From cd0d0ced4b68dd2aaa4877ff2379bb767075470d Mon Sep 17 00:00:00 2001
From: frederickjoi <153292280+frederickjoi@users.noreply.github.com>
Date: Mon, 23 Sep 2024 11:30:44 -0700
Subject: [PATCH 1/7] docs: 9-23-24 cve updates (#4046)

* 9-23-24 cve updates

* ci: auto-formatting prettier issues

---------

Co-authored-by: frederickjoi <frederickjoi@users.noreply.github.com>
---
 .../reports/cve-2005-2541.md                  |  5 ++--
 .../reports/cve-2015-20107.md                 |  5 ++--
 .../reports/cve-2015-8855.md                  |  5 ++--
 .../reports/cve-2016-1585.md                  |  5 ++--
 .../reports/cve-2018-20225.md                 |  5 ++--
 .../reports/cve-2019-19244.md                 |  5 ++--
 .../reports/cve-2019-9674.md                  |  5 ++--
 .../reports/cve-2019-9923.md                  |  5 ++--
 .../reports/cve-2019-9936.md                  |  5 ++--
 .../reports/cve-2019-9937.md                  |  5 ++--
 .../reports/cve-2020-35512.md                 |  5 ++--
 .../reports/cve-2021-3737.md                  |  5 ++--
 .../reports/cve-2022-23990.md                 |  5 ++--
 .../reports/cve-2022-25883.md                 |  5 ++--
 .../security-bulletins/reports/reports.md     | 28 +++++++++----------
 15 files changed, 56 insertions(+), 42 deletions(-)

diff --git a/docs/docs-content/security-bulletins/reports/cve-2005-2541.md b/docs/docs-content/security-bulletins/reports/cve-2005-2541.md
index 9d9016cbb3..0f67c22371 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2005-2541.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2005-2541.md
@@ -14,7 +14,7 @@ tags: ["security", "cve"]
 
 ## Last Update
 
-8/16/2024
+9/23/24
 
 ## NIST CVE Summary
 
@@ -31,7 +31,7 @@ Waiting on a fix from third party mongodb vendor.
 
 ## Status
 
-Ongoing
+Resolved
 
 ## Affected Products & Versions
 
@@ -41,3 +41,4 @@ Ongoing
 
 - 1.0 08/16/2024 Initial Publication
 - 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products
+- 3.0 09/23/2024 Changed CVE status to Resolved
diff --git a/docs/docs-content/security-bulletins/reports/cve-2015-20107.md b/docs/docs-content/security-bulletins/reports/cve-2015-20107.md
index d547fb191a..371e352886 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2015-20107.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2015-20107.md
@@ -14,7 +14,7 @@ tags: ["security", "cve"]
 
 ## Last Update
 
-08/16/2024
+9/23/24
 
 ## NIST CVE Summary
 
@@ -33,7 +33,7 @@ Waiting on a fix from third party mongodb vendor
 
 ## Status
 
-Ongoing
+Resolved
 
 ## Affected Products & Versions
 
@@ -43,3 +43,4 @@ Ongoing
 
 - 1.0 08/16/2024 Initial Publication
 - 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products
+- 3.0 09/23/2024 Changed CVE status to Resolved
diff --git a/docs/docs-content/security-bulletins/reports/cve-2015-8855.md b/docs/docs-content/security-bulletins/reports/cve-2015-8855.md
index aa91c7da10..721cb802c9 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2015-8855.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2015-8855.md
@@ -14,7 +14,7 @@ tags: ["security", "cve"]
 
 ## Last Update
 
-7/31/2024
+9/23/24
 
 ## NIST CVE Summary
 
@@ -32,7 +32,7 @@ application.
 
 ## Status
 
-Ongoing
+Resolved
 
 ## Affected Products & Versions
 
@@ -42,3 +42,4 @@ Ongoing
 
 - 1.0 07/31/2024 Initial Publication
 - 2.0 08/17/2024 Remediated in Palette VerteX 4.4.14
+- 3.0 09/23/2024 Changed CVE status to Resolved
diff --git a/docs/docs-content/security-bulletins/reports/cve-2016-1585.md b/docs/docs-content/security-bulletins/reports/cve-2016-1585.md
index 9b7b5a2796..c028888105 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2016-1585.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2016-1585.md
@@ -14,7 +14,7 @@ tags: ["security", "cve"]
 
 ## Last Update
 
-8/16/2024
+9/23/24
 
 ## NIST CVE Summary
 
@@ -30,7 +30,7 @@ Spectro Cloud Official Summary coming soon.
 
 ## Status
 
-Ongoing
+Resolved
 
 ## Affected Products & Versions
 
@@ -40,3 +40,4 @@ Ongoing
 
 - 1.0 08/16/2024 Initial Publication
 - 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products
+- 3.0 09/23/2024 Changed CVE status to Resolved
diff --git a/docs/docs-content/security-bulletins/reports/cve-2018-20225.md b/docs/docs-content/security-bulletins/reports/cve-2018-20225.md
index 6da0b1150f..35bc061639 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2018-20225.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2018-20225.md
@@ -14,7 +14,7 @@ tags: ["security", "cve"]
 
 ## Last Update
 
-08/16/2024
+9/23/24
 
 ## NIST CVE Summary
 
@@ -34,7 +34,7 @@ Waiting on a fix from third party mongodb vendor
 
 ## Status
 
-Ongoing
+Resolved
 
 ## Affected Products & Versions
 
@@ -44,3 +44,4 @@ Ongoing
 
 - 1.0 08/16/2024 Initial Publication
 - 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products
+- 3.0 09/23/2024 Changed CVE status to Resolved
diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-19244.md b/docs/docs-content/security-bulletins/reports/cve-2019-19244.md
index 8a34e44c8f..20569b1439 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2019-19244.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2019-19244.md
@@ -14,7 +14,7 @@ tags: ["security", "cve"]
 
 ## Last Update
 
-08/16/2024
+9/23/24
 
 ## NIST CVE Summary
 
@@ -31,7 +31,7 @@ Waiting on a fix from third party mongodb vendor.
 
 ## Status
 
-Ongoing
+Resolved
 
 ## Affected Products & Versions
 
@@ -41,3 +41,4 @@ Ongoing
 
 - 1.0 08/16/2024 Initial Publication
 - 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products
+- 3.0 09/23/2024 Changed CVE status to Resolved
diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-9674.md b/docs/docs-content/security-bulletins/reports/cve-2019-9674.md
index 8c7ebd8bf7..5889792f26 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2019-9674.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2019-9674.md
@@ -14,7 +14,7 @@ tags: ["security", "cve"]
 
 ## Last Update
 
-08/16/2024
+9/23/24
 
 ## NIST CVE Summary
 
@@ -31,7 +31,7 @@ Waiting on a fix from third party mongodb vendor
 
 ## Status
 
-Ongoing
+Resolved
 
 ## Affected Products & Versions
 
@@ -41,3 +41,4 @@ Ongoing
 
 - 1.0 08/16/2024 Initial Publication
 - 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products
+- 3.0 09/23/2024 Changed CVE status to Resolved
diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-9923.md b/docs/docs-content/security-bulletins/reports/cve-2019-9923.md
index 77145cf0f6..aa0ed7bf16 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2019-9923.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2019-9923.md
@@ -14,7 +14,7 @@ tags: ["security", "cve"]
 
 ## Last Update
 
-8/16/2024
+9/23/24
 
 ## NIST CVE Summary
 
@@ -31,7 +31,7 @@ Waiting on a fix from third party mongodb vendor.
 
 ## Status
 
-Ongoing
+Resolved
 
 ## Affected Products & Versions
 
@@ -41,3 +41,4 @@ Ongoing
 
 - 1.0 08/16/2024 Initial Publication
 - 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products
+- 3.0 09/23/2024 Changed CVE status to Resolved
diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-9936.md b/docs/docs-content/security-bulletins/reports/cve-2019-9936.md
index f62384a630..8b399c50a3 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2019-9936.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2019-9936.md
@@ -14,7 +14,7 @@ tags: ["security", "cve"]
 
 ## Last Update
 
-8/16/2024
+9/23/24
 
 ## NIST CVE Summary
 
@@ -31,7 +31,7 @@ Waiting on a fix from third party mongodb vendor.
 
 ## Status
 
-Ongoing
+Resolved
 
 ## Affected Products & Versions
 
@@ -41,3 +41,4 @@ Ongoing
 
 - 1.0 08/16/2024 Initial Publication
 - 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products
+- 3.0 09/23/2024 Changed CVE status to Resolved
diff --git a/docs/docs-content/security-bulletins/reports/cve-2019-9937.md b/docs/docs-content/security-bulletins/reports/cve-2019-9937.md
index d6a5ad591c..99d23a5a06 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2019-9937.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2019-9937.md
@@ -14,7 +14,7 @@ tags: ["security", "cve"]
 
 ## Last Update
 
-8/16/2024
+9/23/24
 
 ## NIST CVE Summary
 
@@ -31,7 +31,7 @@ Waiting on a fix from third party mongodb vendor.
 
 ## Status
 
-Ongoing
+Resolved
 
 ## Affected Products & Versions
 
@@ -41,3 +41,4 @@ Ongoing
 
 - 1.0 08/16/2024 Initial Publication
 - 2.0 08/17/2024 Added Palette VerteX 4.4.14 to Affected Products
+- 3.0 09/23/2024 Changed CVE status to Resolved
diff --git a/docs/docs-content/security-bulletins/reports/cve-2020-35512.md b/docs/docs-content/security-bulletins/reports/cve-2020-35512.md
index 9b6286667e..dbfe7516fd 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2020-35512.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2020-35512.md
@@ -14,7 +14,7 @@ tags: ["security", "cve"]
 
 ## Last Update
 
-08/16/2024
+9/23/24
 
 ## NIST CVE Summary
 
@@ -33,7 +33,7 @@ Waiting on a fix from third party mongodb vendor
 
 ## Status
 
-Ongoing
+Resolved
 
 ## Affected Products & Versions
 
@@ -43,3 +43,4 @@ Ongoing
 
 - 1.0 08/16/2024 Initial Publication
 - 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products
+- 3.0 9/23/2024 Changed CVE status to Resolved
diff --git a/docs/docs-content/security-bulletins/reports/cve-2021-3737.md b/docs/docs-content/security-bulletins/reports/cve-2021-3737.md
index fddfb770e7..7f8fad5340 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2021-3737.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2021-3737.md
@@ -14,7 +14,7 @@ tags: ["security", "cve"]
 
 ## Last Update
 
-08/16/2024
+9/23/24
 
 ## NIST CVE Summary
 
@@ -32,7 +32,7 @@ Waiting on a fix from third party mongodb vendor
 
 ## Status
 
-Ongoing
+Resolved
 
 ## Affected Products & Versions
 
@@ -42,3 +42,4 @@ Ongoing
 
 - 1.0 08/16/2024 Initial Publication
 - 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products
+- 3.0 09/23/2024 Changed CVE status to Resolved
diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-23990.md b/docs/docs-content/security-bulletins/reports/cve-2022-23990.md
index 410927650c..a53bdc876b 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2022-23990.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2022-23990.md
@@ -14,7 +14,7 @@ tags: ["security", "cve"]
 
 ## Last Update
 
-08/16/2024
+9/23/24
 
 ## NIST CVE Summary
 
@@ -30,7 +30,7 @@ Waiting on a fix from third party mongodb vendor
 
 ## Status
 
-Ongoing
+Resolved
 
 ## Affected Products & Versions
 
@@ -40,3 +40,4 @@ Ongoing
 
 - 1.0 08/16/2024 Initial Publications
 - 2.0 08/17/2024 Added palette VerteX 4.4.14 to Affected Products
+- 3.0 09/23/2024 Changed CVE status to Resolved
diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-25883.md b/docs/docs-content/security-bulletins/reports/cve-2022-25883.md
index 1003714536..e1da2a3ea3 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2022-25883.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2022-25883.md
@@ -14,7 +14,7 @@ tags: ["security", "cve"]
 
 ## Last Update
 
-7/16/24
+9/23/24
 
 ## NIST CVE Summary
 
@@ -31,7 +31,7 @@ The CVE reported in virtual cluster CAPI provider. Govulncheck reports it as non
 
