?BE!9I>f(=so_t*hI1tN+y
zvoLHWR8vGSVR|a0jWvF!|2`%!FOLs0PUtfAZ!cVficRuysIli9tHFZWL4$TbSYW*y
zCm8IoHiizwT=V?1zpfV`cb(if)rX=#I7|TOBJ4E7JG}NV^cI9iRmH%(gW6NmFg-$2
z!vl(z(W-`M!Sdd4Ik(k&vAft()11DtPNpMgwU#yWG)!EgHHcHMFQ<sBL)P&w!I=by
z@8FP=q{uHe*)Iv8!jyCJ8jymtRORa=@Pv`sCX6sfDe*$Z05gdl36Wv%L_b#uXhBJi
zuA6i1W0uP?2IDiJ*TYHLtMf{(CUPoW-%e&lg0XN2vU|KJXV9$~t&>%tlF{3Krwz}*
zxKK~_1H#u$Lx(=HMqbwq`qnM>&2LV{?ps<wi8**q#~Zm?s~)iPaO2aEBn&W|$rHI_
zU;IgQLa=@k9l<D%C@dO)h$EJ$u*6sdRwHU@8-Cn6`NA8o?ZpE-%PrNANfuWg46)CE
zp7dY6x1a3BsHkjIb{G*$?4AjqCa?G(wxKSj07YQe{BQb8Mz{b9Gv}n=t380?I&s{b
zs9)(7J7ciEwD#j>U$866DxsZ~DPf_IdxFLGFFFN&fM>}0V937?ewh3^TdFpDCJ(E3
zz|rWooxTTPmG)NF>Q4iBIjkJUc3uw`OM^0m_yczn+Jb)<1FLwFqd|??m2!2@{~QOs
z2)**oxUuDQ7BncRqz)e11&JL}Yw971!aZl>aC_<@2^+05xs8|DM+Zega%@8u@$@nv
zhk5y5Gg~VoY(zU&F7L!lS}a<Qd#egJJSXOg_@*(cNq5ohT;>Epsi}T;QfOAX?nyOG
zGPkbT`B$IGM8|Y5>on=G+oQzO${V`k%wcl!#z)K&(j@MJ<Kre&z9rM3wwvOH81fSw
z6RdH0JUK%;l8f{gNHxQs*nj|4+8fEHw-21c(U#+*>PEnQo@POYxF{nvIR1G&hv|&_
zX5>55#yEI1!J7zg(-{+PoEftoa(J!xeYXQLc>|6;2L;!*8mV=&L)pH-Jf=YNYvd@5
zVm}TPSF|YNnnic4kA9)?q|^|b2&kH5iwu!3qS`%F3-|M4U+4qE>+$3C38+?c3HjV5
zLMFjtRuudPQk|XITn821O2Mz%<N<UwY+%&X?QuT|zt_k_B$Jr@?%Lns_r2Y%Q%t!<
z+2+XRt@t;Wl2pLY-WGLlXP^zAcEq;Zq{1v&|7gxN4KAo;BKD(xWI-vOS%sa20GzZf
zHT;YHBLMkq9Cauz6~(w;=}gvMbdPs*$$fgdEm`ToVwt&8e_hDAs8AFG{uUw#p#uh*
zHo$)(_x5BgS2xwQ1*I88=kGHcJVaI>VvatoUAWx%uMOE1%A7CpBDCDYl}~yIW5!Iq
zuL`V6I@*xl54a1i${M;pJ+F|b4g8QNe3*-eUz!uQ8{C>i(x0K7Qm4z2UCg5|yw*5m
z89~SOq9b!Xo`UjYfds7Raj2B;axcubjqs(~m1fQTYj!Na#Q`CF>n&gd@`S4!AWn~V
z4G_Oun$FQC^CjYM=XIzDq8&Gt&F3E2>L;9%NsJbKWJCq-iTe`lM<c&@aCh+fD|}?w
zwA#av{)m@nNpUJN3EH7AD`O5$7_C;e&{|GI*;t@<`Ijhrw*(-d6)ZmAXvl9|Jn(RG
zZISGl41|SQ5xsw~s?{S~WhMg;8wa-mCQB4$k?*#}q!L%=^(J;J;%}01<le&i%B~|<
zr_uSJ1esdv5|ob7>H8~dJE`;$Q9d22^{164+rqCvN}^`II>Og5hMfi%;CFf+dd;L&
zqr&Xs+-|c=5peySi|7d~f)P#E<Nsh;6_O_zbB^JcaqLR|G{F=F{Zt&~0nmo5bttZb
z^U#hdA-!&(a{7y3DSf24C`}LY#t8Yau^Jx>Hloq~RTkK@z_E3$bske{uS!(@Fc*4z
zzw<~6K<k*GY(;l(sgrvVcln@bOzIC5Td^nA9IG7N0;yWj2dG<-PQ!9SVc9I2K+E|u
z1-`ZZFq<I{yM$s8IWL$Uc47fjPezOV!`waCenDnkb4>Ar7ckU|f*o|};D^A*GU2M*
zN43n2`~5`3ya<L&DnuUtN8S-Kix9wee4b1Kh$rPV>-QlHS!rhQDPQ-?A8D~PLpWj1
z0NW&apA4UB(Pw~$IJgVzk@URZLsaK*YyploFZM1e{Cx<OKtZOxpND=|Rg;-it&EvT
zEe<>6m1(vVKO@?_ZPGAjAlQmk$Jf%k=#u!+3@YQ}gy&JQYw9m>+g%kUun!7az1x6^
zg&0+Z%6LA&%gl(fY+9Yb!L<~h-ls$P2*?utWPYNR*6!)LjrQe*JnK=K-${Cs3QR%=
zS?9>e3#yNc96f=j3JBu7$Y|*1xY)=Uc{5gS(#Kpq#0F8!C&3=@>6b@M#&jb~7kE(M
z>`*Ht5)+Yacrz2U5IKpjE}3YQ)2FOFEIDY1Xi;7~{}0cr6T&op<pZb%?`L%C*MGeS
ztfDT@WJ1fXsx$!KJcdHviJVE$p%N-)HKoF5=5JA~XXSgrhf?ys*O;<dyQ_!?Y?GCv
z=z0@rGPth*Lcew}w@aPgcn`+e8d3!(Hi<HZCspc0SOQPleH{}<zzQeST74Zw0spem
zcs>8LN6~Z$K~43znlN7JC8b`<D(a-ij`o+S2q~>KyC&L|=feucUN;xr{|2lLN>anu
zvsvnsr98;+LJnBAqj!7#A572nAH)A(dU@)s$?-G}mwv0A**-gRUsu7r9@6Km8sQ1;
zKYw!v%wMR5)(U(-m<)l4p!t&0iaqUo_jiypJpW8tiHj#EFR$FSXxYC*>PO6DBXSSM
zhv&o5%l88_+0s|eFX&`wA=A;|%{GJ5m6;?cL4%l<d9p<7%U>>8gB3?-VpLzWj3E0U
zKaExRp`P}@gp2rTSjkif+r%n=o;F@u+9EXlM^f(gt+h{e<ia|LTeD5_LFqIT$GRpJ
z1v=w_oi^OqVqYu$qt=Z&egk{r8S?cLntC1Qa?|*fjlK4w5N7qdDsY1WSGuVssr@p!
zTb2nN7;(Iou>r+IzrA9;kle?JwqO$MhH}WL30z`q_k0Jd*bpU;yTh6LqfFVLs{d9i
zHfLG9<dVGN3c>Iv<0TyonJHo84Bi=>&2py7N(WptW+TEOxdK6I!`Y^f*WycaTTf%*
zH=~vLI3>Uak&om2mo(U)Mwa^vf*3$yE(Y-6*__4=BR{EO@Cu4n!n-3c)arf`dGdBg
zv+G!i1<lE57adK<%~@RelE{os>R|@A@&bCdbgB-H5~iEx38Qx}v6lo<Ev7^G2D4;B
zO<IF^3y(B!HMcac^L^d<N#2pcL4IQ2VoQ~HSk7U#e!MoasN^04e>%Dz(yyektwOq_
zaV)CpFK>rFwr=<r^w0rHGlm=V-N$s^HiR724(Sx$n=rBK-^Q#dZd^t!Z<H-fRgu-f
zYr_8m>7RuVTvD{14f_Axjv4)ns<jfIeUmJ4Kn?L7SbzG%qyNrYbR#QeY?Yo{Zjd?`
z(3u(xOQRbE|BCq{phy~2mVqIFuc`+eRT<ltS+q?oGAaw4W$==HA$ukx4jvCpAIFT@
zFBZNLU~Z)aa@4v3J!;#;GIUUQSUe&&_G3%P+i%aHU6@fYU&a#g!f~Y23=xd{$QiK*
z+C-uN?1*b5iy_>LCND~Uuu|elFNEcW2vs+Zbs_aiVSqED-d*n;szzvKZD_gb1#7CX
z!XrxbjsZ##VB*Hz87JAs;Dj|ao?fIkEzH1KPo^vrS>`Iygqs4r{u;4K+B4abgTK<C
zap(Z!s(6H9{pZI-I&aSiGOdeD(Lbmk_b{zF0*$5I;}^SsIbaFYL}7TSc(Z0%Bw4h=
zKO2MN$e>`*v;Il^u#^ZIV+eY)1gG;D+clD}YGUj=Ao@Zi!#ZVp-ES)wP^W%do2wcn
zzL2`+%D~FeXlSoX66TTiI@Nije$Uyf7NJfYdi+VpyS+Hwc{y>2c<_9bHg;o!COEio
zj+Asd;(@HWl+uWUH)zMhXRaIkpJa2Ls={oPezj%(ldnb1sY0<D8kt^N$#tdT<)YdR
zk5NNZ@r(qt-47QJY2LZ9r%mRzTJZ9NobMn?_{Zcgw9)mIW*9!uc@#&#&cE3{tv2&%
z<4EZzPsUDTap-i;Y-o7wpY1#+j6B-dts@GMM+XsiO)L?^6cbr3p>Tp~=}{0Uke;7j
zqKKlkxr5A4QR>dhpFDCxB~>FeMBK~P-a_lVahK2m1m|hX>qSHT*s?3<?l#2q@VqA8
zDW(S+R@RGySboQ>D^gL|+|^j{^*7x^{>}BWZ2m(y(v-NRxW}yE2f$D`lR3B`f0-iV
zLkHE)oYmnjpgl7-jKyo79gqo%7vVyKpM+>nY@#)?n%K;;?)>K;Cy`uCj<}J}4?B_-
zMoXNWpryY>!<uyhP9BH8v4;_2fD`??u#2%!_&Xf;!n8!MQfjGX_)IYI{COGvfTWqt
z$mPkB2$*j?11K{m^G~6j0Y?WZvejeNDGTLl!&kg;KBRmHTIz(So<kl;LdE!}v~Ay4
zWrz`0Scm4dhRkoYrsl)z=0>CmZJpZZyUCp)u>*ba!nD7P%`Iq^@JlK1sgU}gkLPdm
zF$d)R1J3+!$#{oDPvfDc3jISzO2Wr>><M*{Z45jlYrH$)t`c8=s4o>!)q*H&cVi=Z
zjTxRs)MaRZo-`47ELU+&23%M@O$K%#@Q`voTlO@HN~;8&I*hE|D?7q1&XkoejBh_O
zfQ_t*lLVk}?eH8GtRIr$bT%BXEUxbS>R`5=sLbeo?Ssg?lIZm+Y@ErqDslA5=aAeY
z(UaSN*}#_PSucF#XC1;NKQ&*~yD()yWw5@hp>SZEn-A%S%b1cmPir`n$f$Bbq;;1&
zZ@Ri4{cHs|=b)P?x}7E4h86e42SH?-?||ilHA*_N($mSuoFJQY!L!`UDjS*Fq>|m8
zyTg47Q)r%V07LAMK>$)PnnCl7@y*^1zN%2ho34r51f57eY$Je&rCd1pHo$fdTop$O
zs=Gi(3a(jV&czPvqT}`>eahFO<6wHhgbN)JH5G>B+_BwEYPO-_hd@$pw)SYfs^MHX
zHkHh`J3OoGq`|8kGFM|D;b1=@ubZ^SYbCy-2CMP`H=lQBVYmFG)m(I|^BU1qmn-Jw
zd=X)_f7>5tsVCY#V7fwJPS#5F13cL|e7V#KELm4#sgtS4Dk*^-a}y6bCERrX4lj@V
z2fKc?g{y<ydp3)oWPP=ZWE_bu9A=~GD};9${J(iu+a53LcEwybgumoaZ}kHS8{kO7
z5H<|HkGIu&jk1F!_7DlN!fX(lu|iY8lHNgX_W|^lxVFb2W@?~ubpD`=u^1%37W}3{
zQ#3V5IWTfXMm<d3{iv#K%y9prjXnY++HN<SZF!#x+R&ex`j%cw(v}unmFccXZcN<1
zO2NzR>$n)c(F&XBIk*YFjQIO+ij!@2LldZ?E;n)<pdUpy6(}Zb=4N576vpMM!hL4{
zx)C04h$+IV@*=N~To7NiPtuSfyYnq0{yDGfr3&<~uat5*3Bj*Pdx&H1)n_aJuFt3}
zDekloeThSC5o6!Rfc1$*;lC4$SpZfkN_Cg!!U`9?&gFz9Gt?3(cCwN*B~Klk^4(yo
z$!B8N`O*w4<V&f$h+?T*S9g!*Rd8Texp^aDSFt%c-}<^Nsc2zzTU9)_E1k+?4Oz!3
zxsu(`&Sh07%kN)vYN{celnRP(i*nH&qNyFcd_DuL1^_lY*ZxiYz3i<@d!1-S{A08t
zb_P3)^|3Cb1a>6o>YwGJth}0Gj*$Gon#IMdQ3h7}+NX9Pq{xTNi+?g<4X0{Li#%=A
z-zIqpBIx_`h9G%qG5Tx!wmFk~QG}0%Y#+qzaL}K_5tOw_N9~S;C8-nJ6jkZb+jdyU
z-%X=)f>M(Pn5g(DGF@HNJACHNcAShYY5H<N_>1IQgmP2~82cp(!U%K)F|J-UhdxFD
zOqwQYqeA;;99f$j5Kaj#%^~!8gETr<l%Ra(2rXT*>j>?Gm*p?V)C|KZ0hA)Y&__lj
zO;10O!2r$6wFC`$zy}s<&)if8h_LI2#a3zJ?gIyb{ufiwV$-R{t+hu-@p?K$zSpNO
z1nu3cHK2i3O|KvqTL=-VQiI&AI;-*hfb_uFKWo-8?CK0Z0u?w!-x=Zndhu-I6-f{n
z?UoKlr$v)u=kK;ntTdEaY8!2$D9i{0B>D;Me}W>WI%1mI9%Y-c8Lfgo!pY865286t
z&Y2*$5b?qFIRWxxodM~LFF3fklw@Ty_%h-Sct<|<4HMJT#TL-R+%R(D+1XF!@3Ng&
z);!#4UnIamV!;UEU76toTOt|I^1}Z>)XBF~{n%+plY5hrHq?F<bOkV4&6?-4NkbGR
zY}>oIp5-&mEc})_npV>;O^u8a4*7H*TD)vQ?}s}K4ffmU`FF#e<xwY>aUTLj4`D=c
zS{s5kx?wCpP%gr-*WpA<@e%a<o1@&M$C7X!^D7aKdcSWG(Ht&I4McId-cIyHdAzTx
zVkaT?3xu4%HZ5GiMLpAl{&A-O(;IhM)N>A2NG{DCvzw+IO-rqwi4<cj&|92lQH_dh
zhpl>i@SpUNFkI~RTiG{fHB-VxBoPYXH7_7@eEPQTda!@icYwt00DBimbwc0YLn~Cv
zj}1ZJ3F@gC%*|mqV}7<TG>ao`*!KE(R=;m9tQT4X(s=e5)93^a8$b#*HAC>DfEYk3
zQh;FbeTGaJK(8%dG;m(AYs8aq*tA!JKKk!4qi0IB{12FLa^}9+c@O+vU>xQ;Xz-uu
zOWtU#IK7@wuhcZi{}pgZd|oK^PafWPb|qnoW1r|D#{hc;Q6&(F(2Rios$MEy1DVST
z26Eh<UfDCyR*mFDNs7-zu0Fsim$1zYIKWxY`8>pt%rYUCW-(XpPt2gi0AA0HVCJ5l
zK*v(Msa9Q8_bIV$l(rC&I|NJ*4-I7qd<vxz`OZ{xiF+dj6wai#g$r|QG^HF+Oa7x_
zp)1;69OJpE!C{9hxy7RG*hOMZ>f;LUQQC}|)i)J7cRA1-<X@cswcJ7*vVt|DjyzyK
zu=E*K^x*vw-h6`)MIK#4e>Ev#t!-@i1HmU(v+VV{wm4PnQjKbL<d&7Jy90bUP2^%}
z+uazz5(2wL9LULf8h7%UOO)4Zg)-j_XOb(u9)1qd6u!77T_ovV;0tr*OK86<NxE`s
z&!X_-GG2inpc?hJKY&{2@$hu5L;eSU=jnm=sZ_<jY}B~#HNnLo_#-WIFHy=op*5TD
zNg$AC$vkg9rj!TU8zU+Ia6f|Od66hZAEYDKFAu#0kjkUvhF&1l1UmoAC&kg_@0($O
zz?5TdINRpCoEQapH#`XerzGc13uGo%KrOyPd8`_2O}|GA9YMy7iXlcz>-bY{OzT(>
zLee@L)djazTkE;kprJ|2Ud>0x%eJs}aA4cMCXXY1qXz|7a>F9sGNv0@U&PPUVAz7z
zAOxnhV-B<kv3v$fyQArvUQItVe}I7yQxbZ?@8q@Tr~TspPR{h%^~5ZTr}47JeNCvZ
z+_%eoV*o<F-!P5KtxRP5kWej8gS@V}BXGsnX!w_k_reznU-Wu1d4E*v2Yf%Yt{K~c
z6G|1RDk+C7Xch<9qy9(9S8*8Lm+%Kt5UGW5;+`iuIF&BsP0K&<BD=V1_j1bbZrp5B
zXe=^ZaDUbe=K;Pc(cDGx=}z}w%|xIO>AN_+{d;oox|WcMoiY%H*fx$AK4&nEwV`EX
zD$S6k?~-0{rm#*A!|XE6+SPmK?Vd}C898E<$xc_eJks|4nGOFPTB}R$NplHdu78F~
z2@pwT(}dNR!_Bq^hwJDF@;WY9Sad*pMl!vyRrdqi>^D43e!V^Ts(n3?U9cVeG$t8;
z(@hR1SD)uNsesMmV;2MGY$*attH+TrmLo-stddiVbui&P-}E_4>E5^KS9r!t8nF1C
zM1uA6tj5F**fInP^~SKlLz`_`1f+po)MvZOO(wKBO##(ZwEc^81x$gp&X}1^=CH-8
zE&||RI!R};Wn_r&q6&fr80b&L?@V_!qc_n(Y{Y0IRZf`8*<WwvU}H#UM-@&*es=`T
zM?{LYQ)gjzFhW<*2nYB_Sxv++TZE#9dETYey+~Czd075*WhzRbycP*-cx@rsi%8fs
zBX+R+Zo1Wd@s$#dm9Y!QuGjgic>_*xD;%09wpu1STzyW7@i9nAR>40)EhGARFSfp5
zOvB@RUNnT@T=WGDDW^svB7-sG*vAl~bgg7sRJaOnSq+JOU!pfrY^R82pLYb&xR1U2
zqccuEI48D2_D7C#-y}XngHB_gcOS(EFg?b2KxXvuT7DO!#TUE&Zm1s-cr*sHXFaYL
z+L>VV^}Is!?vv$mEkDnfPjF!a7M@op25>gceRi-Wb}wPfl(ApwD9^vONg4LM)J;GM
zn3+Ms8@=y8VBXec3(0AJs=B#WUICo29+<u4hRBlNPuuy`CdVe!kP7fgRxD~&A`X$w
znZsl8wVX6LCALFQkw9nvs;vqbBnfe-e2-@PWJFV+_mZi=F;^V#l96+MQ%fXH)Uz0Z
zcitzfQfM8XKUF8VHU)kIyJ-*W(F-%d9kX;87?$kW4#wy?ASu}?1(v_fu^=3H^BWxa
zm;0`!)UEgWnng^1d8=Hgz2#X}D);64e7lap8n$gn|ND(kH*zB*6WwB+*e$15AxtD~
zvIYEFDG0kw2bNum*<k3k*l#}3EO7Y8Z5Is3Vh={Q7!~zL2N_-6mSKM5xH(o(Nw;}b
zr82aNYQI3z0NdZJrf6*x2X4o4hr}GxQ6aFgZeO12j}kF3(kH{ZE7NcLHk7t~T1@ao
z+e?;Ht*SNgA#A*ddKEszRfLR@`koj>r$DL0kTj|;AObTkH2Cuc^ZxU~Q!}NKsuA)z
zGx3|i66C`SXUf?{@gc5@S~Zkdff?*T!GhZqpk2q_G(2GC+WxR0s-Fldv`@Fc!JYeI
zo>YZokdwGy#o-A(soDtan(96Cu+<aT*ML4#HBIQbr_+LlFq7l`;YK@N7$B=x1{Z}g
zl`4WFfinL3&hC>_Jo57aHk_mGSEuvE>)e2;3?;S0iE**W^Si@Z?2D3vGS9a?E0U)+
zu*&da&A1v5Z$Feiu37~4E=pWv$2;;M`Xljj$ORP;^ue*0w#ZFOsS^2!2DenrX19i{
zDVZ1%w*H^^VUX`W{j=X?PwVqs)w#TgN6L9g*|77oxpnGhEYvpCFs_9BZj)|`^#AL9
z9I?|;S=bj~-eDg?@%q=Cril4+4m4{vy*{*yttc?o-vJegRsACl?=V;wBCUc}R0EL5
zDlkcRDLupZcQ;*XltSref*K5KCP_;ym;YX_<07Nt&4FC;jGqJAhg*QOJCvv|3TDq$
zelZ4)NKa$TdO`GulJ+<y10!iXAj9Q5`%n8=FC<eN$gCr1-zhpP;Ge27cnerZtLMhD
zi}`Eq$i0EQR))_O=oKJC(xgh0LNGm_%1S=2)hGkabc=o^RLcaI!&41uHpE=#d-skh
ztTv&FC34e&9BXK*!ccc>E=-dP{}s>--h>osf;qifZ}T~YeY)`1Az(WT@|oew7M+ag
z#{kh(*sdDzBYHeOJhi;o4q0Yp2t2b!VRE{-8KVr2IMu>zhzYw{Tuaad23|6yx0g=#
z*4{GCNuOfG8a5htknc>`$CWUk7?Rj;r%`-wIL+z!|0p1bzf-Vh(JPESFDzXivVs*|
zIR`#;Q~n{)VFe9`zfG%CFJ=lCY1qNLC{aq$^Gh#!(Je;FytW|)M^WV%DPl{bRPQ!E
zq1v*IF+$1bygS$aG>Es`Fnq7ZSO*YCqtUzAL+}@gXBvho>k;43G(rWZ;RB7e;X@UZ
zi^D@~S>*20vGNP@C(?=jx(r`@8|)hkt?lUOK<v{>jKu?Ehyi(6dK-2V%^J|5ys_|G
zv31hyOFU4J<^-Y6NR`7$?ol=Vmx;3tRy9O($Iz{ori9`ew~fkcg-*U}y319MFc(|B
zSxd!sIS%{nHV*6HeF9_1L51_s@L~$$G$d$_Wh>G#$NcxtTzyM{UGLBb1q<AUEbAh!
zWr?jVbjWlYXV5@5qNZnNe_o|6{W1%=<mn^qIx*M3#nQFJ&tLPF9RWpC%0GQ20CEqk
z0?hZ9(G1xW^8gz)j7eJuCmYSK>6K9r{GfkZ+Zg=T*uii=#XtiKWcy*S8%IZLU`Wl>
z*~59WPSk3^wn6U_>M(W}ey%NW^)P;$3O?mrhQNfrWWN5MJfkTA;^A-F?(mTMdn9(6
zrPs^Rg!F5wV4SPi$*~LI7H2{te`T&UB!)0?uPC@A_BV8o$%Y|-%_ikN3#sW}mj~ME
zll<n6TVTw_OEKullh%k@;vUB6ow{x{`Og##1$C=N6s<pLG@SEn3<mZ6eKgFtdv3Kc
z6v%r<UiK8Z0+G+0>NVs{wbA~P(C$j=_?FS$W3bYR1m+w4Ds=zX?*d&q%TRLRDM3e{
zoy&GAE4Wcrc%;`%(xmO}H;-DZAl?O(bLOk)4dV30nUwC`curj!z&u);dP~pu_UStj
znTf^j24glTbw>ERo-27$+AmSq>=zla`P8kUL$^<*^Ocb|2J{y=+yAZKbU*y3-y9Q)
z0pw_^3WB&r({GUn6OzCqNHn2Vj}Eol>E@Ln4_wRE!2KbmfddL4LQ_m(+E2l*fF=Tc
zAz|EcfuqkA*r%^b8Wpm5i<nyW*EEJx>!oa6b>jAR(Sg`hm*`r6-h)m;F1Vo+*ulwJ
zB$h=~r;kA!Q!PX^T5>EGobPp=k%@>GiZUDa9pu_b2?hQdiF8d!9npJ#@>4ADey7+W
zqy;L%w)R`l6WZIp!*n2`v1hZ*6m+0epcpII(2LNF`pOV!X=#DwXoUQsy&9h>cIf<K
zq}WkHq8l94)2b7{M4h69E7z*zupjEr6<kYFe1w&*y#mFwA|f2}@%{Ua$e>TfW!jK;
z5~K~ZNU_!YJ4$fBfU=bR35du)FwL37bUzV?p9e5+2Gaqt1?A*lvPZAVR#pw9&wDJ5
z(z?An42GBjREzBW{-NRf86MZ!Z#Ma;U1m{%ZqHO%sikby8Z}2-f;Ig9t_m5jFMnK*
zYzz}rC7EQKKY=grM1w8{z<JHVoc)X6;NJal(NH1-QP3=uEmFb?@Zc&>@pR)LnN%=}
zz^eUgzV~sPFhMdlq>maF;N0uB%Sf(1f^vyTx>)R>q*!aJ-w|ZGT{ntW*CoMhbM?yX
z0i%c#x`l&?s=`Pxq2NpY5z8flU_K}e3z_V$=R&h^nah(Ja1tvN@BK4>gh>Qnos%=F
z3eg+6`amW$sue+>6kIp(B>4}ValLNatx2D2vz<GUKteSUDFCtF10(_+SN3XloE&@O
zuXPNS+26sGm2ZKz2Gc%)dh=u1*!B8<Lk6uq1!nO)&el-VG<|I(A8DIN*3{*ns$}D{
zZ`+0Q9w&dSR$XQ4Xdd@#s|K3kHon4YtK^vSzD?0f0)3XQ8nOec;RVhJ2PKO3%9N&1
zcq%`C+2pdd^5D4Ql8*FUHT3<BVp(7$TgXVZ>3Dh<ym_vz;Ky!+aqiFv<0B3$J94U^
zUU%cZ{utwqwn-nRvwRWVR)+FMagKJREMTmuOW77xD8f5HqJF6U9F_5>I08PoZ^CHM
z`-=?C5@u3WSVn(^pL=&~ybV$J2KdX-@tw19y;J|mbIQ5g^x;4x*-AJKcrx}!K%+j^
z=YZHum&6vusc#&1Uc<Swqy4pnX=AwK66|`Tvx6{W)mr7kR|Dy697+YlFUOATbAY_&
z$fK!Z8EHh4aNj%;FgNR%OsHbX`NF}19!P2tl0=dI#S%r7;FuN^_JPYQ53bybT0y+e
z-jPFO(`e_9co|{Tj^Ih+?veWp(gfyTWO;(~i>=6wg2gO-C=^txZ@}Y!?I9{v@x$l@
zP8bg{miGZC+Y3=GmG$3av2DD=k}9&krq`@~n(ebxY5uVI0JkN=^Fl>n5mUPA$E+p_
zLJRbGJ)GFOY`)KIie`7Xq1wkHHu!;6VT56<gcitN)tlDKg8Yh_SpbzQHa5Cs0c2#o
z2CPG)QSTQ9<-xi_w;ouNtI@Q)=KXU9BVz?|qjBCYHaD~aS~Ke0wb;ZEM^!R7eTGw#
z=0BLzXA>z;?b=W+wuoym(~kgN-f2GX3BG3efV-cLesmdUqM;(#MLkQ*PNXmU;fzTW
zW=^<+C723x${4O2C?gwBn5^jH7w5q~w(yV3qlc3n?l1R+hEQm!12??99!MAAlW@Z=
z7pnU@a319$Y6!ux{-G(~8$Xs2!~^1&shlqDmBX+`+M8fih@%Wc)RA)-k0%M+U>=iI
z3!iS?fo<u=SupWBT%||lt?TIf_1b*6I!6$nNIYaWcG0tLr;>EusLn>;Qn*f;*(0*+
z4HfFdJshV0M<aT%A%70Md;F23nq!@|Z|Rm1Z4XPNOU<%O_ynSUH6t6g<B38(jUe_n
zw{Z!af~K7xfMSx3vVUCNwhZhz%{YUlEwB8-UTu4&5K#olugT!&c&E^^CE0*16L|zl
zNpKO;d*N+NFCw}@l|jjJm7(%uBeYjn&O6*%wnEVXbJj8O$lWAF=Y54)+MkLR)@5dO
z@^9+hP5sYadV;y`p9Va?X1Xjirp-s7CErUW{PTF%U-I8@rnxD;qi?~9JVxfQjF-ap
z7@!8JfMz$(R3*op2Wz5*bh!&mjl!H!krgU$f=XOxH5>n*S;_@8)~O5C_iFkMqs(F;
zaFv5p;@qO}pj<i%N(1GH0}VDvI`}rs<>`hYw(^VsNVRk=eaW9$OVWGeMWPw1dSAiD
zZnkFT-Yh`kWQ~RhQ+;qlBMrt#Zp0gr*^+QagpCP=7P$}k@#;(a+|p7g*5a!wv#06<
zQ%^Kq7quK*++Q$T13*s|X*|`eE{*QZ=hsNV&)hBH&uiQtbpA+Z2z{Uu?P2CIOX;8a
z-%x8o0vLcU0OI~lyG>)ZrpPw)qrl;t_4Y<6Gl3PGMkEZP&HlvLs=X5{w_9cq*}dmG
z8mglIzYf!)+j&RFCTKxR)>{$!PdyfWGLzZbg1I(){bQ=C^?tstZ?z%cE7QCCyg-5N
zR5~i67rpu%zOUKu*OciJ?yb6eQ=9|5$UT*^aKgah38Kvg;nl4c&+Pt({a1&Nn?08u
z-lcEAOvAuH3Eh|d%g0c||CxrqrIX3w@$r7y(&;QY7OedK6*Go3^FBeCIt_Fmb=AJ@
zlP7bw9p{Sn-|iSiHhweAAdg#^xFI(+;#T_Hl#aq=9|+qqY3S}3J_ydiP+RK(*<X~f
zT<-sLuP_7~DeZMdO)i`)eKqKR+7_fU+^m!PKD~7T8vl)2GRWDxR(GL^YJWjR^gqgJ
zK?--Huf)&iLe`-DpZ?OKw|3DbGlPk|+gJfxuti69BSFcFdB>ga7lTe(5egtelai1X
zTdTVJJ44h!CSL3?p{|XRf&m**8GJEMWskE3#2|b|RWr`=Ns3VXJZP|%C(baHi4<*7
z3%`Fa9DlOroGKf}2j0YHHN5w=adYs`Zs?XgDz)C*+orJ9)}1k{k#<wDlPAOgAL(5a
zWb3>P%sZ6=$;^&WR)3Sdezq*hRW{Mc=VUMYt_T1r4x|+F(5ohW_VXZHLO<v-es>#r
zmubqL1&}=u_6Pux2>CrBM=2u~404c|7JchYo5Dp|ug;0Z(J>=<8Pdo{o-%&@?lz4L
z;v>%4bKGQ5kl_PUrBZ4ay34g1n4hC#=mBY5U4gfYQX0EjJUiM6O~&TWEzH4%Z%JYA
z$`X=t;c!Q=VB#h^*&7kHp4@nt^DoVSo2-cEqs?6z!*jYxBUXKv+i$=#b}ku)m#5Ho
zATBmC&-8F={<}Na{j%yK#6P3|!RzgLdvw2bB(`vFdOd=uz3GQkX(ac7s1z6aE|0fm
zD&*}aN%Qy%z^#xpqt+p1%<)vJ4@vCq?Rrj8sIqkTBT&3?BvqSvkUUM4ocDp+D7KeS
zYu=-A5FZ($YKZD{@3xip<>92Ob9$KrP?GI^L-OX?&QXwa2(eV+mJeu3Ad{XcNwy`D
z+OIiBiJMT&r0d@q2#$5@1s>V6`+}fH{&%PhZhjM`!7BQHWjJP||71AVQ+4kyk>THp
zW^HProWgH1-Vv^=(d)=*Sl=H@Lq^pX1zyN~Ipt=sfrr)vhCs3?ASi`y=}bn(q)xGa
zDO%F0e@r;0S!FI>(q_NKDG3x=3zXgx#76a(J%;%Wt^d0Ul_$%k+*`Ip2a#CSXI=4^
zRPwVi;GMg>f{wu9@lGEWcdf=H3J)rYL(%ddeW7g{LVVhYP@Z#NE%T$LzOon~X@`qi
zcBm{_N&;5+@Vz#!Zi%|r?{Zu@ZFNLwgwjr)QUPq5x39{uPhbtoLT`to_e|+(WH5+6