 ## Status
 
-Ongoing
+Resolved
 
 ## Affected Products & Versions
 
@@ -41,3 +41,4 @@ Ongoing
 
 - 1.0 07/16/2024 Initial Publication
 - 2.0 08/17/2024 Remediated in Palette VerteX 4.4.14
+- 3.0 09/23/2024 Changed CVE status to Resolved
diff --git a/docs/docs-content/security-bulletins/reports/reports.md b/docs/docs-content/security-bulletins/reports/reports.md
index 587a28ab39..727439a21e 100644
--- a/docs/docs-content/security-bulletins/reports/reports.md
+++ b/docs/docs-content/security-bulletins/reports/reports.md
@@ -44,30 +44,30 @@ Click on the CVE ID to view the full details of the vulnerability.
 | [CVE-2023-39325](./cve-2023-39325.md)           | 10/11/23         | 4/28/24       | 4.4.11 & 4.4.14 & 4.4.18 | Third-party component: Go project       | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)   | :mag: Ongoing               |
 | [CVE-2023-47108](./cve-2023-47108.md)           | 11/20/23         | 11/20/23      | 4.4.11 & 4.4.14 & 4.4.18 | Third-party component: OpenTelemetry-Go | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-47108)   | :mag: Ongoing               |
 | [CVE-2023-44487](./cve-2023-44487.md)           | 10/10/23         | 6/27/24       | 4.4.11 & 4.4.14          | Third-party component: CAPI             | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)   | :mag: Ongoing               |
-| [CVE-2022-25883](./cve-2022-25883.md)           | 6/21/23          | 11/6/24       | 4.4.11 & 4.4.14          | Third-party component: CAPI             | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-25883)   | :mag: Ongoing               |
-| [CVE-2015-8855](./cve-2015-8855.md)             | 1/23/17          | 1/26/12       | 4.4.11                   | Third-party component: CAPI             | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2015-8855)    | :mag: Ongoing               |
+| [CVE-2022-25883](./cve-2022-25883.md)           | 6/21/23          | 9/23/24       | 4.4.11 & 4.4.14          | Third-party component: CAPI             | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-25883)   | :white_check_mark: Resolved |
+| [CVE-2015-8855](./cve-2015-8855.md)             | 1/23/17          | 9/23/24       | 4.4.11                   | Third-party component: CAPI             | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2015-8855)    | :white_check_mark: Resolved |
 | [CVE-2019-12900](./cve-2019-12900.md)           | 08/16/24         | 08/16/24      | 4.4.14 & 4.4.18          | Third-party component: BZ2              | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2019-12900)   | :mag: Ongoing               |
 | [CVE-2023-37920](./cve-2023-37920.md)           | 08/16/24         | 08/16/24      | 4.4.14 & 4.4.18          | Third-party component: Certifi          | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2023-37920)   | :mag: Ongoing               |
 | [CVE-2019-1010022](./cve-2019-1010022.md)       | 08/16/24         | 08/16/24      | 4.4.14 & 4.4.18          | Third-party component: GNU Libc         | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2019-1010022) | :mag: Ongoing               |
-| [CVE-2016-1585](./cve-2016-1585.md)             | 08/16/24         | 08/16/24      | 4.4.14                   | Third-party component: Ubuntu           | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2016-1585)    | :mag: Ongoing               |
+| [CVE-2016-1585](./cve-2016-1585.md)             | 08/16/24         | 9/23/24       | 4.4.14                   | Third-party component: Ubuntu           | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2016-1585)    | :white_check_mark: Resolved |
 | [CVE-2018-20839](./cve-2018-20839.md)           | 08/16/24         | 08/16/24      | 4.4.14 & 4.4.18          | Third-party component: MongoDB          | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2018-20839)   | :mag: Ongoing               |
 | [CVE-2024-38428](./cve-2024-38428.md)           | 08/16/24         | 08/16/24      | 4.4.14 & 4.4.18          | Third-party component: MongoDB          | [9.1](https://nvd.nist.gov/vuln/detail/CVE-2024-38428)   | :mag: Ongoing               |
 | [CVE-2021-42694](./cve-2021-42694.md)           | 08/16/24         | 08/16/24      | 4.4.14 & 4.4.18          | Third-party component: MongoDB          | [8.3](https://nvd.nist.gov/vuln/detail/CVE-2021-42694)   | :mag: Ongoing               |
 | [CVE-2021-39537](./cve-2021-39537.md)           | 08/16/24         | 08/16/24      | 4.4.14 & 4.4.18          | Third-party component: MongoDB          | [8.8](https://nvd.nist.gov/vuln/detail/CVE-2021-39537)   | :mag: Ongoing               |
-| [CVE-2019-9923](./cve-2019-9923.md)             | 08/16/24         | 08/16/24      | 4.4.14                   | Third-party component: MongoDB          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9923)    | :mag: Ongoing               |
+| [CVE-2019-9923](./cve-2019-9923.md)             | 08/16/24         | 9/23/24       | 4.4.14                   | Third-party component: MongoDB          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9923)    | :white_check_mark: Resolved |
 | [CVE-2020-36325](./cve-2020-36325.md)           | 08/16/24         | 08/16/24      | 4.4.14 & 4.4.18          | Third-party component: Jansson          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2020-36325)   | :mag: Ongoing               |
-| [CVE-2005-2541](./cve-2005-2541.md)             | 08/16/24         | 08/16/24      | 4.4.14                   | Third-party component: MongoDB          | [10.0](https://nvd.nist.gov/vuln/detail/CVE-2005-2541)   | :mag: Ongoing               |
-| [CVE-2019-9937](./cve-2019-9937.md)             | 08/16/24         | 08/16/24      | 4.4.14                   | Third-party component: MongoDB          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9937)    | :mag: Ongoing               |
-| [CVE-2019-9936](./cve-2019-9936.md)             | 08/16/24         | 08/16/24      | 4.4.14                   | Third-party component: MongoDB          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9936)    | :mag: Ongoing               |
-| [CVE-2019-19244](./cve-2019-19244.md)           | 08/16/24         | 08/16/24      | 4.4.14                   | Third-party component: MongoDB          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-19244)   | :mag: Ongoing               |
+| [CVE-2005-2541](./cve-2005-2541.md)             | 08/16/24         | 9/23/24       | 4.4.14                   | Third-party component: MongoDB          | [10.0](https://nvd.nist.gov/vuln/detail/CVE-2005-2541)   | :white_check_mark: Resolved |
+| [CVE-2019-9937](./cve-2019-9937.md)             | 08/16/24         | 9/23/24       | 4.4.14                   | Third-party component: MongoDB          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9937)    | :white_check_mark: Resolved |
+| [CVE-2019-9936](./cve-2019-9936.md)             | 08/16/24         | 9/23/24       | 4.4.14                   | Third-party component: MongoDB          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9936)    | :white_check_mark: Resolved |
+| [CVE-2019-19244](./cve-2019-19244.md)           | 08/16/24         | 9/23/24       | 4.4.14                   | Third-party component: MongoDB          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-19244)   | :white_check_mark: Resolved |
 | [CVE-2016-20013](./cve-2016-20013.md)           | 08/16/24         | 08/16/24      | 4.4.14 & 4.4.18          | Third-party component: Ubuntu           | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2016-20013)   | :mag: Ongoing               |
 | [CVE-2022-0391](./cve-2022-0391.md)             | 08/16/24         | 08/16/24      | 4.4.14 & 4.4.18          | Third-party component: MongoDB          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-0391)    | :mag: Ongoing               |
-| [CVE-2021-3737](./cve-2021-3737.md)             | 08/16/24         | 08/16/24      | 4.4.14                   | Third-party component: MongoDB          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2021-3737)    | :mag: Ongoing               |
-| [CVE-2019-9674](./cve-2019-9674.md)             | 08/16/24         | 08/16/24      | 4.4.14                   | Third-party component: MongoDB          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9674)    | :mag: Ongoing               |
+| [CVE-2021-3737](./cve-2021-3737.md)             | 08/16/24         | 9/23/24       | 4.4.14                   | Third-party component: MongoDB          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2021-3737)    | :white_check_mark: Resolved |
+| [CVE-2019-9674](./cve-2019-9674.md)             | 08/16/24         | 9/23/24       | 4.4.14                   | Third-party component: MongoDB          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9674)    | :white_check_mark: Resolved |
 | [CVE-2023-26604](./cve-2023-26604.md)           | 08/16/24         | 08/16/24      | 4.4.14 & 4.4.18          | Third-party component: Ubuntu           | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-26604)   | :mag: Ongoing               |
-| [CVE-2015-20107](./cve-2015-20107.md)           | 08/16/24         | 08/16/24      | 4.4.14                   | Third-party component: MongoDB          | [7.6](https://nvd.nist.gov/vuln/detail/CVE-2015-20107)   | :mag: Ongoing               |
+| [CVE-2015-20107](./cve-2015-20107.md)           | 08/16/24         | 9/23/24       | 4.4.14                   | Third-party component: MongoDB          | [7.6](https://nvd.nist.gov/vuln/detail/CVE-2015-20107)   | :white_check_mark: Resolved |
 | [CVE-2017-11164](./cve-2017-11164.md)           | 08/16/24         | 08/16/24      | 4.4.14 & 4.4.18          | Third-party component: Ubuntu           | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2017-11164)   | :mag: Ongoing               |
-| [CVE-2018-20225](./cve-2018-20225.md)           | 08/16/24         | 08/16/24      | 4.4.14                   | Third-party component: MongoDB          | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2018-20225)   | :mag: Ongoing               |
+| [CVE-2018-20225](./cve-2018-20225.md)           | 08/16/24         | 9/23/24       | 4.4.14                   | Third-party component: MongoDB          | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2018-20225)   | :white_check_mark: Resolved |
 | [CVE-2022-41409](./cve-2022-41409.md)           | 08/16/24         | 08/16/24      | 4.4.14 & 4.4.18          | Third-party component: MongoDB          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41409)   | :mag: Ongoing               |
 | [CVE-2019-17543](./cve-2019-17543.md)           | 08/16/24         | 08/16/24      | 4.4.14                   | Third-party component: MongoDB          | [8.1](https://nvd.nist.gov/vuln/detail/CVE-2019-17543)   | :mag: Ongoing               |
 | [CVE-2022-4899](./cve-2022-4899.md)             | 08/16/24         | 08/16/24      | 4.4.14 & 4.4.18          | Third-party component: MongoDB          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4899)    | :mag: Ongoing               |
@@ -77,8 +77,8 @@ Click on the CVE ID to view the full details of the vulnerability.
 | [CVE-2023-29499](./cve-2023-29499.md)           | 08/16/24         | 08/16/24      | 4.4.14                   | Third-party component: MongoDB          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-29499)   | :mag: Ongoing               |
 | [CVE-2024-24790](./cve-2024-24790.md)           | 8/6/24           | 8/6/24        | 4.4.11 & 4.4.14          | Third-party component: Go Project       | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2024-24790)   | :mag: Ongoing               |
 | [CVE-2023-4156](./cve-2023-4156.md)             | 08/16/24         | 08/16/24      | 4.4.14                   | Third-party component: MongoDB          | [7.1](https://nvd.nist.gov/vuln/detail/CVE-2023-4156)    | :mag: Ongoing               |
-| [CVE-2022-23990](./cve-2022-23990.md)           | 08/16/24         | 08/16/24      | 4.4.14                   | Third-party component: MongoDB          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-23990)   | :mag: Ongoing               |
-| [CVE-2020-35512](./cve-2020-35512.md)           | 08/16/24         | 08/16/24      | 4.4.14                   | Third-party component: MongoDB          | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2020-35512)   | :mag: Ongoing               |
+| [CVE-2022-23990](./cve-2022-23990.md)           | 08/16/24         | 9/23/24       | 4.4.14                   | Third-party component: MongoDB          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-23990)   | :white_check_mark: Resolved |
+| [CVE-2020-35512](./cve-2020-35512.md)           | 08/16/24         | 9/23/24       | 4.4.14                   | Third-party component: MongoDB          | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2020-35512)   | :white_check_mark: Resolved |
 | [CVE-2012-2663](./cve-2012-2663.md)             | 08/16/24         | 08/16/24      | 4.4.14 & 4.4.18          | Third-party component: iPtables         | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2012-2663)    | :mag: Ongoing               |
 | [CVE-2019-9192](./cve-2019-9192.md)             | 08/16/24         | 08/16/24      | 4.4.14 & 4.4.18          | Third-party component: GNU C Library    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2019-9192)    | :mag: Ongoing               |
 | [CVE-2018-20796](./cve-2018-20796.md)           | 08/16/24         | 08/16/24      | 4.4.14 & 4.4.18          | Third-party component: GNU C Library    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2018-20796)   | :mag: Ongoing               |

From 4a1fd186e98fbee5d87168b40cfdeb9903ed1956 Mon Sep 17 00:00:00 2001
From: Karl Cardenas <karl@spectrocloud.com>
Date: Mon, 23 Sep 2024 14:45:31 -0700
Subject: [PATCH 2/7] docs: PEM-5725

---
 docs/docs-content/architecture/grps-proxy.md  |  69 ++++++++++++++++--
 ...rchitecture_grps-proxy_grpc-websocket.webp | Bin 0 -> 30792 bytes
 2 files changed, 62 insertions(+), 7 deletions(-)
 create mode 100644 static/assets/docs/images/architecture_grps-proxy_grpc-websocket.webp

diff --git a/docs/docs-content/architecture/grps-proxy.md b/docs/docs-content/architecture/grps-proxy.md
index 95e626ee6b..e57dfebe2f 100644
--- a/docs/docs-content/architecture/grps-proxy.md
+++ b/docs/docs-content/architecture/grps-proxy.md
@@ -11,19 +11,74 @@ sidebar_custom_props:
 
 Palette uses [gRPC](https://grpc.io) to communicate between the management platform and the workload cluster. gRPC is a
 high-performance, open-source universal Remote Procedure Call (RPC) framework. It is used to build distributed
-applications and services. gRPC is based on HTTP/2 and uses protocol buffers ([protobuf](https://protobuf.dev/)) as the
-underlying data serialization framework.
+applications and services. gRPC is based on HTTP/2 protocol and uses protocol buffers
+([protobuf](https://protobuf.dev/)) as the underlying data serialization framework.
 
-:::info
+:::tip
 
 Refer to the [Network Ports](networking-ports.md) documentation for a detailed network architecture diagram with gRPC
 and to learn more about the ports used for communication.
 
 :::
 
+## gRPC and WebSocket
+
+The Palette agent will automatically attempt to connect to the management plane using gRPC through HTTPS using the
+HTTP/2 protocol. In some environments, the network configuration may not allow gRPC traffic to pass through. A common
+scenario is when the network is behind a proxy server that does not support HTTP/2. In this scenario, the Palette agent
+will first attempt to connect to the management plane using HTTP/2. After three failed attempts, the agent will fall
+back to using WebSocket over HTTPS with HTTP/1.1.
+
+The fallback to WebSocket with transcoding occurs automatically and does not require any additional configuration.
+
+### gRPC Transcode
+
+Behind the scenes, when the Palette agent fails to connect with the management plane after three connection attempts,
+the agent transcodes the gRPC messages using a WebSocket connection and the HTTP/1.1 protocol.
+
+The Palette agent direct gRPC messages to a freshly started in-memory proxy service that take the original gRPC request
+and transcode it to HTTP/1.1 protocol and send it over the WebSocket connection to the mangement plane. The management
+plane's websocket handler will then accept the WebSocket message and transcode the message back the HTTP/2 protocol and
+forward it to the gRPC handler. The server will then respond with a gRPC message that will be transcoded to HTTP/1.1 and
+sent back to the agent over the WebSocket. The agent's in-memory proxy will then read the message and transcode it back
+to HTTP/2 and pass it to the agent.
+
+![An architecture diagram of the gRPC over WebSocket flow from a network perspective. Agent to agent proxy, to WebSocket handler, who then forwards the message to the server gRPC handler.](/architecture_grps-proxy_grpc-websocket.webp)
+
+Below is a high-level overview of the order of operations when the agent falls back to using WebSocket:
+
+1. The Palette agent initiates a gRPC request to the server.
+2. The agent initiates a WebSocket connection with the server.
+3. The server accepts the WebSocket connection.
+4. The agent in-memory proxy transcodes the gRPC request on-demand and sends it via the WebSocket connection.
+5. The server's WebSocker handler reads the request off the WebSocket connection and forwards it to the gRPC handler.
+6. The gRPC handler processes the request and responds via the same connection and the WebSocket handler sends the
+   response back to the agent.
+7. The agent's in-memory proxy reads the response off the WebSocket connection and transcodes it back to gRPC and passes
+   it to the agent.
+
+A more straightforward way to think about the WebSocket transcoding architecture is that network traffic between the
+Palette agent and the management plane uses the WebSocket connection and the HTTP/1.1 protocol. The agent and server are
+still communicating using gRPC, but the messages are transcoded to the HTTP/1.1 protocol between the two entities. Using
+WebSocket and HTTP/1.1 removes issues due to application firewalls or network proxies not supporting the HTTP/2
+protocol. Once the gRPC message is internal to the agent or the server, HTTP/2 is used for communication.
+
+## gRPC and Proxies
+
+:::info
+
+The following sections provide information about using gRPC with network proxies. These issues are addressed by using
+WebSocket and the HTTP/1.1 protocol as a fallback mechanism. However, if you want to better understand the decision to,
+fall back to a WebSocket connection. In that case, the following sections provide more information about challenges with
+gRPC and network proxies. If you want to learn more about gRPC and transcoding, check out the Red Hat article
+[gRPC Anywhere](https://www.redhat.com/en/blog/grpc-anywhere).
+
+:::
+
 When gRPC is used with network proxies, the proxy servers may or may not support gRPC or require additional
 configuration to allow gRPC traffic to pass through. The following table summarizes the different scenarios and whether
-or not the proxy server supports gRPC.
+or not the proxy server supports gRPC. Keep in mind that should the gRPC connection fail, the agent will automatically
+fall back to using WebSocket.
 
 | **Scenario**                                                      | **Description**                                                                                                                              | **Proxy Supported** |
 | :---------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------- | :------------------ |
@@ -33,7 +88,7 @@ or not the proxy server supports gRPC.
 
 The following sections provide more information about gRPC and proxies.
 
-## Proxy Without SSL Bump
+### Proxy Without SSL Bump
 
 Because gRPC is based on HTTP/2, any proxy server that supports the
 [HTTP CONNECT](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/CONNECT) method can be used to forward gRPC
@@ -48,7 +103,7 @@ scenario, the proxy server must support gRPC and may require additional configur
 
 :::
 
-## Proxy With SSL Bump
+### Proxy With SSL Bump
 
 Several vendors provide proxy servers that support gRPC. Some of the vendors may require additional configurations or
 the use of a specific version of the proxy server. We encourage you to review your proxy server documentation for more
@@ -65,7 +120,7 @@ to some vendors' documentation that addresses HTTP/2 and gRPC support.
 
 - [Check Point](https://support.checkpoint.com/results/sk/sk116022)
 
-## Squid Proxy With SSL Bump
+### Squid Proxy With SSL Bump
 
 A common open-source proxy server is [Squid](https://wiki.squid-cache.org). Squid is a caching proxy for the Web
 supporting HTTP, HTTPS, FTP, and more. Squid supports gRPC but requires additional configuration. gRPC with SSL bump
diff --git a/static/assets/docs/images/architecture_grps-proxy_grpc-websocket.webp b/static/assets/docs/images/architecture_grps-proxy_grpc-websocket.webp
new file mode 100644
index 0000000000000000000000000000000000000000..346f9427f6a3f61555d3601dd4ee1cc94917a0aa
GIT binary patch
literal 30792
zcmeFXW0WM@)`pv9+h!NLx@_CFjV{}^U0pW2Y}@Lxx@@b<&f9x`2jAZ3o^Oo%|K^DN
z6R{#Q=3H~V?=vGpNm5Kqz#RZk7Zp-aQ{d2m1polZzrPAl0DVw^pp1e9Hw*v(f>UgR
zC+KrIbHVSjoe=&ZFYqJV|EA`f(*)ycvuqM@now&*jMNBJs0u&*USPAt2~4Vjl)c%;
z+-j=Niz&l^3gAinsSqkuO2AU2kV2tcsc4cveGBv2OjM>9{AspXx2ei>?V)hz@)EU8
zcu;Iu43;$y8eKqINa7Pq0eJ9W(Pdm?Ueo4C8id6f0ScPIa<k21b2;10C;^k(GYDTm
zKaxT?i{t314yjxC`o_ivLC)@_?`3)ygwv(Zd2vN&c$z=_#O3-PFwGV}K-XAR6>+FK
zpu9Ydu*0*Qrev%-w0y;vGW*#`fnFJ7?fi7+tUmup)w+EHXXPM2M-d~Fj(#J;tb26E
zR3Of#vD_$#*RkIP2ap<IyGT)PwBZV+e{`mcs;g3|k5N%_@SVW=kU4Z0e>*Wpzpk^q
z-nCG>RL6WwAq(V5!Lq7cLkl<(<9eiL4g(!~oRC^s9$t=YD%*j`<wV9b>5X_SYN@Fz
zqN=ipo%?!v#Q%}t)^+QG*yHzpcaaKw9<j3fKtTp~7Lc#d(85qe!QggXf9Z4E+N0`x
z>JM7>PLU%nOsxrzEL*MH>+_1k5680QzR(9p85NZ;Gv(d|mX~W!R}U4r@60LtQU=ak
zLeP@Z6qF-wbfBQ^AtCyxV|biIhH#Va&SeuYvVQEvLk$tPALGE$((DeVq!H9`pR0Mv
zSGkaucR$k|j=(|jZ#10*3}G;eECkYbN8;SXLHXj}4;qg3lY9UVWhWDI`O0uiHnn?5
z`64xMBvZv@9<4(1Nka{>cYm1A7hNGeX?i^C>kaZeXEA4RQvS{wb^&SV%XU)4+~e!p
zS0m2{26#qzd7~2V1zEhwFrh^Y@1wH2wJUbg#>QZi8H;E;qLh!@6UD+%lUyGyaeY3T
zXFW0$p+M-x<De@Z+IMRfnh<1gYF57U%C{&*;h-He?C5AQBCgNx)rvvkuHo1*p38<O
zNVxE+bSR9;n+_T;^JNLRCYd&&Or8^lCqOBTPxWGutkLX*-=afNHKU-#&hX@<7l{R{
zlZb2h=wh%j>f=PphaJ94G3A92r*s}Rl82C!N_ZJ(eG64_WM{{Vl@_CxfM$}4ofM9@
zCR-LhZEU2Ftd~Vi-g6vpKszdqBqvWKr-3@mix&@?b)XL9Nn;6?lg5QfOa>R^WD>tI
z_`=PAA?Oxp!NCv)jS55RtOu*<#7*j~BLv+(ZW=pD68Mc+C_6Qh^wp8M^yr&Uu$(MO
zf$ow5Wr@%i?f8i)X~FPHIxE4EVpb$^WM>1|b~k46Lme?UEoURx@eOD?F8YIZS=;90
z);j}>qy{Hx#5s@F3Pf2=VJxetDVeqNj`s83h09sn<Ict_wdN*HMK?3cd0`tp66d4u
z9lFk;<9h^|t6jT(vKKt}<Hf@4tIigdN$PKQrL4KTeji8w|MveS1Hc~ObMBwpmQ%Kl
z<3UOB1yk4l4M&>m(x=HTjzt#d?ZKp5y3(1FZ)$tFXwpusZ>)89^7ha8?_70v;=QKA
zgJZ>8^r=C=+|Z<ZOg?igzir8Ue(y~BIYkNT%Tsq(SUg!V`Sv{VwfJfx@=Q8O%I_7k
z3rsu~eWn*JNvh|Kgl6T3el(n4yKyN3Wip|-Ov5KFOO^0#Jm88U*U3m&HmNKxu>$nd
zkZeZ{f4cJ?Xp(8OSFMP_hSSwKN6OvBqUBTxvW+Ds^dNophV5QN5!}Z@S~C`+$hc7Q
z!;5UkBKe%~BaY#hd5ZP|0R;iyw#OKPlK2m=Z;Uc-9eF{Z+&!(QuXLqx-CQrrR7q`_
zbZbT>k>S9u>oB^KSU$d;OoKS;wlW+c1eKd<Ct$;m#@Px=U{)jf;Uw-XWGz5YBsy2m
zdztM_9*a)LW56g%tduj8LR~=t9Tc0qoPXV8Dph-dB|%>I!yz$^JdJrxTL3|!02gbs
zXL~n}-Q$Oc#fCC_Pp+X=Mg*s^7&q0htDv!ruiyLbeE0MHwD&go-77ae?}PH(q!Fri
z7KNGhQbCIX;MGF8;WA3h?q%C+^LdHA>j9w#r^Xk<Wd(*j%EoZ#am)ARa>7nqA}Xq`
z2~(TFG$y_vFHhtgt?(-&4r{pt^aa-{2P(3N{kqK7+}ef=XnQ&+ii{B|^Kh+5RNjF%
ztv>*^JPljBq3K&A<{`_El4{sIfK?tYBa;QZFue3Ar@8<#gmARvoYoxbVld8_7Wy74
zdUP}S>^H{p&_HD8K@<UG0hrkp8R@NP!>RfNcq;>t6>(WDnHVuhVQ9`nSmJP0ataE%
zW^%>S%2`nmbYnpkw0ZVu+{oZc0()>|<N)LXMz$m~xZ$s6Vwp`;{-D(0eQ9Y$F=Cpe
z<edAF#L$saGSMd&Nj8Dsx&e{-R3e#Tg}9;N@iyjo++5&-ff>k2B83U*)CrhTM$PDv
zd4u0fk`1XCk@x*+yYip~gT!q5uvsUGUymbCVZq5!X9q2@$w?E1tBC`Ng~D;kW-YKO
z5_wdSQ}QHJ@<}xtt_=17;K+hm1n`QYC3#T-is-CXREm9qkT~I$oSUm8&{U|<ed&TM
ziLXQFr{@Zy#pI&SDQMMXpwKi%@(dCp@#J*qqKfcv;PK%a)S5}eNUqTiILOI*=qY)D
zu!$Xpil22qD}<0x3&pQ-j&otn!39#4NgxMNNhA`(Mix+6lKX2E&?E@O`(%<;k=X~6
zhJ%Y>pg8keDSlQBHA;|x2iJ6Jb@BK2Ck>ZCMoDN30swwf74fF+Z>mxP%?6=Sgfal-
zvtj!tNlsdjPol!P?T--g)%MMvb107x+Gk2$Cp+nN?c=c(ck%)00@%v8xafA<v*4%T
zMFnJDA5jNp-(KC&FZ!K%yx+sUuz#esLY*w1VLj1X_$lhQ^c?y4`w0WtU;8d=-lINR
z9(tU5HhLysL4dkIC*X7~<qZ3C&C3?>qdm9P56Z7?t8H@{_~CbF)%%R};&&gnbmghL
z{$BX1es1^V_fFXHL3>NT0&D^%0cqb0f%-4GVf?2(eeOMX(}%!ap!Gfd)AEX4JJ1ox
z{IU0XbVa{0y~IBZ^n4!%(jE64^z{0bd;njYK9Kg|ZjcU$R)Jl<t9}me3$GZjaW6h~
zt5>f?k3GBZ{#|a*kI#OW{Kx!<K;Juo54YE=OQ<J)An=oK%=^*X(KFHp(X}5C2;fig
zlLkt^KR$ZBsRMzfep|qOAjE#@ll;A313!R&yr&L0421ird00NNd%k)B9`($BEWfI~
zgT1MLAl>qx_}TdO^QQu}fH5Cn@BBcbJAEJ!_`dD;0xZ4;d;I-}Z~Vc2tG{<%4-JNp
zFiXM;nI)nJ{~)J^$&gS&V~H=K_(~!nGba?EUi4oN6J2fQguZi8)?-w_dg4}M!@3yC
z3#$f!$W>AwTh<y-FNW|UsKG;U)t2U$_xYEqq2IA;Frc6I=Y&>3f@W(d&nz1BD*vCS
za&*W6{hF>ax(*KBruKX~0ss3N<D8$P1K5p03}k&6v`ja$>QY9(@T?ot$w}_xA@b5>
zt|Acc)i@0+JT^HKlX2-7bQQrJmedAjwOZ;{(7a3LAD#Vp@48`yrR737&0n=MnwCK*
z9IG81PdQcS>U9I~Bu=soA91dI`HVin<BRcRc3$@05fiE&A(q2{Zlfi8JwK@Qc0q#+
zE@|@hv(<{L7Up<mBVCH7g*Hw7OtY$K;+*<L#b5U1TbEA=wGa%!$2Yl4CclmsxM?|J
z`?$t}Dms+Dm<YVK#b+`+;rW4ubtCJ~8p=Klq9v|OK_C0@6-H=nI~lVC^O(j0_vkxj
zFP1K}xt=k&=&b!oe&ER8UpN@*;#e`2*+R%#FYh3qbG5Dsu?*U2Ex6)S4?y(txX#TI
z+0_Xp)t1qX^tCW#a}yGC6hOR*i#J@kmw%xtsZ2f5TMDiAl06dz2{7Vc`Eg-zyR4vn
zKHPyZOyEszi}#6iVxrk)8<Oy#A)m|n9`>DTciZSk5>n9SQe7)6lN4|{6`T^R6ZSvC
z6=ZyZ`p-g&Tb2!zTMY#<g0BJZ7llkNwf3xFm0QaJ(8+JGI6&_HWt#siMKS7essC1<
znmGTxL}ljq-ofmy>nrHsOx6BALx0Z4Pt|WB|2T|M;a>i+l01(XN(0fut{KcnXhMpN
zE4#@D9DpMQGh9GR2L@TfVbOIZ^crBN-RqtpI#Em3`>%&!YB8Yi@OWDwS75xWX~~C;
z{$4>rcD>xcSCuT~mr-x|Aq73ZG#s@m7avn~BuehRhp*RhbAw&ENKyXc@5|t?>8mP?
zlx3sP@v0C1kwT$=U7>2qsWq>w6z=X+bZ)SKt`hIdw2PazFA3?s&Z$>0o#Y)`1ZFH@
z9Kt~OCAK?OXncEhRphpoI5&d#AoRqqwR0>6sKDBMU7YK8NyU8E4Z23FpCG*LhVghv
z6>17W>U#!2j?bi*=`W)vVzg7(f9OFml+7O^Ao@w!?1%_~M1)-*95wa&&}!-Wsf;cW
zf3^9?^frcCz)sY1y)%qdN6P6$;6lO_;TmX}M}vJD5i1{vt~IiIS7+~f8~HC_hG0{0
zChZmrA7M;aRhXCmLGYI!RhEXk|IGhi7Ldy3Vm*^r__1X{`(S^z&TON)Mw)U(23yph
zLV|~5Jv2g_{>@<G28Shk(D@HxF_bH`SOcq%re3hY`-iYpbOnD&^S$qd`J0v{+}ha}
z@UvO{cTsX<6x<}M%zm!sl%%9Opoes5J(_$jN&)|iFcSMAnx5cf--em~wUkuj{cW&q
z1fsJW{-Fi`JS+=vbg8fA+YDqvXEwp);G`20%d`NjrpLl`J!!XP*|qqi{!4KMfb4}6
z)Y-$Y?jZk5mE~N+^}HyFbGs3qFFc`Ox@AzDv?PCdb28F*!U_TY6=!fE$wJS<!tSYh
z@9w1{DIb-04>IyfU6RAPHN=o9<~}l2HOa#tD)rAR3#l)0|E*5{s<l5COIpzt#5CbS
z%g2#q720xY9i3y&&kHMsJI&zDo5hDB!4Hmc%nPn93-5!t^hCh<(DCqHibSo?&q$JZ
z48AJ*Z0s#E?8$%YHr1fn8|X?Jd$A%7dDM13lJ+_c7%MHZcmet&=U>7sL_hhv4JE}{
zo^hgI$6!7!;TwWs*AuiL6r0TMRiPfB3SVoeC`^_7J5S70Su&lWx4s*k!T0~x<3A#$
zk@{=Q6?Cx6&Rdx$7Gig(LQk}#0{=>Nkhsn?rbgahEr)sL;(w+B)klT^jopXkQ0Uj^
zRrwyh0=kg<>78)p?TB>qfj++_)IYR}T%Pq2@oy<jFQZBW!u>Xg%4<;l6XlHjz`V#|
z#C<dPgHUd+b`7Cl+GvjdqjTxUuKzGQZrTjJFqJB>VREqM2A;;s4*~b0^Jv^h(U4%M
z2qw?0KV=OeB!qAi@J|~j>I+V`tkppn_CGT_)r0+`3Y*$&YMIYRv^Eh<SNQ$84wwTe
z5F{70XVH0yz9t1OfhTApODn$h_#!ke2>!VuVXu|`Sq)lTGtsif3x@)lCfo;qSe(`d
z%&CwZ)~L6;bcCg<IWL0DHL=4vSEre=>+k9AI2Zu?(2z$Oq+jpQpVo!)3te`x-jME-
zHpx;Do31(fO#^;tnCO{ev%1Nr{n`3paxKn7{qgBJVgIy>EZ&Ifz)EWQ>z8~Mb=G))
zPzgmFZdd}dXTyrmU$P+QYK<W;i~bO(92HC`REG@l$$R~vj@;(z`mwg~my6@y^GH?h
z0DOduH$TQTcL?cnZAML*57h_hs0|QalOiMs|E)FIe*a?%V^n=ezCNJzmiS@O2{3H0
zx^V=Yf4aC)(p)2AwOo>hsIyH31yu~_4|6k2456#g$><~<n+Mi#b~Z|U{vEvC{DODM
zKd_0~l1c;~v$A4kY_auMpMK<wB)&_;JsU+YlPM?ucVI;7I@iSPGw(e<RvOsI<Whq>
zVg5ytrg#=119)g1q+B0Gj^scPLvOKUl87%|Qk&RP6tCYnd*n;OeyVi4@Hbj#laG2r
z@RdFbYSOy_#6zWDVohO1DzSDk)>Vi>m40gT3*oJ=yV<<3S$0i&+|^3(Yd0U?zj%f#
zT^2V1^aaL##<td7acmOeZgHXG&~9TV`Qz_Q#MZB(&b>oBdkFe{>s0Q`X6}F54yL?m
zfoYBt#E$1o`82e3jk$3X<ZPCwX&Z*`is08w6-M6dgy&T{5MKI_rg?e`p|J6V)Ek+O
zr<Qj{%ka#7y=$2+#AAr|VnioF4f$M-u4IrFoVA3DQk%i}+DEE!{|4#hK1R$cH?qRa
zse5}78XML|j%zdKoRxO^2&m}uFrJFY^C_SrQ@di`cq~o*rvvOn3np6#;lh&7XN^yG
zvVr2UI}6Mirgo?CZ`KhW0jdo$MqSET^8(TZIuIu`x>2~K)TF011?Wbo?7g~Tvt_Xz
z5M+Ln30qaC*L8)HdO*fD!|v#oJ9z=EQwqZcjNA1Vps1J`m*ZU(;V##2l!f*fy$6Aj
zx9Cy`GKZB<2T!M@ReqF(?jfkA7=*`LYPAE9d+~*dBO`a@gLGE4pw5phs1FYEI003h
zaj)(8E($@@#|)wILxnHeY~>D3DJFPJl;Wbuo~!RBd5AwWjsf^F^P;kn18p{P+CARR
zW?0}$+=<uMPVCa(w3C1vv`Gt3(tES)d@)&;J7=Z!;qcTTXY^R7Y>=r@h_9eSump*H
z5}wP%jn99ebmqjWEo|Bom}UCuo+Gm9(p`ix7x%yb7>l(*4k5U_-~I_>UR4{ar@$fP
zg((^Z+@J8>1KVW%^$X_LC|J2a(A|zL?By)sP1t|8IsVYNoi=xV<BA4vzJox`V7hz2
z^x3m8Ks<tfG#d{0^0^)(@YwL|Gd2u_=E!q|sGj1An~gNYcBwv^mONmoCCehW$!u)E
zJTC=#{}JUk<hQ*Bd~Fa8YS94<_@7+j@3q#R%dr*WaE<cf$tO9>yO<34$S8uXi~sH&
z0Ixq?@A6g|v5)e<XSH0OFZNyLb~~zQan>T;E=m6OacZhRyA$%tWDYeE%O+!_NjRP#
zWIS&WbyIwtINM~CI1RG?V0(U{dE4kKO3)^c<x`Cx_;Q-Yj`Ybt`c%!#9l96&8}RHS
z*(F6JWU?|OJXsj70OTRWAuFQ3Hxg)3G>R56KHg~OAA`E8cmFhF#3vSoKg}}TXW$RG