zcI*GtQIayvh8}v@yL;OOavtVH&veGv*&`2I9%soXYAk0(QyxH(BMyk&D%DR?$`iN^
z9gqBGj1y^UB5fS$-fgg}^d1;%WE1D{od5D-60kD&UAOA(^wTSE5HndUKT8Hy7j?`z
zDb5(#lLXtMJREm8CxoRBv&|a(TTpxo_q_g7=RvTX1E1&pgjT!a-UiN0M@IMwEIOv=
z7i2TICnD|kY8bhRL&>J518bCD=Y+VS?2J5sh3&B~KbyeScg<L7c`2}4>jXyF(YK7&
zhPQa64bPUykTC!c$H)G0OXrV2uV`jn6&Jwo{tdA5ZNizMc-IO_X+JmYp{K)5$3Fn&
zd6s%eF6_>svOIq*EfKXT0!MwyD!j(|@9YNT-KXc{*94ao9EDN=$KlKk$I&dkL@<&?
zI5O3VUxR)BmOLM?*ATBB=@a3*8?ECl2;8@vL~7?Ht(b6d7vm~yOq*Ox#eNaV8E{}5
zM0o|)kvDh+GtqfBRel8uPPpQTQWm5=ZI5VG?T;g39Bz4H@<?}La+v+;$@$qc=<&5a
ze<#6R^`#RM60+0js(k<bc6`=QGW~6V9`o>R|D~h!UDIF0cK@tCGgQG2_eq=CF^Elr
zSa-an<f`U$QhwI793#;=p4AME&&&9*JdgY<LG*tMlHF_Wr`?G_H^`@mfd4q-Cq*)O
z!k=0Nkx|xZEmceKb0=BP2-`|afdn9i#$X-ILH@sXnSMp6Zo_wf-5|P**Qm*kg>@Ns
zVsb{y?%x8dtW=0<-aU?{V|@@AEz;tfJnGuh%1;Z6b59GO>x>JRgYm`MRC*H>B~}8@
zhF@9j&zv7?rA<RIQ%e4!qUE}4;L=f4@PcjR3G=K3P||Ni`Q#wMC!UeO+0LdjXmqNo
z=Qhk8c9IFz*$NbVV}E_^=&Z~%Yx^u#`AB_${cWfkzl$!)n!sDc0w5m<)A~1yQy8o7
zXVP`WQU)t$rIph=^?%RJwUTZo)j(7fm*??tI9u3|q7ny-JoG#Bi2`vNwKOv+!aJX@
z0c;Ui=Oj(%i{M+mpW(P4|1ZMsF*x#ud-!}fv2EL#m=oK{#I|kQww+8cv2EM7ZDaeo
z?)&*a&(`kNzDf1#R9AKP`JMCmeh&eKxP)O&$z_3MN{mfP3J3xv<dc=fWlN}3aHV9y
z^9t-jlyn0kMTdD#jROIZc!$xj%lh&_lWtgd2a8n&*JYV4l5m>m>eyy^ob4}dm$Xla
z2<42LhA^zLYv`84!44UZBx6;U7UgmS&toLOG-xkaDUDD<aM}(wV%#*^U{P9<7=BIx
z#v|4SD=-<Tjcd6X;9*K)%CYaG&OYxdhF7nPG{qZHSx$+_ILrppf^Q@Q+C}|AR!)hq
zpjtDM)J+29uty6r`1oNgm=m3eq!)3x4}RL2;ypjq<|!K^TH->TTeYR-&)w}2-R)Kb
zvf7dU^a^5uOEmvN<|67HF#U<I8XuYNu@$jInnXb97waK*8~e-=HrMOVu2u|s4TVni
z{{6M>1Y~Mclb3tyi~hoYFJPT(+X@Q2$QjkS{Xx1!2`&!B$XZw5*H=)+pYSIT6*JV)
za^F&c#556BSnSyK9;l?WUuF^uSYwWdb(BpztV>p3fqNWX7erA{xxVzEErQ~$y2f{S
zgY(yWBj;pk7e;Oa10So`th?!Y2OoAh%OZniCsadWl<4u>Z?AZ!9WD#QT<NA7w*>mK
z>Hu6Fw3gOmgl@LSlY57&NLbdHI18DfU;D4Zyd3d(8Sq|hG4yZ<Fx-*-dTZk6sMKD*
z7_3K~th}eg!9-|r2`XWHa`CWcC@;b-^Mp89+OEk03)8QL8Rz>UO_!C^HO~1jUvzhW
z=&rYWW&e7%1`HY`=jV@~gk+B`K_?W@(tiN6h=G}p*ikRKo*$6g<GxjHmCn4JHRA&J
zLBCy^IYRC~2d!UZtVWG*D8Y{hyU^CVDcdc?FKEU*v?f6gn5c~_4W35rxKd%${9>{N
zx#&fX))=EDo)N<`%M9vep%OT(Zv@E{ooec6@CcMBt$|f}==?j?8eOqX<9(9QpT4oG
zc>3&8qel;>50r5Lo(H%I#|rvd`M!`-#RYA0B?+A(GuFeFh#ZHzssomM1q7-*b=kUB
zgYx+45;{9LY(?15Kt_EybHo?PkW<Art8_s8$8*r=Wd1Us@_kbD4=gyM@P8N_SuRNP
ze^@87Kw|6EOs@rWK6%za65kIUnFp8FbvUy3TuO#w|B%sSYs?1sjT%q88?JjI<0}b9
zzc1BB(q<<LeE<EC$K931f0Qitm(UP2k%%8mlnzc(MZ-VJvEk~YVmSNz$>+Ox$~SjW
zL$kgpgF-`_rmK*SIsealg?Wz(VKGJuXUsbN5owr7&55k>3_?ft5qHp<BR(zR8zwl@
zawbeEQ~YjWT0#hgj=8+GlYZP5n8QA0K6Ys#PVtstHwo;UP-<aW_r#pNSES|B^^mK5
zfIowf6C?gzwB+zXJl9vm*F5cJH^2M$9CyZ~n=sCpq-ury%`M5~=(S%`EyNae+UKx`
zqQ`Lj7tcg0msZW8{6+(<4%ob;XDWGHSGW{PXEw|1Sk0mnzBFRMQZS2pJQY+j)X%cS
z<gXThxvFTR28^qEoFsXlLvz{qBI(Av)WF7BH%kpGAy?i`t_r+pq~8Yd!IB7!Oov@u
zkY9F1vlIP6_KRA79w%J%)+d5Vqd|b~=LH4oHFW3kVXSto+e@iq-u0rt&)-{WH=!!j
zt!4xYyn70tqmR36-LCs_SD)8Cd!N@ShVFQr=KFEm#>7LuWT!{ef`dTup;$Kw_?VQg
zmiL&KgYcdk!&7;7{OGRVUp!O$-8Vd8!~A4Uq2wuuR=3G<bn877VwWgxVt#SlIG?|;
zuHZ61y}nB7jVTDfM2HzksVrQ%5|p&hlOT_Y4-}zz5p#R1=9$>-9nb|-)X+N4{dE|m
zQDH!tzy8U?p-{H5y2y@R)Hu5YMw=mf18oO)w$xyFOh~*1UsU$=64n9n^qM>UrbUx*
zrdX$JzjML2pZ=RSLt!u2v*EM7du>`kP8wc7v2`Tq5>m@_t9`aPOe4t*4ngUU(vS9P
zO>gjmcs1HPR1M8}LZ?bp(%kc7@*}DiCje`|upGo0-ML9B@+ontdI-AC>zA!0l_X1P
zqZpodj@c?CV{8_mYq~I<8m*8oa9zR?#NyRs5W;BmoCLDE3az<BxV#O*dN(Wk4O<0I
zc`UK#rAX#bF)FMz-kGGdpw}}Gw!oxhLAO^R*9YGHaNo?@5v?tw_NJW9BG9o2<dj;*
z*5K$x4>uRzu>`IAm^5Mb=3y{hik^v|jaI;wUYm?sCU!$;14VW;*X2q`$!P;w35l-@
z#%4VKk*a&Nkd<<~XN3act04|T0{?m^nWboCB@^#``|Nb>wbg+^RQCerzD*@?5V!t3
zdMc}<Fp)9ltZ|o%+G?6(!arHH1Wfvc6IJ3|SG#g?Z3(<7gWP)s!M#zellZ+8#M_0B
zC|?e`tS=5at^WN6yPWwxPP(l5zE4Zb-71YiFwgSX&rwT3a2Hcd#z^)t5~zeZ6A)WJ
zbjPvqRf#9x0erkkSC;Ow;=<Pl%qyYh2~9uBt*(Y6K^QUx-8JZ6uzo1C#<yo1Z;4%S
ztRhLLTeulwI>?~N{ncSTMzo_wq#x3#0fZ14d@k7WHez5W*!l@Wh?Q0<yy}eVXC)ah
zJi4wDGq{Ug@Wm+FlH0M%q|Lg<J#bp@=?~bN2RS+go9ddsalbl}k?&hEiTN>^7ejW$
zP0ccqRpM40uzu9hdXHRv3RA;$P^c2xDsdq=y;}e7b`FV7*D<R<x2o`>70QVsV5Jpl
zCjYF9s{<{@GFR)(j!<275Lt~)QyV?m&<(LVBM=~I#M16x8CbOM8YHc%h~5fsV<vMO
z366?!U-6lPBN%UKI2vGSs!vTfR11l)=eu{-vuy>t?`hL-zEx(cgafX~Es{{i`!T0C
z(%WQ%wioMp3R)qGf<GD`(&y2k8{C14>@U*-XF>B^Nz)nrwX!bSu|`6-T&kz#R|1Sf
zmMcd>Pv^TgBh4C^y_C8zI$}?7Q$9lV;0QtM=HK*Zj;>Yn<O{T{!JBH`Tnb}DI4p;X
zHcWZcBHk3i@nX}kw1Nxc>cii07!OSE9`F%?Ec~&D9G(>6n1*<(f6`9`5q3)4^iXNe
z&*G`NuEjU?Ng3)8Xei<?D<IHeTm9v#UMFb^nErje*PKw5$0Ii1fU~*O6Yx==x8yZA
zUup639G~eof*qgjYVl&@AD`WtIzQT(M{2Jbq&BS-)6w&OmeL)C<+;=-Zf&P{HUH#)
zcuYCwi%_&IKu;xqolYiy^#(zfaztOaJW`;~-l&qX<XP!RUaiVT9kSYB%~&IEAEIc#
zYMP~8@7Zdk`&;7xRizzZiSp74w(LBO4OO*{Oy3T+{8rBnRR!GX@~&-B6dvV-LtojR
zYO`?7?6%CdnHaS~AL#l{t(9}xSO3Y=|9XX|J|WfbMX+`$y*NBDUh@Kb3DFxnLv~7;
zq3(NL$J+e-&XD{U3y~Q%d%@D;{EbDUbKFnI1J`7Z-yv;OpBywU{SEEt7F~v^<;~Dz
zEYxIELHyTL7*3<F5RaWN<g+f>VV6|gHj`#5VJ?0u;WpXGaz^F0zf{~c^1-!tfY)bp
z)yGTsH=pqSd|3Tbp*eG*@|6KVhZ5AA?%-!k^!ehxrcTaJ-xB**ka~NJ`PTfm7)v68
zxI<I4rTS)`GxL_lqO#`1`MK~MP7(b5=}IUuZ^wGyDKOZL8YU7p`C|*Rgui3HB<(q#
zel^LJh3i>}07bVuk>B(C;mb4_%IEt<=skk?rK487Q1<4Y1SIZhy1PZpb4>GRiUTzx
ztlid->ctSjX1z#DFQ(kC`|Stk*Yi!gZSL83v8vqe=I%YlbWRt?$I)wKe>YFCFQ7cn
zur<H+d-bl8(Qf|!3*@2?S61Dyz3N%_M5&KS0Bi@cfB!xa^*Z86Ek+s-KP4>mFnr<8
z4{xM;oSS^wB|KDa#!oP6hGdgXsn&ky1a(Qi$6n*7dv~oq`ZwqlkzSOq2U1k{>SL~D
z_26TQuK_xA!;&+h+$#Vhnngt%)~t)B5Vc;ha=|9LicKs$Yp6Z6Bgz120kPo9sv~Nn
zVcTuu|H7<}<dyOpaV&zb{xl1!y!+22NP@BBe<nd2(W!iRjS!GL2~h9VfUSlLXbME_
zNbBLOjAi=*`*|Vk#IK#>Q?XZ5%%WAx$9bHWNFSXLngz$ZGKUEE*u)EMKJol{)DzAS
z#jYg&;(5%|CJ?SWo@VencI8DGXn(}>6m}{m*A~o4F<ldC5}3l=g21T}?#T{B!%C)0
z8g>cvHhBT&6KiNK_#SKqk)FP!^}bp}QMchMB_vg)r~&(8#f5#z;ub}!Z^>ds#8!EK
zRJ3q$Y`Pe_vybNW1sqN|byYvQL%qGx_C&Dn&$GSGoRN2^tb~&zvWscfA04p+zOe#s
zQb;Px+_r|W`Tz|jCkUK`Yr@FJnC?TtQu51ugjx%Lp_o4Pj|S)9g104LRa=Ryk>{d1
zhK9ixhnllZfbcC%`4hu7>MGu_(dx#R9le0zz||zCWe;5B@Vd7he4m^5QSPwz`z=4R
z0AJpH@3L=uX{LPVdOvR}QG8$T+23_1e$(9f-p*ZXpvdED&qIAELv}HkLqsspcm&KP
zV6*;U4LoiO92*Z^B1XlaBZ{qsL+aqZf3fQHqPrvd^b6BZjJdM{-ymX~XrcJ{E%+>J
zxWn>e&mKF_mnvEyb0YRnp3)kBfM~E~`;GcQASsJ-K&c>MVtodFJ1z~!u9?J{{@(Q{
z_iox<qp$DmqN#CND)otwv!eX!*|~MJBJ-mx>y3EhB(MXOLnn+U$M0(S#c9c1n}0g#
zIn{E+AaS9vdlq6_BGTrg^3BYHgi8MD?)~7!{3lrvH@E#3Sd739M3PJtAm3V?4o<&k
znVrji+ILo7xN5>44jkK<_>~|N=XA;@N8a+<`cCPjIN&bQ4smzJ7<{lZ&dz;Gn>=RR
zML`Q0c<=C_ey3<!?jT@Qh%e4Hv~6q-Ja>W%xUdQEw=$a4D=}BIn9j1dZh&an8pKeu
zJxnQocAj(WvUz8dF$L^B812Icm&4eRA34+tw1|m>N|S%Gh^UHUEku!A1Ii{4XHFB%
zoep9J`-)cQ6qq+CK$+k$XbO~s!LZzatH)}Wc}rCr2|x=(=`W`c`gdhew?#5`WJnYh
z>*wzyNu=Wg9QwrU`*__4+N-ZOFvje``Or|OQwS#~TI2=18c~Nb2>KBb&eM8qjz93t
zgf2&&SoR|GkxYnCvx$&I%f{P9u~VpoUB_Lm=dpjs-*_0+JU-S%8=+c0jHDD_C>21&
z<2U}so8>55gR}YZ7}r+ys{XfcwKfayT<*?k&39+-FL`FVAJ+xHTyFPEiP87#(W~n=
z*ZVX*zUjC9Q*QZZsn@Bi4G6W|uV#?hc61^6SMNo1Wp$l;&Oa{186tm<KBuAulhG_g
z^3L7gA{jxoQ;Z}{rxap;9&<QOb=Ps4wpL<HYJeL#k|4_If&ocT?UTM4oXu%cZ!&Ne
zC@uv$D;Clx?xg6?-cDW$u)U4IA4-U5m*L6~Y`;9mntv*fR~U(Nm|Z@iO4*()rGQ?e
zI6a4NYf$Yt%u5kO$eTJjh*Ctpas?ZB)<?7YL(BXvtvw(6{wrVhw@D5%+%hgnWlmoB
zS2d~Ymna2g3olulzf45gJ*yx*oWPW36rJN~b2&`BS4IUAnp+n3Y#Gw?=jq%xoycjS
zj6o0gUU&EV)oXpi*Y(Yy<MDTA;_&Hr)>n1GcVeo~vIRe9Rmmmyyzf}D*WGc1jhsxU
zLa{0)>GFX&KYxR2vsTvC^d*^H#(r>yNxqlouH`7VefC-c8KY8!C9GS*BeCHFVEpB?
z;{iN36I)gP>d&72v+^8rI{-5vHJswz0BboC70pmK^ACQhjMLfxgI1>6!zv<&Sa1@k
z#ICFT-t?+9B86g%P70$ct5J)J3|7ePW^4C@x@9ocbwsdvc2_B*`GC5Zd#F>ifD`c}
z?pM_DB%lG#nPZ8LohjKe0kU$X(V3xO#pbPjhY<BUGF*=EFk8wyz39hd?^=X{SalDk
zEMG_`MEYFxPG7F~`!zKl_U_AF7b`u%?3T04CE1qDxec#p7rEWmf~>*`I2z-b3R{~)
zo(st3c*I_ADj>HA!B%<$BD>4Ig@tAStw>GR&___>C*M$S>isbHK1d25s{(P3-xsOK
zU%W5w3*0+ys-bFL+;n``JBd*CcQ35kxu1+pmu0K7YoN2!@oz*q?)GBGVgGUmV(DgC
z#aGZ-x$NgOb@sjLxuxIQBmXplZikyf%y;N^)|V+pYzeiyVj<WY*LSk6Sb40=kI(?k
z(k>T`0{-e0@%$eohch17`ChQvR7F#|>U2dq%4kBxIV_X09)^G3XXn}D`E~$~UL-Nr
zD{FM&Pr+$-GGX;4w4a>)aGJC<!Urd%s%VOl2Ik(wSxzx`MMwXg{^|ZxW#2HZfA3xX
z=G|-UqyZ>;j{3_tx|!6iS+e51vJ?kSg5Qc<M8W38zs1>CQXd7~Epfc%mEJlsGM;$G
zwI%392Br!TQ`K$_e=``_DnAk(qtO=u&CMvz<2ER#)4vObEzsgF_lk@S-yisCz)}h9
z4RzbP1f7<r&TD{VvIEUR(Sh)b0UGAkzgq!0P>oF_U+6fuNNZrAWneAv*3+~Q|BAr7
zzvQzTR<8BjvFTD;dknvh&Tdd>WgfD+{J*u3(tE<uWcAu3<J}*b(-Z5s&6*f_JL{q@
z1gW|2)^?%?Z6jhuIOrjaBezR>z3yKn%p$^FTCLS578<ga7<CmarTQ&oz3{Sk%KE(y
zrSurH;W^TJ^wM-=;8ADVp036^kLW|oy=?PTu8h@(O0X?X_!v`@h*{N<J_ie%XWk|e
za_nw+fq+55e=>mWLOc6b6nDs$U()7Op(j9C<G0C=g}vbG*@aYu3BH7OG$|UIqb1(4
z2iaO~+sN;j{0N|`s%Y(U!q}v_xY<XU%^l_@z2?*VBXo+8nbON0kYbLVr;#nS!_W!r
zyccWVBQUE3*o^no`Wb7o#_`}53dex6wCJ%ctdOgOif3~U<MKNz(AZE5A~qw%xf0Ea
z5*+kRO=_;6RFiQ$nJz`?5KjvzHKMumdraNAAQ&Fp-h=+m{K1b_oQ;Y@LutAd^G^61
zjib`=%AxX8BR498|1JK#$ot+L#V5SnT2~(VvSo=)1vKbcs;Ug~8sX0y(saKJ1&H$l
zGh1LAI#k<!Ij=OI$pzGIx@s;`aPq==_B@^M*r1s5&5jA0DHYRJz=2R3(HnzbwbwPE
z>6$9lt#F2PzQ91|h(=uN)vv@fCVZ(yU<U-}7fYc6VosY<APdHJh0Aj*!6aac6Ub1L
zNX{#CTT7K=sm9U_)QXeC9(^v0$oB#Y>^E-$jNGIZVpMbvYu__mu2mjX^tb@WrhVP5
z7Kj|^r}$rdF9_;(49_I9pCHe^R~oKg?$z80NSN|pd@oN2wE2VdN$Dlo=M*o-YivD$
z_&S?ja^MxdZq7oZ$ceO`fGSMrd>&GP6(V@{R}s%a;H^Ho-(h@e%%0f^L&~c6B?rjZ
zO(^^UTqtV4wxS}LM?YE`QF(snY6SXpQE`1qoAGA-O`>H3E2su5Cn$Px6WuxcI+_&y
zO<&m8`nd->!F|Gr$zgt|#Wi;ZcB&8?_|TdjA=elUiYqDqPkIrBoX*~<b!~6!sVrgo
z73AvAYjLR4p$}jPPVt>Hg80`T96q1faWD-wTo77&zuW-&UhZ5K(SP(k<8EYr2cRg|
zEQh+WLWKN(_&tt49DBbB@Pc7w3xP|o(Sq{Q{5hbnJApfKDyMfavn2~fT?SoV=kb56
zj#i|+I`-B%vg%n1R!u3j`OjoFG48^J8}g2}c*@y)Wq4?fy=YL`DhOR^vy^R4)E%(-
zw-&J$5c5!@V(CR0vf~k<#MIEtH7ev&NP}=Cg<-yl%N%;k-Ujj*Bo>oJf^5uEw%o0|
z;}&9%Y$B!8LD=-`O^8NYT6WK=m%ighgp65?bwKGQldV-RVjWE3)jRCma_PTWbMbN~
z)VoJ}EL>>y7idaC&nFcZ>^`NB@>&p?RzK`Y@`XAK4`gXbB1JZ;Xw%(}$?gv_Lw?qN
zujW>{L7g1YAH+G3|Lo8pslpdI##r4MCe`^^_GQ;DbeWGo;!u6BgDS~hmx8sbcR(U&
zbUe;d*Kq{C)HRH3=16_Sn5#OY&!R6|*;iHA(kb3eX;v#MX?0QCG_ns|MB4^ySKX+^
z&QSlE@CiN-v$(P~Rb3zM1DZ*`NR*LYX48`WMW@-su&IS$M9GLfp3H_#=>^*;|Dpz6
z`C5gGH6_w7yn(F$qLQl61^9i+HH-kz-cA)*>fff2HIA6sa}&Zhtcm20qh(lN$;;H6
z41Sha&a9S`OxG}}31ZThHPa=(pJ^Gl2lWz!vYvp3vf?hi1k{QS`Hfz-oSqF7tZQ3J
zB`R@UT>Zc?&$-XGhI{Z8#W9}PU?m{*=+2p$;o@?YWwmQJOR<c|!Qi*Vt2%Ze62;Ed
zkw_HRaOp;rx!`47E2_^gjb4EiJMWMq8xCDVZ~Sp@(yW1h@!MkSKuszd`08i82vRRU
z!i-fl^4Tr?ZS|v;)%^;vRCCM{C&9RmRN}Ph`W5O1ukBY5?Ib-4da*xjg_$TTAvS~B
zP(M|OdQJEqrtvGw;LVWC+m1aJj<bSqR%M%6zif1S<<m2A7yV@|mqN+970ay6aZ>~C
zw4zru2}|MeV<k{uXvOJ9`X87^`XWQH9GSWCU5UeZ*tu~jj;oE@h4#Cj4wjXXtoiPS
za>ApBs>EseC5@wtfW_7@dz)zZFudLM*@fIgiu|XE3`;XBCr(k3R@#mina`Kz%Te1t
z4QG#g&6j%|W@$XW&-KSMb__5$-gnQ(%Vrd%$<O!Z(_LGtS#`Hp+u`YLX7b(*xq*rG
zZNVp&hnMT#<L+lJwauLG5WAD7ujYHAQ!0=hU_&6b7!byKLv}HcG)$T`oU}tj0iR!n
zaPy!@qdEKJ@g^a`P@>Goe887Rew5HP1tJ8dy9YhPV?yBZ@dfC6b~TkZ+Kwq1A%l)=
zVkPWmwd@$zPMfN~K0e8$c>p8iWd0umcuXM;IGW^h_MF;Zu$<afIaMDFd!}vh=j49o
zlizon%?vs`ytK!@uScyF-;IgGhu_ZW+SKXV4N~2m3-ot|79Ob%MXEX5BA!YTHwAJT
ziLn_6-R7LHkxz>xsh`C?EE9|Y;I368KOQn(TQEIJMJ9T>2+#j2>*iC2N^v1?&_^rq
z0CsrOhTRGx+zC^`J~k7`4n{wz&^){pbce_oT*565_K_Dq&dJMX8DWjfXKhJXil8;Z
zBqb)6u{AYj!P2#t;RzS}H}WW9sQ}LBkcGu7&=yK1sY~FhKs6JkG3l2lY@dFFQw1M2
z78-VOOn@@#!YIhy8#?Qn@*(qIDwSeEn=@)iD(<ri7~XH5<?y(I*(FB8;8)p}&q~}}
zk%IgLrZ?V@F(89UR{DY}RgH>6t(xhK)1C@PZ5=QL)kJ!4`u5vvp%q+`)NPX4mNY3U
zL~Lj-Tuc;_WD=SK{kvGcJPAQMA5hJ(ta~|v*p%MsV_QJ!!-AUMTlnnwGb;#p*nTgo
zVoNc<Es31gszLwa2g7eSeeI>{Di3|4rTUVnd@WN3wCAMq>p%G`2Kx(e#OAscTkA`^
zGFMa>wWJOhS~w0Y*+Ug0J-!jpQ_yr7GakfUjL;;r1UUPU3}%|Tew81nc_H;mFbut>
zkOQXp)56F7c~TX!70tCVK-waU^V}r-b#nvvt?=nSW}NNfkl20<scaumPp?yyb4wQB
zqQO5ck8Lqu=!AfZ@l%G?BK*Yhzbh{_ZvS`y?lV@iB0D~`&}`YCv^%yipC`eLl;~W3
zXbx6L8<{a;pQC6e$j$XJz>e@(x*d!YhgyVz#suz6f-MCbO`D<adJ~1S6$iwlvA}Vy
z6d+u3Q2^)img8qI6sJ-b+|@qOvpEVTJ8qgd&qk-{DO)$V;GqwjZkNZ7na)!emFGG$
zGh()hl>XoAp6M<D=|fz}BYs#9!iuqXd0Zv@f2`xjYRrv1<MvM6n)v_0Ov3>0HNY&>
z!Q{wY4E2+KBEzn5x=E01#R5H#eu@~=pmW@Z^au6ex=#R<R{+j<K=6@{N)XLu@$E0T
zOi({z@VRV)5TUw7%O!a1RRZn)sT^Hg{k63JbD5%mj^qzo&N%@OcUB11O*x$Lcrn4G
zgKMb#*=RdK<N*T<jOKuCCRmB8h3XC}-s1bbJnuSU;S?jbH@fJ+!qB8Nbkh$RR`a^T
z#$vgQzp6#Ot30XXSUFG9CHPcEUHb`0AMHPF5wgj&3-zngdQB-JLU@Wt<4-`Y(G=F1
zKW#_9YPO1Q?dQ@Hr<QaA3Y9$Rv+Wz4R<YX?`OhzA6l_E>%BYLAPngK-Nuyv?qmt#y
z(`g+5?)dH+fm?3gy4(gNO*Pdpu&nE0O<{iwJa<(f-gM1dt5Ez42dX*11|tTbDMIm{
z(Zn)8{nJ?fiF>9|6jWnY0Z6ss6U~P`PC~FK@oe{Dv8|vX`BMa2CMYiGuYYyc#9`Jw
zy%!}8aObnbz={A(KPRu-n{Uulv-{@p@p>5H0(G8fA;sB5=q-%0^XuIa+78m8`y{#i
z&l$b1t+9xj=5cn6KN#UaS9r4q%ub#T+w$2#{Gwv!V^bO(wFgSQTw}YE<;(Y%0nWW|
z6YQ17YKF1c<9?D7fy&4xMWi*jbO9;V@B)<RPCY0;=a=G-%zJ7t^Ek(UePM1}peW8r
zf&^JoyUP|bIQ`a^$Dppus6?8p&SnxzOrk9SvT;zju#UMbqsJ~0``>NP9gp&+FQC6%
zfrjZi_A{)O^%vUxM@ch>Ar>b-J;vBD8-Tp0L}$L-pX9N$poafP-qU1NE7nbuds_B(
z@*j%6lf%Wu4RdKy?M=)9j(7fIIP79~+o;t@pJ6IaBB4n%K$W5_6KI8Xib?5zFj;&=
z046)2ASNO8l=D$bBM17aTfq4S&}6A*O0SU;I3Ajr?vqr-8J%r56f;8RzA$|h{91b1
zK|+4evHszyjF)Ynfqrzq$4nG0Ra8bDgUu1u*rlzPiiz#izXXiKJPZz+wA(33XT;pa
zruvRhNe5fGz{8c|k}@<;<ADE$#nt%OC2=^x%W?9kq*e4Q!OJCQ*p4<<j@Yky{T2-3
zR%W93V#O_Up{Uewf6wAuu#1{ga2c6@U0|cf3V!K4Y}8s`vk2qvKbecga5;l8V~~#(
zcdm296NdOfv>Ajy8SQ`Z2d>nQgFudMKe$HyZ_duXNUF*&>KEW49j^9W`X!zK-NXpD
zxN}}YT0*aX(idsRe}#hX@5A2Jd1S;G2g2x9Z0%Vxh9a4w*n$ROtC{-YV_U>_;Hy<@
zfDKz?YvhE?I5SKmZ)j}1x`wwKMj!K1ULUJSusY&@|A;~1S8JSl?u<yu46Rb8eTTc+
zr`PK{um?tQKnJ|2&Gnr2;q&Sl=pUv5YOR||BDORZc6j|6&ZH)wq-kJ+#`_zn{(Y=q
zC#yGq0@|MVA~vfi=ox%yh|2VFn2I-R&hV0qqr84u5+VFqN@LO4UK#8DUy)b8>fisT
zMVBLkW)(S$svn3{oAn`uD;ZPH94E_BEzCo8;k~Pd0f$fQScE8jK|PChqa>!N<KNNS
zEiP@MZ)$Lo+=>N#Wtci8W^Ue5?eSma!JfkEV8976L#Ri4{nlfS<o`cG&ya{e52<YS
zuCEaGcO)%a%pi~%;qwttWu*Yr;z7GKw3@2E&v7ot#R9B+kDyoGr^*67LaO1Q9`2Le
zr$R1%DQ;FHRPqWdaFN8(SOiBVz5Md0^3pt;NzoD~{`<(U$6g-wU#n^6dw=%&@|N64
znmCu*>@Wec=k!0gC!0kGWdY4%NI8_o(SS6k0E#I@gh&DiRBZ&=_77mAUvSL>%g`Om
z@aqVe85CpOdg2DDM$D89_B*^t<KNi#4fnL2WJxfzr->7>n0NjV5hOg6gdcAck83?z
zm>Cl1*S})OeN;{KQLzHg#Vc^Jr#mRhu05kBLvDr{5$V=LSQ6)=TyZi}(Pw5gGTPxX
za5iCEPh3R1?5O3cJHS)+gcH>LnW67hei7u+z$P2aT43qX?`PdTkd9|^x~*)~MLG;?
ztQ})xge-NrvGx|^?7(j#o+<jKG`As?O|HZbtZ}qi5643|VV<rk49o}&WYjow2U+3r
zZe)Uvq!@<5!C!RU3T562w!`hR?!}W@vrpsp@N-a|T^1n@Z{G!Q%vQ>Smmv(MA_0X5
zzX1fy)B)%4c3Mw^f{NsEHB}7HK^traBmGx?K_PGUbopLn|9)txUR2I`rs=vGBY`<5
zC22}6)m1al2}}A3obWqz@vL7nzOlBeb3M&sG`ePn6-~(Ybd^TUlPU?zS$<`p>xj>d
z*`f9E#Or2tqauSSomXU?IrQ_Q`o(rq{&a0_md3QNR58^;x(7rY05DAF2>}nMCjXxQ
zS3U&%`pW0bl;`Ga6Q)n2YlM6k>hbzqKXR7scz1wp<nd-Q3yybzB=8Y?0gK(WR@8|v
z43&)Xc26J?<RtQh=8>Vjg8Yxz$N&cgc|g|Fv7zRH#|t${#>zJwIm1^!E=}_OcsyK!
z|H5CPz8ET;Hp@dq`LNl{O`-@N9-(|ByfyvluO>A@U7XCsz#XAyKe>wo=l21q6bPWt
z^Pq2ZlW<R*yJttV0K$3|DJ`otrs=)X7FBHYPRTI_XFAP&xZMP~NpIVp*p|KUNdbsH
zr?$z!`I5JKHOUq@wni={Sl&q_fO#4gZjJTjguZS|EdkDs`^ZVIg>hMUeleH9P<$qh
z8$+;lrQix>zhg*Gz(SPrucX7(e1aa*>qIj2UJi1OtAv$!+fl4HpwNPvlAgHXwkx{h
zw(qT=El#KQRTX*H(g<ei@2``f`WKMG2E3}UXbu5eF?@+m<+xwIlx^T54VFzDD8AFo
zj`-C7V6O<z74}(*8i!%@_?w~01YLPU)QzeOIW3>o7S3k~;Jb9#{}<ndI}8<F=|yu)
zd$=0WlKI8tB{v%Jk~>1fn2s9Wg81+pvmTgiP3PsXVLdq3LhQ3=zo9a}-$JwQ%yC71
zZ5nAFhl=eof<zFC3uwB<83In*N9?QP3q_z6HtVbh@e*HBp$F8S;L5|l>X%CY=02>w
zdMxrzEswu?aOyHl&n5%XtX(=oGCxslllp4&3>tafV)&{C1_)8MNr*CDXm1lAJ4~|F
z_Bd+?!pU%Gd*fq$!D|N?$u5YeK3vH&tLjj~ebY2VrpzHbg*{~ol%S2aC*lSNG5DF-
zmXkIdSZH9cM*xdEJH`ygWu+IPDlC@MPMYaEw@BY%DA7<-pBU4jziJGO+GAr!Py<n6
zAnnAOc`6@^*;}uzEWB(=rI*B;G#2&+H>tmWZY+ic3)#c}f523D1fx_uSMjfE6vsKF
zA#QPQHXwxNj7;IY%4`Ob-Qes%VcY%~V!NH<XMrg_z+&%#RR+&@tKK=>F)~FY*~4{b
zdry?}o5sMg`_j|U>xg-sjnA(pc<Ni&rIL;yzm9jJIQKh2v_=)3dEn)12yjuJJjPQ%
z69Kg*qQuyT6Bet=l34~!>%HGmq-FV|#mwY=c=&lQln&|KzoOcxD8B1ViIW-rqCEXT
zTxseT&#E#1nNJIJ%*)#7fQpp+kWtrOJz;<To^@7X!4Flcn)A=eB}D7DeU7#QhjmQH
zvsBI|S&++$FV&{jm&kFk!K@YR33QtbC1-fj;M^i$okD{bc)-c;!{|@5B#U?#@k1-N
zbLmwB83MifI1G(hEh>T*a&;9`8UM^XZ3`VK(&<l>8#JITIm91N5w8UIw#CQkOWCAX
zfPHt!ea(eqAcp+~WLdi1fBxuSNfO5mbKT8jeJcyYLwdyhS2z-b^!%@I<p0z&D9p7{
zJiWL}AKETC=_!|(_g~>C^AUbNLzdfKfmPv5dH45h@blNpgYbX^a%eUM>j@nJ!;>ZJ
zV(y@@8mYnYEA6-dQXihdu)2**ftdJm5Aen;w0?aVh%Yt+fH*?;X;;$=RE)W&KlI;C
z25P7^Q(E)a6|eRDM>z5zE1bM5G<T4LIlWPDRKKI?RBAQja*aS8{~??gY_H~jBtV#d
zuzS^pd=y7XO`M!I%^J@dg-(qs_)UFJP84a=(&YDm$@q#Ust=*>DG-R2lBEd%j+95+
zO!UG2@r{Dn1RWR)%AIq56PRI|yJ|p`o1w3<O%?%0VKcKp3hCx5p-R0~=}oD!+L`#o
z;~8-U_(d&5ABF+~95IX}ME~YIcc@vM*qqU@wSq%B%V&Q5ziC9sm6wFi5~g%(>*(#;
z6bCc%KpVqWM-2O-CuqF<<!FdwN3=-XUgU32vNiWpFT0)L?oC<EryIAck|n4o31KiW
z(F?(7@hNs!9J)>8$45@7fNzPLhkQu3uNU1{4!S5sJ8)vTB8G|%#C&mUKcry<#PpN|
z9Pmqzq@`r~nto`Ags(SEXEwadjYKd&Hl~obd^x+P{*I{*S+Bnxe8rJE?!`zb2A}SQ
zP(f(SO|l_0&lyhP>m?81z6LDMc!A@-6_shy^DZuFzRYt*1~|>)?HA}J%q-7J*IhPj
z|BNLzWif3;20x!?G8tWC*X0`{Lg<O9Z#vwA4PV8Q787SigFKebVFwIGDkULQjr<c_
zE%8tPLz?8F9~84ATAD8l-wj8A=$BpwzZ}%VM<Eh=EOw<Ep|<CVWHc^JGb?==H&(t>
zp8`k|t)mx1b#}u|t%wpt+M%jVyJ<+YN>L37Als1S@`yOJ=Z3-{o390tw{)TCad4i8
zzY?CYE1*UdX*H;e+y{MuCPuY(62H9)lWH&_fHqKLDmj4uiFwje7;{ot;@}gH#ACAT
zvn=K1r!V^tI#fEoVBs?5ELV>?=ybK_xf09MJ(52cAr9^jIm(^dTS2rzFw3Eg(C%%N
z&;N4hzNvTL06+O0qjbwUmMq%ghXX^4$g00z_zDyVgYsPhM&XO02hfAFg8+K)WKU;)
z5O0JlI4`rj5@3~#aAWJwnoFRs?+JJ7nAWic_YUXF0*V|9{}egSHY^v+Hy)PTw^|>&
zw-=euahJ_;+Z3<AKKF~oKZ_Xk|2N|>6?;syB;s1~mpm?ksZM7yjV!lSaiQtzGUUm(
z>LCC$GHjAvx^Q^FMIJ&C=Q~`K|9I1@Z>NlbYq<c#{;HS)65))!xF6sA)!~H5=pSGM
zbEcO1AR2;!<0o4iS2?M{&knX+YQBnG>Dwq(O5j1B4&x$744t&x5#(p6QNjYLVm{VO
z-|qzax7<_#K}_HgqkpW1tUG|!K-dJ{s+JXSJIajTaCoJeMZ3T2!R;R^SL-nVJ^vfi
zhanLbT;XZ2burza;p2QsE$u_Sf|QfbxmeACMcPaxk&rn$(Gc68O5amyWu-vPt8&)L
zI2qj)G&j4rY0wm5ZhddQo}%ST%|I(7ns;fE|L1VW%gPAH%LUt|br-dip4vEXa-+IV
zhIg{>&8gIng02hKetI%`z9Dn_dn_!AvI~@lwG^7>oP@@G=n;R-1Y=2A8p;dnVO{W)
z8Z_NxYmag}7}&m`qFs~w$OPAB+kjODTT~g;-{l$yg;3K)M;7Z^qkt)WlQzU|$FHoh
zr82AMVB=NaWb0`i!XXk@jM=2v%k-HA6!N#7|H=-nx-}bn>WAgwpX|={L&HBfQMMgS
z#+?rHw&AW-x``fX)xtZOv2EfQP9paPVkA{i#>TLHET+gpQ%Wj=`Tt`(wDFp-%$$>J
z$HHn$drPKMDuw}65V(mXBhRr0sMwwV<vX|#(GPQsIYDkjVzLTECGK>*)QX4WRWna<
zWvFZd7P5~LVL8!V(?r8abQ9=U!KQx)*pk=$NvE0*Cm>4OX$bXElt<_OC*~QG>-13+
z{k(vE6a_c?NiRbHXW@f4Pq5I0s2uM2zj=pL3_{ffLDF)z!e1R?Wnfe*NJva?Ry3r2
zX#7rt2;;ded!b9`_M{Bg$5J#tW`+MH9pd|j>S0Z-R-3<$;2zA2TGhizSq#&oA-BN7
z1-67Wh;j4TDa1@QpAYJr!il6^3)9LpedT^LX$fDCrFlP$tD4F=KtU=O_EPfKJ`A6+
zy)Rg$%rZ{JZ%f?DM!3>O7o#$SpEt?>9U~O0f(+V#B$~5rRI3ew1{@3M!_+P~fW8?l
zifeQ-7Uzj9D7-Xevj@_IT#K*D3O$)$Ym~xA?z(UMRGcSCU-g!m)Da(#p|-%rkM$-c
z^NvG02b=mtHD{y3x2l&>`z1j`!m}$9LWb39tj{QfT(G|T2nI%S-C3!*&LtgZ8Jq_?
zQGxMi!ZtP46eDb+&J8=1c=9`etcDYd;TtJT2{=IToNydb80JjQITS<;>?Y|DN<8xX
zUa|3%7dH=F{L!B1QurOoKmyLGhJC_1A8u(bTp!q^5Y*(iTWf%$vbs8z=b<J8GCj7n
z&v;zPz^ET1ua&)Vh1L;HvF>$#-dzexH6Y7FSzyH@mbf>{O_OEyn`N~{ug<;pVAI5h
zoifHsxCE$rqt?g;ItjdrVrTVB68Tf@a&7#BQ5rla01l%NRDQ*3q$*CPMJiw-wb#?U
zx3f}P4n~_0ZSMy+kGgq{8VH-ew(M0gUc8gGJ}v|JYepR;pMRnsl@%}o@|c*W`V2nj
zFEhVX^Z=a?0E^^H&d6ZU`lQ4)U1$8}z|+;<j-wDnsRgo8tbiD6ddq@0P8vx%6^-JH
z1wDI3gAUkYU;weHDc7|DeHzbN+HyxFw}+LtSSrKX#m+>zkrm45(D1`HNV?CY!iWnF
zT}qy2mb|5Iip)(`RS-Q~kK4&l<nqtY2HqifoBgMElhR$#AC$7oF?#dXPr0ROh5{>c
zSRFreA$qD0k>MWsYQGA`n_b|A<(5XSW(W0|AP&CSI@_hO%yDg|q*EwGU_0niz^C0}
z65o{Nk(xQC|M3<$SJwZ{uusT*YmIBC{j4W^u=9lFLh=Feae{3rHLD#_*s(XD7bST5
ze|QEZr~mZ~qHh77!5uY5xis356s2ZFJBP86VlbCqUwkqSuB_d@qGTBAH!$*w*g)9d
zjr7To91IU|`BJC#02cW0%(A?_1&F9L@c9Osf^;PZut!=TeFPVTHk7&C|6m3xKn8rE
z1`Kwcz0vdKPLb=!+aMRJQ3DXNh9%Eqib|bvnfk_;br${BQ7)W|j9c5of@~<M%oxTz
zY?)+go(f~oZ5)Jue>=o?faH9q14loI&AZ*+RZr*e;YH!wdRPn=TkFQufNt@fpUV3p
zrU~{4=ND^u6~y~+;QIJwP}tgea@=qYEcIUg?D_3bnU3x%XRFc0S|;u4xw4oCr_nyD
zIX$f?6e#O+Kb1SN|1w0$^eMKrM9s?k@8y2Y)*po7jG6R*Pxp6Sk*6o5et!W)v#X-<
zgdK_h8as{o%4#c2xpZA4xwKy+DdlxoBe}I36guC8C}G(lUP>pbVgwV}mHvp9Gn#+2
z>u+UBNtPa4r}u2n??_!kwcsf|3Yc+PSYi~J?=G=7Lbg&*8`<6^DMs_ttd%5=sek9Z
z6UCvx?Cnx3f$3E(h(LA*F(bpEHRe7BYN2{W)1-ccIuS^H&yLKAqifR;5p<FY->_E<
z<;&^e5D8k|2|NcX+Nh$j-YKxT3e__qVfe+e{795aKjxqD&sjeA-{4duD*v>aHQiJ0
z3YGASi>ax=nH66<-sfsw$CHy)$C<gu@eNBm48A~1>8(CpyUzW(Sa^JIcW8~?^_BdI
zh2u#|w!Q|^uw)cT&mP31(J0j;+CehgZYq*`NkL0==&s&EMq~XJZ#s<Q1`X^Ut0fhO
z&7XPexdLtN=>xgZ%G%#~41l}!N>rT>DLJ1tF@+)H8_6`gsOGq711H>}3M><b-=c)q
zP$EyfA+lmhUfg><SRy`8cdz%h_`aQ|67|(YP%Bhn!eB)<vSD6%-c%+8^xTJamX*UP
z$$p!l_0fd`5;vLro|oIzr%hbXjW%IeW|Z=qvlWgCe{};K6`bkIFQ+js3)(<C9sIeh
z#9E^^|Az9*K;Iv6c8bKfo<`qbGA{0KRQz$;Zc{?Y5(N}tlpzX^$XokSQ7BpwK|{Oo
z08LL#Pd1ig*QlAd3@vH~H<4qFASDi5ewfYD1gnwx5UyS=(wc5nT1ZRlacwi}UcTIW
zn~c1?MfR7HQQw009ALT^)J<Q%Dpt5fduR>9wT|R|^8Bh=cBd*0l^%t{ADzE??*cS1
ziVEBWl|6<w8zNT1x~R6pnq>OkaE-poHuKQ4o!JFo0O#)Hw321M%Gxa3VD8XyBv=K%
zi`0$hypu5~DRr8oOp1#2%rg^{1TY?PtO57#r;YW2^sp?bj#gfqW&tdMvd(SQAqbW}
zN1-3ZsbpjF!R6>1YCU55<vv<6q{(xBbbkMwypwdHZcc=!k#ffLFADNM^>4HtMWg!+
z#l2(YpSSXK&zuT2qoCmI;(b1p*CnLus5H+o<*rb6yZ#@`NI>5F*ATkj&tU}JWAYe>
zm*u=5jr+A^nPB>U7)^7R_McMsQ|lN?oJL;C9@~7lwr-vr{+n@IuBT2{3~F80ejx>g
z^?;;-R+0`2iHeiUp-%5cbvDl=z{wNk4&AsFD(UJYDdnUf2&*&bV^^pk9~jY&;5p!r
zmqd&NvyW+s8)|^EtuwyK-}+e}8Q(v6OdlH|4QVP_gaU>+SX?o9uVTR0Ca%><%`oUa
zsK}5#Op`Nng-+v4{>9Q2BVIb_sp?N?BsCGHhQcyx;NiEmp4=5bF6ZUYq%NWn`ye56
zrFv-aq1Xzd3$c1~R88dpB)1PxRlrw2)8@i{B%)mia^<`>`*6qxo)bxxI1-vEMd@II
zwuCmMg-u<WF}+Lb$7>|11e(|e{0Y!#XFGT9L0M;<&99-X;EjI;pVHOVvf#|J-wx7M
z^l`~_g&~6RBffVc<T+~vWN*6<(k8}RLB6!W)XT*ll)3pzqU=b4=#iQi!;A>&2>PAj
zV%0SYSyt}0cJYgaHW2qW6EV9w0w<%^=W?;@t!J9-aPo<$U{I%<(0u-e{|!C-x#4nz
z=O`g97Gl;GN1ezsWDNGg`ESot=RZBqaWnGx|LJ*Z1A3lEUh;$Z|LJ+2{M+-q?fIwY
z`G60V(Qs9i1L%1!xG%tDZ}R-p^ArzTo!CUnbJo&GargtjI)Gqo8tt8Kp6dsiJEiL_
z`jEhuT@&(}%zsD;kHWF1UMg|K`3qcAl1P`QMf^KB%QJQ>+o{YuN|A4k1|{>Dx^QOz
z2ig%uy+u)=9$r|-8v3_jIkdcKo&E7nxZFVE4LJ2FV7*8~&8z9Jb`h;nS>81y!POg$
zmLZxrCYkf!Qb4*~@{x?Fm2NV1tqjC64EiAH8Ybt=y#|%q1RvVGiSy&t@6Cl3mjAGH
z*8iD)>W06X4?^72eq7FgKUnuPb!&H|w1bZFZtJu_SnH#ZLpOR}LM1{E+};eX1N0*>
zuuqzba&t<FX#zx^wT?mo7w&VAxxE@s>=)M8jDN>&oB>Bf+Kw$pA|7)Rj7de1p+!+|
zx-Xt|w5aCGC@U8>$iFK^ueQr$E5;emPxp+|R=mOw{HWWew*`)eY*>{$CfE%Lp4+ig
z%ea`9f&M2aIKs8sT~JFp>*(CJu8)nJj>xTgQXNm-BxFT6_Ylu%gMCB=K=og;X}SMy
z6e-H{XQ7`2)S(ZA+4;dDWrx&`e?X31j{G9p-1|*^q6g#)M=9qq?8gO-l_d%)yG;Wr
zzyvzLh;Xv0=lx^&L>Zfv8duCOXViRx^MqAh8CJ~3wf$UJLlmOvT(;_O`9p&TX?EZ5
ze!6&OOw)K_9=n8{Ze8t;Wtbcu0h&iR4bH0DnHazdyHHArSxSZLU|+q;Sy+ItyyPed
zz8=-txj2%XrR0({&zPz}TK?9~VlcZt$DtajIYyK*o{=WI>FQqdjK1ew;9p@q67)m`
zS-3v7tR>NB+7(kc0uN`T_DI4ri@8DBpTBU4tYYGycjC>g4mtktAwR}>*x{n`em&fp
zVSRXg4Q<fK$sU%*9`L+4B0B^p#I+u~bAY=d<psf?U;sz6P1XASP$XH7FQ>@=aqaG<
zdH`;DCpPB%ge+4wbEyytYGizdqnfJp-dG6Y=si|q72%OFk7D@>W?G7_6EGbI5gk4i
zDsY{wXZw|5fV$i6oF#ep?<4!*c^c!==!Llu{$9RqEc?Cp<i(HO@q)7ROX|W#e)`h3
z@v^QbWG&f8-s!R{>cYzoW)1(l1%%6pLRP*ijtrWZqliNHn6u;@h6;`hR4W-;oK}|A
z)YU$<j(XnA<G~S}UQcwoeJ$nyUmPRbKYs;{3;y%GS!&RLAe`O}zR}r$%bFrOHgPJ;
zsR@ud%wBUmjVdgb3JkJ*sjL@Tk4zaToeq=m!gXQMjOdTyrR~)pX86IKqi>)QN_=Zi
zIS0smiu{xLB!0#gdCK%GdL}(Ke4z8V-5_0dzjEq>+rly8=BMWDYB=U~T^(H>C!TN9
zr|Y-j=6BaI$1ka#EK~C+63^1>q^5DIPVf4wdShHn#@=(AdXLYXs>DI;T9^GoJZ2NZ
zjVDpBYJHO;74}ss7iN=`P%O-_mT@)}4tL3A3XbX2N1n{6{EGUC?XJnKs(1@0ce5Bu
zQKlj*#@FUFazGATf>jycW(Jk>o`)upz!p&Nli++xO18m)Iz7!0^TzUPpx268VOwEN
zBU*yb<<?<_e^L6I3DP?;>UN2Q)c(ZQ@Q4awmGQBp;beVCPj!u;p8*<?{YA8ACa?HM
za%dy81%^gGpDljq&tzpCb2+#CpTYGL^qhQ8DILpSp8&fwqIawy?iax!9%o|C{0Qpt
z84EL@>uF(A-0&N!$g@vjZ-(=qlIQ<CHzd<-A|5urSBFBnk}u7ES+*-$>+G^PymWk%
z?`M*vS|gG>R$6yCRBdf)TtsvY*{vjCxL81#(aFncrZrghnTv!MEavBcKpN|)Tv52?
zwsFdy!ZJrRZX@<O#LMoMYD82mZX)r$Ky@sRr$yQFq?J*H5oS_VcEbNwRNu%eO)10T
zFwtDpvvlognp=0$+k}&H?#Vx4-V~>S&5~ls-n47E&vMBi9VLms1|9{ix5FW|528Zn
z8qndN76>)&|6h-7gPfa&8P^cee|E$SH-`dRpZFuYkI?WvYB}C3u|y5Hll3AmXwQf(
z!`l-P$ym$p?Ur=+0kQt%Fja)zQH@B*oe}$)!x$<X4A@>D+RBlm`vn?+_Lp*`;p%ga
zvG2>Dlu!g}U<c!TZBdtn0=^T{p)h2b#mH0J2S4~16=Rpg5@Xa46#e=`Qt(y2=moCe
zrY{bWcqP=oonT_lPZ|oOw>}amo%Au(hC2V2JSP@+sX|L7C!=ps-KFEChTg=-3aYk(
z*>--YP3)%!(eRw8P^?Gz3=^U<?1MSmvS~5#WqZ`l7d9K}Y#M$zo>B0}bJ3=K7Qj8g
zz<<M3djE+qj|-R}vi(oe^Bs6k%}AXBr($~;MumC+R7-00i$wo8-Q5pj)V>;SPqb#2
zoV&u@dL40elPkJZIEA?`Um{bza5PHDc77FVy`Y8^d-}fMCY@Ppw4uhL1jTpCMu9h)
z+LBs-utbBH!FVi*_fc=x|1<NA!so>FODxC#ZX<W7*~b9m+Q2WBKB){iB{T^%b~Z|M
zDIx68ow3l9`aW36pP*3Pi~a5kshVpzz3zlb9kZn_`Z#{bPaBhxXh@{$hUC!$JG<sx
z8F>jcd>|=UpB<a4Q*b<&J@U}a$8Vf#2R(GOQ#jgTJ_%SujlawNY!X)a-Ix&5E=L<(
zlrI-NH^!)Zg;{=V@^*Ihl;K19X4H|}@b&@j@rRH?x8;lBzCUwcTOy_nv!$tWV#epX
zWYLTTlm8{i8%sZmVAIz1%|hRlLPGxC&=ymr(GcBjHc8K85FStf#@4+h;om1O&yyNg
zf}<(@jORj+1Dsf=W6IxRUsBw2&MyUqV;bta7}L@4KAP_Oo!SuHM6`d=i^4Tc$Yk~&
zl-4XoRtF{U<t0}aA1lx4K%Iv};3lE4+4vGEy35`&y<o#RG1An%qb**Q)AAz6VNRU_
zHzF>E$MXtPd|+XRjs*Y2znJ$DDb>c|d$O>SW+>17Uxd9=bS7=swi$P9qhmXrq+{E*
z?L4t<+qP}nwrzB5PTueTX3eZM8?#YWd$n72U)OP-2iDzMQ**t++J^LbS}B&-#lV>B
zzm|mL>4CUs6*h9UZMnjA0ux(cu|H}8??z~E=D+);BXbCSx+GobP-6J$bQ_rw)r#|k
zTPAjGD+YVoSR8N$n`?Mi+u-;A{<dg-tMISuut#Qd`<IxPNe19X&&`IAM5LoU;uW?z
zd5y2jb8L?5X7v&hzO%0xaf9r1g8Z`+b70S_;6q@(98XXGkdc^+pglD!P|_iK-t$}8
zM<pFcF=^*%$?IpYuX11I!1W~GwGv`612R5L#U1S-!`T)Gkx0yIJIu_u93%jb&PM|%
z9^m<3rRN~e2cp&B!{`TJ^p4$si~kV2beuP&4d0!(oQWg0<zYhX|CFBU6<GP9)sc4~
z==9XsREltE;;j_Mz0|4Ol5=?=qrTWS;ydJ+mCmc)y|9UHcvsPi?1Nk$L!|JX<OZ+0
zhU^A9k@bTcb+aBsad&>mq6pBL#$J9V)_OJu@*G`$xY8fhAQy68cv_-va+^%qZn6qH
z&zKo-dog*1pw@!vYu^7i2GCwPu(_yFIP{E-f70-u0w(dbx+LMFoGn7(qgY8*ubA7q
z`{sI$37$xY2y3dHuVX_PJ&qI|!H~Ivo_YjrlJ}5RH&^|Y!VzHhYQQ5ZN^bG{pDMKZ
zq%v;sEgpRG3|<t`WimKnM&Os<NIxn}#{2JLwW+Fs6^6E@z{q~)p<AcOB5PpDk~LT4
z;e=a%@Hw?lA(g;7h$=@%JfFwon+?;dgvI8k-uKsia%RMZll_tdH$=wU>zvW~9Vb{R
zo5(f4{^TS|r^cC+jk#GXMiEts{WxclCIGigjlH5exLqE(8k!4UtR(31#!(P_+Zo9n
zi;0bcWWDfW+mureg-azGY;{<L4F>eAVUf`+`G(=vzwKb~QMUFi4g-gcxl07hp>2nU
zcKyY6mYP+(qHa5o^X>e3d>**R?l8=ZaEy+rAuAH+)Kb3iktiR4f+JEa7n+Y`Gzj2`
zYY!`V9>RKO*al1&S;JdK-~i2`2I9rvgY`IjVIIyOMeOdSe~G^Uj@*2og(ziiw$R~T
zzdGu$rS`+n%<L3FfCPz?47qmTaw(&TJs(TAacb3Z`K2-i0Gwx)EyEvBhcUdu-&oby
zMWD6=QpyTVaI70%tDi5|>rV7moI^yzPV~Wtu)LJIP6vaJk#<b9@WaeSNNrq<GG}n5
zu~1awH`P$$q+r8ZUM^gb|0K7`-Sg*>ZSrK)ZcNXn=}@&l3bmm|X4u+f#LWo`jrERx
z`q)m~zIKa*oT&A(<hUVBZIFcO$C1AzU_tL84*H6<@T8c}`e}oT46T@T7^D|V)ca;I
zr7%T}U9ED8F2wN4n_G&azy{W}^l?AiEnruv?P(Sl#}!kbyCe3=hTD^k^?HA)9R~@t
zZ3MEa?eV5k=9bbPivS*(hYni1ibw1`e)LV7IzKL{gi(Suhf;Yic$S}qPTug(LPzdE
zr$A)FA1P~Ceoo;oAHo{k;!3oTb-b|~Ve^ek2JS=RR{cbV0(5K#kcy&^`m?$*RyU_&
zO0)|UiT{`sl`K8`guqe@mV?%>VTOe5h#b(9NY^HXe7g2GuT&T@CH6f&cd-Y}jmWf5
z_ZetfLL;KTFeV}rc!@2;{aP{G_2>3)Bm|k)(i53g{rj`3TjO&6&*h0rzv~KIp_P%L
z@>x4lA|0)+we#W5a+@$Z0{Ez3K}2TJw~Q$w_QR4vqe$h5btB}F@1Akko+7_Ky<9{i
zV|4p*d9uU&m_6eHy2yVa=%xzEr#(q!-<4$=>Jtk@{}nJt089!Q<m7TjWuOf<6XR7p
zJ`>+#v;4;`&Q)@gmLlmDOC>8_PyBs1)fYfl;kAXvpw@9!r2PYD<D8jm`Ic}{Q1htz
z4<i~ks4xN*>$j+5aCFQeQKJ|PX=|V82uVe^v1AaP#t5OhT&SDa)3i<(9td7|+>Ken
zzk$~cKA;LMti<9ghW3Dnb5Zcsd_i7!^8UT7q(K@y#4Zj{+ryqo*>;R!w$HSYdV?!f
zd!&C3^_sU@-88%2TD@uAK!qHBeySUcRyw#r&+fr);lc#g@aDwP?0Lvb8fWki;8~T#
z-Y_}iD)V=G)c0@)c}i!{Y;MU0dic|h0N)YY-07WM%jGS7-j`9KFbKG%*-zgJ@)Bz+
ze_|U6M3sL!d>yxH>Q&d-T=#-(|0YLKijH`)Z)|pZTCP*dBw8fswxaOSkW0hE<Z^Mf
zgkPQkS0NLOnb&I;=|yU8%sRz_duL1}J(stRNhDKfGSZ=b;&jFNyzt+<Lhbg#b|hp$
zX#i!8#7+5D1pB7!28U|nrH^zLxQbNPIBm)^q+!qxe!{{3v3dTK$9}jmQDBm7(+2(P
z#fbl$8sIkt43?xyW*Q_i^|CHDjhFN&lz~&cI`K~WrNNq}ewRaBL`)De^bEYgUtCB6
z)OPegpGNdQe+|5G0j)57up+F4D)JK9qO`LZ(!()z$KZ^NndG%y&e=WC@5CxG>4#1U
z8wG{ypz^@s{sS$?uuQK4IBP}up6%|%JX!bECPF?v@!@%GUILF=SG9vToW_%MK447L
z663WbX*_&HUD{_Ei(@_REX2ifiQg3BG8Op9{`{rhobN11r`Y6!#l~BhCcrOE%54TU
zDMQ@aW3gUT!DKk}Z)gbD?3N|%{38e)qG<YjPhNa_^Ng96aT$AF0~i==jPmqICtnKT
zloa{arRiUR+*6`03U#_Dpd2+ht}?xpA9j$6CVCqH$~lRf?}g<)XJKtFjgnr$BN?b^
zuEW*9gugQ@QXSBKte)?^<_8Vm)dsA=c6hfB1JBo7fOHfULjx_N-<{-CLZZ3alv1PV
z`e5nJB(WkmloCa0GIydD@N6gzK=$VP=sUuv{=#(|s^J~_r9o}b0y`f4CAH?=<GKsc
z(Ce;d^`kRC4C&`-bHNbzMX6TQfV3@ZO<Op|6Y|9ma-qg1W;RB_e<=mBiNwYgK?(qS
zkrkLoyJSPVf^b0Brq=$w2Yoff08<U-zE5s2Fr`83caBgp>w|$Py&iarM>HI|<%rE*
z6AT2?U^wpu@zVPDD^Qws%Xl{cQC-at^mfZ;wl8>iO{UTn9LJ1A>=P2ssV@);DV!u0
z6;GgKv_Gn?-FVEuFia->CTDc7$$B!U+&TC3mR1vckbTMo*kz2T!Qj41EwaDQ)pMU7
zCCAe>Pz8Rg%C{iBY=@E((yiZUJS@faRM_)^+O()b8G<}QLC_B0RHNzeKCbF{&FWzl
zv0CJEhL+(GkF<xjZ$UR}WSfdDJr}Xl*0La$4cL$R#VS}t$j~w<@~svj3O0x({laKk
zrm4{6CI$Laz*L@Bx+@}K#g@L4I2S?S%{J-5#n=l)|7gh9dD_G*&x(Zj?sZ^XFK_zo
zxYBm|?dhbhJ59Mt4TAM`7%0hXZ1^UpRw>B%N32sk`;j<pgMKC!kF;3ny*`^h*H(CO
z#$=tC3Qhfb_Hwyjh1T@;ADu@dAFTd0Baoc;LROPn`Ta%U9Q6371O)YIsj`=on@FHj
z{%u||2vXUU_87Fp%q85p#B2vNKYZqkdOa#*J83@mIgAQCbq7*4a{Cb^|Jx<_uSHh(
zOzYhg&G9VL^Jp>SebS{q++G_U!PXBUd-g-f5^T-&ca;Po;K$k+PSD8<+|zHTNqMM|
zl5wIgrI3--1J2Rpm78gQ8)ufAfg%-lSeJ2)3a~PwOaxrQWvq@JeIy|CGh|!^+2a2%
zrMK<%e<;1u<ftN}30w~X)|!(YmqeeAyqWBT_8$<f@apF?#}?%SUbeA_@I%Rj&c$jt
zEj49EG+z7UZ3)ggoS)(4M90V`zRRC;v%`1=yJ3xIPj+&%GrfPgVxwAgNB8&_fgoYm
z6S`bso<BMm_s^~#R6Rfy;c)h9liymnxzC69L`?d=@QoHe|02rC^o4vBEe<|{4*WZY
zCiltuWqn1IvU_XX*_wgzrmD102UUHNM$rd@VQf$TCke5pkZ;R*8_tNQLa)GijV=@@
z=hs?HEu=;cJB93ou7y1hLy#Cb!!{~{ACRSviZObxdgmj`-VI~c`vMOCFt}&O6h{JE
z@WJ|ItZo11F|~eEB;Ag8-}w{LPo=6Tb8ON$O>!!al>&2y`D4}*%QipkELpcn-{9n-
z^IJexAKZq6<wi>1+`-d+<`I?9Li3j9Pn?A}#btGwIaDemy?(r3b5J&#!&ea)(K_nG
zee?i?k|G$$&i!GzLn;<3ZI4BG<&Y;!7NpsgG`#4!npWrTOk;xG{#tV4%EP_TqG|3P
zgY1<oX6YfQ2IUw-R9WQrN?Rm8gZR!oq}6cdJ}cb9q2+Pqymd@M4E4{I<yraWX7;-J
z^GDC{XkDSOPu^CNTDUTZr06OYdn}v^#%FB*_e`>=emK0MXGiNM>KgP5e7{ygWAYuG
zt*cm;ZjgMrdZB2>!yukBG;PXwTV}1Qd)(TZx}ZYed5)Vfk{fAot0-kF^@iKie$9*6
zDg(KZXW>k1h;X;onOiPqwOjg(Qz=0`gRJx%)8v7GzF1!nMr}{f8=@OANnHP&EO_>p
zN-7^QwGo49+21fErbNCI%<dBorMHB5zd{fx66s(-{Qgs}hUN+%`&Batla{sgEgNOq
znVmxYKaR}A%;$z7cMWJb&co0c!DtgnyV1H3Qntg^mC?EW;rxz44Z9I{>l_I=U@9mF
z{J_UcA{Cuz);M&_Ie%>-H7<bT5IPYxO+M9fJDkZJDtFMqGp6uf|6NBmUdYkLY8zZW
zNhA`$WIt7VRgvmsP?7TpOLjb{(nF{UC5Kc~2Jr&Z`j$<k<IFCy`5y;vLDuvAY-F?i
zpUKYT*J~+OZN9srkC3wL@66y?OXA_}q#WrJjU()<fUY#)5fpHUNH|1N-VFtPd#OC0
zjJ^pSCf772%POgxmr$R<Fo-v)ZrAGaSo8>QXGdzLG53V`>Ehv&<w_eXWBC|G{I?XI
zi7(UE3M3d~#;%{`xNS~!b`1Q8Sj>p-5-Xe0p8YhusN2#?wUO_Jj51l+UUNkKe#3jE
z9yh9)w&lJi8Xw(B7pm2eDYdZXZJom-3&nQ$%rtcCzM;w>8vcPmb!VM9qpIg`8L~eV
zSLr_`F>fw|@w)}5j#rWl=VWUi6WL{k-Hkk2+|B=DFhmnlN&gf!h)iQ#-#;y9yS}x2
z9x{GvW;zEVh8q%!U)!@l1)Pa#vIN2NtEx$iCWdiva1O-@S8w||Hb7%GF0yyY2ozNe
zUgmS5(scHx@XVY|^v5<vlwTql>_(AWI(|4Sq>Ap`d57QMTsAeE>%)x}ur5iAYkpj;
z#{jChK#<MwGiYN+?P!hvDzi-~?Sc#|y)C?OKzrYh&4Bx1kUwC|luEW^VHJkZKHMng
z70yKuf!_Pk8COZFZ!o!(;9Pg<9mW??N(?re$qm?<=EH;?8KtPXL`a{s0ZSYXIkOG_
zr}X?{W*cUv3^f?xSU1PCRD7(mdqXU0?|K|?4f`j(rp>((+8c9c0(3%7j%dEAHeEd?