zHz~38e+F&(UO5O<B(`0|9gW*o4wdl)7#Q21H_|0h?II=Eel53tT*KjMbo-iMDADl;
zg2+Z8X0Rz3iJ^9_8E^p|ESlyAOZER|5S5K+L_2??Y85f>Kl+{Dz6pf4Y6yS^{2Pp=
zm<VJv*Z%?xLT2$cADI8!(tlI0F3*2h9(Y5wdF0<Qb8PwM@7DNx+@FoizY(E=QqCs`
z;jdj-e9<Q=0noqoj5*G`e<$v$%<t~he>6b<G?hPs97|p2{u`P99`|=zr%)WYfQMT9
zE5*S`{&RBv)w+V8{^@l8n`)|aK5>2go%{3t$AbSh?w@_zKf?{wTxK5nd(U8U_Wb`c
z?q5CMKh8}m<?9Rmw;TV18Ip<rMHl~|$SL6njb9WP|G_%=FsEubI2_N}|MA06V^{}V
ze@k|exAzZzQ_Kd~zwooFX`b8br|@@=djAL{F3z<Y62M>J)!PE6Zy#GT{qHs8a=X#L
znzlvKC-7ezb{B8dY;z)@`Ez~zDF*Zmka!0cz?V>9Y4YD&{W=)l;Fc(;4X*b8^FBd_
z)c<jxz|}*Ny8h}k;|BR(ob$iH_@C(TUwc8NP$>Z5<0FF@0HEmjH0eo~spxWgrGr+z
z0xSFToV3n5xdq|eKfjmIBvF}rthV;Cc&0~?t4uP-&ZvbELyLuftY7>|ZX5IbP4a7Y
z@h|V>x`H_XKvt2cx0iLEabi%D1MGhP+xgut)lvw4(g&PEtTod7^!-GEuWftR&@Bxt
z#tn{-LZJCEsQev_{P_#Kxk4&~Y&%$jRrIitVQ|83qQfb!Bs-;uYT81{`7qJenbCM0
zc1y0X@OI3hBbO2m@mD2|7bSnq&b83K&@YDNdx*3(-uXvw-@AjF-;88o?ehw>($;D#
zgh|btI30ft=bM+g!>P9$EFs>n(*tz0)#BZ+B$6c|lkA!8<0&uB<c!*Os!1LDMaq2W
zD1#iU53G+h6sS(Fftq*D!HDiKtyAc4G4N_jJ!{80ms&VVu$xR45Tj9rEh-cr7L5za
z#SSJspg?%;o$OAh2sMOQ1jH~tP;!pF8RXMup%w(8enZXubFO}54s4_7F=B%UBRAHo
zpn`81Uq|U&d|tAW;hAjVCp!uaAtY>c==^mKie*fST%Aq&`SKo1J9RPiQt*F@l;%uh
zt)=L5Zz^~ypKuf`a%xw>j!#7&+287uef=q?$6;U97MF>O<E3&IT~h-Z8dFQbG<bg#
zEks3kPK1xj*rLYFO-t2>;8?C@dU6?iiniTUBEGksRA|4&15<T8&u88#DPskT3}<aE
zNq4Pg{tE7a*FDbv7VH6oM#+x7rx<8t=}RHdhz>1rDXiF#)6Edu1ubZhKcKRtquy)J
zw22`_#OMYaL&81^T3(zy!3Mp|CDbyQ5BSkJ+GNc|sPf2t(nm_)LV7wiy=SY7ySrX2
zM3%)wsU(2TWxVOsACl?k<mbD~vZ{5zA?eUbq2nUoWR*?47+y*KOC9Bq$@~eme93(K
zBD|FV1qte2X|-QUIIJYFeMbO$d}_KF#md{swd0o@9Rmcz&ybl0i~5sAdy;w?F4<d|
z7!O`K6NO<|Tgsw|=<Kc>TDLIqCA)4*3;;+#^Jnk_Z5;8>kqcm~XC#TfTjeMNke7%W
z9d)6@?1_(Kt0;L1s5!ZyTsKBv)b6K-!(k<}tJ}!&-dxly7HaKOq3TyXn}z%%e@K1v
z)7^2)rXb!^FmA1jWa^h|<)s__YVlJeVB@Dd4bs%4f1l7pMSCnZ-`fkZ-KzK`<$ZL$
zG?EjDK|w=7E<DwvsCu!q*vOpvgvj8WPF(%6yp6)FF@5bqWGp9Cxpe2segs?30^5$E
z54{AxYN#tHbTY1J@$E(UJ2R0LBFQ7!E#)WBw3Z+F10M6#TspL!`yd7O<cMCcIeW@`
z8CB0SRT8*}3YC=nXY5n2#3*YyA_q$R$%8Y8a~8ia(#nTBcWE_0G>*)ER5D9$1<L4o
z^doWpm{+UVmFmVT9?uOhIp9RNJ=nKj33YezrmAnxnMy2$6*R{kUejF`Flvv}y5nHr
zoR&sP7HdmP9jF~nSLn}XySVNb<C-77b^Ean^#JZ?(6S;?l>V)Z>^wCgOI~%rtii`2
zT34#=NMK7v*ok8`ch?*WgEAIRf8|-dY^>XRt{U=Qpsz#M;7g0$b*18K4R4EXyCH-?
zh1bvYU-oOym&IM%Q)-nj%rwJ|TRs<NI~KTGaV_moUFln`n%-w2E-6eWCopm21aujq
z%n)sehfQDVWlW1WXnK=?CWf~%Ym%#$!B*B|;Dfp{kf=e6pWm=R!B4KsY^NiP#|%+#
zaer~siQ@BFK0=S4)i`Zsu4KM|CEWM8e0rH-i<wyS9tF(uKfNXB97pNBKx!o!?0C#N
zgtx4EW(0rOa3LQ<=z^<goycO3nEhVdP@(#o#`7jTqTi>N7)~@DQLRz(CA9)}2A^0e
zkJ|W)aN|iKOsL=6%gtLxx86P|sB3N60dDY^oJ&1!NOK(`_vfNQ0oigJ-~E!>T+US4
z0_vxo*`c_6ES|CPBgAlCBc^0<X&|XGe9NgW8>G?Sp<Mfied^yYJ)6va3NKe{L~PZ*
z>f9<V9>07p2s*rWGL&+<HI2Sb%a5uq!Y@r)*`y(*2CRZlf%4?>I=+#e!87+VFOWDz
zkmea(3=lH%@`z=_18j&m+~HpYoIx7x$)N-msFsIl7rZ6b#!}S#V_bRAf>l|Q%_42W
zEP{cU9OxzGd>}~Wp?M~V;^Pko@$`r9<d~}~r<yeid|k|f(C^X;*_x2SnRn@8nc-Uk
zL3z|z9AvV#OH5?xhD@rZ7=D@N+cN1psTvz5^gsM+0J2!G)0TnvQ;oY7D9g8s)EOed
z`W$oPN3k5EBYGv;YGcM`w2V3%j}DU=>}C|!ydsbduRj_4cYWA=0l4mWJ}mUlKoC#3
zN=ritFh*M>Rtr^@5Ysl-Wls|>w7H2BLd>kBr5D-*I=nZZ=n0ASeJsk-B|USGY(}^T
zr1_7?S-2V!lH3u(P0qPC^bV@C(oKE8?^@tb+z1+4x#Z<W59V{Q{cNtpvh>rv0cvxG
zFr+5_2YWd}9mjKfgn8}F{$y=5#HY~J8-l}nydjSC-Es&vTcMvitMX@5&7of!+$0L2
zR~f#&0w0kjmy`N4k7Bvc@xiYkDQ(I*<AXm%XJBBl_$<17JAy|v%(NUO+UkY1@kW!i
zHTY`NhRhkF(L`V?RL!AL)#{LSjnahUvuTfwz>({kWQS+as5J<zj1yAZ361`mznBe6
z>3bQ(QX+xVPT;Vhb4?p0(fg5W-H0(AmGL>sN1vC4?MGg2HS-ncgN7ic`4W}l{wFJe
zt((_NH7<jnPVM6$9UV6MShm8y=@GPl9w;7`oWeC86o!23L_-jV7dCkE0UB^@0x-X7
z0#!16CvS(j!>%dRHw!hGhTcb)Pd-Pmft2gDD&ILC*M%jjy`NgHu@hvSsRm~pcsYkf
zP^L$;8v+GvCZcZ4Ov&c$?5emK%!>;ztJ-Bu{g7UT5exYt+jzLt6C%ULTx}0!=2K9p
zGS*|olE!s0Xc$;{F<@Ss4&j<HaHIOrJ8924$F&d2pQO-0Gh2VIxdGePN0A1;h92J>
zEqsFmO)pp!7Gh)(G>hu_sF#1&S|%jrt{qj=7Ed~0fV>qxa%I0mc1yDn+Z{`pB&1cf
zhIn6Xmfgg`xZ<ZNw$xxPNu*PG@)G=cb8>R_bHG#AkJ<=Rh}wwz%u0%5w|Lu3YBy-)
zo?h4w+|GJjP4Xb6rZanC*bbC#shSuuY}E!*s7o4dFwiaR7uNpbX7V3m(4~Pj8i-=4
zubwZ0NgH5L57}3hMxENhOen8e)YCUS)~!U-tV=se&6wxlrk`+j{XSt|p_X9_1bZ~I
zaM{Lk!E+`^Tu|S)UR-jFC)3LHiT5?U=GZq(Hp&yQL*XfE*o2fNtq?A0p$Y#Q&blyl
zr_Xh&hw6iq5v_*z3%t8uxK;=V3~b4{*FU(J?FtP8VG*%C0N3Qo!7mEsIj8$PR(ikE
zEf)Q4!{U@6`O`aTuXymXMteq*89Iz-@Z&`EDZ4ppdFw*c3Vh;laA-AcB(5F%F0REp
zWwxl7YadXrV%%$7?g35cz%`yOQZtAcx<X4>x6nu}hqKWCs8V@289eIXWRqy#G|hG5
zRINYKyFot=^W<hRJpr1ZMfw|e?QojtCDShe@5FbYBUTklaaSPa&a(OIblxt>O@(-8
zWHg|*!$AiewHo=#W1HO2ydN3+3z>E0Sz<stu37r}25Z~Gksw6gcE!Qk_dQtx#WE__
zs245D2Y9j;tT1+s`RS~Y9tyol|Mj9Caz%eaQndjz?B&<YrndUyfoc=(_UyQoJK-5V
z(47Xt!AOrh$o$3r=Z%)O66uFRHUVnAkOFT80xR*uL2hFj#)rP`H+QAD*#&dWPo<et
zlCD~tx!C><72sIo9(;QA*=^6^n^j6bw3KYaFNo--Bi+9^<zdcT`GG%w5M*~f3#a*W
zC?7ni5R<w*V3O}}(<OsPH;gYI`HS9(>wTG!kg%cREYJDL2@5*N{hcdI<xc;}CgXu7
zzE<&gmR80GwhI{S7D<RZP0*Q^P`VAfFLXl)hTi|Cqt`d}epnI;xs-v$c2vFWt4Vry
z(s&H*ePj|vzu~f$Jf0UkwSzFhN<h-JAXV7L4@u*8p+2vqzwzD=<)(Cd9+~1=Qh|xU
zo+&ajctcnxjxnXcj2u{vf#H4pdK*es#c2*$CZ0#T+r>FV<7FSUHXcsv(U`GuI6y~q
zW94(Eztt|3AFf0F!U<Q^nc|1u5fUCPxscu98gg^qL+$kGHq^dh;wlt`LnMJLW6#X~
z#q4>~i!vxxY}~{{Cb7NmxPn{Z&^&-Z#7U+veg8!RFBt+|3y|6tqG4)CCBe;B>SDWo
za>_PGwbnLasez^@dKPe9N}#b|qJ`Xn9a4jaYcf@V)hpyGSRl8`Q5mTWC$6n<4vhw8
z>)`sH*%DmX{<6Pq0|&+vJ(xOZ><+^6Ne2n@=2sozxyM}v6bZXV#Ll*Rka=}^xn|Ib
zb-eP>1W_2y$k6O0Wz|Pfs4?&(YrqqMJRIUP2|k0{riK1<m&P=XwuW6A;RY|%Vm8f+
z)eFsh>E8YpRtM(ZUF~6nxfk-cBNkSxxOO9_bEIuq_G-6`!5tt_zk!xVl>U0p=%dX#
zBiW3>l(HvVkl-ko)4=v7t!(-txKhQ7y_*|wDwKodl!$yfdminUX9k(e)bcuCa5rRA
z&wl#Bd~eW2Y$9-;<E_8e<Y2Jdt0q7gV&*!Git=UK(;0{5OLjwDY$LU2Us-MN_lD^X
zuazBba-9PPIPkVsY%9Np&UYSH^v4Byu?nzan(N6ix0wipg=~{p&u?vOOdYloMFlh3
z!CuCB657?{OzCi68o$H6g=<}+-sq?D9+X<-kB>Z6wiF=;ATrzO`arkQKqnT7#)X5k
zYIQVzi0H=(7sVpTf$uJs&>Lr&NMI>{@L+)-3GrtT=M>rCm$*=(lF-O4RRw`A<Up_m
zNxluegQ4Xut&2!pP>Sn|#duzBy6+v#?+4Q}Yb^}ZNMy}%*zq=_d!uD50RXJ#!F&x;
zCt~8;T0NlXt6~R8Vn{c$B(MYeW=`wwBCua^+xxzNZcH@0%Y?~*0y?aD`Glk#@|r)U
zmG#Qhp`;CdzYF{OBX{L%<+mG1a-(f<oISx(s3NrH2dxWzjwLk=LP6t!qb0nKLVQHc
zO%v;HICk2nLi;J~RAo4MKDO<6pA`94ZE>&0YVHAICq!Yje?DKz$IbEJ8I8eW`8sb$
zSyifh7LX++7y~zi&>C}`e4^vL3}M7k4}YSjSjCSfVMxk`CeJ8!iPZXj-8tbP9#y;q
zu{;$N%0ACY18I)6)hDUT`80zWQw5)NmSJ77rY1e3)bld1-BE^{I6O5eL%b^kj~~76
z;7-p*<klma_Nzn%7AiBUoeTfba<ku+$`{IKPq5F!&WcG$$G~7?`sABlhF!<@x$DJs
zQkCO!RF4YP^V!|dxyMd)bDG}~RlE5)-l(w;Xs$667$9xrVn-FC6)E3x>G3Ct$VR!i
zo(5je5}ev3ryqY#-ZUtIWDmW+XB5RLXcTqy@`K$S{-{ylPFeiy=l2)EOh6oHool*G
zP@}oIVF(2gJsY`}y*=m#&-y#1?pKzQ5XDO7RO^n%D+83vehfBf5O!v|3b8A^xFQQd
zJl2@z-D)KsdS1fqQ?*Zs1CJl7eD*U0j%N<9RL?_i;%J$0;wmkv6^U`Ky6hwUS-9DD
zyHRNVpQsgFw{yNnr|OhLmCWv2&}vA^f*qeuS8o)uJk!t2mOsaxIT&<!4Q3#qt_+9s
zAE=&ec~MKiXc~<+j316wnro*NfYhCX;Ej+}6T&~Irqv@Y-<t&nQ@;o*=y+sm!tzh9
zIeg__=DRz-F;7ukq50aguht+AuFSYEhcyydlmeWGz^^E&w~wqxXc}w<aE0q#B9hI7
zFn49o`Co87rS~n_(H|!4O1?^bbPom<k>=ApRen0;>_wo#ZRL;ota%)NtIxBAv<m_%
zS>?kxSK)+*K82rm)BQ_}rNhLvcUMJN(6!_0)I0Ne;}LmFZ<LF|$+k%Mf~7Kp8gT_F
zg_3zz<*dWS3J%BLbgbp197mK9{)@hPlGJeR?`I{ydf+LmO@L6eTzMGb_UtXFC0xP>
zi(G@-T88;LT~V}QV1sw|QX#r=)5X8mkG_*GemzHyvxbAcLQ0nL1dXS~&?pAq5!kNy
zpvSx(XEP|yr*l_`K{o2;lrebD-dS`<Frf2Q$z8t`HNJ`QjB{)D4-Sr4H?MPTu<wM*
zDwO4f<aWIVeO!ZZCwlXvFu`po^oxXD%(``vBss2wzCcKdJ@a7Rg0z<2mmBN%jf#W*
z_IO?Xb!7egQTUh5F-+L-ph(wV3XfpqBs#82gD#Sw(H4lV>eCoF0xeiZl`WJn0kZ$Z
z)Hq7E83453^zPHsFXytBhzS96k&F4A(@^7RaT|Z3l@O&R89n~#6u14sX(dEH*059c
zZZfxw^~F}ZkGXmV1kkqUP@AJ!W&35c0TryLgUj$KkRcLQoSaBwqF8R<iuCPp?i+v<
zAh$ji4i2em;$a{&aTk!w7-WpsK^Dicu_EX{6TLawqM_mUu$@@*+C5>4wTG#SkSem=
zG6;K}M=GcjAwHNThhk=&R=O$6df@rB`^uj((Zmq-E2!756<pD&rA8fUE?yLA^4X&g
zAJdkKQA<BYhG%XO3jTl)l|k}*x~urZRY+!4a9ZpgQ)#1m2u?22JfEh|1c_4-S0TkN
z^-YJB=NKD^un=oTTtS9o*nZmQ(CeHU09d9crW6PNC(V!R^CGFh(<$*}7>&>DKg%VP
z!qN;onFkuJLoIz1(>o16U>uT-LutZ!BAnZN+MH9TZl7LGtok%_JgV~oICJ_2a*28=
z=+)QpBf;Gw$Twe1$22m+Gwt#uuF7SCz)P=0^lTy<6`H@+^`@^<KDF*FUWl@`kA@})
z5abqURrY>o*;f0qpPZ&eluG9ogxyUS)kPo8xaH;{EpTtg=$E3mIWuPQi=wS5W`ZO>
zxd0aJ$9=>JV#u@wf@NfNPgAr7gUwC1&XN_LP2j7l#XF9B4zIXmUC6i6^-`#yQ-NHs
zIWaOq>`}*RY^@^7w`+wAob6Ah%NymskPhN$dM1^0mChAF=JeaJb4gKHO&B9HoFOF)
zx8qJXNSpE&{=t{b8buDM0Qk?9a9*0TR9*AM=AvuzGr^DQTfsRkb{ul)3e$S^1=uu>
z(S!wLuI%D<KVj&_qsC%4h|Sl=jM8HG+}ma_i&QnEk+dRdgsAf*L+q7vcT+v;F47HV
zta7ArI-bI__97{c&IFD8ne*pBX(~utcZJE+nKEf+U_IyVMCp(9-Gu5JPcllXmT$V@