zgyTi+9tHhW*<%z(;lEf7e$1r1s&(3XSZ?2gqE*X#p`RwQPnYt(j1nqbMcdXvTQyj}
zf>G(kb?;&~-<pbSP8J{euL}G^@bL(g%wLVStG)Z-fGzx{Ry(%4=$D&a7ZcHXBEZf~
zInE7t+K5KLMoLz^d8P$;JDwL2hErKsMIRcM?U1NeUFx%LSy7UY8$$>I$9ZJ!CJSz7
z?dI7pWYF~6`bCA(;zDlAMty_lqIzGWJ!z>Oi|f0XPd&rDNKQaB^Ve45MrYB$3aj?J
zhKHvfO@Pam#5#=cORu80IOffwGY6`TvP|uwDO4vI?6_v1W`ITM26K-Yd0T*SmvzVG
z)}%>)@su~Z@N{sxMqTPY%6eGVeX{l#%JMXSaZNei-)tSXFN3tLlOZf+opw^KeDhkP
zJ>Zgc7e6y#T9hof$%w^+*Fp7b!6>doWvq3aWAV=RY(XD+=#;nS-oEFtzJAhRTK>{C
z(e<xXAL=0cDo*h$Ic+H3&3s?G1?}k>XW$pM-%Gcpmh^qMr5;lS?#OPHhJ|bgITp=^
zB%lC(BuZ_t6(zgGZISJ@ik5!C+ukD&msZJ~iUDnSm!$M(I$g`m1pW(L@+V?{K|x-B
z59<`B%XlARyNc6(4<Ao=BG1^ci)onVhvWn3_onpo83Q7kcsg$8341zT!E3?+x2LjI
z0(=?x-Dnlaj42k92vSL=if|x2iX*mbh2NO*b&vnUy82Y-FZ*)kRL#4U^i<E8yv{MV
zl?1IO8eFUWzj4=1+nfwKG_&7e$P)hDmp6yaenNA7ny>`iotBuisJCUCeI!P6Q@|J`
z@(n-<y87841hAUFGGF;L(D@G|2!L5gM4);d_5SRWt|W`YLzE)j{Z7}}4ZqOT_!SS%
z)Wrvu*<!8Hg8w#)1IvL;K*gB=b8hBAwaT*a#N_F{Aei{Ff|u4UIj6p=wT<{ymrKwx
z57km50I3qhVm<vL+-CTXVu|FhS;;VqISECwU=Mk(N8H_|VVQ^}emKoR<4;Av(ei>g
zmmXDE_JSB@acu1q%ef5RoM7`pwt`4&WeHm7CD}z8<@Gv}x6z<Aa`a!30eli+InVin
z#$IL0;_QX!;QctxQkelL^^`bsZ5$MAXfnG$yH8UUr&5zGysAWJGsc(hhSHVI$=L-n
zi@4KE9o|sWOB-$OExhk%=T%a_S(DsxEgXK7p3TGNoQusErBh1fr2uE`e-)4pig`vh
z2Y70BFf@!EUT+{zyC8pUpS=Dca{??)zL;#l<kp-N+ym+$dRXO^`Ck#U^-i*q(4LC1
z1CKhTPoig3EPyS%0n2PiOEZBpBd_%tpy-(sfevXuR?qid#NCGPpC>kx@83>Za)hQi
z*@>_hK5X_nJ$O7n>3^y!p5oG^*FS_VS{HsMW1QYL`gJ|DYD90SIeS6za$L@S15f7N
zm~_#fcR-xaSWg_ZeNr!k_W?gvpOa7_%`*Aqfs&u1<iS(<O2=Iw#<+iexW6L2{C5YK
zz2jM-GDnvG0wr5ke~xI0-eM$ez_dbd(W2wcSSSkY<ef>R|BOr%NdJp0a3QX=^<}?7
zCSYJ#nO3&8&$s{c;PfAkExN4gi=+gPJEMeaEoPiQK49f0If!~v36<mwcz@|4kQV)6
z`MYzlGm^n^y_zw5YrqafpAq(Y54W%VQxo41GS4u(ctBEh!Z=ee`>(h%BRN&(0hV$c
ztYEKvkN+;aF!C}ZcCiidCRxkD(oh}zbo3=q3S;=R(c%Nqx6JolZwH)0Z_3@n=GK;Z
zi79NZ)JQG9p;s*<)FjLy1?)gaWVC3eRs+RL6vxGdXXnaWA*eqDXq>1Ab_ij{U~0rn
zK+9Pssb|BDNHLfL+n)s-$=&k_3c(cG6b?sYyYaKAzplS>&Ks<y5jQYYGw!u%t0w0&
zPbYLzW~BFcUR@?DGoORZIvHy$4%j_NdgRVL_r;7>o@Q~>45az`wdDgk_QjeGi6Ytl
zGR1_kCk$jiJQ8VRLV5-c;c}j@%8x{Uxvk2_=z36--21&y#AWe5V`ujv<(TYo&lCYg
zVqK?K!rxLUIyJJxuN${Hpg6b3Q4TXtV!NL}*T=aKJ^l8Xbpwb`a<l?6GObIh!UqhB
zAmc**JqXG0641T;mg%{?;yY~d-7!O{@$c;HPpnX~uM_x?Q(IPZWDeFA>A7mGiXUXf
zy}{49;CXIjE!z+<k!_VajzE091fs-P*%LM7o9sO|<{KE%y;X<x<HY$w7yTNpP#_(N
z!f+<+0eA)<{IN*ceSsY@ZRCxfaV6jx(0Z_$2;rVA^Onqz(e)DcSVkZJG@DlVc28pX
z)5c|MYaBd3?6x{sz^A)6ZWJm%!3gYY*<}92=UAc-l+|+Y^pc8!UH~s#L~;^%!4`6k
zjC-=n7V>1u%l=F81S?E2Dm{tes2Dofm-UngF6RC&NMyN#8ohaWhZ47HAzdEz)xW{c
z?zUKtSN<4sx8Wi>K4*~Ntihz(0BJ_$-w_+kf|ul!WZ7RQ`<Zv@U(o}Uoxu}yt%1_U
zH_`jHXwSrrnAmY|TdtUPh)vACk5v<UO~ZA|gSG1bCm+MJPW+zyf1E<Z;Rn=GocHk=
zDOj3641AHLG#kUV^%m6&wEYU5*?C#>c7M*aI%;8rjgC|wNnXty?)Vt}zZQzAvLsd-
zq!XUC22#r%&!0gwwBCriZJ0?;pJSs%6F8)$_%*qe`+?}8Nq4U&NLA`zAE4^SkYA}A
zd;def&(!qeQ!hhs{!8Y%QU4_Z8M~11flM`JkI_h>8!AVE6V<3;uWSZ-L!7YK`B4Y4
z!(ogfwWpd`n<(%opjZkW)87cG>dP@Nt0+@LuzQR-I9Y;?<w%#yVoWU1$$0N4sGOK1
z$)_<-5i#Es&YqlyBh?zwzYir1E)pLBv&Enp4zqQt4@Ku_SR?qChDP`05<LYb`eG(x
zX3FvTg)P(OCzQPK6G|R9^N3ooX2LA6GM}BKS*seNk>_7&(Exh%bK>y(i4JEMQ%lu7
zut5wSQ0}|SY3sV?Vs!8Fj7$00a>FH#pnJ2%bcCiVGq6p)uL6a?R66{MS%TdBD6CML
z2xMJpk$Xp=#hMSF;n3?JiR1j?-tAX@xc9aVOZyg3q++>?GOGU4s(JsPvb-Ni-V#3T
z!yHk6Tx>Z{CWPZi3-8>qv|+JxW)LqMqc$4#<*CDE9NlS>L-xDE?zF!rJZO7v1g729
zJ6&D?OsXb2XZQN2pZ*a{e2YxzcB=W+@!KIdEv5g530MzQ^d#jGZGhl#Gr%=XuSTzR
z%;csDlbSAAf_i(L)+uf!fLr5k%RpCbU4WMlcIGumm=#MfmCUa!2W76#+h19UMc8^+
zU#|wiKY;y;s;KSFc(LMc==tK(OZNF3dz*Tx;SFB<hH0oPs(3TqQU-n)2`=k3{ksHG
zUQrJg%u*n)o^e#PrWy>I)13-`KH>d$(kbTdtWrcSD=tsXOtXG|b*dQAT<tCxIG<K4
zDmI}v3*E8ie9b-ue%=2fJc8kI;uMy!QX9gwN+W=BIV;xhTh*9D>0Es9Yi@BCb6A*r
z>`Ur{`mV$9r%7hW&Qd$Lsidddg1=tK{nbL-T+cJq`V|sQ%fa0M7gW9jWbj4Q&6E~O
zuw@iUy%e7crdH^}qcnI|@?06sZ)V-7S@bH8ylGHm!cHr|^>?aeEy)EkE%jj|dv*tf
z^C=+f|0q3I)>dQyctwW=LdF?{9Fhr>L992ytFs3*U5=#(eR7Ql906g|=*B{kX;Mr+
zb&)7EiY5j7NwVjbVOk7DJCGzbNSd`f`=NI^nZLX6LQ4I9v>4>yCCUu<BYl?`*0s6-
z=pG>0;5&kn0=H(fn#pwDXw3grdcx&c{p4caVhcJR5@}tzGgz$TV!m?-&nkm|{I0>i
z<RP6UgewrWqlOLY1XT7jUaa>hG8AOb{pS4ZtA#wUyIsBr)sNT-4Z9Ln%+)c7qWkoM
ztw%Hmlww^ir59<hSTOyIg2tNCDiw3M1+*o0^(2)t6DO2fb|8j)Z(WufX0Qp6BhY&6
zjyDTP#a^vP;rzoa+MP#(<d74{NA*^4X}~p|q$&~^ZSGwcBs#QvJ$%_Ic9>FgkpXT~
zSD0(&Y`C|EtC>Q|T4;IY-i~mCt-7<Tt+`YLPsWw340`MN4L?Z`_hfGhoC@XI(;Z$N
zdr<YO<^}H2k%`;)g@l7DoFZGLRg1aM1@#s_o(s8vXGuSDi(wjd{HEIV`YJ?rx!<n9
zBN}X=spi5%KWPxA=4X^B@9B=$#iV0Ro@Hot&4R1;K@~r?7E5Tls(4?zklz9#w=2q{
z85z}14S<3<wY1eR5zlh9E8a8|E$&B>T;Wz@R2AyWwH(MQPXTWvw_j-eh6~?Jx5CiE
zG!Tku7pG!=SZA2AyaU}o2Oi6NwBu#{?|UXO$PFMLY|(}-yd_T~dKh$~F;wZkmql!Z
zb$?YFnW|d=PWIKuLmVb4aNJA83o8OekA`u@;3|2Mt0jC6$RG47px?zi_ny!6`Zt$D
z4iycMx-TnL;Dh%i_&(VYOlJg2YUP5&!hed9hLD5ozj&s1O3v)Qcx3!;OH}kOQ+i^y
ztb&yV7FytkIh+tit2N_$B%&oKa&5>B5oq+O*W8=aDndfoh@=WD<OMwo;^$iM4_b+N
zNj+}0hXe?HWL(KuVj{-Th`WLWn=Yiap1?3rjtugjesUk*sioNs<d`v;6FFYgH7rdb
zVelQ}moCx0NbcEK@;0}X_Dh3b8D!~$|G%*h_UVc7^i4C74+uB^m|f~OW8~cFT3S`>
zuTGo!$HYi0Pd;;n3+}M}tDnKYcm;^^G6?kHVx*#N5_dqZE$utHg+C^FUn-+&(L#I^
zRjAYD^jP=|c|S{zk)v<x0J8w@YrIt%A$%!XcUo`0NwE~Ucc7mC!tXb6eyD%{xjZ@k
zOMS4Oi7zvlT7_P@n7^6H-Cv}B<u(V=#E5JX$K&A5JPA3UkHG2g>?(@Ws!SM%HZT{%
zh1+BNOX!FF5avX>oD^vMwVX$*9{e=Zy+d4fu?Br8wv8chXJt(ttddP@ZjwmUn_I<S
z1$Lkw{HOU+)8`)Ijd^}E*M;2QE0T9}Xbg563~D9O<pQt^*~QMzvC;mV*CY+A-;OgR
zwe{vvAHGNAt~z{axX<bIM3Umm$ATT1nNXCY+Ok$+(hwPJmv)zldR^!`GOs3a8{cXJ
zv-CytcJlvCfUu7qK|BnVW9@KkY<ZRtqGeAr@U9+l4@QXO)#Z0Lpu@13%Acuh4rnJy
zph(4{IPJhV9VmKN2kIY;n_?{mqXbd2S$lzRO4m#IFP?Pc(ZC*bTxm}7J{4>bgcX2K
zW^MAzl_8U3<tt;3dB9lv>mQ5q*<XqJQ-;qE@IPZyyhKRP${`+2AOUp{HSyR1n20W~
zu55$=7^H=w{F4X0o=x3$+wvzjDdX=NyDVCGstiXji3!s{6J#c+AxA%DXx!u>F8r2u
zlAe*aDkf;)I)yGlvK!#gY}hZ+G(yaU|6}v)upjWrwjapcVFy*8h93E#;aTU?zKu<X
z$egobhC`NXy!>Z|3t;q-h#Fu`gme0}L5ce#@pPz`*{ih$!@w^AP*CGWI>AAsaCil<
zj!kp3Sg;!N`Z8}^>6teynbvHBjAsv<4fF8akuA2Z?`on${Mppn!cnccXSv%J-ScYs
zD-ydAoEMNYvvczh=4$Ze?B?d|7f2gXVn^YKCz%YSwf7Z|F1YDVuw4~EBS`SPm~#%F
z<_ozCl}n(DaCej&pWmIb4eGDvDvpa$-qBP5DaESd2mcgIdf3>f!4ZcvpYXn{U?=j^
ztUMk6!kYRTcI(H7-GGWu2_x10SW72mtk?KTE11qi1pzBz{4{EP=*c9dP0yt&_lCNL
zsCL1ar0Fw}tbMwHS(m!Iqk=s{--$7dI)2UQ&9(%;C*+=Wse+oG0<I7S!?u8-S02F?
zJQabIXNCn-w%v7;1w!RGdB(9b4--j#3dgZH>r8F#mTE0tm7<&L7<87XVB2fTL6Ee=
zm(?RvRE%H60dr0O$3#QMH5ud0yURpe0wMET5Zg|%9WwMXnzTWYz*ru;7b;BS57%1e
zHGYM*M;d;xe^1~4lfJp`{4ageCN?jiBza**I1@+q0d{Lt)Mo&t3gXP(mU0#0h}O@h
zW6|tK;GfXDdkVZyiXA}b&hOF7L`VP<pcCR-@P-=g@J{(psYLc{vdZ--nX%Xk1$SH3
zi0wtV7f$7I!n)Uc?{$wOrk^AlSYj%^2`RaO9hmkweQx>RPp&?TD|KrSa?FwPr1C{e
zsX8naQ6WwK+Fp@8QrAZ=oaN=)7*~jlP#LuP20JnocavwpCJ;ROWa|EuZip&qZ4oC@
z9)@XGQA|};weMt^FjlhTuHg)~rblYrC20_b(N0aZ64^tzAw0kW!!lZ{j^R|!nH0?{
z0L6-vUt}Xx>=vJ3-bW~MbsT=(>eMYy705}Vg;wk!_N5e>O2(@<lt8~&8!DZRR8(%p
z-w}J@ir+;bYuB6&c3HaI(l<4x4F$aVZ>t^upfS*8;116>x?Ya~Neuw|PnYWX`gzbM
zEVX5dGLDU5<3w5T?H3Pve{O4H+hrh@pgy%CY3Au&h?4e%@H~j<mnj7E{77Xs{rB7D
z*+O3_ZCuG**;M~_^f{@njttbj(po+QO}qvh@5iCNxP6_P@O~~H;CCx*_%b87M=(^=
znHCxvP5P=0VY&-Vy|C3a@|30r&(v>FG;o8zqC!JSQlodM1kk*P(MW;VcJiS9MLMh6
z6U>}u2*<nZByoj1^#nr0qX8Eu<V?%J48%_#P)PPGL{dfimjLdCF26|UN*A4~RrnS<
z1mjU;^rAt%z{~C4ec@k9oQ+K5!>sWe2NKxGw?~gXa#u7OwXv1y?5Ks!mtMD+SJ!6g
zMlo5M{tl7=8z>*LmOz{c3*O~0rXOox*~2!w91iQYq7_URo7KgCN>3jms~>a8Dew9a
z<({t7dnI|^MSxs8<gJ3atA+9(VFXLwUYt`n8-!mvA!BxccPj=3!>Pu}v4`TL4V%xe
z*$(bYi&+TTfUPT)eFSj>3%4z*2<P81od0#QXB6MU;C#ikDEs3FWf5nMmrhz<7Cp}?
zm5sE5O>|oF-X-WswDq=m(hgf;&Ibxe@2gXrQ%Sx5GV5$hd*-kF0#TU0`aWrVZ?W=0
zXpeTH{oaH`sSdpt=t?691dnJ_n+9$nTNp+Pp{c6VW)=0!gyC}<##wvLBHVso`8()<
zV{@@JL+zi1wGS;QhdMpD^CHBmjj)1-W2in>*!k~HkC{2EXcR32-dko0Ja24W-#EP3
zNBUrtMB7B4$R{Kw(GSgLh$@V2`s!p9$2wCF?A;)Z4oo*}`*-OlpS7PJ<p%q&UTJe3
z3F&kbMk0R2o16a=9_oiqMs7POgdfmRnEC?XZNAB`B(aJy8CAzHE})?jq<2UYq|iM`
z6zdI)2<SA0a!@AuBCSVIdzo5?kFEz9Vg53zJdy1&4X?@;WTf#rn;KwnMhdJOKBNU<
zSmvaAFFie{e&~nZ9v%i?pa3bjR2jgv#;WBF9&de0v{mD$)k$kWP3inBj+~@|s#2$T
zfr#l(46+t(^q9A|lc^{Io;1-WUEv08|5QiG!T2Ftr}903vA=U;V(w#h?qaGI^*T{x
zFNPAf#O%yLoiH^aY65#QZ^`blqM`>}Sq93}#}B4G1lDly1xpGjyYcL9qKJ4sUO!&{
z#`J7I(Bum&xMqu<()Vl6wGpX5Z-skS@_&D~JXcLw<E;6=PU`we$|_&dCZHOxO`pqL
zB@<DGkvUh!XBw3#sKbyDLK`CP0u`c?+AV$JygxssT(XzopV}~E1L-EC<XVuS`*~+w
z@m&8>8Db8|6WZIi@3r;)F@z>Cf6%6Swv>;dm}_st)xppIEtAK!v|MeV&tti43g&*k
zhr)Ss&JS9q7;;vc({$?K9Jd^};~4CR`*3(j9UWkgd{@b`c%yk@f|KWdtj?XFKHez7
z7&pWFqw%q|e~s=#J(E8Coo*nT7`YP@uZuIvQKJ^242C<`h-Q&_zZoev;I{?Mq%125
zxl}?LSl!kVSc_&9E=xVy=r0w~qxtg=+l>Zo{^3__Jy1>;hhU^7-&5;93=KK+;3@TR
zDHg800Csgz)L{Hx)r89Hta_ojvKCdy&b_#Wd}z{(<z{&+wAHSuC%!geI?y|;`u(Z!
z|Cb{4UEk;twz_}%&-V(<vh<n>G`)t}cmvb5%d^3ezjjBmi=ulf-miiWp{H@9h52oU
ziQal3_y`mjQo;7Z8kRjeETjfT{a0wmLJR5K!}Y>C-e*yL)MRV@wa(}y=k?2D@#G*(
ztti8I-(+!ge+>nt;lc2OES$iUkWJXCd&d_MWe3E#9NO*wHH6wP5>NjaLb)5eQ@qtd
zU8d!jayUdPjNzXDs4~bz(Ortx%VXGJ?2N;g%X!Dl)IB(rRanwm=-t;*n47((X^#ln
z#z};T6@s+Zt=mq-?LwofIjnm0_?&)xc_74De~UUI4Vt+Spaaf@r4mMuANB-8Yy!}O
z!E1v+*}GD%&>t$0q7(kML)r}NMvt&lHpm+!s>M<}*r*gwlmnN)3vuN=zh9@;QfbJ5
z)K~_ln0#Isqwbk%*B~rhqY*pXL%?yK>w+PfbSsq8e(ZgEqyhba91$VN&~Bj3mEe5{
z37?)XxnK7UG4H9hm|`wtz%~q$u1syefC3Gl#J{(5grkO615SqefWKT`?q0Lse$F&s
zH)~&grUL;O?;iBQGw?dFyc-)nPy0vrGo4+uRq7tTevgVX@36}*pc@)*+Dq@U4~%py
zW8U(Po_6tjdk-gsJ%J&mdBX$93rUwf-$Vmoya2qN5JrL&LtjItj$Oz@FiJZ4ifJ0P
z7YdvGq{)loJI<&A#oWkXrNo)Rpne35G2XqyKD5t)2z@D3N%+K-51ueyefiXka%j!4
z=Z|T{XtXOP#S0uCCiaML;USNh@P%P|kIhf$KD7CguDYFpOh)6;!-0^#^3!o3q3Md}
zV*bsMpJH5NOzBlCu;3?~=eL2A&#q{`<RQtNN6Ol{5Mz_i{=ojifN`wN1@m;8lMtPu
z72JY)LErUK^L(Z~?g`jaG)_xYEsuU3Dt!hugy)WU1f4LAwtKTQ5EvUxB4VY#;_WXy
zIhlq`W>6X;-WC_IJOpVk3>aPVJZ(!98nV6~r=s^bx^m61h*Og@;+T#o_*prhFPHPK
z^3$AD&&xxjnvK8M<bLbWteNoG9iE#bE3hO&a3$b09P2$^r8eLTqo)rUn?N3tQh!GU
zBE4afFQmd!R=TA1#6!;chn1yTN9Utt?+?*EM3omY=k_)mS3bB-T-oe-q+$J&GhxUG
zhVff*ZH^fF^sSa-)7V%4E#<#KfNiwbcv5nJqjx@%>SzbFdo^cZ(Ej<kb{J<=RB4qF
zv{YEI1!%bW>EVi9B#haP^&ny@)XmiCo>Jy%wB>@3^S1DdU8N1A0SXu3@28n@CasDp
zMB7apN-j`u9bFVE9Ey&C>PuL*i?$CJMsP(RP;DUK5SeVf=o;W2cW)(Za*-{vAA(?I
z%s7yIw1e(PPEZZ+Bjw=F6VY!vZlfZXzTGKFu~llCHdLzY5sex~MLBqU{n1>&Pa$Tl
zRgIL2uyEuvNGp-i3!p>C6za$yQs=~jphG=5Vbb0#e!AM9MR{gA^i$_M+^l9!Wr1k9
ziDf~sCf5T`omTqQmT`R@Km6PMm^#`3KC82iaDk^coUA~@Jh@ZE#Wid;GX5K5oa7l<
zoWmC8!9d9~Gs#+@>mhcrfXOl8?l`nZ_ngeQRC682!@E$(>(uSM&<(DJYX9qxlt`+3
zXf$exKhYO-oUoxUyOm+HIAjIpwnz4pBe-(zL_yx^R4!Y@CW(t@lm9})QhIp?by;@J
z=m*i7mUA%ivbI}LW#=M<=lPiJ-ba+}2iv3xS{mHYo1z7l?BE`OHuFrwR~A=w@ux9L
z@HmH4i;)Z_kZlymrSueoNE<C&{6*3_(}dOStE%#Pxix3s^fVQ5Y<fQ^hL3Z+E{QsK
z9yC*86b(!{Nc37mrecmU-*N1Q8W}Ly61vnLMmyo=B(P{%m)lp1R0ttoE0Z~NRc+&;
zS`!vL6mLV01LrLh@iE=ZMWoB`!^glI=p%Mx2n(D3nSY>3hT>$&ckOyBR(*hDEO#i)
z2rtVzTiPcd!U(Sby^pOu?diRbCIEd4LgP!zP!H|b=fv(#J5(N31n#n=tlUf=I^tyU
zpdoB=^Vo1|m@HJ|^rFDL7EXEV29NRrBZ|Ur%hwwmX~IgyhWcg{`agxLe6TsgXh23Y
zLl56aM_gy`?nPXxlm~0^`0vOXcMI|O&-V;tGw5sIQH9$f&C)k&;!V#<6hJ(*?LQw_
zVHetV2VMk}t)(}bhb&5?jLX?H-Uh~=N}8hnTl<P?d^b^EZRq=+l%NH*Rj=FUhJux*
z1ibL;mZ4|pp2CI%5l7Gxr}2z@_pEbUgSSa5_JE@ONO>#;r(uhnNS`g1g9&=^dk5Jh
z{xOW@`w_!(KJgBKvz;3Wbd61{<4s-ks$A2ZK{|kC;FGS2&N2;DHI1F;%N}{ZmxWiC
z<&!YeoF{g1h7oQZO==f9HVJ>)$f~5xBjV6Y4oxbX*K}oB#y32lz!^hGK1K@|HAM<L
z?G9oV%a6C4o#)wGV*Xivf1s~e((<vpmKR1v=!gFR-WDj5J3ArWyf4qeRyS!<XO;{|
z`)hZ?qLlOI#!C&=@i<tM4(u2-^mh`Z{Y}_46bwIS>JY>l_O;!dXHAiM&6Fnsn@A}@
z_M%OpG)Pr?<`+S(gt}A{qHABm9^FMdRmCw%jbR2tF`BX;w4!O{WFtp}DDf}9;4qPX
zDO9xlGZLD0{5T3zc9A|7<MP{rXA(NHNY0JLL{*d;aGZRANBWJ{g&b?%0pGqq%{yHy
zFK1a+d@h6K;OI|T<^22-Tb1O(+JPdc>hrnTvtQVr6(!E(Y8TPi2IAwk*!ESjg%6Wb
z2e2EOnG#XTBVe&;TRoyggR5w!X-JVan~A3;s)Q->!9C(UcqvW^w4t|%X%|~<(y+1~
z;A_xl*;qj(7!vG);$~3A9qBHkFe$KFhz`S}j(8|9mSB|m$Zv7>{^z@e<i|a<wtIQ{
z=sQ#g=RNBGkYUUQ1+jOS#Wc%_`-NB8MLsb6_BSG}0^ZM6<51g{lJ;)97g^)*GdIrV
zpR719z%eE3^$+^t+APG~>-SY$cCpLDf-%C4X3XQfA#wvgHR-dfA5ZYA=<{YR?Injq
z=@u-u)KX(j!cDp@#gJkByv;qNO=XYT%fYjH&XAvse-OS%S_m{5IErB-dH(QMRL)l5
z0ZA4LYjF`u_U~OV2;a)T#rpZ(6+{ity+(+ACSI@}UB=K1Ip*%GDFwc{*!F0hkp)8B
z<4wOJGJ}K!8%k)tcnb0p?n$6W%nVv(lee>ES-~JUtzdED!-;9)aT=(WGJr+3Tlk<F
zouabQg6qjnPw`z;VtVkU3rb+k-bZ9@)BMO>)&K}M3mbhI4L@UHtiSiCvRkEmTFb?s
zM%$CG+AWdBYVC;(ybG*BTKEofA%^2{qe~jR@Xi)A`>-`;hcL@SXu%IQ^W<G|bpSLX
zioUdsDK?kDTZsNZvT{Kf#g3YrT49QnKLO>%!wQ0h%nQgoJydGmHRnkEC`GPavTe*1
zhcO$XHITGggfSvbjlyh#Tiqw-d_z$P>e4z6(VxUn8ig!;`4$fwy?3q1Q8lJ^u-;iA
zG<I90lB=zchN&@PN1KUSaZR#DRls<yd3|A(EQ{DBti0+Z(V;^neKc)T0ctfVsapB3
z(wJAk#HjQb&5@)-qT({I`?*i-4y5HuIgef(bkeA@W>R)3S`_<HHHfqU@r^wAPT9*R
zf|L1=uV&!yzvx$eJab~+{+yzP^%XlJMJYJ=Mz-j$4FP_{Y&Q2;?0V}sQ^R#pTDUYq
zFe~(0QWE<Og_rGJm{qjz#mp$?#;}lg?SUxuZ?^<(271K$1U6m#IBr|R{*846K3Qt9
zaKbt(*t98AtVKr3gP$Dj%R~*Amsx~cTmz}A-Qs)WH(gZ;nQ%GnVu`Ln_hggO@caMn
z*qnPe)bRq6%5cjw==b>@xI{(L$Q3E$aEwEj6H2V{HRkAvCt=TDlL9<di)R>M*|=f|
z|E^fkV68o+5yu_Q1?FC>ao7tr&F`n`5X{!ZWBqEv;~@@Gt57WN=#z~<@~<;pD(bC<
zl+}Xz=^4N%dnSPgqm0|)EvmVhf<*sQHn2!*(-_ZQUf+1MqTyY2wDQIAu?|i3$Rc-N
zt#nOlVTwl0+vMF>_Um9VmZr4T4)m~($3&<Jo5VzS`UGjZ7X5b$s&b2)9m+nrvC(#z
z@;<R9NwZ#*D<<nMTwFe!#&3;yrN_%u5|+7tE44IMYQ%&=2jSOLcYu|2W#-$HjCu7=
z|85I&>e&wXK8{}et9VBc+x|pz`z?1EHsl(a=;@YYtmV;d|JsdervBz-I5jQ6K8_+E
zS0R|<9T(JjBv2)8XeM`%k4#fqUp-}#VB=b;Mp&~k{uj-qpmmrEV!L#~FurTgB#ks=
zSS;qJ$&eAm+uP~#8Qk#@8lO%ITDg-$`sLy?G?5-<-yNvM6@m^r^xOc*1ZG~!h|A_n
zon8C&UN;mtuyUMzj;)*FA07B8%H<kRAAS~h*Lnw$6Pdd7O)j_w-?fKN3W=-DmRJ_p
z{S5}`eXL~30tt<YS1xgkP>?#RSIZZ&OIm--(LS%7KSXw{m+dDq{4`&XNy~QKu<(VJ
z3V%>qNQgAAuCCs|ED4I0Oz5T5xFiWySVlSR;XhT}YpGba(?Cc^{30`f-9d8|w8VSQ
z2Z+<!1Nx{CjEAJv7o(Y%&SIA*rxH(=Zd^Ni$zVNMUJ{DMu7Ph!arVV65;BLGjSf7;
z3d)xEdDCsa1rIovkJv2)8qv=LkX_;HWvxGMKy7P-Te~gIaZKy9%{767l3U%%a4>FC
zV%z`H0yf|+sU2GcT>iVY9IZvoYHMyMuT~_r{hS7#dO)CRHv6is(6e*8Ard)cW((as
z52H#I+w5ArQ4NZ$rzYg9M&_Tl2j{vr?tULT3z~fl3{fXL!^-xx*zRQO66L9r9FXkW
zchh)EA#?TA@$pIiN)=TT#(a<0CPaz`cCPiTKTDY6(Oar$@MvBALobb7H81nJG%Umm
z9;zp+HZF=)S_q0{&E8H=yQ1hOHS*O~(9XyM-bsIf0~6)b-PI}JR0T(eRSoYT*N2K~
z5~;*<!mi(Lv4<~RmzUt9w!@ed;Pr1tyR-?NskA>v=53s=5`z@={NnYpcPy(H%F4(e
zM|rqwNeoTqMJo${$Gy&ICF38;H<l~>=-ieABNt>SBD<EXo$vFw9-AAJZiPns>rc+;
zV_ifnEn}1TvD4aRdtvqY_@5)CLGasob!K35fhd8nt`EqXU&$5<D*CP0a}*Wxq<pL{
z-W=?p@yMoxm#$jr+C^7bpY5wfEs*)4_i(LYo=R$+yl1Z~qb+sq&s-&Z#cmfV(WrHq
zf}8X(vJ&Xi$AC)x=XsAkDv=R(iTJks6nMi`ef(%-0^$DWQzEqFU!2JGxkVLjl~`|6
zyJpEbtrAYvrIFHF^FWIDcF|`@l$ASnYJC>lTftwP$);m%TLmP*qpL;Z5>`qsDR^Xl
zUn-9e8}oBMsGpvs{s78ki~Gn@-2Lq9!n-`3p<_l@@8<#~*uL*$aZJ@9f5)`_;tg^o
zuZ|dPfF%3`{n6Z(n2|+p-3nfA<Bsuw>BPmw&C2{$985br`T<VoFp=GoQ~Kmfpgwn)
zRBpi0K3oVdhDXFE>0flYWE3oAUleLi!X(Y0(aRiy@vp$t%EYPi4s#3*TcG(!8<|v6
zq+2TR#WZl=A-?r-tuc8_QsGz`f!IX-kX&jy4iD%nKc{$Xv|JRu-;B{I)Hbr1f3~qW
z_5M<}f@9Kq?O$WjV(v&f8Qj`eMGGfMmcTYKr5mMoE&ukO1}F9IvwsC?IOt0@j?Ytd
zbIy}MgDDVx4AAw;)de=G<@_-4v8~ylm();o!^W6f7rmj?l#$80Ypm-0!i(o&!?_e<
zI<sKa9R5J$Hs&g7dzimvqYfO?KASv+1`~F)CdlVNKS9*45L%qqnL*D1bpjP|3=j*Z
zl!-l>&4uJW6tNR9Z%w7^lci;@Fp{}U=B#eevJf+|{bUdr9t^lZE$pAcVZeTJ4-#8s
zdF4PRa$ejF)GWBMsji?`iVf0C?69R*;GGVg75(xGLJNY=u_q8d<V&ECi=iYITSQxV
zQD~>8@I%NSSBpvDTUh^M-yHd3)Arm>FRUn@PcO_;w3eRdWEJnJQ6I{am+PEA;ZQcs