z%syP&gTM68^N#jvx=RNd79_t|kYebcJfg<JDPO^_V$r85=4Gm*oA^=htQ+4Fd4~(R
zqtajsZ)~m5g5yKMSn%Bw&GNKuzE_(hPFFB*_x9YfMe4!5?F}TQRX$iajRi@tpjK<X
z(6e%DZIAM?nvAT3QAW)vpovb@;br$7T2vb9(Ac{2C<y^Ah@QzzZP@iRzR6%`=jVU%
zPU#f~vCAi*y9QVGWu}GI+4-3R@wg3wqH^~Mk4F*S^w$M2A$N?c->PO7MJ`6PyYN|f
zyfgRr-PCif<KkZb(`iWqCT1($q1HHa;d8E^9<fiqTSKIMY$9)aJ_L}D&1~fRN&Jz6
z?#1llG7pIUGmcaA3yf?zUq_JVC3(n_56$*9ThZ8e$<$PuYbitwf+@7RlyGc9lu(*3
zvl{>4oFCxWP2ulhtFn?mE_r4fNh@v`RUf~qm1Iw4uVdk<=n^W)W7E?11B*l2e>&=<
z`t1k9oA2%`VN5Mhi24CA{kYpEw`p1@r9Idm8)cNm;rAN#7QoGKCtoWr<uH?B;d`Te
zrsHl<otDSfZdpad0>2|%yreq6_&@|C2}b#sL+=&i@qdDtvhX;!l%GYTR|UNhwAW@G
z4UUC6jf+`_pv5cJ;g?~Od%^%|6{|Y9Bw<}k@BZL*z0|nXl9->aZ+Az&qP;Yi8Lv0+
zeM!m=<sDktEiAt(St>bFH2UnLS&}tg$1tB1-vU%kP~twcjrnz#Q<V#^`f5xKfeOJ;
zJm~{L6|WT7dl;%h-fCQiyn^@<s<IL@-}#~z{TiLJ_0_x>vcI{2eJQa%%RJgNF_F-;
zsH~_X;yfwjF=p&dFnvug$6;aw!5gS1S7_<hbAGkh`u(`|Iyp9^h<bmf#$wNN4-)!j
z<(cP<K2OmK{bQ0K6n}a*GOQ^HJr*P^FT~!!pt~@xx<N@0@`$@0jR4lmz+r~OnND|f
zm)fO%VhXo()O`{Lm)em8y^1bk)=x<N3yFNt@LOU;!Y{I*a4>AyH+RH&^2_PIgk%w*
z2AkC(c78#r|7ZGMSgQRm58-_Vu`1?ht*{CCdqH2-@R%d{mo5o}doLbG%dC`cN^c87
zi$vE|WoEb|e=_nG4_Dxs>MIe&?)Mbsd4Dk_dX%y^|IQ%6^B4m+6^^^WrH8Qyd~!WH
zibCji|E}mmwnr7wS(sM-Ye_65K2Eibkn|>Wd#e7PUBzd=e}ahbuyfWpOF8CysMHZE
z>RUd+QXl3)E(S6TOiCi$Dy0V6LM4qOl=?cKa!0|P<x!E;4o>ghB!%qzuTNt-g#yt5
z<9?c>O_*g2o~lk%RxWpDwx?vtHEhW$*Qm2`XK^>TJZTHRY;P578ZZRV1%9A0eG?fH
zdJa6@l5vN;!bWVIrB)yK7R5OZk?yv<8879Z>`kUvSi`*|M?pRHLfm@k;>l<wyFec-
zo?=&TSdV=Q;zAj)dlUQ=&@1Z#OG4kmITIqCHa&*-4WSQGMdaH!dN5hj32)~dGwnpq
zs&nbLYD7UB$Y4!9&g&n{dS=KxEI`l0XpW{Q8y`&D;?@gi7$c<?4-PEH7y!KFhDriW
z*2*r?rs%$VZEL}<r%2PNw5a=gdi*z@dwO@|vjdjvo8!_fX-Lt1@Nk@8yLYS1&4qow
z^RHT@&R2@VOj4w&O*vq!jCM2YCBbRrN7+-4pQX`W&7pY90k(aWQ@w!tv7zg|ak<%_
z<O7DWpKg?bxm_~3lsAt7A=wA41T}o9asevx0^YINu!1ksxp^?ksWI?(?$(zZpDW&k
z;}x9s4$t0(SBh&}HN1o9&0z2NRnA-QdeN6Gk~|(Wp}U6p86QUzwuE`kb1^lvHBQt&
zG_S7Cq<s3qn}R%MzQZyGL~;9_wmxU+kHpq>iS*#78=Xk@bX)X%?QEo!74q<5$+&IC
z^L5zXHg8L(XhcteGp4+V((lchp0{{e-fONNxD)>55Vv=lt4~2wBlyBloO#hkS+dc=
z9nc!v^8?SA=s<JCVOPU)*+%0onv(q_BI8`iH?7s-A#sML{e@KjXY8KK*HFplna`#?
z-X5;Ji1>_Mc8yo>G3bF>HVQ`;d<OaxnI-V!Gm}Rs4c_zzgp)VIFj|L!0l_UzTA;+j
z6yQ(Mhuz<8j^+jIFGRvwlkctBlg@-u!9wLs2>LM?OA-2@>I-8G@hui@ov4x&R7V06
z_^C+G1zJ4=@IIrb3E*$7Eu)e%FTlm45M3JF!G{E^g&(eZeZUDPp;>kXr9FL)rn{AP
zl&C-ac;k?v80E0AnvLZV``D~^!kfD6_jUaO=QN@YOJnV%VZu~wIN4+Cx1ZP-xG334
zXzCTV6SZwdmbZ>i?{bdpTE1@=;zn+OjMkoyt6d=K>2B|QAb`~Xvg+)_Wn9lcYBl4?
zkmlT8e1((Y?{^TKgY0HZJ2q4K#+3I!0h3E1%kYNQ$otyfZH@yb{hk}Mtzu9GWzLdg
zG2k2@SE)(ZN*+T@eCC%m^Qn<ehQy`*=6rkCl#)HLnpTK<Snn;zD~Y~*8>$-sX}VBV
zcRDRx09Q3Jz}_<p&Hz!Qcw4=l@$DtOq|wIKpNX9FwKtLy=r;L-V-=mUgEc&MvXR$u
z>s+l9fCV@IbqiCbe|BQ$My*5qA~4c|=M^Eg&}iUMsnmO0QXR<gQb(VH6S85mn<-Ue
z8k)26ad-DZ(Z7$aM-8CUl>-=fM}ImR_<}5M8z+1<6Cf7`8(aIjL@ie8(97(4waggM
zDOXOe9Dwqe=YS4|pe*9qSC5Rc&UQ+j_&`x90nNNkKW`Z-2r3HZNqE4UQYAV!sr~sg
zS{EF}7e8KE^v+6L{xU{C<AF9h)StV2IbJq8t?^y)PKMNNqgXWbYz&1Wgh`PyTWD*z
z{u{Kq0Cfwy=Dm7F955^bp(#@iO#^t%Q4Gb)Y;bdlKHi8>Of1=5)Vc>|_V4bmov1YZ
zK@Sv*jjv+fAUobsYMpm3u#O3hR3d3du%>sluX2Z})s-|3%2GpfmDk(ShsOca1BnET
zoiBuD?=PP@P+Xh+uM($1)ygR~t}K0Vs4=!%!%LKi25Q87A|4{Dn`qi2U+1{-=5a@&
zx5nLIdx#~AFQG*7$`TC}OMYcgm7e%ndwzkFlYZ=(rn{}`nYfbO^Y;*CT*gjP7x7U}
zxPvOR5vFxRtJ6h{L;FOk!&n~mGt!6c^KebwT*`zwrjCPY%c3%`pO$+AHuLAeK&ljj
z2Y?fjKl71>)w!gdniaZ?8V5<Fr_v1nl1WLU#mG0Cb{HM=3sGKx&@3Eu!#%R!gk4;o
zoAac9K)(~*LFc{@*fSf;1l)U`fzy(s&}N;TPz4JyA$VAY&DR$>6ndg2>Jk7}<2{6|
z9N~;C+DwBBt)4|2C(?s<IuQGqFo{_odC>YSCfiEB5g92*Z*fR7Ew#LP;YuvCVQsdu
z)Q%~p6`6~5t}x=@_nQ>n^v+p{gBNLoM)R<9fRo2B=}bIn)8hk11j+q#pR*g}L-pf!
z0;=tEM9{z<?M{+$3Va{{vcE<X-H4LJrG(RV_7Be6cMF`4wB^yas?UPy4U16`)K&=s
z2Y15wyL)A~dC*eJvJCc8!Wk%d2x3}1sOttY$ck5a8`2#$*{<o$Uo%G{13Ekj>7w|f
z9oDu^k@Je-y^<#TY1|Lb?z)7?KGB*YMW$&E#6m$GzdyYb%ZAo>*Z5hQT<4|Upzwav
z(GZfXWrhxBS*^8MmWf8TST9!*Lp>Sk!$yjJr6lOE-2_V1MPJR2JU#-F&dhx5mc5gI
z6nTt};Dh{vcL!Xv8YsqLTnDPLLK$G>xnFINFnwi62k~kJqyX7b%MXwv4ayQEL0K4a
zA^1H=hd=|xk=%bI_YfIrn-_TP59m5IIJ8J+r=h=T+l&9YAmU88M9c+YCwEVZ)3F)Y
zug&HFx6NXyFh$!hH?h(fZMTmhf^Rb(6OCUD;frZ8U_xp4Pc)3?9&j_PjkbW;fVTJ9
zb>^_U>0UG;V`iwG<NoTu;&Fi-&9Nl7ltfdLB|{^@Ov(#*3Y$Z!gx<jAZqTv~XJr1c
z0~1>}oQRW-99D<P{yHvpxv^E%)V2U+xTRjvUz1nXbX<P7yn?eUlxdnCaA{79%=;LT
z*3qEFqd+?3z<E40iJYG6r`<eH@t~MLj%fw_*k{}l+0|arOzDXc{Q4T^T_$q$Q<3p~
z{Md1}BNT=VLedt%tpzay4lir<K46_NyKVXzH~P+xa-q_%`5gP+mYm9kf^uzdzDgz>
zZ6np=;pPZb{<5qTdq^QRDdNelQ%~bqF|;b<+$v;^MY<6VR>Re2gRpWSxCRZ0@@bcT
zih6}Zes;#{RJZN|$HO&v_<kV5-I9_vLqbIFU<y)gNH59cEE&m6fV(wDIQb!7<onK|
zB*PocHgYZ_1DQZK{Yv4D$VxCLk{M_YoF5y>Cbm<kB-;p{l-5^Wkz?hqMARPLiKv;f
zKnFe%Wmg7erifn3BP`S!3Bz(VRHAb9?=**#WgUH4L?Xu5?L#DGagG7pDq_g6mZv~w
z4RnVWOTn!5$Z@vQO*zFf2Qms;*SA&p@j5nV%p;sw-Cjd!6dz)I_3#S<;Is&tKcr;}
z6{t~e25$OlazWYQuYg|;u!ctyY|i9A9!Da!=pd5}L9ornkXvLCmTvTToovgY17$E^
zhvMTK;;0!b;v{1NxFtXm5+4U>#P%>$lwTIwBCvC1Pv`{82WQL=LrL^7a9h_Lra({x
zhzzwC(&qRYrs6&|SH4-~APR#xmJrdiBs1{2GbchSp)-=$Ye-at#P@oXWr@{&K+|e@
z2Ey<*p((Ie`BLL~kS-Yxta@XA!6@`1Hac~biR9~vd72Y$d8_I=f%P+QqLB7V)v$Ed
zaf<9Q7cCF=75MB$n+zRT6Eh~iRNJwCwQh2lYm8kRtPWFK%=sPjj6_*u1h9=lu6e5J
z@oP!H!O)5z9lnhF3yPY)RS=hS7vgM~Zf(mDAqZqlFfSvtF~*Ngf~~`yvo$C>w@;?u
z?%-H9u6Tm$;KnjvZp>6inB~EtSB8CF@1#2F_H@pU%bEo13DakMD^u%2#)Gt*-D9b{
zU@IkjUN{9!%9b;t1^KY2@D(`Gg73)e10rB6K0jN~{1ma;B_vhhY?GivhY08%?e_tg
zXpMI7-emfFfyG9AsF%6D?~z^r{e|1=O6c%&hq@410|QsPSp1T%Jw5}6m%~15%OK5|
zBQJjfRm|tCk#CrSWp*m6KNmtlUherA1gm2-2v&aM4%p+8rhEi_e*yZT#?s4q*__<7
z5M?#~S|20}Z9|na2hl$S;l^Cfy#6BEO{A{oN2Z~|e;O{JY5MRriBqokjw?z)`fv;G
zmX2<BY=`h|jcFsJr0ffdvKzYVQE`l&a?_McU-f<AcL{IEyIz@NB)~ALtwHPyZTIN+
zOWiQHB=Oq;5f~k>zUTYTCdXeec;a<X6}sx1t9M<i`w3Wff3>dznTC0scP~GYhkz@A
zB>zxri?M0<@`cS%#|uXhnIII^qrEeVX#pK8B(Vv4$)AHh5|+nRAc$y^wcljil{$dF
zpBjUd^1z~4y~_=qd9x3x?H*@jQXW$4J%Tq|$2iKz3;Yf_0JU8u@}ysLvz^md^mtcv
z+p=UQ8H1(Rp0aF*Hh{CQD&Za4eO#rBmZD&HJ5NeTPSfF1A^~U#HGiO$?o$2WaDi}e
z`g-53-PkcPp;Dz*87!==xJiZ5x}it*m0j82(H@^V=#7LV2JhA<yvm+9)5Y)+JO3WL
z4N;gG&joBOi!9G(c-Xe?%XZAyX7j$#{#d*2TE7n%{VYrk>=6=*j6LTbL!zf;wPMcU
z;U~k-3l!u{X{n9G1R|Do^w14yGjRBt-y}%fq940&4`T2@em?_%$AI1IZ%~&|!)KBB
zQJm+O^JC~GzKu#5LfUojqmc$eiG;UjFwe!2DPdWnL^A>KW&b?5!6&SF77DRST3l_L
z$z0t1&{X`LdmTDO6Wq)2yEmJg*>ytA&-pb1u^2@PH;?JC7(*51XiX=f%T3l7_0CAp
zT<zWgWb12zde@9D%;XE*iSj}YQxFI;7s!XJV0I}xt{6#^!U<7`5+wm$&e87<Wt~V6
zv6%iTS0#xStnt)o03lbH4?KLXi+s)uxLD*(vLU{8czc8%sZiK@BQe7CJY~7tLWf<U
zl?C&tk}*KA6e`0J6bj}H%CrFp^@vw%Aa}3t@6fprx^SF2#@E<-F-AhShM~3%r%yWb
zrUbwD`@^$<{aWZ(j~dqSZH#>$p}mL}W2ScUCOAXXd(-t?m1)({sb9Ma`E(aA*0xFL
zDHyfN2%&-6xq*A9x+R=iw{&||g17Znb!z6Zr`#D!@yqNR{i8!E14Fan(>+EE&2&%K
z3ItZ~(?>n$A*f)YK;^WzG}Oq*c|nAeTnrZ@ybBjn?VxR8yP5)lnl!`tcP(_Y1PA0Z
z`P6#vTAmp=los{138}0c^3XN(iD}669&IW&Y9Asj(v_Z)&V*{4D?F>@Ur9QMY#v(4
z%t9*_t@gpUb<r>{?;0Dg=NDzE&Ny_j$qXDKuY5caTH#*luy7_;z4I?;nDVp+^}{Q}
zS+?a2$jr$RrvBL96bFT3;oPi)2IcS65ZlfQ%h1P<n)S0>1p}Pfi@;9zI1;H9cD~SX
z*h&dITIwJi@Vl=o$z0kvR)dlz9`_LBFo~?{=i8`L=zL*P00)I5K{(gDs%!?WX_B^s
z_hlmzS=OAtZD1I<F2S`eAp2g-_r@2WsGwom4gkQ&;GVB0(t?=fKx7)*RLvpUA$+L#
zDj{c6eY>ile;?nHvBPuiD>_;#Fe&J%$2E9vJn1#<zi}02q14i+{TlW11oDPVt-_Un
zCaZANxj&)&^#24gGS1D1B0~8-xr}u?eK5LDn`X)MK6+=TXiUJcVzNdlzy@ATA^wG!
ztKZ>n4;aRS$~3lY|6bw4u76m+#Soo+c^BfMRiTK>n@6eje0Q3U<v^G`1o%+W!ZB}Z
z+RTStAMWX&jji&|qANFGT=8KVM#yLQt;9%(26MOhX<~E2)=mV~WflZ6<4KFXbabPn
z7>PJ73emmgT8>or@0p)H{ucmJA?W9T5BlO=uaIGl-#-O^bliF5NLTFyCSXC{D<<K2
zKi2gdAQkfF`SUJBy}&{S@1={Trd*cgwo$!uDF-QacrApB&7FckOcwIf#cxt-q*=cT
zGC+8h&j#IQ(hjrWGM~Qj-1iJU3~x>@h&qg^tN}nkpozDIq|?(BHMe=gRVo>h=u1tH
z&6Me8ToL-@&T=AfTLRT3gjIFKrU#ht(0jK~XDkb7v$+AI?7JtYKG26#P!NEB4Zoou
zLq;f_6}3hzvXv!pzS%G6GK}CHr;94;Vyfal#tTPJ($Ze`d{rc~1E^|bv}}!k0nGL0
z$y)b>0`e3XJ=Qw8J8hqW;54czi1`Qqfug{f#^K?7D}L55iUem4$0hSOlG^a{cd`JV
z*^xRLA$ogA(}7qmS_)Jg0L}x<$Dt36`X^b1J|P#MyrgB8&TlGR<i)4G5fNeA|Mm~A
zlFE|Pf(Zk*KuowR!>Bfe2)GX6YsOH6!wdPd-~c|ykp3z6`Z3G#6ovT#SlN05X~y=8
zI*jBs_p>ql_rhN}MJ$;Rh!>ZbPkoq7wm}U7d|mm%S@E0Bq&jmIcq4mW<p3_Y#5#vh
zQ1yNrQIF~e(Pp;ICW->tR!`lA9+)7gxb?C~!_Ojmi?}k<0-&fH<nE?cwsr;0y{JN4
z$nqu82tS+$`GJ3FdivQ>0?*+zu=2wbbe|;q4Kz@p+^ArQ)1*uLoab}BSqVG^IyMNL
zu+Qc1#q%`OypX&*SEp?n1QwxZ-PT7fD4~W0QknI{lM@Xpq<7#|=CVifu*6S!a6q#N
zV`)+}nsQ2RZ)@3fHK}o#tSy`wvAA5hSgcHG4V<A0!m0<xf;@bYSKm$O8`Us57h1KT
zKcx}9Dn4v<<f;Ci0R-R>Dn(tF%ezyIl;bTJpd&!M8Mt$_Z_Q4Yek<=7w#RHJ9}Kfs
zI7>z41BS~mE1dPT`A4|HyPZg9D;f*PFAmF$3O?%E!|*yjR*b>1)*|c#mAzQLIzDmF
zPb#}!0TkX{hj{Kasq=rKdJ4h;5$7m^`DGyKyLYr+gH<V7l>!eUSp??|0SEq$LUKiC
z!DGLdB<U!hfd)g^XY`r(L_dvGdNnY4^Z|AC>jVL5>;p`djHYNLpzY1KfkCs}cXDpf
zk6E9sNZ<-yFGQEe-x1TSCXEOtOc9zxs15w_jZ8>G^JiRSJE{8V$X9?~oUpRJU<VK}
z5FEn$b=rPcZ3erK8DZF&M0gUoJJRLT9#olDdfK)FJ^SYQl!BFK4G$NW7uhA)OT(l7
zSjs~(WO8e!V0W)Y8#)(HIsWp1(#Cx#*ai1FdS7ImCd>y3r#)qrcHt|@WN<pq3Y=&<
zv(xSYu+uH^cdnH3D!S&88>iK-Ou;qeHX@n~tVE}kemS**-+v2}w4q;r#WI~9gW;C{
zbs?vfvGH32l0iNO8f}p)Psrsijm~j~@V$%K{23ANk(XQ9Og}fvuvC9eA2tYtKB^PO
zjN_3LGmh~%AP-DSh$Qj{55Fgh0TL+7N;|b_7o5x~s{5=Rn_2HkaFg8-hy!a{%Y?U@
zz@HB@^n*_FqY#ySN`ZxL*^?=Y1_fF!x>j%{pg-xd<4d(&N6p@DuHQT|r+S==a^4i%
zXfV(&uKpFUk?Kv4HZY;RDkzGFhd-IIPtLQ%3$aMR>g!3t=t5LSd%$;V00tX^fM0#P
zWW2KH&T;#LZ*(-MY>h!}d`%zg660~zGSw>9pwLK)dit{f*+VT_B->ALhXPhC4tJLL
zHQ4=@TR#2ac@eM%(n)NDvlUv+iCetIqqnTLni_&WPy^EWo<IacWOi3^5Q*}d6euH<
z!bfau5=h^aOdBsrqkmL9EgF-O4bxJ60T46^bt>zJ)OHK9kRyKKUPoduc6n~q*U0bj
zT9kYRUUfIHptdM~So%qg7XOR{8m61hvi?T^X<UoG&EHsqJuM!mzydGKmKsSr2?y}R
zy8AEIN3a1ewVY09Y8YlXiqkO6bKxYOVsYSO`#`rFsFKfw41M#jnp)0xSsz#~#>jkl
z#rY9Z(!ye2s+M|KAOahEFg=b?TC;nwlfxAnbvNO3c$*?kSf`m~fdMItV%3m2ef!bd
z;IA(kJZd=$u*44~Xp#xAH|3zC75;sXPM9?039~qRFpqO8=rcakt+f?1fjO4|g-A7y
zJG@^KoZ<5nha~qj+7&>b?LYM&^;umd>FvELvXf<a_d$Nd?J`^Mjxf=o#P;G9^h*;U
z5HPf}hL_|4^{<(}$<tZs@gu5Eu^0E{>J9#;951A-OarP-Zg=k*Ys4{T?b*kWF{OYn
z=+hDsfNbFb<<i|zz1k@%%@Rcz3XCoiS-(OJ<5w=wwqydhm!p%3E|E}u$0vojs!<AA
zov-N^c)RPmBvBmfjyeG(?#>lm>~W(m#u!M1Xuk>mRGw&C4~AUo(*R>3fhiJ6-v1nC
z>Y@RY3`(7VeRQrjY`p?%Ubv)3iwTTKRw2qR8&S8PDCfeRcC+(Y(bTLYc27PIqYL>V
zM||)_Y0zR30%jI7Kd}DU8P=lSC-#s~2+tEazRL0)KYy|3zZ*c?WGZ5K!7~nw1ii55
zd7<jCxf8n6!p*83(1geKN;fdX(s?5eM$zk0gv8G4WAXCX`Ju9wIg9DJaoeRdL;vx7
zA*ahW?mTNWmEN!gnPZ~qk_#y_uPIuL`{ZxsS;MePjc^7Os~Zz1BPr&eoz>TwI3B7M
zZOz?%MFUdhX#A}p7?MGNcjwcR3tpwf7{orR)&n)V#}>T}0UrL^(v+bEwA@)BNv812
z)5KnNJ#1aA_7eOxYag-O6>JS<UuzXkAsr_m2N63E!0ycoZl{U`^UUawVU$3h--5vd
zLcO}0reA;P(|po87eVf_HXP`J{pq}71lEu5xvv3r!*kO<^-SzQp#D>S|EjCZGU|QU
zXeX~@d!=@}J_Rs|QhmYrEZ`5V8b=go00fu5+KEK{Z1h~>RwwbKtRdkRL{Y?FBf~F_
zx46+WID?&)G{A+++H$oouwD)A!jsVb+;}cm>vy3!LrI5|jK{nIP*BE-AQu$NWPZ|9
zKn?P~P=-W`R+G09C-^Q9F5Yo=<!Lxolak0~*&Nh%mwkQ|8;$I_0%C+0TgTk`z5xah
zW|y;`I&Q@1d_ISr1<fkk9C8?+_-!*q8wkVr@TIgP6yvDLxV)Mz{TFsD3-#}e2uM;#
zX!#>SU|Z?b#+u!9nQBZ+h3fS8;*HoS6<=px+u3^C9lOHtnbRMCfe_{m=L9H>(yF9o
zUA68*9%DnabTW$MvuH>45Z@UsIrUiY`eL$Fva};he-4Qll2I5jgBjrQ_O#n+BjBwv
z_PB!(1J5)4#TkoOI2U#O(5IA+2Awcm6_*m0^n{$5wTI@RUQFWchl5bTLS|OOD5a*g
z*u&T<&2NeXY18y@mJ_PEv$`nT%YtA>L6H~qNz58IpsrA~WD~S#1DBAf6IzDUEkw&H
z9%%Cm|5Gu2F8Hj@534>FYfT=sreK*Xfm@qqFXRT!I#Ice)^THi*x8KTWk?A?hhf*Y
zO4AAL)sskHBUy}ZTHbQhfK)a2cILn%Q`o@b<E$Ee;nYs>-I-nOgNeJ19Tq%jDpY9B
zDw@FKqmPrq<X%m+uVf8o*Ze|DE_eHLIU)>IhbKuJP(upxF_gXcVypi|bRLOtt!}wq
zM)qyhJ?VXBn*)(f|NV#QJ}h};TOR6}#%B?KBiI={angM$uUc6<^F$H<Gwm|j&`5R^
z$comWRG8vQaPRmH&af;icFhM-D&|&xz~4<6lR|D->2223O~Gv~?7CppN_4H{nF!#_
zBZQU6j_eD6R%k=LC{Gp+SVG9S(f+Fxdv+egN`l-IK+BTqHDax3mYpi_fY?;@@-=&Y
zv~Nd^c?3=EL8=l>jl2%lAnZcg(qcnN2gZdc=mRcg_DL>U&>CA4@DWV?07CoV^r*Qc
zv4KVyPnDw+1UCK%5f%S9-~V(6|FN@ISy)nzNZ_v?7KBF;XkDm2giBpKkwtFNe~|%6
zWv=wgJc>4DzWX=P7&V5c(WAqMbEH}pPy>WvSg8vJkqtqVVEw0mOa|4`TGUy7D$=%H
zXX}U!U2`#{4bY7?yg5%XtLRK8shldNxu3D!61DXg00CzSIy(xb)XJWdK=l91zV?P}
zD?#l21biJD^gp8=WtZS-lb6^nY_V(0^VF2QaOZ)jfD{B7tY7qHOds$@QQP^t?Nz;*
z2qynN4XN68%mjm$mO>=WgxhR|yWwjRfc|_R%F13IvS{Y$J#bgbCFpeNAVbdnXU6%N
z6)cTOg+c(>wEAumpRb$h;`F?8<*Fmc&->%;-`Mj#wzF$=V7S~8ZRU;orLJS!6g*|`
z6xt=$XX7_`=$U`>DR1E0f)$Hv-EToQY;^{*G$|@xT?dTI`((Cw?3LTM3(0$0vo%ba
zp41&cgPBV+G&h-YJs;0d%-Q_~<S@NnslUpUCB3TSE$1z~vv3|wE}l;^@!IS#fB;72
zl~TUF*c=F>0AQD2)rz5sos^E<YJyYW$7SGW-hEy#^I*hKMeKFB03Vo|{Z5xeG(86J
z23rURch@QpxpMrXUZzVNkcbY_ab#>Rqk`)!HhHPk^y?~xa`SYWVa1pYFfLa9$|I!x
zTOQ(1o{OL-9qF|^5}^onoKYr_vaDbE<~|911T+x|k4D}^5=uwjE4BUac&~Cftv+i2
zaFTD5mf4F(=^d_Qu$Y&&0zYO?@Udcu?H!$7w<CK<KNkfMk@c48XDnLF-f~h6L1Usy
zTBK$kke)Zl`!qCATNqrYwkpLFzx&m>mTc7o_|$p`V>n?u=}MIds3>jtnut59sY;({
z?DI;1pWY=rdxKI)*<xxF{iGD@FwJ%n$ZPab0}4(}tTQz513(B#VMFSi#s}MSloG0b
zU#KY9J+&^U<k{hv&Um!S{u5EV#jf`%EIr+Zf8t#|etOq$xM?G<yzn><Vg1Upw;v)F
zYnnat$z<@n80q27O_XlAVDC5DIEHd9bMbmwiAwvHJaojjJ`0Y>QaWZABEj1w;v^X@
zZ8TsAgJk}gj>t|%on!WhX7L-3)rt0~&#aZ%jfX&Ap)+tcZ~|dV0+<OMyh=qml-Eu9
zi=!*ImLKw7m|7>$&>b_^8XJy#k2<@K6%+F<Ys+;G<fS?Wk1Shfyr0>n;0FqZzhu(Y
zS;=%N8@dR`nocDtZpJN++sfpbBN1nCn7KIwjy`ajIe&OUDnl<j(WGj%ZrdC;Y_53i
zq&~0pg@U3-ZNlW7uwzVif3Bq{$~lMtczwPIdVj5OWoVl3dUbJ_<gkE;i(Hru?cyTw
zhG1RKS_+>C&$RT?V?^;Y?AH>)?s_{1H7+VfLSMhli}(p6P$THHLy^eU!bm<KmAl?5
zMV{PB^Ab0v{Uqd~TVLvntL@LZF8fk@y7XZ(4@|8L*1s0jh{xA#)Dl9IxY!>fd{Kqb
zlI?8G$yQL^xQ&u3CH*>djRFT<6)&1~>9wt&$}rV6Dm+*0%v3B7ixBOF1WNP#)-_NP
zWrg3Ym_XwdD1M0@%X}7HfleW9$i7{7q^ym=|91W)D@ZFsqW=8d)CQ!ajW0!-EeS$p
z(tGDSPIkIzm`daGbiyBr%06VLmvoRu&<6a%hyZHdxs_l3)6THDQ$DxHXABnL1w59T
z_SW*j0&yUiCj0y|^x$pu>aNH9Tz)RVfp`HfJ4_C4Ov?--{g6k~j3U@8GVzafGS<P^
z2=yA7T_z=(wfjFYqO){BJ2|oS`?pOhS_Vu(+=}LcjS9lUii&ya6m&b<EL^y<&Bvgs
zWA)6`ZSVPFz0}g|BqI6f<QxOLacNVbM(>_+(M#xOTFOYSU3)RW3MbpMnL2bM3|YZh
zfRL6vhb|masf8-gh8ppQnj*_H!TfuoD-Rze@xM;liOIG=L|t*na2Sb9v3^!7GmYlP
zXNI<Y^gp$u-_p@Q>u0j9o_0w*aRKtc0gH|PEUI|Z9VR$cpg+``$kEkB@2j>VOX>V}
z5vSueVSP2GmxKn#GH3CbE-%dJW@OmkyA~MdKz-3G6N?R9QwYW}$xy*80-6Z*V}Z{+
z5EunGuzxszRrk;@{UV;Hg{KKL`J2R!khX(lH`romP5!wW-YT)(+9@dhSs%W*ztfQ_
zmLz0X1b;C8sPSe-z&hMVrk<zVI)$R|UR&c*j;&y9IfK8rbeJ04ZiC;3|M$|*VmVs&
zQP4Gm$2EBuUOw^8sGNo?qM5Zx=L**qJ~6f=<#mA28I=0gA;^xX=U$*8QT)IN<5C3%
zKNstfA6TS2Z<GG5r)D`T*BeR`60IarIX+7;Ud^+b3ML<YYL|xl?^P0SYM!R)q$S|1
zwk19T`}}@rp9WRGE4$wcW;7p)j=j1W0>r_01Qjxx&iP+e+s{1JR1s>+MVTsf*))U+
z*UFErlZOc?E15&s)XlAGzM17-gNfVZ%d?ZO_*J~bj#a`oU{<169}82s#=S<)nZ<MQ
z9L^sWV`c0)P@Ipakr`4%k1g`sXUs26*uyp<pKY^1OGQn<<Vg!bC#931G>w^%?%-1%
z<c#qT42&|>f@`CAPz{jT@s|vdBWvMqa(&wGb}U~)ePL}RHvo!Ep@8lyg<JmmkV<D&
zR(TtUq*IihFDC7VWA*f7c9idk6YSaS*ZR6hZBKae07zKjAJYz_C!6W4tU|g>1x;bm
z78Szj9l$V(1I<d}jJp?8Ql#CA9ku*P{=4acJOcNFk+5Cilkzn~Z}Q}&0cd;tn9*21
zj8@o$mq3xd7;_m^ky#E-*XuRS4%tU*M>B;jkcb=A--5MdOrn}G)@Xwdz4UK5f~Ca1
z=a@brUOV>e=^YGum!X-fGBbrM-5cQJ){wrn=|nFBl!zJ2+$y0He;nhRT6-kWj5p{m
zO^NLaofVo{gq}kB%xfre^u%~8+So8|17FP=0eHRn9aCO^@3WNbN9ap{E8ZqDZOE_Q
zaTC`=og}wzOV)FlU90B4`%~>Wp|TV>K;T<h!t=FfZ1KC$0sS%ymz8~5E}d`CDECao
zIK6C0i2Pc;+KYqrDbyq&pQ-71o+S*k5hVZTF8R3|HawXd?MTiapzoh-0JJ2e=KK{|
zc}KKSVfzlB&e?k*MV&xi)%BkTjP_jR{Iif3ed(GH5pNw{z+U2W|Dv(eDnOPG6rhQs
z)-?tZT2ir_(8A9ON$^+TWE%n*JTAe*d#BCj=<7(Vh*R@fipHhbh><;+YaW{a$={BT
z;sLT$JKkM4yNWj0tG@Ndx%IioM{n&|nD^PH-U$ud@L)DLl1+?09dgM9eNUZBv|5dU
zwQ?5A8G;9eOt%eP>Y1V9VUrFKc#Dj5s{b!`gc*0C&Te6lZUXK~z$b+*F-;iIK$fRa
z`&MP@SFBgvvSj&S(=I&kR}~YiP>>IDBU~%+M}<oavJfo=&@=WG)tWc%ev}u2XT(Vg
z1g3SsYS%SsLVibKjCo92aQFUdPLQ^zNLqU0>WR)>=z8{8UPTfHcVm8qhw5k)l+Zy{
zm1yB|Q|s;KmcNi;rpL(mu}GzS+|c8~CMTyM<f|E}=|~MSsr0rc6`~{k2j&AA(_$-N
z$AoV*=L1w}4o;cfbm8i?N(w7|cNWeQI{=0e@Dw!<J;1&MCYF{(C5gV;;KzoOAlwy|
zG3=>cDcH@;a`SOoRF!;x&4t?Al^)Q}rrt<r$?8AAO!c{E2&Pz&VianYTg{<AL|=gX
zxyn%VR5(9{yM=ohz{ze$LHbTi?NWVgDZy09zw}>zvZti6INLFa-Xs{hx^^4|iyKxn
zPTHcC*?dR&?!TFT(l{5+sfce$?1?zGWR3Ynw$nlO)h3royY_)!`h!|GIhlCNsD7ev
z{UJ(4i|OiKAxOuSt9sxXySd@b$Xmuh`1)=I4nn2PRi+*;>?r$IEo()~FrPD}oO;m{
zWa)CmB}7B{n4(f8)9GaXV_hJ+^t-q=y_Hi?Qhg3JkK+@iqe3&GZ9b>U5qcgt0bg&8
z5bmYc3kzN2rbRw35ReEFkh>sFg!Mg3Ig!s_;@D{f$!uo>o$(2<>;%3uuqe!|2&$X|
ztu`JEQ*K#dg5pBBS=tY}g>T`rqdX{a1<hARt>>qZ^QMtcT-;S}%DUrBGFv7L(Qbdf
z4Jh8H8We}Euq=(!0EDrGK5~W3#ZG&g$+6r4j-bn|<W53~j<mpC5IRkv7QnK2)58Y_
z8I%<w^A`3g`RZslu%40~=ys&03tW$K+!78}wkTbX@~#=TO<eeJTSDw^y5dQLPkWsV
zdaXsW*erJ_y!OE$9mnN{NjbvGGA@~Lak}THZVX8|f;1cj*#L9LMn%tRn&vwCr=yb_
z`A6H$O4e7pG{1xU%cD@CXdA6)tB8S!!D^`CNR$~ZgkaC_1bwQh*H<r2sV=3kj|2;z
zr8->5sP`CY-$Zd9fs4XK>)PwPzJmC3r0RIRTTSxp<bhSD0-5kk)4l?6!ff3Jy~%#K
zI_#CGbJNQ$kXcxhWEuBMmQuQ->cFOGQ&F}-Tr=UJF-!o{bMb-E=Cdh%AgQ<82WWTb
z(aLA~sLw*|i=NLgqA5*l9l|E}ur(+w=T?UaXf%*fNyc=}xH=>R@vY=t7+Pc90^1{^
za-Jqmg0~8gSq1jhdm<yP>(l~iV{vU*h<FP8r&!5&_Md8BlJZ;D**99|u%Y~iF_O!#
zWDG(KRC;MqmR?iU3W)`_PCqmh9tlC%LSnGRgkJCjCFNI?P6d`1-VL%z<X0|7UVGfz
zj(<{{vkh5m#=Z!fM*5D<epqas&#~SgItZ>^7k*Ppx^#Naj}nP+k}po$7Yg-=A-IXk