z3TS0G0UeB<m5jjCylmZ8`nf4ys=Y$304GKeZIT~5`$+2_iB?<f8l)~-s3{}2hgcx)
z)84hW3{;;mXgb+GcX+W+3ymF%+e)mrJx+07JD<9%LnMXcIZ`Kikf<kiQYFo0YQkZF
z_}(@P_0hY$f*}?>dOiNuorRnv>6Jpq!tg@e*l!+SrB`e;5{t9I9t0lM5{E*1Ki8Sh
z1rWl^q?DDm))rEaMNiKFitb6KC78Q;w?;R2Q8&lqXA<bofmo(D5zS%!sf_KL@o4|G
zgs$tUy5UTt8=VV4fhM(gWs4Txl93R~K`w0OLx6kdFtIfB0v;grVMeUj=_VXBy}Lb(
zH==5yFUe=^swZX~!?JqF|A`D&#3xw2rqO{G1IeWLGZ~f>`e2{-(2CaQO7d_k<<T|>
zUOyvb?f6_1a-V*micSC>^+J8<BEwjbTteaV@Ev@(ETaK|Iy<}joPMH4+Qc7nf4Yx+
z(TYsqXoI!r14il+nQ*`t7+B-iY7)=t+4Rvmh2Fb%d_*0@8#8;cm@(TbeYzrvJ}NIB
z_20TUjl<pWBPk3;KO=l)^7dW6LY}XUL7x55>3=JDc>JFcmGS~UPwDqZrI!Wo@h}{N
z>E9%3>|Jx*o2ZMO_Xe{i#;093JAm&uUbkm=$rr}A8-r)v^V-es(ARdvUPA!Jz|7NA
z$glTbIc^>qT4rmYnaMfs+opdAumBK}Jr(ZXVLT8JM1&;a(eyG*o#J0yhnNSm0X_%%
zVNgB~J3euF(RhH7cLoS4S6G0Q2?p*)76D-~G((np?M<8p!Pn>l7XU1<Ai=RrpYQ08
z-TUo;@SQAMps(!L4d3~Y5aPDqUAnIKEjbPJ6t8lrawo<KE=y$1CnkfN#syAn(agS&
zyi8ode&g-LcBBvVF7(;L_Ubhuy+ZISk0)kjxF#ImVOWWKFZ2WB#Dp1^2ns6>zf9*w
z*Vm1kPYp2x=QZPnqzL5&h6xfGUgDu0aoOo)p6V^j$g9<fd=RI!g0R`O+quAMnF1w_
z$?1#C=VOxC8e>dy8UE3N$>A-TIL6KiC>3aJyTxcEEio^*(lDvt1w+cktcGhv+~n_H
zbN^;zj{kNOWML76q~$D#osvOR-;9{148#0YoKPi`g65jL+$Spx4Mb(*H)3gX!RYL`
zO~YT6))@$~^*`gT*2FIKB1UnR$qITmttTO*I8e?MM#pHBjhlyT8!K__OH`08FtV?4
zta5R~0vna3n`6o`b?=+LVQX-*^8kElw0rG}`422}&?$aVq)zPKl?Os^HftplyZN&j
zJmI*z%qC0FN@D{O>gd5h9rKB7>P9jCOeh7HIE>vf65@k;MJAZzevx^kMAKE;6D(Qv
zz6VBoPxun(p5m}@oAX6mPN<#TChOPqKhHB~s7|H-Ou^RLpaFKg1SH7*kRTWtOH2Pd
z1Iqv)#R4$^0iMkm8TWd=tnS3@yH)5m`o|ZNY+Kbs5nHLDoJP?zuEP*D>1614s3>{u
zc3NX{J{Ca;>og(Nfl$|``)N{$gG9mp+}JOi*fYamq@C9(UB0A>;Zg#foHm=wPh<_<
zEYXBUdu2$q9d#9iTXJv4u6LBozZ!r>xbq>#%>O$cMWh~s5g4xCr)a&k9S};UM;R1}
zyXY!-*&Y<#p9fxK%qCa$gYk3+HL@CK-jbl6?@#C4oo7F&b+!(vZ>`xaFtM-RQ0<H^
zFD#B>BM+f=4YOSm^vu}avvdtsbq!LrDxJXbl$HgIuxdb5Fy*sFlB;~%77Gbz!4iSH
z2i$a&zslX4^BVJvGy;>rL4I#pAgF{?uN&vCCf~bMi7&Y{XiXG!tfP$XId?gwTu?o_
z1XVaSWjv;*-zcn{E3{aY{LXYc(YRKb=F3st><cF~_jsbksXgOLQ<W!WMYbQms9&W$
zQA&evvq!96Glg{4*L6T!e^X5!tR}f!_x&CfV>Y0xowVo$tXhapLYdK3S4oW1w>5_F
z+?)Lo&1jI@RR6yMo+M%08^9gTav@PT#p-+z?*Ym6^)lwZiW#AEhRQK0K2yBNrXetm
zWmm<KDzn;R@3t;$5Xv3S(YJtm8B~D-pBmQA8Zqcb!8>l#zE*dpPD%NCP7IYU3>C3h
zEY~iIFz8zAHV4-<23Pw5Y|{&%eteP37+n=><BYWF<)_4fwM$2L<$c9+o5`{oQ@&;2
zHO0frG^&m1;afb?V?T<T4dXJ;F+yN@0i)FuBU{^CYnyAIH6DlkZxYO-<R104Ygzv)
z?SK0(_Me;fzy0CM*8aDPr-0?q7v;^IsnLoiz<HLN{7&Tg(2RVI5m3iOIN}IeTFMV)
z)5sqMkz!6PAC-OC)eVTOlY$*GKl=r%p4EtHvrXn*bKEC1o;;o^W7w6C$bUShI6P{Z
z0#!h`e;XqGx_=eU!iCYK_yKDw${er>g7`GPd8NRq3R0r^D+|P4uo1)_@evH=Zvme3
zWMVOoT7c;Q=ofi2!_29lg4IsK7b-Ec&7T27CwbK~EzDI_dl!ZYXTYYM!|f3Ao$SYa
zvlg`UG9=$uU)W*;dH-k^my3h~NcEZml%i2Pv3fs!*-oFU33-a$4Hx&o{VZT=`p4YP
z|5z|&PrS#|h4&cbo{ZoT1@RMa_(Wa2)?3{(lVbE}YD}f;J)VT)1;xDTzxTcFSp55M
zPipQ<;fI?fTYMiZ?vnJq21n)h{A2F<r>U8GIXdni-}os@>{&d-8pyLUc&`q0C*XGn
z{Na9a=^DUGf28|YaZBhMIjb>(`)EGr)Uzu#Apgnh@)p|l$N7RFHM5M5_x~Kr#NBJB
zf!_7!@?~*3uwOvUABzSoKf);@`6v0W%-dWt`O2Glnt+s)iPRsM^rQ6cDTfNfQ_5$s
zBd|^AhOYbwFiicUbeb7w#fP5`i;J)<KyTOcdOda~d+eJYkum`Gmx}D?+<Ijg10uzt
zBs=n@isW3aT*IpVN@gee?-ySk9hWX#Mi1aV_0SO@9*0qoetGRjTDo3K8{<s7TGLA4
zCj&i*#h@+DaemgHeF-dUOh7-Pl{0AolO`CYe46LW?51LFbNHn09#tIj+(+y<!X$2m
zAr&XGF@B+*b!X!`qmxVFB$&Jo0OyTuJeIO*@o{fPU-uXvr_QIkyP6>3sLBcr{?34d
zwMFS@sUJ@R?{8S7()%0Jt{;Bs70_bI+2$<@lY<#ym+%57XZxz`-s-K_IMRh5v1hhl
zSr0QGe0iwAjlbwel$fDUafrH734SqD;=P>HIfu6zDXi>|`sD5dhu+&`vvvw&mv}cW
zCW*G_G``il58~S*Ut{6UYcnF+m{MV>e`nESZenQtmZtuXNwk~=uaRFjCUC2~F{!qg
zL1|BoW@ek$vE+Nr=GMWL&lRq`TwwFONt{`@F8OOg9#Otv3R|r!Q-^B>Q{J?`<Y3<~
z1t@HrG#x<s?qm%{)(&Z$OoB^MX7LXhNhMxSqh#bq`d6|u_1Co|+`_E<Yw}3HFQ1Y8
zA{T4<FPojoB8j+zZdN`S^&{Dp^5dqbG*6;rdVe{`>_Kqw(0&oJ%UL?XvL?!OOFmh9
z^2$k{r(r^}AF?01Y+HDxU0+AT$}y7(IwhXsWzjz}u9Nm*L4{@v^>K_O4*fqN1B_k>
zuhEfpbt8aV{||q>cwy-O_u<c0|G$eT=S4Ld@P;g^beVg-UdO5SV9FV(_aLUTpo3|x
zfDiL=+<(AclQ2t{<OwiZPNu<%hQNyZKiq%z%((y0hWqXP-^o)XZ6|WizhZl?csi)Y
zz&SC$xjFE>*mOO+U~fJdbw0LjP?&3Kz-bo7M>5qKjj#TqGat2@YkWwZ3HZPM5c|dy
zwBM>HVd+Af#<nesEs@ym<G}yv$RDri`N5tF|BvS{_Kf)N;mel?`z`+8#bclq+H;<e
zq-P*}dWXqIKyLbtrQXb=z*jb5Fye86g}znIB#$a*D){^@!wl<@m0V|?qt#VRFNT*~
zNo&njPD7;|pib#BV)~pO2E2ZQVc0TG*<zneSaB{xU)U2Vo5|#ob;Xa|{$YJ5`sOdq
zHf68TY@z*j8>FLr8bE>Mr>Mb|f7~IR>8`)dvUwT5511Qh>Fetd{s?~q*mRu`RDU%4
z)ZSS-bV1+p&g|ayN%<(vwzFic8c-_izy6!qvHHsFO+Ps-j5crRIxp@t1!YIaAE*8p
zt#jl<ubd6|UB!vU>udkLvT@UrPNw1FW;wFH5~b(zUnn=z<Q~vZI5vSPQXp*Zc9o+H
za^>-vD^EUyJhlDy=fIL0%>4OI*1HDUVzVW(D*rT&>;#yLx+l2ip0NC4wi)MBY0^C<
zZMQ<eSekS4>!NGt$R$8U9oC<bmBFxqPo9aPy)WGme>%ksbc>+3NNBx>UKd??x=q>z
z6Lg(z-p-$ZR4yBqb6brLcKOjR;UwJrKqX_P<0um`X;`ZzmrY^zXT>adWBy8*rNs~`
zB`t6y$`4}{oynzA?cKN>IUR0M%GQCrYaH|y{0jp;ov29rs8!qOY8!wL4=NXz!?A1Y
zEmt8Orte>od>BhzYm>4ivmrBdSfeXvkjWZWAhA$AIHlRGQJ}cqDP~^j!YRFQ9CvNr
zaw-t(irwN1CEKEf*ePeDN{DWv%~?%1;1+<#NrD-#)k9D=3`Is)Y6aX<Dqr7<2T~x~
zKi9cziXk;LxAyXN++{@{0x5kIq-L|)@R3IBIEYYQ;lb1JV5vl5y@O>;%QznTTb8>}
zU<r*K|HuZC8k(poE#OCY^|L+>`!C;{^-aK4{y)!$rvKmG!OJ%P_f8%IlZf~UvG*mu
zKN3%Hq_`%I$ipojTp|DyAcfrI>!$-?Iczw_Jv;9de0{{&;rwfmIHP+t>_Gp`7Hn;8
z=5j4E+Jz#7AphGnOh}Of902+9_buZpu{}Nd!y3vX`qyK5Y%x4=kpT&_m>@lZ$BgRH
zy_i;aSvq)N*u42ujsLkdX$>+^<^TQi`AgIPd+&Lh|79nS{qBnd4JDpHCi)jVaYHKL
z;Eg{v9k6Ca&_F|O@_K-&8}nO`uB-nI5*inRs=oiTBn~m9_O|Z-aQ`LTc{BcFxYyqQ
zT|A0r@v+xG_UHZxXgKDf?B|6Lvi`T2;+LNU6x7B^8YCF@JR4wjyeH-<e$5Y!;2*0n
z$e)CPY+1SuvvgZ!+)TYl`2p7tD?i-YnccwQvG19<NqL&+oahuIoU0oB;gxW%o4j=;
zlgTrg=TW7P%Lh|0=o8f*BQDwYlbp#ZTo#AYl-*5HjVK(#Ra5hV$U^mAZn3CQIXuNT
z;s#~o)Sm}D7p$wH_MvEflf(iRuC~f&Rh*J&!q#;W(7{I?plDclVT(++#myQ4x>XZM
zi$kYt4a!0ywc9FdgGsIH7RenSY{z8J9JVEcE0RHRR(47b#qK>&vM8tb=OK?(xAc=B
zleI2=OD<b-=@`^aIk7O&u{8SahJaFCP9?9|jtObW@GU`Ik)Rq!$e9Fe(`41y%ZEx{
z&1wF5$ZXxa{ArNeCa9q$yDizRM|R6C01o~CEvqC5qpw*6zQX?Z{9t%s>i?fVYxBSC
z<Y}bFz+i_A|Ct8UkZRo6e8+y2=Y|)*IaX^=TR1l*Vxh+mU0@J5i>nq^xt%95oc=@4
zEP<}qluu?rVohw&%u;7KUvHyYe8Ij~qj-FMbiQImc?A$6u;H*Hyt%t#v--*omPK?}
zJ@H_bKU>}Kejy0tXAeI8xqCYt!Pyz|m&sfvL&RQ=FHVo%o_3#l-5<_R_`gn0U!B6g
ze&NVeIQ7w}TA0i)oHSAOclLCpYyAYLU#!1m)LvT4L4EzQO}zM$*by^nb=C`$9*18~
zSvsCOajA_eR0ME@q6&5_<$8L3O}??-_i+0<vP#({rlFp|&(AxS6H*LL`cw{zEv(9R
zUbs~DXFDv#<!|TAm}1eEXpQd3+mf44lHBN<_^BWg(}(=8MRfGlZwH5X-nAb_%QUd4
zxWxU?zWCI=H`jk0@}JQBtCi!ok^gi5*@2n=bN}V@VJrXb;&D+MCIhZZgz(>vU?h|5
z<RM7;vD=Kfd{^52N=s%V4x_+dl)`ump$Uwa`F;(EPvXqfL9Rq>R%+RAP84@APCvUH
zqm3lXmO(0Oi>rH6wbQa`jR2O?P9~g5X6?jZjAlB*-|G*M261rrRd6k<Jt;p_4#Qx#
z`pNr?ll9t94f?-!9pDQ8@8Qego=N{-96WF7|1O?p`rob8|9yb;xfIFmzAmsBd4>AG
zdDHFG39jW*wpzVl(es0<8|*we?)t&XdUjDqSPZwLdctL8YQ;2^_p(jX8pO(B+e|HD
zdw;cR5-YoT`IoIt>?${`tBIU2%v{BWR|29Fkh=rs1Fto#p@`-+hqdOVwTI0zzCFvy
z!1|ErTJoi(_hS7<{2F9Rs=WK<u0%C;aMD*y!qhfhe0LJ2#Tf(ZIDX#~t}taykMXNB
z!(S%vq_l{p=}%r-{1SV)3H)er^Be2M$}IR3xYb#9o+hIJO$cc~g<WkU8Xp%&EMYGr
z_&*<JGAUoJ{KN^iijGR}oV)z0=sox}%dj@AnOgh!P~R)mPOUfms^b+gihe3}K-?@A
z^KSx!Ab9058kHxUS~EKcetZ9$_73YuhJJJsME<=rRP66*-^_zFBt{}PV~D4eY6c&n
z`fLu8T~(nit1Fu`8i+PCV>gI<JEtwFi=)~6{mGj+0y1Z*6mP*{fx9NIL!Vb{*#Is^
z5!Z51Fp{Q&ZC$NeU4SUCs0W9YtIdkO9%j{9F}sITeOAoq0al^Sr}oKKqm{I5)vB~L
zI;iE=Tl=Y@|6RKdWL5sRg99`F$HDU#&szQOE}rK0-v?D9Ql8PBm5SV`dAFpxqzlvy
zs!TTP#uew~?5SDR$);TyR>9rqtN%LI!y5RXd)aL<|68H{FT8H;e>-`q@&DsESy-hg
z!wKk#iT#zBU2^&Rvl$6D;l#rlZqSz46m!+O|7+#}uJZpI9u)FF4xhFDe>-^^+5fkb
z#^%$#(iXru5-2;+z!tL%TRjchJOUz|`QYFg!Bfp0T%nvUs-#Ut^eSg##XLd9$&_V5
zHnsB(#(I4&`qNL0{1<uZ)Bn};Kv(I1_Fn88^#9rOy_Wv(<Y}(|*=368I!-?ihj(yr
z`P)q$UFOR4@x+Su`9z)q{=YaqI(dECpG`J5h8zDMJUe)4)PEU1KR9UXzwG3B<el;p
zz|}Nar}OvufBik2O}#7~f7wNciR^GNNd3D$E0VbcG(#?Li2ak<pm2l=Kg|3v9{5>C
zFSDc<B~$o6<Wu|ec-jSIHd)+!*&Xif{n`aA6)nCjVBqe5{e3Y1uTJOZ!Qhue?~(Ud
zo>Pxk69q<kbni`*1rUI~ck;&j{>@wO^yKVq|4FCwA3wh(k;k8t7d4{5UmlC4!CL#-
zO&CNI68A>_WEu?c`=0W7FO08~bmp@}R{two+(*He*Fb7|*}s>58a(m-<7Y|z_WJ*`
zKm4L%1pal8eO%dprz3ZY!Ng-xbLfojK~wL$<p^E}z`Auhj~;n%U;XFFMd#}3YUF1(
z9XPu)bTCgme=;dZxt^FPITBi{va%k+7_Lhc6+5Ur1UM6#*BR>~jHlk>Ch*8nvGX>O
zUE_~54MyYePb|#lX91CV@5=1?>QG<h`g45b9RpfOX5NMHY3Y1*FKo|GwHd-VrQ;o6
zoMiZQn0aGA_C|px6MIeA;;wjG{PM~pKe0Xm>4!Kh0n;*80aXNsmxm}AaLHR**Zme(
zmCR<y3Z}s<xdo|O43i%%Pbx#;ZI&hDkZzvbDh3zqgB7yP)D2{7V@yk@^N06cfF2Qe
z)8IcR+_aDX%EoC(h9U2d&L2H|*#C?FX#b+Wpf|<IBBAnq@Q<tCKU~3oup7_F64>x_
z&gcH&jgkbl3|HtSgdbndgK>C`I*7ZQ02Z5izNdst=X;(iTSJF|dYtraquJw3iZfN;
zF4*0M|KyQ5w!U+(#(FE4zGi=T=o*M0|NM*dW5c(pQLB0lgeLLLZIGtn1otIdU<yTS
z*6o%xQvwl`oxH}Z1lZ(a8M8yIwek}7D>n9G(Yn|<bA<+!eG53F=7b9F(^|8$>+h4r
zc^YJ}lNDVcYR@o_oYBSfW=vt#mAJ2>|AjwovLrR;q|ScYd`~e;BsKeD?~A>vhBnQq
z<+{jBlp_Ab(;8IwFLZX6({oC%P@29^mL70P(04)zA<ys$w=+SM3gqBCO=gHMmUMGj
zwnI8+e8@VpvBT*#??5b(zRJh2^t-}UG92#eAQB^(t1dP>PbMY3nGOVcmtDSB-9y@<
zr(M<Op?f%_A+ht^yUAnjO<s=}su@NuPl5$BL0|@wOL{NKAzrOXGS0AU={T6fy+Z5|
zCH^EEzyz~F-gh=AS%plBS`&swXo}@X3esflpx{|n+;0Sm_|6;Shs1hWDHRoyZ9p8c
zvM=!m_zzz9HTNC%vYTWXO{&OaNsvNuB}e=XZl`R7O7oHR9@xCS)$27RDxrPEZWs2C
zry>fhBv%XGlpPMs_9zYhy$qItjA_u;^?X)(Cvz~?J51KV(0qD(`VJy)@>ytHa_!wv
zn{W)^ptW5hs(=55+`;!jF!vrezco3#1eZthF@r~A;2`7Pa^7Q3WlwDDF@m%Dz`iDT
z=V^EwM!_^V&BlJjQXW{acb)#mYI&?ln#_OR`$gZJqgSs=cgO6l*}XMe3wQO4Bw2h7
z>&xzea?V!mY#ASA-zPD4woVs60Lf7g&|WFsHk-rWC|SUjx`xH{7fdElAPc-1CVb*j
zf&<8<D$u(02G6<V4tPIxhLVA!MF1X&cbTns81#J*1Jp>~%Ht~Wn&IbjI{~yS;_C@0
z<_zkgU56gK2;5VA>+#oXLpQclDim7j6$e!jvdD<_y|Zf%-I%g~$)+4uAebYNo&rFq
z6Zkt<CM`1|dkbMh8W*e+);;R0Szec$yREgFR?x}WG8+ZLJ0OVTp&|tUlg%ZO;Hv->
zyiC)eK$vvIA1`Mk6oszU20|glIDMc5_zrQAsbPS>;l86bz=sW>%x!XX4iDl-EISN4
zmr)0r?ki)e7r+$@<gd{Y6kG9$TvC?KTq)ttf#L&0V~FFo%zDBml1{P;Y>|HlecUqT
zT_qBy&*`*rZwmuv#dfe@b}0EFMcokb7rX;gVcRbmh`l9HtTKuU%EA!m%j~B40<e`a
zY5d>~rBx&;q6X@U&7;86GA2&-%0~4mlQ?5J87&>;Groe)-Z0Mp3Okt;I<blT9Q<F0
zX~u}0-XUvZ>kpw4!;NRcpTrXdK8Np4$%R6xH4PBgP-kAwvuT2|Pdu~`Uzt?O@lIdN
z#;s$b4~}zEXT^DL%@e(SL!G<YS1Y5cwNG``O=d7x$>RBE$nXF_iKD#l!!eGtoA4Sq
ziHSd7n29B{5s}xRQJD{};41VMi1Sbn8PHLl`R_@+F!RK)Acql#g!>m?(!e12Wf{F-
zsPT}pX@E3*G@nQJh&uD!x)~}uKwJQt2_iDA5sA$Wpm*6Fkyn@(b4c=#a-xN!kGKFx
zH1rzX`S%&wWX#U{D3tTkvEKJE`((oOsmQ&PRYu%wTV$Ub?3IMNGN{bjs;+LaTCZ58
zNJOSbyhXmppOVJu&X)`iegbIUNBu>3eH{?Brfx+;0J~6yJcZS~#}6}{7|O@UA}vQD
zoCjuiK`HK=aPjSOl$&A_#0iMiS+_6=_9v_;<D;aojk(=~)~XD`+QAut`SQJ7MH{+t
z^`}eUiIA7;mCPmnDi+DlJU4^L^c%|hDpjM3O~_7NfggG*txmL8^J(f&IHg_Oq{(u6
zqp*BzaM-sAupbe-7iDzeY0->DgaI%KUS8gdM>mZWW^ir;5?)|B@tENnKxE4l&j?eY
zk-9U91Njl2+QKl5j2BtN`l{iL>w-VB@^@p}-a4d9dPh}$SOe3psp<VhRlAkC+~&$#
zYyk`)lcjB7yl31C=?KufTM!k4J6v1q3(N#u?yRm56AEmCbCC=>!z8RHj~5m&8PUFX
ziaUy|1+%VCV}?V5nQbOz@=b#Yuxb=FhjmImH3prd3{-QayHTyvC>(k4Mp;8^Hv=RM
z54U(4-bzJ`=#Z4}sFgt&lue{UNnWYl{^Zr!R107tYXDg8Xqh$yIlUwXHaZnLm<j3=
zNqd+kw;{@MN~JqF*2Pyx$2M~I8g>*n2zfImB^Yz-7sPz_fk!<Oi{~vdks1?C*t>iN
zcuK<=LONW)tU0r<UrEM?mY@knA=g&;uc_g0sM23ghrf!_zNwaeV`_P8h>p(e(iJ29
zs`!HB#~eFk%Q-SL08cy!gi}*IQE;&DZo)C?_U@JMxm<`iNQO3{s^Tt)qP};`T(Hj0
zZx67)0bpkM_lv%5y7xBuqsu2vGYRKx+V?!k0S+oeSfIX3WNa7y_&qTfKObA(<lccU
zOu{FY^|*itlNscF3?7O1Pt;{>#rm;xbH@(s8(TGKJbVjAb)D8~GlQichnQ5{E4(*s
zExu9dRuX*T*vCjj$5`n}6`oXa$x#E;GLu)qLe*j7W|D51VVrmHF1QYV71tWBI1OFC
z=+J7cf40Xo3(}OI3uca~7i*E4xRVKeqChCeJnU4GHVudIVXFbqBbI?5x(PC>q2>L|
zTjvAhxF`pS#6|f}0}2dV3^ZMx@z*0Z`FDJ3@A%Z7*wz_4IGz069qF=E4VTb;=;y@>
z%G3eGi`AgF9kA)}vVu#mh^v8Y|2aEn;w4BT;(U$$_;cdrQv4yfWt<^0=`m?py!_;L
z{_rZ5qYbs9mJDcC-n~2zs?GU@qmeOZ<7pXqQ?VgQVcdxm@gY^GDvW_C0JWY6i`jfY
zIrO^LNmbNTD<OjL7I;uNQba8HtjepbDH<q2T0|W*!uqJ->w8C;7bP%lU~TYL-1xUa
zp>OZ_$P@GQI6~&W=p=0V+U$U;Ea%u+D#rUf!yfn?P<Ka?!029I0NlV_ATpPxGcvHk
zP|T+cwuLe_RszH|9=^`LkdwUPb}fiU-#uC>S8*(e(%8}|i9{q{p>IFau~vd&nZcg}
zrMrQ9YO+9!c22)|`C{)zV@1hZEJK1XTRaZ?u<$6n4)AI`5xj*0pBnQ80*Ho#aWL@b
zVUK=#RIJw2S31RO>Aiu&av%699u}?@uh;{%oQ<mFn_|hn?qSy$wEMJ+p{4NRj2gn<
zlvLudJG<|(zPfZ)zGmhK?O1U34=0yz-cx=7h_R;*HU}OyM}mwK2x_&QA~pOrxnp;p
z(<8d>%nJjqFU@(Pp49*M-~Sh#Fy>*Z-&ny2(`XWDZ2e4pk41h+x>J{#Gv!m-m6Ykm
z9m$=6p&bV*T4czK;eFcAYoFvpe{$=yPyL0tOi2{Vk7bpjANNKFD-%`Obc8ko#~m$0
zv<k(-Spl(l2G|3o*MxKET2GHTa|5Gi!Q4kqKDvKGyorXgY0sIqPwu4vingb3<uUgr
z2@p(_A_N1ajf`A2kbtMvr$C2W6S+*x(BZ1#F150v%SJJycLg8fc0F)q@~!uI#g|%@
zN*y134X?U(_}<EDxH;QUkbIds&nT3MoqDJdVLE7SDm8r{EX6+D5+Lwt;y94?f=v`n
zXKEKPDcE2AXl%ehUhJ-!*;#M9LG!cT@m9>xrPX1aN3w{GE!r`iFE2JBNnSz4bYe*?
zP)4e6@vW0TX(h{VRmz?nS%94xfL5^t%XHZdE_5A(Z%MtTriNcfa!~IRFaQ^;JXM3M
zp+Q(nNTulT_n+?x%)qwY<dN8ALSSp%tZNsRMFDnVtE?ze(mejhRpw!(z@NNBw=uI=
zOrheaeDcQ4@|2f#v4pU@>z%D<04(dMp&_uWo0_+IJ;PvWFEtE=&bAIiVOhJC4Td#x
z7_Du>DjQ?#rYv{vtc{wqYUG?+-?UXS$OANS+3Q_6*xW|??T?+kXZ@!jned>P)w6vU
zA9wzzXV3RuviiTn7sLI7{g<EZ4PQJvX!HN=<YB(<l#NfVg5&*8MO&3pFW%3;bX-+b
z*n3&DhIODtIIxs+GR#4w?0@9-dK->okUg964D!V`;u>V<b>bW3$2H;{L_r`+SO|;I
z=yX(e^Uxc1It0~+$`5wzrHhAqoeryg*`Z>{T%~g8)mEcmhF_&#rK-B=@RPQ>?gWp&
zKRxuiU9~T_o{7HPOfUv@wRS)T^-?z|13u<6q*b#+wMqa&M~P|R_0>8UPIxFF**NGC
zkxO}4rL5sruX8Qd(d=1?qpaDj8s{i`%N>VhFKRkYfiFd1DMM9Ud=MZj6m3SNtEzHn
zn@oi*{aA4CS9Wxj*x`;Ek4&@g=s?+c7zy;hav(`Z34S^BNCMPObG`6lXt7d&amR>q
z)-Tga(U{P>Zaikk78zO(2<2YI(5~oL+%bHFm33~}pP0b0u19evcZt@)vz=gujw_@>
z-1w&BSH?1QEa4MP2df#w&?$sWXaj8`w!5Q8keBqo+581~);LzlyCR;8%e9iIJy>61
zOA&{hsd*r7*+%sTAaosF+mM5KC1r^u%sNqDTi=6pUG!meU0YdY<qfEh28x=F=P61b
zwUe6q82Ws}IvJVu9Vr9a3>>@I*hFA%Db=;m!jKqOReEaH4`ibL^+`NZHZF*7!!(Hr
zjotddFN~r<-A8$%h-#Aq0z3MTxRgBS91r@xrPJk%@~}d~Ia*~b9iXcN=gyRA@EXEu
zLpZs-3HMJ>$7QXQB(Mq3x**d~<g8H6Eq2rd4aM%1NzBBt69Mw-5>)q!VlT=a)UQLn
zpghY2Z(e>GbFYz()%`?abW07H9o+`Xnn;VF{L>WVJ0`bJnuP2d^nt^Y;d^_C01Iu(
z3?71mfzzm1GT8Y?bB0ibz(QWVvW#uFK;*9#(}FTzX*ED$es7O{`yplw?1DLHA+hof
z`old$8tAGF2bvf!`dBv~FytW073r1(y4>2wK;xqbRUx7dxj=c`K{6BFjps|8-;Dn`
z3udHcc((sKlthO6TszRyMgkX9$a9vH54eK=yIu?fF|43GrhtbB#|ZXd2a`8&#48|O
z<}U$cdzoyrj_WyYrs~`d2mX29^E#m#(1#KTVgmWo3!~_GULiV!>t10+K$zI&M|~j5
zMeKy9fEs>1^d9&B#}oMry{9bU-rt7&S9WUiimHzYK}bO7;ugP_qyVMQ4;5KV0QVt>
zR}hA?0Z;>h_w&1VSg__@&UL>7)cp=s<phmi1mKvbCQ2axsl)vLAkhD21sHUKeK>c-
z+|LfbT89W_=F-71IV&E9o<IuQqp&+0_D<5ZQ}R-2*Q(4B$ui#}p0YS*(RU_a+$oqX
zI;Pd4<2G7!G@At@?qx179ZU6gspHtCyHUsDA*Hbpg8J*lq1mxAt1}C8LA?}39mP9S
zZauf2I%P7q?{A4b);Q7!`!QpPV3VHDx+PuKcT&VFXMW5j=YsvE0EY)=f$^-_5||B!
zLGUDm`;<pTmGA7PypGY@P<&q;w~^m4(f`7E^*m{3THVs*v^8zQ+N9c>npm84tBqGk
zJH^Re!A9T}^4yumt_s(}j=<~WkBDb%^AdgmO%%04>*|FHLu^ntWYZ3<q93wph*r`O
z*|bEB^+emz6e+qQi+ch`Q#@qHWOdex(BXY;E>4GcxL&jl?_|Z89UI4{pX{|`Re66K
zh*;%4Z7Ob+cek17Rd)HTQNYTL#_lu^msR3PW&4J4rMz7Mi}9(f8y8t`T8-l)dABke
zRDjR(rc4QDw3e?~p-~YHDu3q4BM%ByVX%Ji>_(wr1Wd}lZNaqsrI;@)k;Me7%UdH}
zRCd!WZgeN$*iam)>~B-?q_RU6SIYlX<|w(iT+(eA#?D(8<lmx~UZ=`UuVeV><#eD_
z?)8cp1T_ugPGw)umLSq_n8^uTQ35WJfrVy`DOYs$N>O2<saUqCWU;GR>ML4`Gq0~~
zu^hLKm&egi7>vSrIf88j(Zu(<L{kw|qbrMs9e!9>v#EKWZdJ>>YGhgSJj1qTPN~ek
z=6OX6o1<-+SxoCjHH_su;fS9hk;w?bG0;Gzam=$P)UVaeImtmbBbnzJW-`x`G1cZ6
zCr-6tF7r%RV%E0WWM(s(>1MOsaAuoJh4HM!d}cSGm6*BM=M8LYcI%qMzD74)H>L48
zD&{oNgJMz>Kj~&Qz4(b!PuQq<W~adB8pX4u?(a{gqT9X#OI1E?SfSMFg<8GP7WG1#
z;D~jLNM%9Tj#baxa@H+pU6-@|*o-wbd{}(-r@~mboN>z;ugn=6JV|Mlua10i=&4o0
ztUcHZk9B0_GR={(x`sqYtwTX=KX%+|`?OE{v`_oAPy4h_`?OE{v`_oAPy4h_`?OE{
hv`_oAPy4h_`?OE{v`_oAPy6K0{|5$~Egk?c3;=6_1F8T3