zY8G}FR8k9L1j)zyP(IiQuHYB&jRPsYsWZm1LWHe(xiUV^V4_hxY>QFYdcuzW;3-$5
zd#%iXGScLY--^qgif-k^g`=6j0X^)?wdsJ%`>U^BlkQv}Zfy@<>*|a4KLM$@n%t8q
zM&sh2Z#P+|2BJth8kIKSV9<EqEA@!yzrBtk1)2M6k}vTe#afk9iziJMF{#}!->f@*
zNJqK7{;FEvekMN~Oj6o-I?C!Ae|r)MC#fK6gUX8a7%+Mt-9A(b@*Xiw(j)-e&vq*8
zv}Z03tGw3Q13?{>AUS(6FIf*kX!3I$8B5=QnS1j6RXh?IzAGx0=cEs5=Q)vFMcVYn
zpL~TN(uh+Yyby?$YnuXxyDo0HZQs=r{9kzMqTP+}*wlf6-I35*mg0$>O(VK2hfeR~
z+2&J?F~PbA)3LtYxn@)N8aT{AJPauYO5aX-jyJ!QC=*0Wp^Hl|=4VE&^-z1DBf9{M
zEdJeTS`%)vV2)6BPQel#BF-RUO7S%$V@)B>K*i=g9=#21p+ovUl1yq^>>8}6&5>-w
z=x|+R9{}@BfDRFV$)hVw9Muh6CRKKtT>4^^QlF5pK)|lP<`bB&DIL!C7CpR`Q?>`0
zJI5fzYwwta@w`rArE(_d@v*YGLGPZ~-Iu~mcR6Ux{)GP#o-Rc|9l*eW3Qjbr3-L@S
z6&k$bRdw3ojQ@FyDK#Ww_373Rmr+}swfnqL+{e@1h_%BAMU0+Exw0dv<5=I}wr)za
z!Di2($ZyW9{G7KN7H>cGE_>;~+1WASg*$l=`Q6wuzVDmGV0{QNdl!R$xQNPiUk77W
zcaG0$U1n%9-%72-v>n8dl%Mr7k!hV+BF$DbPg|TC!4dZ)v(`;NzBQw&nBaHZiP!RY
zG1d`1@Gsj*rd6h3YYuw+AW_3|BE+3%&+|VjRq9rk25#tF3R%)HGy}csQ29pXK@qDv
z5}*@tN?+PJ*ZOnab>qroRU5axG)Pp|%XU7cOOtK^6iEK~^jsdI7N}@}J*=X1iSZRX
zsjci2x+Jh_Rho;aMXH)4+8hFEz77gdzLf$hxHWwIn*A`iJsZ&TlO;e4fvfrVwfsft
zXX-<`oo#s9z~4xcTDkDEt$c(kvc>oIjDEg}oLCEgh7K*+n0Aek`p4u135zAhwwZf`
z${}4$IXc!XQUiyJlC`5+pqwZmNrs2<vzDY6yD+;_&tYb^ct8zS01ox4RD!VEuIWfh
zt=M1_KHh%{P^>;B`W1u=a6asnQ*W1=WLn((X1Z~9Eg=AaN_wFj<C(d@`9wCO*SY}q
zpHw_r02W3I0{q7a3659M?}}!&vrfJ>c`atT=f1u|vT)Gz|6=JyLRZGv<K5aAEzCWI
zJO|e`Feqo!1PVMT3K&!wIU910z*rfRZAiv4?(l`&T6lKncHoT)ra8hMS0Df1b4sSY
z=&G`0O%Od6q*5ZD8&Ckyq3Ffl0+cnF&{0!YE9rLU<{-m8009FMcL{7riR(t``Q=KT
z3@S|74!wZP1<g{^??RW=s|^Rm+Uz^#-fFr3N`k8)LWg{?iA&ZyuSTM%|Hi{I!$5s)
z_mCU@3Yca|_s_qzN8i?C1yq#o+>DWX*B98^?z`ylUQfV}@nh~#Kt7u!(oiy^{lO}N
zK2%>lGe7!%Q%;Aa_8d`0+tmJ#xb~{?=>sK!wC+q#n~E=iuKQ4XZ8(C-%o^%2=-FM>
zQ?Y>K%zc&#cHvs%xxc+z;R*6*GADHLbt}dPy(V)Gv&+0|4>jBXfonzT_kcLEg3p%v
zI?cUXvPy6$!LL^Qa{Tz1=x9V`L50>kT)1Lc1MA{&>{!*Z-XAvm4Dp+rMqR)Z$V^gw
z#6S$v>PAG7v4Odi2f+ukuf`iGK9sjB6FCC@0m|7z5l^c#5U6U#jdMkj&j}1h=}79o
zXhsDDq_04EtmyaO((Lw$CtwgKzq#(<<;t<CX;wj0VmkVIXVq@=PA0+%et(QS>ASUo
z4O1t0QpI~u8wTDhq+JP_WUv3s8kBCrdL2#w)lN_~Dh>R0D?864*A9Ta8Swnm=XWnq
z5Fl4HD$Lvzo`i1r0Yo6C96U6J_l*QDQ~5vYXQxWb?@{Gd<9qcShAAA`I|f9kMG0XZ
z3)=-l9L2QXkpf;)j4T~ZhlJ0^)jvik)bFMF7zxm$Lj6jvvt4@aW20Hmz27#_(io*e
zd(c=DRJ;XmC!wd)<ir$nPANbH+pG~27APc;FdtC3^w<BlM#`|%CHp{F!k)m*Ns<@9
zJdB&_@mQD?wi_s1bn8?e7|TFASlC077PUP#VMK_;@AX<2qxkVWdbS$<0)vowF8{aZ
zeEDx$@7aSLKq!xnhF!A+{D0iCIW#SVPbZLyKY(*bZ@jEgJ3Jg9tPa6G{h6c0)|sNO
z_?{u93czKs!usteUa8M!i!+z$mL@X3JwfeNb=u&Odw=x?e+yOE6I-61<pUy<v82>`
z+QFcF(@%gO3lImHc|?}3=BEjgPQdrS>GWzQXF==pi{vR_&K$YNcjA}E0BNEGN-T7h
zsjE()C^zMK2S-xM@6E^iofcktzHR2iY6$Anl%9&9+}fl_Cf^cXNn6*!dedLPX9*#d
z(hyg69^dEfy9s;$gwZnqWBDEmW>POlS$i4z6o1&$LuDet1P=?}PE8?3z~d@O^~xLX
z9`oO2-eWonwyww(g;IXu9Cj_mskTa=KsTGJN<m{EJ4pa@O`Z4*Kzms~Cb2hl-OqKy
zY`D&F53G#dfE7}(CvSk#-GkKxq!OnSvDht^{1-<=qpq#Shyg6?a;Wdhm(+#%n)Z&9
z)FS5<G!a|1!`9SA?88X}M3}<7_bE09g&A&(3vz+j|1+)OQ38ha7quHp4OXp`a31dF
z(4HBvfQMpo7cOFZp#to<oKC2r@SFa%`XqloQju?BN0=x<b;9f#w1wcCJH*%=#WO=I
zGzx7c=O5CJc}qO?YREdtvA}g1m~B12VUTR3B;OM0d!k%u!GERJky?dx`vS{Vue|Cb
z#?mD$7OkVeqGNFh0g!pOXnq9gXp=ISKt2)q4>M`=?R;jvn@f`NM=N8w#F=dsC0&K3
zSw`4<=DhMgSiir9mCL7;fpw#x3e&mR-;uFQI5w3Lpq4HEVm`LH2C=2X@ZX(SC0x@!
zI_h;}hRx&*D^VAuju>~fIdFfnBw2OArQaOO>Et-kP#eGv=^{Z!Yy}A2)T|@Hhs}z%
zqtv_oaE3zisTdszKtC)POWxwk57=z93@d{CgRd1t;Ci4yo$lV^(p?4&MScDt*m^@K
zXK5lTea9s$c7B9XSFn$u{7HPxN~vejEMI980IR(6JsV4RN#l1?sNNL3aqucqkV02G
zQ_|l;-rjJnG%!Bic_V+k^X4D28%*2<)Y$sIB~>rif<uCJg>XaIJgi)Fn03!-W$xk=
zAL`9{<6@rS!g1P4=uH$0Lxhb5E51%4!YPf+u@Y{aZ>#CdwC4vXmb5g+sT#YVw!zuO
z<;MfcxbB!5{=iDCAihO5e=@*#M6^$=OAX%CV$Wqdwts+XBMXn?=EABk1i}t#&Fqcg
zvND^B#gYF6DFfJrLrBlNv15Qt*Kr5&vIHGO`d$uq2p5|e`V9rkN(>9cxs*%w!?in9
z(*0H)=8h0zvYV*bylwGrdc9Vk1IALxrkQd4ZcRA_T&a%^=7s7{aoPjBS%#rPEdkI%
zP^trli1@vnqoz`aL#{MQ*(rs97T6?Iy1&B0fPqfXB3`+L7YnjOV2!za$8lufN|6@(
zndY}IHkm!k6j{7#o9;dyKQ^Dr32EW~OYkTg0HZy4RB1wCPIEZF397+`y`}@6IpMl6
zyh8lI@tH)BM;BRFxrvwWhM@r;4man7W0C4uLz>TZAl0^GAl&SaBV=cr9ZBn*1p?75
zK9VJb$&^DAh7~93wq5vw%1S05T%x0tMqb?i%P_I9o~9hDNZRb>0>I?BYQ=#s0efP2
za#KW#{HyBHkf_w+Th&MEf$C8<#(jB(oYjOZAIpTH6bmGtyj6*xdRmso%V{#wO9DmJ
zl<k7xp#T)Wn%6dS4gBt<7ke81(c;dO_Ys$9JU<Xl_*cWO2MCU`8mVtrxfyWY){H|~
zFf?FG$fQ^acOu4hF3qATl1%Np3NCCf4?^jt4e$t1BFt@YylZwXr&CJSoHgXoqMduy
zjt-<+-0+&ww=jLW1t%h}m+7uZmZsmBBafR#Kr7w=ax@`f_7k1`>2fJ`Pc~K?95hqk
zg9y@HE3ft^cr2ihyt;6*>6;s#$6b4m8s5;lb;7t-Q!3e2x8=uf{ejNdBGm6I-^i}k
zL5-gVk_CXw{xoApI0pc*9cd>1j|@)$9syd55$L?`FK{yo;pLAKFH^jHty=@F&8%&e
zOd*jr@oWERH^4YQv?DcJi=$8w$Pi6C2X*y+Q>)7x<f}`=so(5QJ~yaF|9uqYPo^wI
zS9vakQ*Y-Y!8SKkXc?E$GDSdHsq=IfrvYsiPm-5~M|Gc5k&f{C9~z+)ysQGg%cIj^
z27N>eK{hYk94BF{RLocaeC;p%?SsKusX<gDQ=xD`CtfXB9|}N>DlY@c#jcW?cHEz5
zfI{7Zo7j&Jd5sLVzx8|N7CFLUtmJyCqq;#Np#tyszO(sNwnCfc1T{mbfB#FLT4nmC
zVKA6G$FDINE(7$qYPf8<fa&Pv;^i4BMF1jXHIz4rCFl%+v->W9mbr88t56ke$+8_{
zcFM7v^Tt0uSkp`T1k~?!vrIJ5dXT3Jh`4(e<%?RMx#Vj3;?XaZ&9(C_7!_KBS7fqI
zO9UCeLSyVAvVB$k%T+J(#69q8$l#S70f$;C0@R52`DoGSpUIQE!Q)v?ZwPH}|DbF)
zXeohU<nrG+UIKDAZT?nG*3mPyEKq5M-8JcLbj9%z^XQ+g&w9kt+1uYymB?hubLp@o
zK(Cqq_?cawX#1|I!ytl{ej0mQ%OqgrZqxsq^J6Fk&03K=H}$t2!hiZFQao!5U*K*4
z<xji6-nq)&s1Mk?EU1qet!zdGaOM*}C@ZC7hX7W(8X=~c)*D?;`UYa_8%TI4X>?Y^
zl$od0PCo1B?8RZr%;Z~+{Vn7BiBl1fbdx79N>Web9)Wb-mZCYh)gBh+@P1(SW--=}
z+zq{Bhssia`5QYf_l1HDS=4RF>zb~9%*#E7!Kj!^)SF^TgkRs;!lLO*TObgA20|_`
zF7np2N$9dJv4ybA0#P1M&C!ZkTm}R)%AVG=@WbhmwKBNt0@5{qnU4|#GH$&_a{J9p
zzR+Fq!wKYvdFZTA<^m@A!oG0=jn;?>?k_x0B)|gP`%i3AgJAt*N>jU|i<g_c_Cj-J
zVUuNv_<%GvVdX~^Q@-2-Xb_M>bOalu&iII{=mCc0_bXj7^DoxT-{!o!$r7{1F8YtD
z$br<ywA~@+QODF(%_qZ$i5I`k<*v@`y$LslS$baL+2$@=zNJ;3`b5x&>K0P+96*ct
zoe;_Wz#MAswNP@keN!FDA;5E1p12%%I+k3^S<<Xx__fO}n0&5sP{U1c5eUOeT^(LX
z^jCkDH=T(PXR@PJoR!v^6`&NVjJ~<32`^<QzyKZ<<98d?q1Tb++)|WGk~2L8c^JA=
zB&FS)iLXi2-)%hEr}<qaC4u{bE>PofbE#W0V4A^-G2${Dd@p)L!>ckdBxg)o6=kLW
zKGr#s`5<#o{gT5b^VX32h(Qnu+*m{)vu+}<ZouF!0q0H5Y@6ryB=KQN2w;%PF0=XC
zwwK7QifC*k&%R~8sl)_uMA{$9O9R|vF_5@F6}Sz9Mr%s$y<Q^A&&$*2I9#~7&{m*g
zQ>)^!InzmqoILr;)`@UJyR8UxngT0{IH@x244lqbYcIbZjWHn(S_)YXyf5KNHeIaf
zgJ~i%{)A{-oHgy$M6!vZND$r)9fdfKmiWU(=(dc<+w*T6E2q^@Op}S!bU#PH6JCc;
z#Dec;Fz_<yjQ|rpB4K2q^0XG%PGqKGcVwZsi00PNHUGphK>@cnzqGN%unLsm`qvAV
z&TfNypq+4Tb}<08$Bx{0i2{2z(tW%!)!oK2glCcdXIJ~_&J^#17KyfV5C_8wyo_bA
z*`ReTjGQ#!?XTFU-fIXG#Nf{`itNF%wZhZQ@Qr%tD1CdWwU3Owc`qo)0RiG(&-BMQ
z<;`My<)rer&@HvZc$Of5cO3})bWpt)JExXG0%UVY^LEY3_+9GhEXpDKC86c3$8;xT
zZ{|P^)(d^T5#$9_j=R#wDBDvmm8<-<KLB>Gd&#n7r?dUY(w`J5BtvX6ipmaOAv|uK
z_OB4G358u4aGJnaU?=xOE?Y26d=@EtrNO`xN3hnhb=xx<9{Cyni;lY!t;N*G!YEvS
zjU1&Q`P+~0D-JJzE>FPIOdu_}gn4e3n$k_)o0VI<We|#}$c41kP|VFk@wn2?o+6=Y
z;#??hsnhg8dj>3MIX*zCY~s%sUCicw%b4TRDq`Xn+H|WZc}9vtTj;-7Th0;I48b=M
zN00%Fdjp+od6h4~_szy5u)L;!HrUz?5bMkQFhL!e@BgUV2btwubCAo(D2+R(zmFPj
zhgI`xc+f$`)hyI%Wx*{CdPW!pe#X$gA+&iGD$Ah$ADbF)#Pc<I$m%3a1z$C;$8#$v
z<W9KS#8*f-D$rQier<2%j<C6rF>}JF?O7jA^l>HQy8~~n<fxb0v(4mv941h4{v8hj
z<|DQ8UYnoh;tmad>dVSZry<P4OfXC;wE=ap{4U7nymkHU;5TwU*`Es>%z*;sjb~rM
z)9{MG1w2xZ@QU9I4+sz^X$ju@Dkrx{9d+%zLvdwC>Nsg;3QdRg`=X8(@vS`o7&x;s
z8`S`Q7ne|F=g^%g!KgnNHYAN&s2WWd<F0&+IDEq9{vQ@E)&dR0xB~YJT32h{bdpRQ
zDB*kE%}#&-02;Ue0BWEB0qej32#5dxE8qYC!9V~5dw>8AFaQ-@m!$25;6j{s_+NlQ
z^9!tbzLE5~@wK#%VMKLl+s5h`2!8^Qb4UD;{YCoM{PMeYN5(mRth8BAEaQ8XzEGY?
z@B!7#J$pxO><jn6V#<vgnzHzp*OQ5)e;rVxm_})~fR4VB(c)?M0H@!Z1Kf312jH-5
zg}pBsyV;Ybi%JI{r0)kc-ptBccz>L_MD40*%IRB#IZQRQORJY6P%ImI#dzv+t7+Wc
z8s}x^%isX$tEE2Gk4x}<`GY>Hf)%U&I=3R!x*WxzLjB#m*jg9Kt0*j*igZ}b6-vT{
zFj6CMQG!B4s<86|kMzch1N?^{W@32`s>93<L0FNi*>kGv5c+Z*P>YM`+zv0$Q{euz
z^zMWx4IybIf;?c_SPEp~)cP4hTsSBI2z_*1<V7<~0S?8xBIo@wL=;aHNO2i>PV&yL
zr{qeO@FgsZ*A30b6Y(6TsZtT6W;x;KJYMYH{!X4aw*7L|oP89L3$1+`<%SRd`m{o&
z(3&-X>J%7VSVcn8l-9w`Insg?FMVW{rOTS03WKC_k*nhINk-alUiNz<7Jg`7H2g@H
zKA+mnvzCF&X6V|3gLEkck?Izx(XtfmNTg(u!Ms|Q@{kIjMm!alV+kiWlTUZ1`4#Tw
zseMI;zW#&52Dkp2DUaK|i8%|2NRKHcVhiVol;FJnCn*@eZZEdLuA5LY%_YY=#-K)y
zs0_hApj@;g<k5#&PThJfN2geBKWI2d_Bm3p7&-`Xjc_L45C9loKO_YOiwL12v-)Uk
z0zra4SM0YzcqISjg^^HHX=3;NNewx~_`;}<Z`6@I)AX&9)P`bbQfk5s{7pU|h1g}?
z7-zw9N2mY;=)E^mlcCatOw%3Uzw02#GQOWv_$=510FGxGR%nl)C=g8h4g23<JAEy(
XKImjTe$ZC`=+<Syp-=z-00000tUJF8