literal 0
HcmV?d00001

diff --git a/golang-external-secrets/values.yaml b/golang-external-secrets/values.yaml
index 8d30c3df8..e3d141485 100644
--- a/golang-external-secrets/values.yaml
+++ b/golang-external-secrets/values.yaml
@@ -37,10 +37,10 @@ clusterGroup:
 
 external-secrets:
   image:
-    tag: v0.9.16-ubi
+    tag: v0.9.18-ubi
   webhook:
     image:
-      tag: v0.9.16-ubi
+      tag: v0.9.18-ubi
   certController:
     image:
-      tag: v0.9.16-ubi
+      tag: v0.9.18-ubi
diff --git a/tests/golang-external-secrets-industrial-edge-factory.expected.yaml b/tests/golang-external-secrets-industrial-edge-factory.expected.yaml
index f0969200c..712ec2478 100644
--- a/tests/golang-external-secrets-industrial-edge-factory.expected.yaml
+++ b/tests/golang-external-secrets-industrial-edge-factory.expected.yaml
@@ -6,10 +6,10 @@ metadata:
   name: external-secrets-cert-controller
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml
@@ -19,10 +19,10 @@ metadata:
   name: golang-external-secrets
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml
@@ -32,10 +32,10 @@ metadata:
   name: external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml
@@ -45,10 +45,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 ---
@@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: acraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -263,7 +263,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: clusterexternalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -780,11 +780,13 @@ spec:
                             items:
                               type: string
                             type: array
+                            x-kubernetes-list-type: atomic
                         required:
                           - key
                           - operator
                         type: object
                       type: array
+                      x-kubernetes-list-type: atomic
                     matchLabels:
                       additionalProperties:
                         type: string
@@ -827,11 +829,13 @@ spec:
                               items:
                                 type: string
                               type: array
+                              x-kubernetes-list-type: atomic
                           required:
                             - key
                             - operator
                           type: object
                         type: array
+                        x-kubernetes-list-type: atomic
                       matchLabels:
                         additionalProperties:
                           type: string
@@ -844,7 +848,7 @@ spec:
                     x-kubernetes-map-type: atomic
                   type: array
                 namespaces:
-                  description: Choose namespaces by name. This field is ORed with anything that NamespaceSelector ends up choosing.
+                  description: Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing.
                   items:
                     type: string
                   type: array
@@ -916,7 +920,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: clustersecretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -2484,11 +2488,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -2921,6 +2927,23 @@ spec:
                         authSecretRef:
                           description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.
                           properties:
+                            clientCertificate:
+                              description: The Azure ClientCertificate of the service principle used for authentication.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
                             clientId:
                               description: The Azure clientId of the service principle or managed identity used for authentication.
                               properties:
@@ -5079,7 +5102,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: ecrauthorizationtokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -5246,7 +5269,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: externalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -6051,7 +6074,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: fakes.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6127,7 +6150,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: gcraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6255,7 +6278,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: githubaccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6357,7 +6380,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: passwords.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6455,7 +6478,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: pushsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -6586,11 +6609,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -6831,7 +6856,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: secretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -8399,11 +8424,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -8836,6 +8863,23 @@ spec:
                         authSecretRef:
                           description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.
                           properties:
+                            clientCertificate:
+                              description: The Azure ClientCertificate of the service principle used for authentication.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
                             clientId:
                               description: The Azure clientId of the service principle or managed identity used for authentication.
                               properties:
@@ -10994,7 +11038,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: vaultdynamicsecrets.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -11686,7 +11730,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: webhooks.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -11834,10 +11878,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -11901,10 +11945,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12012,10 +12056,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-view
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-view: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -12054,10 +12098,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-edit
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
@@ -12100,10 +12144,10 @@ metadata:
   name: golang-external-secrets-servicebindings
   labels:
     servicebinding.io/controller: "true"
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12121,10 +12165,10 @@ kind: ClusterRoleBinding
 metadata:
   name: golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12141,10 +12185,10 @@ kind: ClusterRoleBinding
 metadata:
   name: golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12177,10 +12221,10 @@ metadata:
   name: golang-external-secrets-leaderelection
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12216,10 +12260,10 @@ metadata:
   name: golang-external-secrets-leaderelection
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12237,10 +12281,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 spec:
@@ -12261,10 +12305,10 @@ metadata:
   name: golang-external-secrets-cert-controller
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12276,10 +12320,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets-cert-controller
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: external-secrets-cert-controller
@@ -12294,7 +12338,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - certcontroller
@@ -12324,10 +12368,10 @@ metadata:
   name: golang-external-secrets
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12339,10 +12383,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: golang-external-secrets
@@ -12357,7 +12401,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - --concurrent=1
@@ -12366,6 +12410,7 @@ spec:
             - containerPort: 8080
               protocol: TCP
               name: metrics
+      dnsPolicy: ClusterFirst
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-deployment.yaml
 apiVersion: apps/v1
@@ -12374,10 +12419,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12389,10 +12434,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets-webhook
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       hostNetwork: false
@@ -12407,7 +12452,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - webhook
diff --git a/tests/golang-external-secrets-industrial-edge-hub.expected.yaml b/tests/golang-external-secrets-industrial-edge-hub.expected.yaml
index 0ecbf6495..08528096d 100644
--- a/tests/golang-external-secrets-industrial-edge-hub.expected.yaml
+++ b/tests/golang-external-secrets-industrial-edge-hub.expected.yaml
@@ -6,10 +6,10 @@ metadata:
   name: external-secrets-cert-controller
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml
@@ -19,10 +19,10 @@ metadata:
   name: golang-external-secrets
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml
@@ -32,10 +32,10 @@ metadata:
   name: external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml
@@ -45,10 +45,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 ---
@@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: acraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -263,7 +263,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: clusterexternalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -780,11 +780,13 @@ spec:
                             items:
                               type: string
                             type: array
+                            x-kubernetes-list-type: atomic
                         required:
                           - key
                           - operator
                         type: object
                       type: array
+                      x-kubernetes-list-type: atomic
                     matchLabels:
                       additionalProperties:
                         type: string
@@ -827,11 +829,13 @@ spec:
                               items:
                                 type: string
                               type: array
+                              x-kubernetes-list-type: atomic
                           required:
                             - key
                             - operator
                           type: object
                         type: array
+                        x-kubernetes-list-type: atomic
                       matchLabels:
                         additionalProperties:
                           type: string
@@ -844,7 +848,7 @@ spec:
                     x-kubernetes-map-type: atomic
                   type: array
                 namespaces:
-                  description: Choose namespaces by name. This field is ORed with anything that NamespaceSelector ends up choosing.
+                  description: Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing.
                   items:
                     type: string
                   type: array
@@ -916,7 +920,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: clustersecretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -2484,11 +2488,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -2921,6 +2927,23 @@ spec:
                         authSecretRef:
                           description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.
                           properties:
+                            clientCertificate:
+                              description: The Azure ClientCertificate of the service principle used for authentication.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
                             clientId:
                               description: The Azure clientId of the service principle or managed identity used for authentication.
                               properties:
@@ -5079,7 +5102,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: ecrauthorizationtokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -5246,7 +5269,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: externalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -6051,7 +6074,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: fakes.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6127,7 +6150,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: gcraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6255,7 +6278,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: githubaccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6357,7 +6380,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: passwords.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6455,7 +6478,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: pushsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -6586,11 +6609,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -6831,7 +6856,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: secretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -8399,11 +8424,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -8836,6 +8863,23 @@ spec:
                         authSecretRef:
                           description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.
                           properties:
+                            clientCertificate:
+                              description: The Azure ClientCertificate of the service principle used for authentication.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
                             clientId:
                               description: The Azure clientId of the service principle or managed identity used for authentication.
                               properties:
@@ -10994,7 +11038,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: vaultdynamicsecrets.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -11686,7 +11730,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: webhooks.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -11834,10 +11878,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -11901,10 +11945,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12012,10 +12056,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-view
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-view: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -12054,10 +12098,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-edit
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
@@ -12100,10 +12144,10 @@ metadata:
   name: golang-external-secrets-servicebindings
   labels:
     servicebinding.io/controller: "true"
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12121,10 +12165,10 @@ kind: ClusterRoleBinding
 metadata:
   name: golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12141,10 +12185,10 @@ kind: ClusterRoleBinding
 metadata:
   name: golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12177,10 +12221,10 @@ metadata:
   name: golang-external-secrets-leaderelection
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12216,10 +12260,10 @@ metadata:
   name: golang-external-secrets-leaderelection
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12237,10 +12281,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 spec:
@@ -12261,10 +12305,10 @@ metadata:
   name: golang-external-secrets-cert-controller
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12276,10 +12320,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets-cert-controller
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: external-secrets-cert-controller
@@ -12294,7 +12338,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - certcontroller
@@ -12324,10 +12368,10 @@ metadata:
   name: golang-external-secrets
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12339,10 +12383,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: golang-external-secrets
@@ -12357,7 +12401,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - --concurrent=1
@@ -12366,6 +12410,7 @@ spec:
             - containerPort: 8080
               protocol: TCP
               name: metrics
+      dnsPolicy: ClusterFirst
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-deployment.yaml
 apiVersion: apps/v1
@@ -12374,10 +12419,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12389,10 +12434,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets-webhook
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       hostNetwork: false
@@ -12407,7 +12452,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - webhook
diff --git a/tests/golang-external-secrets-medical-diagnosis-hub.expected.yaml b/tests/golang-external-secrets-medical-diagnosis-hub.expected.yaml
index 0ecbf6495..08528096d 100644
--- a/tests/golang-external-secrets-medical-diagnosis-hub.expected.yaml
+++ b/tests/golang-external-secrets-medical-diagnosis-hub.expected.yaml
@@ -6,10 +6,10 @@ metadata:
   name: external-secrets-cert-controller
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml
@@ -19,10 +19,10 @@ metadata:
   name: golang-external-secrets
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml
@@ -32,10 +32,10 @@ metadata:
   name: external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml
@@ -45,10 +45,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 ---
@@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: acraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -263,7 +263,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: clusterexternalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -780,11 +780,13 @@ spec:
                             items:
                               type: string
                             type: array
+                            x-kubernetes-list-type: atomic
                         required:
                           - key
                           - operator
                         type: object
                       type: array
+                      x-kubernetes-list-type: atomic
                     matchLabels:
                       additionalProperties:
                         type: string
@@ -827,11 +829,13 @@ spec:
                               items:
                                 type: string
                               type: array
+                              x-kubernetes-list-type: atomic
                           required:
                             - key
                             - operator
                           type: object
                         type: array
+                        x-kubernetes-list-type: atomic
                       matchLabels:
                         additionalProperties:
                           type: string
@@ -844,7 +848,7 @@ spec:
                     x-kubernetes-map-type: atomic
                   type: array
                 namespaces:
-                  description: Choose namespaces by name. This field is ORed with anything that NamespaceSelector ends up choosing.
+                  description: Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing.
                   items:
                     type: string
                   type: array
@@ -916,7 +920,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: clustersecretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -2484,11 +2488,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -2921,6 +2927,23 @@ spec:
                         authSecretRef:
                           description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.
                           properties:
+                            clientCertificate:
+                              description: The Azure ClientCertificate of the service principle used for authentication.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
                             clientId:
                               description: The Azure clientId of the service principle or managed identity used for authentication.
                               properties:
@@ -5079,7 +5102,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: ecrauthorizationtokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -5246,7 +5269,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: externalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -6051,7 +6074,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: fakes.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6127,7 +6150,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: gcraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6255,7 +6278,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: githubaccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6357,7 +6380,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: passwords.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6455,7 +6478,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: pushsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -6586,11 +6609,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -6831,7 +6856,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: secretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -8399,11 +8424,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -8836,6 +8863,23 @@ spec:
                         authSecretRef:
                           description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.
                           properties:
+                            clientCertificate:
+                              description: The Azure ClientCertificate of the service principle used for authentication.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
                             clientId:
                               description: The Azure clientId of the service principle or managed identity used for authentication.
                               properties:
@@ -10994,7 +11038,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: vaultdynamicsecrets.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -11686,7 +11730,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: webhooks.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -11834,10 +11878,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -11901,10 +11945,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12012,10 +12056,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-view
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-view: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -12054,10 +12098,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-edit
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
@@ -12100,10 +12144,10 @@ metadata:
   name: golang-external-secrets-servicebindings
   labels:
     servicebinding.io/controller: "true"
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12121,10 +12165,10 @@ kind: ClusterRoleBinding
 metadata:
   name: golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12141,10 +12185,10 @@ kind: ClusterRoleBinding
 metadata:
   name: golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12177,10 +12221,10 @@ metadata:
   name: golang-external-secrets-leaderelection
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12216,10 +12260,10 @@ metadata:
   name: golang-external-secrets-leaderelection
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12237,10 +12281,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 spec:
@@ -12261,10 +12305,10 @@ metadata:
   name: golang-external-secrets-cert-controller
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12276,10 +12320,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets-cert-controller
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: external-secrets-cert-controller
@@ -12294,7 +12338,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - certcontroller
@@ -12324,10 +12368,10 @@ metadata:
   name: golang-external-secrets
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12339,10 +12383,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: golang-external-secrets
@@ -12357,7 +12401,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - --concurrent=1
@@ -12366,6 +12410,7 @@ spec:
             - containerPort: 8080
               protocol: TCP
               name: metrics
+      dnsPolicy: ClusterFirst
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-deployment.yaml
 apiVersion: apps/v1
@@ -12374,10 +12419,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12389,10 +12434,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets-webhook
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       hostNetwork: false
@@ -12407,7 +12452,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - webhook
diff --git a/tests/golang-external-secrets-naked.expected.yaml b/tests/golang-external-secrets-naked.expected.yaml
index 557502561..c4f6c22fb 100644
--- a/tests/golang-external-secrets-naked.expected.yaml
+++ b/tests/golang-external-secrets-naked.expected.yaml
@@ -6,10 +6,10 @@ metadata:
   name: external-secrets-cert-controller
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml
@@ -19,10 +19,10 @@ metadata:
   name: golang-external-secrets
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml
@@ -32,10 +32,10 @@ metadata:
   name: external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml
@@ -45,10 +45,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 ---
@@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: acraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -263,7 +263,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: clusterexternalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -780,11 +780,13 @@ spec:
                             items:
                               type: string
                             type: array
+                            x-kubernetes-list-type: atomic
                         required:
                           - key
                           - operator
                         type: object
                       type: array
+                      x-kubernetes-list-type: atomic
                     matchLabels:
                       additionalProperties:
                         type: string
@@ -827,11 +829,13 @@ spec:
                               items:
                                 type: string
                               type: array
+                              x-kubernetes-list-type: atomic
                           required:
                             - key
                             - operator
                           type: object
                         type: array
+                        x-kubernetes-list-type: atomic
                       matchLabels:
                         additionalProperties:
                           type: string
@@ -844,7 +848,7 @@ spec:
                     x-kubernetes-map-type: atomic
                   type: array
                 namespaces:
-                  description: Choose namespaces by name. This field is ORed with anything that NamespaceSelector ends up choosing.
+                  description: Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing.
                   items:
                     type: string
                   type: array
@@ -916,7 +920,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: clustersecretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -2484,11 +2488,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -2921,6 +2927,23 @@ spec:
                         authSecretRef:
                           description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.
                           properties:
+                            clientCertificate:
+                              description: The Azure ClientCertificate of the service principle used for authentication.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
                             clientId:
                               description: The Azure clientId of the service principle or managed identity used for authentication.
                               properties:
@@ -5079,7 +5102,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: ecrauthorizationtokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -5246,7 +5269,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: externalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -6051,7 +6074,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: fakes.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6127,7 +6150,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: gcraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6255,7 +6278,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: githubaccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6357,7 +6380,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: passwords.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6455,7 +6478,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: pushsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -6586,11 +6609,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -6831,7 +6856,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: secretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -8399,11 +8424,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -8836,6 +8863,23 @@ spec:
                         authSecretRef:
                           description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.
                           properties:
+                            clientCertificate:
+                              description: The Azure ClientCertificate of the service principle used for authentication.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
                             clientId:
                               description: The Azure clientId of the service principle or managed identity used for authentication.
                               properties:
@@ -10994,7 +11038,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: vaultdynamicsecrets.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -11686,7 +11730,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: webhooks.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -11834,10 +11878,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -11901,10 +11945,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12012,10 +12056,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-view
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-view: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -12054,10 +12098,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-edit
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
@@ -12100,10 +12144,10 @@ metadata:
   name: golang-external-secrets-servicebindings
   labels:
     servicebinding.io/controller: "true"
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12121,10 +12165,10 @@ kind: ClusterRoleBinding
 metadata:
   name: golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12141,10 +12185,10 @@ kind: ClusterRoleBinding
 metadata:
   name: golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12177,10 +12221,10 @@ metadata:
   name: golang-external-secrets-leaderelection
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12216,10 +12260,10 @@ metadata:
   name: golang-external-secrets-leaderelection
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12237,10 +12281,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 spec:
@@ -12261,10 +12305,10 @@ metadata:
   name: golang-external-secrets-cert-controller
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12276,10 +12320,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets-cert-controller
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: external-secrets-cert-controller
@@ -12294,7 +12338,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - certcontroller
@@ -12324,10 +12368,10 @@ metadata:
   name: golang-external-secrets
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12339,10 +12383,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: golang-external-secrets
@@ -12357,7 +12401,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - --concurrent=1
@@ -12366,6 +12410,7 @@ spec:
             - containerPort: 8080
               protocol: TCP
               name: metrics
+      dnsPolicy: ClusterFirst
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-deployment.yaml
 apiVersion: apps/v1
@@ -12374,10 +12419,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12389,10 +12434,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets-webhook
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       hostNetwork: false
@@ -12407,7 +12452,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - webhook
diff --git a/tests/golang-external-secrets-normal.expected.yaml b/tests/golang-external-secrets-normal.expected.yaml
index 0ecbf6495..08528096d 100644
--- a/tests/golang-external-secrets-normal.expected.yaml
+++ b/tests/golang-external-secrets-normal.expected.yaml
@@ -6,10 +6,10 @@ metadata:
   name: external-secrets-cert-controller
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml
@@ -19,10 +19,10 @@ metadata:
   name: golang-external-secrets
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml
@@ -32,10 +32,10 @@ metadata:
   name: external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml
@@ -45,10 +45,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 ---
@@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: acraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -263,7 +263,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: clusterexternalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -780,11 +780,13 @@ spec:
                             items:
                               type: string
                             type: array
+                            x-kubernetes-list-type: atomic
                         required:
                           - key
                           - operator
                         type: object
                       type: array
+                      x-kubernetes-list-type: atomic
                     matchLabels:
                       additionalProperties:
                         type: string
@@ -827,11 +829,13 @@ spec:
                               items:
                                 type: string
                               type: array
+                              x-kubernetes-list-type: atomic
                           required:
                             - key
                             - operator
                           type: object
                         type: array
+                        x-kubernetes-list-type: atomic
                       matchLabels:
                         additionalProperties:
                           type: string
@@ -844,7 +848,7 @@ spec:
                     x-kubernetes-map-type: atomic
                   type: array
                 namespaces:
-                  description: Choose namespaces by name. This field is ORed with anything that NamespaceSelector ends up choosing.
+                  description: Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing.
                   items:
                     type: string
                   type: array
@@ -916,7 +920,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: clustersecretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -2484,11 +2488,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -2921,6 +2927,23 @@ spec:
                         authSecretRef:
                           description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.
                           properties:
+                            clientCertificate:
+                              description: The Azure ClientCertificate of the service principle used for authentication.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
                             clientId:
                               description: The Azure clientId of the service principle or managed identity used for authentication.
                               properties:
@@ -5079,7 +5102,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: ecrauthorizationtokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -5246,7 +5269,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: externalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -6051,7 +6074,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: fakes.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6127,7 +6150,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: gcraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6255,7 +6278,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: githubaccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6357,7 +6380,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: passwords.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6455,7 +6478,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: pushsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -6586,11 +6609,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -6831,7 +6856,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: secretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -8399,11 +8424,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -8836,6 +8863,23 @@ spec:
                         authSecretRef:
                           description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.
                           properties:
+                            clientCertificate:
+                              description: The Azure ClientCertificate of the service principle used for authentication.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
                             clientId:
                               description: The Azure clientId of the service principle or managed identity used for authentication.
                               properties:
@@ -10994,7 +11038,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: vaultdynamicsecrets.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -11686,7 +11730,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: webhooks.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -11834,10 +11878,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -11901,10 +11945,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12012,10 +12056,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-view
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-view: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -12054,10 +12098,10 @@ kind: ClusterRole
 metadata:
   name: golang-external-secrets-edit
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
@@ -12100,10 +12144,10 @@ metadata:
   name: golang-external-secrets-servicebindings
   labels:
     servicebinding.io/controller: "true"
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12121,10 +12165,10 @@ kind: ClusterRoleBinding
 metadata:
   name: golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12141,10 +12185,10 @@ kind: ClusterRoleBinding
 metadata:
   name: golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12177,10 +12221,10 @@ metadata:
   name: golang-external-secrets-leaderelection
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12216,10 +12260,10 @@ metadata:
   name: golang-external-secrets-leaderelection
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12237,10 +12281,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 spec:
@@ -12261,10 +12305,10 @@ metadata:
   name: golang-external-secrets-cert-controller
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12276,10 +12320,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets-cert-controller
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: external-secrets-cert-controller
@@ -12294,7 +12338,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - certcontroller
@@ -12324,10 +12368,10 @@ metadata:
   name: golang-external-secrets
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12339,10 +12383,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: golang-external-secrets
@@ -12357,7 +12401,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - --concurrent=1
@@ -12366,6 +12410,7 @@ spec:
             - containerPort: 8080
               protocol: TCP
               name: metrics
+      dnsPolicy: ClusterFirst
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-deployment.yaml
 apiVersion: apps/v1
@@ -12374,10 +12419,10 @@ metadata:
   name: golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12389,10 +12434,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets-webhook
         app.kubernetes.io/instance: golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       hostNetwork: false
@@ -12407,7 +12452,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - webhook

From 4eeb69ba01e2227d060946d9a8632c36d2d8b3de Mon Sep 17 00:00:00 2001
From: Lester Claudio <claudiol@redhat.com>
Date: Fri, 17 May 2024 10:24:44 -0600
Subject: [PATCH 2/5] Feat: Followup to definition of extraParameters under the
 main section of a values file.

- The operator adds these extraParameters to the extraParametersNested section as key/value pairs in the Cluster Wide ArgoCD Application created by the Validated Patterns operator.
- This update will add the user defined extra parameters on the ArgoCD Applications on the Spoke Clusters.

efinition of extraParameters under the main
---
 .../policies/application-policies.yaml        |  9 +++++++
 .../templates/plumbing/applications.yaml      | 10 +++++++
 tests/acm-industrial-edge-hub.expected.yaml   |  2 ++
 tests/acm-medical-diagnosis-hub.expected.yaml |  2 ++
 tests/acm-normal.expected.yaml                |  4 +++
 ...roup-industrial-edge-factory.expected.yaml |  2 ++
 ...tergroup-industrial-edge-hub.expected.yaml | 14 ++++++++++
 ...rgroup-medical-diagnosis-hub.expected.yaml | 26 +++++++++++++++++++
 tests/clustergroup-normal.expected.yaml       |  4 +++
 9 files changed, 73 insertions(+)

diff --git a/acm/templates/policies/application-policies.yaml b/acm/templates/policies/application-policies.yaml
index 0194d6bb1..2a8159137 100644
--- a/acm/templates/policies/application-policies.yaml
+++ b/acm/templates/policies/application-policies.yaml
@@ -43,6 +43,11 @@ spec:
                     path: {{ default "common/clustergroup" .path }}
                     helm:
                       ignoreMissingValueFiles: true
+                      values: |
+                        extraParametersNested:
+                        {{- range $k, $v := $.Values.extraParametersNested }}
+                          {{ $k }}: {{ printf "%s" $v | quote }}
+                        {{- end }}
                       valueFiles:
                       {{- include "acm.app.policies.valuefiles" . | nindent 22 }}
                       {{- range $valueFile := .extraValueFiles }}
@@ -73,6 +78,10 @@ spec:
                         value: {{ $group.name }}
                       - name: global.experimentalCapabilities
                         value: {{ $.Values.global.experimentalCapabilities }}
+                      {{- range $k, $v := $.Values.extraParametersNested }}
+                      - name: {{ $k }}
+                        value: {{ printf "%s" $v | quote }}
+                      {{- end }}
                      {{- range .helmOverrides }}
                       - name: {{ .name }}
                         value: {{ .value | quote }}
diff --git a/clustergroup/templates/plumbing/applications.yaml b/clustergroup/templates/plumbing/applications.yaml
index 29db6f398..870babe30 100644
--- a/clustergroup/templates/plumbing/applications.yaml
+++ b/clustergroup/templates/plumbing/applications.yaml
@@ -149,6 +149,11 @@ spec:
       {{- else }}
       helm:
         ignoreMissingValueFiles: true
+        values: |
+          extraParametersNested: 
+          {{- range $k, $v := $.Values.extraParametersNested }}
+            {{ $k }}: {{ printf "%s" $v | quote }}
+          {{- end }}
         valueFiles:
         {{- include "clustergroup.app.globalvalues.prefixedvaluefiles" $ | nindent 8 }}
         {{- range $valueFile := $.Values.clusterGroup.sharedValueFiles }}
@@ -216,6 +221,11 @@ spec:
     {{- else if not .kustomize }}
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
+          {{- range $k, $v := $.Values.extraParametersNested }}
+            {{ $k }}: {{ printf "%s" $v | quote }}
+          {{- end }}
       valueFiles:
       {{- include "clustergroup.app.globalvalues.valuefiles" $ | nindent 6 }}
       {{- range $valueFile := $.Values.clusterGroup.sharedValueFiles }}
diff --git a/tests/acm-industrial-edge-hub.expected.yaml b/tests/acm-industrial-edge-hub.expected.yaml
index 453e8a9e5..eb1df26f5 100644
--- a/tests/acm-industrial-edge-hub.expected.yaml
+++ b/tests/acm-industrial-edge-hub.expected.yaml
@@ -214,6 +214,8 @@ spec:
                     path: common/clustergroup
                     helm:
                       ignoreMissingValueFiles: true
+                      values: |
+                        extraParametersNested:
                       valueFiles:
                       - "/values-global.yaml"
                       - "/values-factory.yaml"
diff --git a/tests/acm-medical-diagnosis-hub.expected.yaml b/tests/acm-medical-diagnosis-hub.expected.yaml
index 8b50de7a7..6a99a29c3 100644
--- a/tests/acm-medical-diagnosis-hub.expected.yaml
+++ b/tests/acm-medical-diagnosis-hub.expected.yaml
@@ -205,6 +205,8 @@ spec:
                     path: common/clustergroup
                     helm:
                       ignoreMissingValueFiles: true
+                      values: |
+                        extraParametersNested:
                       valueFiles:
                       - "/values-global.yaml"
                       - "/values-region-one.yaml"
diff --git a/tests/acm-normal.expected.yaml b/tests/acm-normal.expected.yaml
index 66f1c5900..d29937be3 100644
--- a/tests/acm-normal.expected.yaml
+++ b/tests/acm-normal.expected.yaml
@@ -608,6 +608,8 @@ spec:
                     path: common/clustergroup
                     helm:
                       ignoreMissingValueFiles: true
+                      values: |
+                        extraParametersNested:
                       valueFiles:
                       - "/values-global.yaml"
                       - "/values-acm-edge.yaml"
@@ -704,6 +706,8 @@ spec:
                     path: common/clustergroup
                     helm:
                       ignoreMissingValueFiles: true
+                      values: |
+                        extraParametersNested:
                       valueFiles:
                       - "/values-global.yaml"
                       - "/values-acm-provision-edge.yaml"
diff --git a/tests/clustergroup-industrial-edge-factory.expected.yaml b/tests/clustergroup-industrial-edge-factory.expected.yaml
index c3eabd83a..356b7e7ee 100644
--- a/tests/clustergroup-industrial-edge-factory.expected.yaml
+++ b/tests/clustergroup-industrial-edge-factory.expected.yaml
@@ -559,6 +559,8 @@ spec:
     path: charts/datacenter/opendatahub
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-factory.yaml"
diff --git a/tests/clustergroup-industrial-edge-hub.expected.yaml b/tests/clustergroup-industrial-edge-hub.expected.yaml
index 393e530cf..3291aeb2f 100644
--- a/tests/clustergroup-industrial-edge-hub.expected.yaml
+++ b/tests/clustergroup-industrial-edge-hub.expected.yaml
@@ -857,6 +857,8 @@ spec:
     path: common/acm
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-datacenter.yaml"
@@ -922,6 +924,8 @@ spec:
     path: charts/datacenter/opendatahub
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-datacenter.yaml"
@@ -978,6 +982,8 @@ spec:
     path: charts/datacenter/pipelines
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-datacenter.yaml"
@@ -1034,6 +1040,8 @@ spec:
     path: charts/datacenter/manuela-data-lake
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-datacenter.yaml"
@@ -1120,6 +1128,8 @@ spec:
     path: charts/datacenter/external-secrets
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-datacenter.yaml"
@@ -1176,6 +1186,8 @@ spec:
     path: common/golang-external-secrets
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-datacenter.yaml"
@@ -1259,6 +1271,8 @@ spec:
     chart: vault
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-datacenter.yaml"
diff --git a/tests/clustergroup-medical-diagnosis-hub.expected.yaml b/tests/clustergroup-medical-diagnosis-hub.expected.yaml
index f4933c530..6e300fc35 100644
--- a/tests/clustergroup-medical-diagnosis-hub.expected.yaml
+++ b/tests/clustergroup-medical-diagnosis-hub.expected.yaml
@@ -742,6 +742,8 @@ spec:
     path: common/golang-external-secrets
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -798,6 +800,8 @@ spec:
     path: charts/all/kafdrop
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -854,6 +858,8 @@ spec:
     path: charts/all/kafka
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -910,6 +916,8 @@ spec:
     path: charts/all/opendatahub
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -966,6 +974,8 @@ spec:
     path: charts/all/openshift-data-foundations
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -1022,6 +1032,8 @@ spec:
     path: charts/all/openshift-serverless
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -1078,6 +1090,8 @@ spec:
     path: charts/all/medical-diagnosis/service-account
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -1134,6 +1148,8 @@ spec:
     chart: vault
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -1208,6 +1224,8 @@ spec:
     path: charts/all/medical-diagnosis/database
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -1264,6 +1282,8 @@ spec:
     path: charts/all/medical-diagnosis/grafana
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -1320,6 +1340,8 @@ spec:
     path: charts/all/medical-diagnosis/image-generator
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -1385,6 +1407,8 @@ spec:
     path: charts/all/medical-diagnosis/image-server
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -1450,6 +1474,8 @@ spec:
     path: charts/all/medical-diagnosis/xray-init
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
diff --git a/tests/clustergroup-normal.expected.yaml b/tests/clustergroup-normal.expected.yaml
index baad3fd00..41eb68b80 100644
--- a/tests/clustergroup-normal.expected.yaml
+++ b/tests/clustergroup-normal.expected.yaml
@@ -707,6 +707,8 @@ spec:
     path: common/acm
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-example.yaml"
@@ -774,6 +776,8 @@ spec:
     path: charts/datacenter/pipelines
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-example.yaml"

From e23fea077bd59d7a2291acfa512825ed2a90de01 Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Fri, 17 May 2024 17:37:51 +0200
Subject: [PATCH 3/5] Use golang-external-secrets for the acm hub-ca bits

We'd like to make the imperative namespace optional,
so let's use the golang-external-secrets one, which is probably
more correct anyways since the acm hub ca is tied to ESO anyways.
---
 acm/templates/policies/acm-hub-ca-policy.yaml                   | 2 +-
 golang-external-secrets/values.yaml                             | 2 +-
 tests/acm-industrial-edge-hub.expected.yaml                     | 2 +-
 tests/acm-medical-diagnosis-hub.expected.yaml                   | 2 +-
 tests/acm-normal.expected.yaml                                  | 2 +-
 ...olang-external-secrets-industrial-edge-factory.expected.yaml | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/acm/templates/policies/acm-hub-ca-policy.yaml b/acm/templates/policies/acm-hub-ca-policy.yaml
index 890e6baeb..3d02d62f4 100644
--- a/acm/templates/policies/acm-hub-ca-policy.yaml
+++ b/acm/templates/policies/acm-hub-ca-policy.yaml
@@ -31,7 +31,7 @@ spec:
                 type: Opaque
                 metadata:
                   name: hub-ca
-                  namespace: imperative
+                  namespace: golang-external-secrets
                 data:
                   hub-kube-root-ca.crt: '{{ `{{hub fromConfigMap "" "kube-root-ca.crt" "ca.crt" | base64enc hub}}` }}'
                   hub-openshift-service-ca.crt: '{{ `{{hub fromConfigMap "" "openshift-service-ca.crt" "service-ca.crt" | base64enc hub}}` }}'
diff --git a/golang-external-secrets/values.yaml b/golang-external-secrets/values.yaml
index e3d141485..8c1cab77b 100644
--- a/golang-external-secrets/values.yaml
+++ b/golang-external-secrets/values.yaml
@@ -23,7 +23,7 @@ golangExternalSecrets:
       type: Secret
       name: hub-ca
       key: hub-kube-root-ca.crt
-      namespace: imperative
+      namespace: golang-external-secrets
 
 global:
   hubClusterDomain: hub.example.com
diff --git a/tests/acm-industrial-edge-hub.expected.yaml b/tests/acm-industrial-edge-hub.expected.yaml
index 453e8a9e5..620591a2f 100644
--- a/tests/acm-industrial-edge-hub.expected.yaml
+++ b/tests/acm-industrial-edge-hub.expected.yaml
@@ -167,7 +167,7 @@ spec:
                 type: Opaque
                 metadata:
                   name: hub-ca
-                  namespace: imperative
+                  namespace: golang-external-secrets
                 data:
                   hub-kube-root-ca.crt: '{{hub fromConfigMap "" "kube-root-ca.crt" "ca.crt" | base64enc hub}}'
                   hub-openshift-service-ca.crt: '{{hub fromConfigMap "" "openshift-service-ca.crt" "service-ca.crt" | base64enc hub}}'
diff --git a/tests/acm-medical-diagnosis-hub.expected.yaml b/tests/acm-medical-diagnosis-hub.expected.yaml
index 8b50de7a7..18a2f9211 100644
--- a/tests/acm-medical-diagnosis-hub.expected.yaml
+++ b/tests/acm-medical-diagnosis-hub.expected.yaml
@@ -158,7 +158,7 @@ spec:
                 type: Opaque
                 metadata:
                   name: hub-ca
-                  namespace: imperative
+                  namespace: golang-external-secrets
                 data:
                   hub-kube-root-ca.crt: '{{hub fromConfigMap "" "kube-root-ca.crt" "ca.crt" | base64enc hub}}'
                   hub-openshift-service-ca.crt: '{{hub fromConfigMap "" "openshift-service-ca.crt" "service-ca.crt" | base64enc hub}}'
diff --git a/tests/acm-normal.expected.yaml b/tests/acm-normal.expected.yaml
index 66f1c5900..28c5eea79 100644
--- a/tests/acm-normal.expected.yaml
+++ b/tests/acm-normal.expected.yaml
@@ -561,7 +561,7 @@ spec:
                 type: Opaque
                 metadata:
                   name: hub-ca
-                  namespace: imperative
+                  namespace: golang-external-secrets
                 data:
                   hub-kube-root-ca.crt: '{{hub fromConfigMap "" "kube-root-ca.crt" "ca.crt" | base64enc hub}}'
                   hub-openshift-service-ca.crt: '{{hub fromConfigMap "" "openshift-service-ca.crt" "service-ca.crt" | base64enc hub}}'
diff --git a/tests/golang-external-secrets-industrial-edge-factory.expected.yaml b/tests/golang-external-secrets-industrial-edge-factory.expected.yaml
index 712ec2478..f7aee2c23 100644
--- a/tests/golang-external-secrets-industrial-edge-factory.expected.yaml
+++ b/tests/golang-external-secrets-industrial-edge-factory.expected.yaml
@@ -12502,7 +12502,7 @@ spec:
         type: Secret
         name: hub-ca
         key: hub-kube-root-ca.crt
-        namespace: imperative
+        namespace: golang-external-secrets
 
       auth:
         kubernetes:

From f6734917fc9094cb597e01521c1888bbbff4756c Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Fri, 17 May 2024 18:17:06 +0200
Subject: [PATCH 4/5] Only do the acm hub ca policy when vault is the backend

The acm hub ca is needed for ESO on spokes to connect to the vault on
the hub, there is no need for this when vault is not used, so let's
drop it in that case
---
 acm/templates/policies/acm-hub-ca-policy.yaml | 7 ++++---
 acm/values.yaml                               | 2 ++
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/acm/templates/policies/acm-hub-ca-policy.yaml b/acm/templates/policies/acm-hub-ca-policy.yaml
index 3d02d62f4..ef15b1368 100644
--- a/acm/templates/policies/acm-hub-ca-policy.yaml
+++ b/acm/templates/policies/acm-hub-ca-policy.yaml
@@ -1,5 +1,6 @@
 # This pushes out the HUB's Certificate Authorities on to the imported clusters
-{{ if .Values.clusterGroup.isHubCluster }}
+{{- if .Values.clusterGroup.isHubCluster }}
+{{- if (eq (((.Values.global).secretStore).backend) "vault") }}
 ---
 apiVersion: policy.open-cluster-management.io/v1
 kind: Policy
@@ -67,5 +68,5 @@ spec:
         operator: NotIn
         values:
           - 'true'
-{{ end }}
-
+{{- end }}
+{{- end }}
diff --git a/acm/values.yaml b/acm/values.yaml
index c5f222c9b..6919b419a 100644
--- a/acm/values.yaml
+++ b/acm/values.yaml
@@ -9,6 +9,8 @@ global:
   targetRevision: main
   options:
     applicationRetryLimit: 20
+  secretStore:
+    backend: "vault"
 
 clusterGroup:
   subscriptions:

From 96461a0e2d0d4c8261f73405cf89465ab9cb99e2 Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Fri, 17 May 2024 19:06:48 +0200
Subject: [PATCH 5/5] Update tests after common rebase

---
 ...mmon-acm-industrial-edge-hub.expected.yaml |   4 +-
 ...on-acm-medical-diagnosis-hub.expected.yaml |   4 +-
 tests/common-acm-normal.expected.yaml         |   6 +-
 ...roup-industrial-edge-factory.expected.yaml |   2 +
 ...tergroup-industrial-edge-hub.expected.yaml |  14 ++
 ...rgroup-medical-diagnosis-hub.expected.yaml |  26 +++
 .../common-clustergroup-normal.expected.yaml  |   4 +
 ...rets-industrial-edge-factory.expected.yaml | 161 +++++++++++-------
 ...-secrets-industrial-edge-hub.expected.yaml | 159 ++++++++++-------
 ...ecrets-medical-diagnosis-hub.expected.yaml | 159 ++++++++++-------
 ...olang-external-secrets-naked.expected.yaml | 159 ++++++++++-------
 ...lang-external-secrets-normal.expected.yaml | 159 ++++++++++-------
 12 files changed, 568 insertions(+), 289 deletions(-)

diff --git a/tests/common-acm-industrial-edge-hub.expected.yaml b/tests/common-acm-industrial-edge-hub.expected.yaml
index 453e8a9e5..4199ba037 100644
--- a/tests/common-acm-industrial-edge-hub.expected.yaml
+++ b/tests/common-acm-industrial-edge-hub.expected.yaml
@@ -167,7 +167,7 @@ spec:
                 type: Opaque
                 metadata:
                   name: hub-ca
-                  namespace: imperative
+                  namespace: golang-external-secrets
                 data:
                   hub-kube-root-ca.crt: '{{hub fromConfigMap "" "kube-root-ca.crt" "ca.crt" | base64enc hub}}'
                   hub-openshift-service-ca.crt: '{{hub fromConfigMap "" "openshift-service-ca.crt" "service-ca.crt" | base64enc hub}}'
@@ -214,6 +214,8 @@ spec:
                     path: common/clustergroup
                     helm:
                       ignoreMissingValueFiles: true
+                      values: |
+                        extraParametersNested:
                       valueFiles:
                       - "/values-global.yaml"
                       - "/values-factory.yaml"
diff --git a/tests/common-acm-medical-diagnosis-hub.expected.yaml b/tests/common-acm-medical-diagnosis-hub.expected.yaml
index 8b50de7a7..f2a8fdd67 100644
--- a/tests/common-acm-medical-diagnosis-hub.expected.yaml
+++ b/tests/common-acm-medical-diagnosis-hub.expected.yaml
@@ -158,7 +158,7 @@ spec:
                 type: Opaque
                 metadata:
                   name: hub-ca
-                  namespace: imperative
+                  namespace: golang-external-secrets
                 data:
                   hub-kube-root-ca.crt: '{{hub fromConfigMap "" "kube-root-ca.crt" "ca.crt" | base64enc hub}}'
                   hub-openshift-service-ca.crt: '{{hub fromConfigMap "" "openshift-service-ca.crt" "service-ca.crt" | base64enc hub}}'
@@ -205,6 +205,8 @@ spec:
                     path: common/clustergroup
                     helm:
                       ignoreMissingValueFiles: true
+                      values: |
+                        extraParametersNested:
                       valueFiles:
                       - "/values-global.yaml"
                       - "/values-region-one.yaml"
diff --git a/tests/common-acm-normal.expected.yaml b/tests/common-acm-normal.expected.yaml
index 66f1c5900..143de18b6 100644
--- a/tests/common-acm-normal.expected.yaml
+++ b/tests/common-acm-normal.expected.yaml
@@ -561,7 +561,7 @@ spec:
                 type: Opaque
                 metadata:
                   name: hub-ca
-                  namespace: imperative
+                  namespace: golang-external-secrets
                 data:
                   hub-kube-root-ca.crt: '{{hub fromConfigMap "" "kube-root-ca.crt" "ca.crt" | base64enc hub}}'
                   hub-openshift-service-ca.crt: '{{hub fromConfigMap "" "openshift-service-ca.crt" "service-ca.crt" | base64enc hub}}'
@@ -608,6 +608,8 @@ spec:
                     path: common/clustergroup
                     helm:
                       ignoreMissingValueFiles: true
+                      values: |
+                        extraParametersNested:
                       valueFiles:
                       - "/values-global.yaml"
                       - "/values-acm-edge.yaml"
@@ -704,6 +706,8 @@ spec:
                     path: common/clustergroup
                     helm:
                       ignoreMissingValueFiles: true
+                      values: |
+                        extraParametersNested:
                       valueFiles:
                       - "/values-global.yaml"
                       - "/values-acm-provision-edge.yaml"
diff --git a/tests/common-clustergroup-industrial-edge-factory.expected.yaml b/tests/common-clustergroup-industrial-edge-factory.expected.yaml
index 805b9a225..9990f0b8e 100644
--- a/tests/common-clustergroup-industrial-edge-factory.expected.yaml
+++ b/tests/common-clustergroup-industrial-edge-factory.expected.yaml
@@ -556,6 +556,8 @@ spec:
     path: charts/datacenter/opendatahub
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-factory.yaml"
diff --git a/tests/common-clustergroup-industrial-edge-hub.expected.yaml b/tests/common-clustergroup-industrial-edge-hub.expected.yaml
index a4687aadd..97d6952ba 100644
--- a/tests/common-clustergroup-industrial-edge-hub.expected.yaml
+++ b/tests/common-clustergroup-industrial-edge-hub.expected.yaml
@@ -854,6 +854,8 @@ spec:
     path: common/acm
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-datacenter.yaml"
@@ -919,6 +921,8 @@ spec:
     path: charts/datacenter/opendatahub
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-datacenter.yaml"
@@ -975,6 +979,8 @@ spec:
     path: charts/datacenter/pipelines
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-datacenter.yaml"
@@ -1031,6 +1037,8 @@ spec:
     path: charts/datacenter/manuela-data-lake
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-datacenter.yaml"
@@ -1117,6 +1125,8 @@ spec:
     path: charts/datacenter/external-secrets
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-datacenter.yaml"
@@ -1173,6 +1183,8 @@ spec:
     path: common/golang-external-secrets
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-datacenter.yaml"
@@ -1256,6 +1268,8 @@ spec:
     chart: vault
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-datacenter.yaml"
diff --git a/tests/common-clustergroup-medical-diagnosis-hub.expected.yaml b/tests/common-clustergroup-medical-diagnosis-hub.expected.yaml
index dba853e0f..84eb9bcfc 100644
--- a/tests/common-clustergroup-medical-diagnosis-hub.expected.yaml
+++ b/tests/common-clustergroup-medical-diagnosis-hub.expected.yaml
@@ -739,6 +739,8 @@ spec:
     path: common/golang-external-secrets
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -795,6 +797,8 @@ spec:
     path: charts/all/kafdrop
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -851,6 +855,8 @@ spec:
     path: charts/all/kafka
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -907,6 +913,8 @@ spec:
     path: charts/all/opendatahub
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -963,6 +971,8 @@ spec:
     path: charts/all/openshift-data-foundations
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -1019,6 +1029,8 @@ spec:
     path: charts/all/openshift-serverless
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -1075,6 +1087,8 @@ spec:
     path: charts/all/medical-diagnosis/service-account
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -1131,6 +1145,8 @@ spec:
     chart: vault
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -1205,6 +1221,8 @@ spec:
     path: charts/all/medical-diagnosis/database
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -1261,6 +1279,8 @@ spec:
     path: charts/all/medical-diagnosis/grafana
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -1317,6 +1337,8 @@ spec:
     path: charts/all/medical-diagnosis/image-generator
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -1382,6 +1404,8 @@ spec:
     path: charts/all/medical-diagnosis/image-server
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
@@ -1447,6 +1471,8 @@ spec:
     path: charts/all/medical-diagnosis/xray-init
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-hub.yaml"
diff --git a/tests/common-clustergroup-normal.expected.yaml b/tests/common-clustergroup-normal.expected.yaml
index 225a82c32..7a650fe07 100644
--- a/tests/common-clustergroup-normal.expected.yaml
+++ b/tests/common-clustergroup-normal.expected.yaml
@@ -704,6 +704,8 @@ spec:
     path: common/acm
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-example.yaml"
@@ -771,6 +773,8 @@ spec:
     path: charts/datacenter/pipelines
     helm:
       ignoreMissingValueFiles: true
+      values: |
+        extraParametersNested:
       valueFiles:
       - "/values-global.yaml"
       - "/values-example.yaml"
diff --git a/tests/common-golang-external-secrets-industrial-edge-factory.expected.yaml b/tests/common-golang-external-secrets-industrial-edge-factory.expected.yaml
index dde550fd4..2a9621a79 100644
--- a/tests/common-golang-external-secrets-industrial-edge-factory.expected.yaml
+++ b/tests/common-golang-external-secrets-industrial-edge-factory.expected.yaml
@@ -6,10 +6,10 @@ metadata:
   name: external-secrets-cert-controller
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml
@@ -19,10 +19,10 @@ metadata:
   name: common-golang-external-secrets
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml
@@ -32,10 +32,10 @@ metadata:
   name: external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml
@@ -45,10 +45,10 @@ metadata:
   name: common-golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 ---
@@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: acraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -263,7 +263,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: clusterexternalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -780,11 +780,13 @@ spec:
                             items:
                               type: string
                             type: array
+                            x-kubernetes-list-type: atomic
                         required:
                           - key
                           - operator
                         type: object
                       type: array
+                      x-kubernetes-list-type: atomic
                     matchLabels:
                       additionalProperties:
                         type: string
@@ -827,11 +829,13 @@ spec:
                               items:
                                 type: string
                               type: array
+                              x-kubernetes-list-type: atomic
                           required:
                             - key
                             - operator
                           type: object
                         type: array
+                        x-kubernetes-list-type: atomic
                       matchLabels:
                         additionalProperties:
                           type: string
@@ -844,7 +848,7 @@ spec:
                     x-kubernetes-map-type: atomic
                   type: array
                 namespaces:
-                  description: Choose namespaces by name. This field is ORed with anything that NamespaceSelector ends up choosing.
+                  description: Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing.
                   items:
                     type: string
                   type: array
@@ -916,7 +920,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: clustersecretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -2484,11 +2488,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -2921,6 +2927,23 @@ spec:
                         authSecretRef:
                           description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.
                           properties:
+                            clientCertificate:
+                              description: The Azure ClientCertificate of the service principle used for authentication.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
                             clientId:
                               description: The Azure clientId of the service principle or managed identity used for authentication.
                               properties:
@@ -5079,7 +5102,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: ecrauthorizationtokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -5246,7 +5269,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: externalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -6051,7 +6074,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: fakes.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6127,7 +6150,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: gcraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6255,7 +6278,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: githubaccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6357,7 +6380,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: passwords.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6455,7 +6478,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: pushsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -6586,11 +6609,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -6831,7 +6856,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: secretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -8399,11 +8424,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -8836,6 +8863,23 @@ spec:
                         authSecretRef:
                           description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.
                           properties:
+                            clientCertificate:
+                              description: The Azure ClientCertificate of the service principle used for authentication.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
                             clientId:
                               description: The Azure clientId of the service principle or managed identity used for authentication.
                               properties:
@@ -10994,7 +11038,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: vaultdynamicsecrets.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -11686,7 +11730,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: webhooks.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -11834,10 +11878,10 @@ kind: ClusterRole
 metadata:
   name: common-golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -11901,10 +11945,10 @@ kind: ClusterRole
 metadata:
   name: common-golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12012,10 +12056,10 @@ kind: ClusterRole
 metadata:
   name: common-golang-external-secrets-view
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-view: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -12054,10 +12098,10 @@ kind: ClusterRole
 metadata:
   name: common-golang-external-secrets-edit
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
@@ -12100,10 +12144,10 @@ metadata:
   name: common-golang-external-secrets-servicebindings
   labels:
     servicebinding.io/controller: "true"
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12121,10 +12165,10 @@ kind: ClusterRoleBinding
 metadata:
   name: common-golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12141,10 +12185,10 @@ kind: ClusterRoleBinding
 metadata:
   name: common-golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12177,10 +12221,10 @@ metadata:
   name: common-golang-external-secrets-leaderelection
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12216,10 +12260,10 @@ metadata:
   name: common-golang-external-secrets-leaderelection
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12237,10 +12281,10 @@ metadata:
   name: common-golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 spec:
@@ -12261,10 +12305,10 @@ metadata:
   name: common-golang-external-secrets-cert-controller
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12276,10 +12320,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets-cert-controller
         app.kubernetes.io/instance: common-golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: external-secrets-cert-controller
@@ -12294,7 +12338,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - certcontroller
@@ -12324,10 +12368,10 @@ metadata:
   name: common-golang-external-secrets
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12339,10 +12383,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets
         app.kubernetes.io/instance: common-golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: common-golang-external-secrets
@@ -12357,7 +12401,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - --concurrent=1
@@ -12366,6 +12410,7 @@ spec:
             - containerPort: 8080
               protocol: TCP
               name: metrics
+      dnsPolicy: ClusterFirst
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-deployment.yaml
 apiVersion: apps/v1
@@ -12374,10 +12419,10 @@ metadata:
   name: common-golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12389,10 +12434,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets-webhook
         app.kubernetes.io/instance: common-golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       hostNetwork: false
@@ -12407,7 +12452,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - webhook
@@ -12457,7 +12502,7 @@ spec:
         type: Secret
         name: hub-ca
         key: hub-kube-root-ca.crt
-        namespace: imperative
+        namespace: golang-external-secrets
 
       auth:
         kubernetes:
diff --git a/tests/common-golang-external-secrets-industrial-edge-hub.expected.yaml b/tests/common-golang-external-secrets-industrial-edge-hub.expected.yaml
index a0ad351a1..2f0b9ac36 100644
--- a/tests/common-golang-external-secrets-industrial-edge-hub.expected.yaml
+++ b/tests/common-golang-external-secrets-industrial-edge-hub.expected.yaml
@@ -6,10 +6,10 @@ metadata:
   name: external-secrets-cert-controller
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml
@@ -19,10 +19,10 @@ metadata:
   name: common-golang-external-secrets
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml
@@ -32,10 +32,10 @@ metadata:
   name: external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml
@@ -45,10 +45,10 @@ metadata:
   name: common-golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 ---
@@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: acraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -263,7 +263,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: clusterexternalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -780,11 +780,13 @@ spec:
                             items:
                               type: string
                             type: array
+                            x-kubernetes-list-type: atomic
                         required:
                           - key
                           - operator
                         type: object
                       type: array
+                      x-kubernetes-list-type: atomic
                     matchLabels:
                       additionalProperties:
                         type: string
@@ -827,11 +829,13 @@ spec:
                               items:
                                 type: string
                               type: array
+                              x-kubernetes-list-type: atomic
                           required:
                             - key
                             - operator
                           type: object
                         type: array
+                        x-kubernetes-list-type: atomic
                       matchLabels:
                         additionalProperties:
                           type: string
@@ -844,7 +848,7 @@ spec:
                     x-kubernetes-map-type: atomic
                   type: array
                 namespaces:
-                  description: Choose namespaces by name. This field is ORed with anything that NamespaceSelector ends up choosing.
+                  description: Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing.
                   items:
                     type: string
                   type: array
@@ -916,7 +920,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: clustersecretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -2484,11 +2488,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -2921,6 +2927,23 @@ spec:
                         authSecretRef:
                           description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.
                           properties:
+                            clientCertificate:
+                              description: The Azure ClientCertificate of the service principle used for authentication.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
                             clientId:
                               description: The Azure clientId of the service principle or managed identity used for authentication.
                               properties:
@@ -5079,7 +5102,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: ecrauthorizationtokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -5246,7 +5269,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: externalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -6051,7 +6074,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: fakes.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6127,7 +6150,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: gcraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6255,7 +6278,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: githubaccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6357,7 +6380,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: passwords.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6455,7 +6478,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: pushsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -6586,11 +6609,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -6831,7 +6856,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: secretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -8399,11 +8424,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -8836,6 +8863,23 @@ spec:
                         authSecretRef:
                           description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.
                           properties:
+                            clientCertificate:
+                              description: The Azure ClientCertificate of the service principle used for authentication.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
                             clientId:
                               description: The Azure clientId of the service principle or managed identity used for authentication.
                               properties:
@@ -10994,7 +11038,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: vaultdynamicsecrets.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -11686,7 +11730,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: webhooks.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -11834,10 +11878,10 @@ kind: ClusterRole
 metadata:
   name: common-golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -11901,10 +11945,10 @@ kind: ClusterRole
 metadata:
   name: common-golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12012,10 +12056,10 @@ kind: ClusterRole
 metadata:
   name: common-golang-external-secrets-view
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-view: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -12054,10 +12098,10 @@ kind: ClusterRole
 metadata:
   name: common-golang-external-secrets-edit
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
@@ -12100,10 +12144,10 @@ metadata:
   name: common-golang-external-secrets-servicebindings
   labels:
     servicebinding.io/controller: "true"
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12121,10 +12165,10 @@ kind: ClusterRoleBinding
 metadata:
   name: common-golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12141,10 +12185,10 @@ kind: ClusterRoleBinding
 metadata:
   name: common-golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12177,10 +12221,10 @@ metadata:
   name: common-golang-external-secrets-leaderelection
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12216,10 +12260,10 @@ metadata:
   name: common-golang-external-secrets-leaderelection
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12237,10 +12281,10 @@ metadata:
   name: common-golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 spec:
@@ -12261,10 +12305,10 @@ metadata:
   name: common-golang-external-secrets-cert-controller
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12276,10 +12320,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets-cert-controller
         app.kubernetes.io/instance: common-golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: external-secrets-cert-controller
@@ -12294,7 +12338,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - certcontroller
@@ -12324,10 +12368,10 @@ metadata:
   name: common-golang-external-secrets
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12339,10 +12383,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets
         app.kubernetes.io/instance: common-golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: common-golang-external-secrets
@@ -12357,7 +12401,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - --concurrent=1
@@ -12366,6 +12410,7 @@ spec:
             - containerPort: 8080
               protocol: TCP
               name: metrics
+      dnsPolicy: ClusterFirst
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-deployment.yaml
 apiVersion: apps/v1
@@ -12374,10 +12419,10 @@ metadata:
   name: common-golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12389,10 +12434,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets-webhook
         app.kubernetes.io/instance: common-golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       hostNetwork: false
@@ -12407,7 +12452,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - webhook
diff --git a/tests/common-golang-external-secrets-medical-diagnosis-hub.expected.yaml b/tests/common-golang-external-secrets-medical-diagnosis-hub.expected.yaml
index a0ad351a1..2f0b9ac36 100644
--- a/tests/common-golang-external-secrets-medical-diagnosis-hub.expected.yaml
+++ b/tests/common-golang-external-secrets-medical-diagnosis-hub.expected.yaml
@@ -6,10 +6,10 @@ metadata:
   name: external-secrets-cert-controller
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml
@@ -19,10 +19,10 @@ metadata:
   name: common-golang-external-secrets
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml
@@ -32,10 +32,10 @@ metadata:
   name: external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml
@@ -45,10 +45,10 @@ metadata:
   name: common-golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 ---
@@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: acraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -263,7 +263,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: clusterexternalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -780,11 +780,13 @@ spec:
                             items:
                               type: string
                             type: array
+                            x-kubernetes-list-type: atomic
                         required:
                           - key
                           - operator
                         type: object
                       type: array
+                      x-kubernetes-list-type: atomic
                     matchLabels:
                       additionalProperties:
                         type: string
@@ -827,11 +829,13 @@ spec:
                               items:
                                 type: string
                               type: array
+                              x-kubernetes-list-type: atomic
                           required:
                             - key
                             - operator
                           type: object
                         type: array
+                        x-kubernetes-list-type: atomic
                       matchLabels:
                         additionalProperties:
                           type: string
@@ -844,7 +848,7 @@ spec:
                     x-kubernetes-map-type: atomic
                   type: array
                 namespaces:
-                  description: Choose namespaces by name. This field is ORed with anything that NamespaceSelector ends up choosing.
+                  description: Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing.
                   items:
                     type: string
                   type: array
@@ -916,7 +920,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: clustersecretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -2484,11 +2488,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -2921,6 +2927,23 @@ spec:
                         authSecretRef:
                           description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.
                           properties:
+                            clientCertificate:
+                              description: The Azure ClientCertificate of the service principle used for authentication.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
                             clientId:
                               description: The Azure clientId of the service principle or managed identity used for authentication.
                               properties:
@@ -5079,7 +5102,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: ecrauthorizationtokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -5246,7 +5269,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: externalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -6051,7 +6074,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: fakes.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6127,7 +6150,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: gcraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6255,7 +6278,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: githubaccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6357,7 +6380,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: passwords.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6455,7 +6478,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: pushsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -6586,11 +6609,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -6831,7 +6856,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: secretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -8399,11 +8424,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -8836,6 +8863,23 @@ spec:
                         authSecretRef:
                           description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.
                           properties:
+                            clientCertificate:
+                              description: The Azure ClientCertificate of the service principle used for authentication.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
                             clientId:
                               description: The Azure clientId of the service principle or managed identity used for authentication.
                               properties:
@@ -10994,7 +11038,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: vaultdynamicsecrets.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -11686,7 +11730,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: webhooks.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -11834,10 +11878,10 @@ kind: ClusterRole
 metadata:
   name: common-golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -11901,10 +11945,10 @@ kind: ClusterRole
 metadata:
   name: common-golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12012,10 +12056,10 @@ kind: ClusterRole
 metadata:
   name: common-golang-external-secrets-view
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-view: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -12054,10 +12098,10 @@ kind: ClusterRole
 metadata:
   name: common-golang-external-secrets-edit
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
@@ -12100,10 +12144,10 @@ metadata:
   name: common-golang-external-secrets-servicebindings
   labels:
     servicebinding.io/controller: "true"
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12121,10 +12165,10 @@ kind: ClusterRoleBinding
 metadata:
   name: common-golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12141,10 +12185,10 @@ kind: ClusterRoleBinding
 metadata:
   name: common-golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12177,10 +12221,10 @@ metadata:
   name: common-golang-external-secrets-leaderelection
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12216,10 +12260,10 @@ metadata:
   name: common-golang-external-secrets-leaderelection
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12237,10 +12281,10 @@ metadata:
   name: common-golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 spec:
@@ -12261,10 +12305,10 @@ metadata:
   name: common-golang-external-secrets-cert-controller
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12276,10 +12320,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets-cert-controller
         app.kubernetes.io/instance: common-golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: external-secrets-cert-controller
@@ -12294,7 +12338,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - certcontroller
@@ -12324,10 +12368,10 @@ metadata:
   name: common-golang-external-secrets
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12339,10 +12383,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets
         app.kubernetes.io/instance: common-golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: common-golang-external-secrets
@@ -12357,7 +12401,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - --concurrent=1
@@ -12366,6 +12410,7 @@ spec:
             - containerPort: 8080
               protocol: TCP
               name: metrics
+      dnsPolicy: ClusterFirst
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-deployment.yaml
 apiVersion: apps/v1
@@ -12374,10 +12419,10 @@ metadata:
   name: common-golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12389,10 +12434,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets-webhook
         app.kubernetes.io/instance: common-golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       hostNetwork: false
@@ -12407,7 +12452,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - webhook
diff --git a/tests/common-golang-external-secrets-naked.expected.yaml b/tests/common-golang-external-secrets-naked.expected.yaml
index 3d54dd631..dc6b146da 100644
--- a/tests/common-golang-external-secrets-naked.expected.yaml
+++ b/tests/common-golang-external-secrets-naked.expected.yaml
@@ -6,10 +6,10 @@ metadata:
   name: external-secrets-cert-controller
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml
@@ -19,10 +19,10 @@ metadata:
   name: common-golang-external-secrets
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml
@@ -32,10 +32,10 @@ metadata:
   name: external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml
@@ -45,10 +45,10 @@ metadata:
   name: common-golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 ---
@@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: acraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -263,7 +263,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: clusterexternalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -780,11 +780,13 @@ spec:
                             items:
                               type: string
                             type: array
+                            x-kubernetes-list-type: atomic
                         required:
                           - key
                           - operator
                         type: object
                       type: array
+                      x-kubernetes-list-type: atomic
                     matchLabels:
                       additionalProperties:
                         type: string
@@ -827,11 +829,13 @@ spec:
                               items:
                                 type: string
                               type: array
+                              x-kubernetes-list-type: atomic
                           required:
                             - key
                             - operator
                           type: object
                         type: array
+                        x-kubernetes-list-type: atomic
                       matchLabels:
                         additionalProperties:
                           type: string
@@ -844,7 +848,7 @@ spec:
                     x-kubernetes-map-type: atomic
                   type: array
                 namespaces:
-                  description: Choose namespaces by name. This field is ORed with anything that NamespaceSelector ends up choosing.
+                  description: Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing.
                   items:
                     type: string
                   type: array
@@ -916,7 +920,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: clustersecretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -2484,11 +2488,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -2921,6 +2927,23 @@ spec:
                         authSecretRef:
                           description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.
                           properties:
+                            clientCertificate:
+                              description: The Azure ClientCertificate of the service principle used for authentication.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
                             clientId:
                               description: The Azure clientId of the service principle or managed identity used for authentication.
                               properties:
@@ -5079,7 +5102,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: ecrauthorizationtokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -5246,7 +5269,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: externalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -6051,7 +6074,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: fakes.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6127,7 +6150,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: gcraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6255,7 +6278,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: githubaccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6357,7 +6380,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: passwords.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6455,7 +6478,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: pushsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -6586,11 +6609,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -6831,7 +6856,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: secretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -8399,11 +8424,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -8836,6 +8863,23 @@ spec:
                         authSecretRef:
                           description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.
                           properties:
+                            clientCertificate:
+                              description: The Azure ClientCertificate of the service principle used for authentication.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
                             clientId:
                               description: The Azure clientId of the service principle or managed identity used for authentication.
                               properties:
@@ -10994,7 +11038,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: vaultdynamicsecrets.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -11686,7 +11730,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: webhooks.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -11834,10 +11878,10 @@ kind: ClusterRole
 metadata:
   name: common-golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -11901,10 +11945,10 @@ kind: ClusterRole
 metadata:
   name: common-golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12012,10 +12056,10 @@ kind: ClusterRole
 metadata:
   name: common-golang-external-secrets-view
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-view: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -12054,10 +12098,10 @@ kind: ClusterRole
 metadata:
   name: common-golang-external-secrets-edit
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
@@ -12100,10 +12144,10 @@ metadata:
   name: common-golang-external-secrets-servicebindings
   labels:
     servicebinding.io/controller: "true"
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12121,10 +12165,10 @@ kind: ClusterRoleBinding
 metadata:
   name: common-golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12141,10 +12185,10 @@ kind: ClusterRoleBinding
 metadata:
   name: common-golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12177,10 +12221,10 @@ metadata:
   name: common-golang-external-secrets-leaderelection
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12216,10 +12260,10 @@ metadata:
   name: common-golang-external-secrets-leaderelection
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12237,10 +12281,10 @@ metadata:
   name: common-golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 spec:
@@ -12261,10 +12305,10 @@ metadata:
   name: common-golang-external-secrets-cert-controller
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12276,10 +12320,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets-cert-controller
         app.kubernetes.io/instance: common-golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: external-secrets-cert-controller
@@ -12294,7 +12338,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - certcontroller
@@ -12324,10 +12368,10 @@ metadata:
   name: common-golang-external-secrets
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12339,10 +12383,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets
         app.kubernetes.io/instance: common-golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: common-golang-external-secrets
@@ -12357,7 +12401,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - --concurrent=1
@@ -12366,6 +12410,7 @@ spec:
             - containerPort: 8080
               protocol: TCP
               name: metrics
+      dnsPolicy: ClusterFirst
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-deployment.yaml
 apiVersion: apps/v1
@@ -12374,10 +12419,10 @@ metadata:
   name: common-golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12389,10 +12434,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets-webhook
         app.kubernetes.io/instance: common-golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       hostNetwork: false
@@ -12407,7 +12452,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - webhook
diff --git a/tests/common-golang-external-secrets-normal.expected.yaml b/tests/common-golang-external-secrets-normal.expected.yaml
index a0ad351a1..2f0b9ac36 100644
--- a/tests/common-golang-external-secrets-normal.expected.yaml
+++ b/tests/common-golang-external-secrets-normal.expected.yaml
@@ -6,10 +6,10 @@ metadata:
   name: external-secrets-cert-controller
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/serviceaccount.yaml
@@ -19,10 +19,10 @@ metadata:
   name: common-golang-external-secrets
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-serviceaccount.yaml
@@ -32,10 +32,10 @@ metadata:
   name: external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-secret.yaml
@@ -45,10 +45,10 @@ metadata:
   name: common-golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 ---
@@ -67,7 +67,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: acraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -263,7 +263,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: clusterexternalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -780,11 +780,13 @@ spec:
                             items:
                               type: string
                             type: array
+                            x-kubernetes-list-type: atomic
                         required:
                           - key
                           - operator
                         type: object
                       type: array
+                      x-kubernetes-list-type: atomic
                     matchLabels:
                       additionalProperties:
                         type: string
@@ -827,11 +829,13 @@ spec:
                               items:
                                 type: string
                               type: array
+                              x-kubernetes-list-type: atomic
                           required:
                             - key
                             - operator
                           type: object
                         type: array
+                        x-kubernetes-list-type: atomic
                       matchLabels:
                         additionalProperties:
                           type: string
@@ -844,7 +848,7 @@ spec:
                     x-kubernetes-map-type: atomic
                   type: array
                 namespaces:
-                  description: Choose namespaces by name. This field is ORed with anything that NamespaceSelector ends up choosing.
+                  description: Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing.
                   items:
                     type: string
                   type: array
@@ -916,7 +920,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: clustersecretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -2484,11 +2488,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -2921,6 +2927,23 @@ spec:
                         authSecretRef:
                           description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.
                           properties:
+                            clientCertificate:
+                              description: The Azure ClientCertificate of the service principle used for authentication.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
                             clientId:
                               description: The Azure clientId of the service principle or managed identity used for authentication.
                               properties:
@@ -5079,7 +5102,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: ecrauthorizationtokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -5246,7 +5269,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: externalsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -6051,7 +6074,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: fakes.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6127,7 +6150,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: gcraccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6255,7 +6278,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: githubaccesstokens.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6357,7 +6380,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: passwords.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -6455,7 +6478,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: pushsecrets.external-secrets.io
 spec:
   group: external-secrets.io
@@ -6586,11 +6609,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -6831,7 +6856,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: secretstores.external-secrets.io
 spec:
   group: external-secrets.io
@@ -8399,11 +8424,13 @@ spec:
                                   items:
                                     type: string
                                   type: array
+                                  x-kubernetes-list-type: atomic
                               required:
                                 - key
                                 - operator
                               type: object
                             type: array
+                            x-kubernetes-list-type: atomic
                           matchLabels:
                             additionalProperties:
                               type: string
@@ -8836,6 +8863,23 @@ spec:
                         authSecretRef:
                           description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity.
                           properties:
+                            clientCertificate:
+                              description: The Azure ClientCertificate of the service principle used for authentication.
+                              properties:
+                                key:
+                                  description: |-
+                                    The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
+                                    defaulted, in others it may be required.
+                                  type: string
+                                name:
+                                  description: The name of the Secret resource being referred to.
+                                  type: string
+                                namespace:
+                                  description: |-
+                                    Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
+                                    to the namespace of the referent.
+                                  type: string
+                              type: object
                             clientId:
                               description: The Azure clientId of the service principle or managed identity used for authentication.
                               properties:
@@ -10994,7 +11038,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: vaultdynamicsecrets.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -11686,7 +11730,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.15.0
   name: webhooks.generators.external-secrets.io
 spec:
   group: generators.external-secrets.io
@@ -11834,10 +11878,10 @@ kind: ClusterRole
 metadata:
   name: common-golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -11901,10 +11945,10 @@ kind: ClusterRole
 metadata:
   name: common-golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12012,10 +12056,10 @@ kind: ClusterRole
 metadata:
   name: common-golang-external-secrets-view
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-view: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
@@ -12054,10 +12098,10 @@ kind: ClusterRole
 metadata:
   name: common-golang-external-secrets-edit
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
@@ -12100,10 +12144,10 @@ metadata:
   name: common-golang-external-secrets-servicebindings
   labels:
     servicebinding.io/controller: "true"
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12121,10 +12165,10 @@ kind: ClusterRoleBinding
 metadata:
   name: common-golang-external-secrets-cert-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12141,10 +12185,10 @@ kind: ClusterRoleBinding
 metadata:
   name: common-golang-external-secrets-controller
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12177,10 +12221,10 @@ metadata:
   name: common-golang-external-secrets-leaderelection
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 rules:
   - apiGroups:
@@ -12216,10 +12260,10 @@ metadata:
   name: common-golang-external-secrets-leaderelection
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12237,10 +12281,10 @@ metadata:
   name: common-golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
     external-secrets.io/component: webhook
 spec:
@@ -12261,10 +12305,10 @@ metadata:
   name: common-golang-external-secrets-cert-controller
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-cert-controller
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12276,10 +12320,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets-cert-controller
         app.kubernetes.io/instance: common-golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: external-secrets-cert-controller
@@ -12294,7 +12338,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - certcontroller
@@ -12324,10 +12368,10 @@ metadata:
   name: common-golang-external-secrets
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12339,10 +12383,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets
         app.kubernetes.io/instance: common-golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       serviceAccountName: common-golang-external-secrets
@@ -12357,7 +12401,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - --concurrent=1
@@ -12366,6 +12410,7 @@ spec:
             - containerPort: 8080
               protocol: TCP
               name: metrics
+      dnsPolicy: ClusterFirst
 ---
 # Source: golang-external-secrets/charts/external-secrets/templates/webhook-deployment.yaml
 apiVersion: apps/v1
@@ -12374,10 +12419,10 @@ metadata:
   name: common-golang-external-secrets-webhook
   namespace: default
   labels:
-    helm.sh/chart: external-secrets-0.9.16
+    helm.sh/chart: external-secrets-0.9.18
     app.kubernetes.io/name: external-secrets-webhook
     app.kubernetes.io/instance: common-golang-external-secrets
-    app.kubernetes.io/version: "v0.9.16"
+    app.kubernetes.io/version: "v0.9.18"
     app.kubernetes.io/managed-by: Helm
 spec:
   replicas: 1
@@ -12389,10 +12434,10 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: external-secrets-0.9.16
+        helm.sh/chart: external-secrets-0.9.18
         app.kubernetes.io/name: external-secrets-webhook
         app.kubernetes.io/instance: common-golang-external-secrets
-        app.kubernetes.io/version: "v0.9.16"
+        app.kubernetes.io/version: "v0.9.18"
         app.kubernetes.io/managed-by: Helm
     spec:
       hostNetwork: false
@@ -12407,7 +12452,7 @@ spec:
               - ALL
             readOnlyRootFilesystem: true
             runAsNonRoot: true
-          image: ghcr.io/external-secrets/external-secrets:v0.9.16-ubi
+          image: ghcr.io/external-secrets/external-secrets:v0.9.18-ubi
           imagePullPolicy: IfNotPresent
           args:
           - webhook