literal 0
HcmV?d00001


From 1ec75bcb0cf36cafd1dc29e2f48b29d8998847fd Mon Sep 17 00:00:00 2001
From: Karl Cardenas <karl@spectrocloud.com>
Date: Mon, 23 Sep 2024 15:50:55 -0700
Subject: [PATCH 3/7] docs: review feedback

---
 docs/docs-content/architecture/grps-proxy.md | 26 +++++++++++---------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/docs/docs-content/architecture/grps-proxy.md b/docs/docs-content/architecture/grps-proxy.md
index e57dfebe2f..5ecd152e71 100644
--- a/docs/docs-content/architecture/grps-proxy.md
+++ b/docs/docs-content/architecture/grps-proxy.md
@@ -26,15 +26,16 @@ and to learn more about the ports used for communication.
 The Palette agent will automatically attempt to connect to the management plane using gRPC through HTTPS using the
 HTTP/2 protocol. In some environments, the network configuration may not allow gRPC traffic to pass through. A common
 scenario is when the network is behind a proxy server that does not support HTTP/2. In this scenario, the Palette agent
-will first attempt to connect to the management plane using HTTP/2. After three failed attempts, the agent will fall
+will first attempt to connect to the management plane using HTTP/2. After several failed attempts, the agent will fall
 back to using WebSocket over HTTPS with HTTP/1.1.
 
 The fallback to WebSocket with transcoding occurs automatically and does not require any additional configuration.
 
 ### gRPC Transcode
 
-Behind the scenes, when the Palette agent fails to connect with the management plane after three connection attempts,
-the agent transcodes the gRPC messages using a WebSocket connection and the HTTP/1.1 protocol.
+Behind the scenes, when the Palette agent fails to connect with the management plane after a maximum of ten connection
+attempts, the agent initiates the failover to a WebSocket connection and transcodes the gRPC messages with the HTTP/1.1
+protocol.
 
 The Palette agent direct gRPC messages to a freshly started in-memory proxy service that take the original gRPC request
 and transcode it to HTTP/1.1 protocol and send it over the WebSocket connection to the mangement plane. The management
@@ -45,23 +46,24 @@ to HTTP/2 and pass it to the agent.
 
 ![An architecture diagram of the gRPC over WebSocket flow from a network perspective. Agent to agent proxy, to WebSocket handler, who then forwards the message to the server gRPC handler.](/architecture_grps-proxy_grpc-websocket.webp)
 
-Below is a high-level overview of the order of operations when the agent falls back to using WebSocket:
+Below is a high-level overview of the order of operations when the Palette agent falls back to using WebSocket:
 
-1. The Palette agent initiates a gRPC request to the server.
-2. The agent initiates a WebSocket connection with the server.
+1. The agent initiates a gRPC request to the server.
+2. The agent initiates a WebSocket connection with the management plane servers.
 3. The server accepts the WebSocket connection.
 4. The agent in-memory proxy transcodes the gRPC request on-demand and sends it via the WebSocket connection.
-5. The server's WebSocker handler reads the request off the WebSocket connection and forwards it to the gRPC handler.
-6. The gRPC handler processes the request and responds via the same connection and the WebSocket handler sends the
-   response back to the agent.
-7. The agent's in-memory proxy reads the response off the WebSocket connection and transcodes it back to gRPC and passes
-   it to the agent.
+5. The server's WebSocker handler reads the request off the WebSocket connection and forwards it to the server's gRPC
+   handler.
+6. The gRPC handler processes the request and responds via the same connection. The WebSocket handler sends the response
+   from the gRPC handler back to the agent.
+7. The agent's in-memory proxy reads the response off the WebSocket connection and transcodes it back to HTTP/2 and
+   passes it to the agent.
 
 A more straightforward way to think about the WebSocket transcoding architecture is that network traffic between the
 Palette agent and the management plane uses the WebSocket connection and the HTTP/1.1 protocol. The agent and server are
 still communicating using gRPC, but the messages are transcoded to the HTTP/1.1 protocol between the two entities. Using
 WebSocket and HTTP/1.1 removes issues due to application firewalls or network proxies not supporting the HTTP/2
-protocol. Once the gRPC message is internal to the agent or the server, HTTP/2 is used for communication.
+protocol. Once the gRPC message is internal to the agent or the server, the HTTP/2 protocol is used for communication.
 
 ## gRPC and Proxies
 

From e049c58d615038603f644b38cfd038cad91b3a98 Mon Sep 17 00:00:00 2001
From: Karl Cardenas <karl@spectrocloud.com>
Date: Mon, 23 Sep 2024 15:58:41 -0700
Subject: [PATCH 4/7] docs: vale feedback

---
 docs/docs-content/architecture/grps-proxy.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/docs-content/architecture/grps-proxy.md b/docs/docs-content/architecture/grps-proxy.md
index 5ecd152e71..89247bf097 100644
--- a/docs/docs-content/architecture/grps-proxy.md
+++ b/docs/docs-content/architecture/grps-proxy.md
@@ -38,7 +38,7 @@ attempts, the agent initiates the failover to a WebSocket connection and transco
 protocol.
 
 The Palette agent direct gRPC messages to a freshly started in-memory proxy service that take the original gRPC request
-and transcode it to HTTP/1.1 protocol and send it over the WebSocket connection to the mangement plane. The management
+and transcode it to HTTP/1.1 protocol and send it over the WebSocket connection to the management plane. The management
 plane's websocket handler will then accept the WebSocket message and transcode the message back the HTTP/2 protocol and
 forward it to the gRPC handler. The server will then respond with a gRPC message that will be transcoded to HTTP/1.1 and
 sent back to the agent over the WebSocket. The agent's in-memory proxy will then read the message and transcode it back

From a0b7932b2558370f3cde30aa60ba6c929c282894 Mon Sep 17 00:00:00 2001
From: Karl Cardenas <29551334+karl-cardenas-coding@users.noreply.github.com>
Date: Tue, 24 Sep 2024 09:57:25 -0700
Subject: [PATCH 5/7] docs: apply suggestions from code review

Co-authored-by: caroldelwing <carolina.delwing@spectrocloud.com>
---
 docs/docs-content/architecture/grps-proxy.md | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/docs/docs-content/architecture/grps-proxy.md b/docs/docs-content/architecture/grps-proxy.md
index 89247bf097..e2b57c5491 100644
--- a/docs/docs-content/architecture/grps-proxy.md
+++ b/docs/docs-content/architecture/grps-proxy.md
@@ -37,12 +37,7 @@ Behind the scenes, when the Palette agent fails to connect with the management p
 attempts, the agent initiates the failover to a WebSocket connection and transcodes the gRPC messages with the HTTP/1.1
 protocol.
 
-The Palette agent direct gRPC messages to a freshly started in-memory proxy service that take the original gRPC request
-and transcode it to HTTP/1.1 protocol and send it over the WebSocket connection to the management plane. The management
-plane's websocket handler will then accept the WebSocket message and transcode the message back the HTTP/2 protocol and
-forward it to the gRPC handler. The server will then respond with a gRPC message that will be transcoded to HTTP/1.1 and
-sent back to the agent over the WebSocket. The agent's in-memory proxy will then read the message and transcode it back
-to HTTP/2 and pass it to the agent.
+The Palette agent directs gRPC messages to a freshly started in-memory proxy service, which takes the original gRPC request, transcodes it to HTTP/1.1 protocol, and sends it over the WebSocket connection to the management plane. The management plane's WebSocket handler will then accept the WebSocket message and transcode it back to the HTTP/2 protocol before forwarding it to the gRPC handler. The server will then respond with a gRPC message, which will be transcoded to HTTP/1.1 and sent back to the agent over the WebSocket. The agent's in-memory proxy will read the message and transcode it back to HTTP/2 and pass it to the agent.
 
 ![An architecture diagram of the gRPC over WebSocket flow from a network perspective. Agent to agent proxy, to WebSocket handler, who then forwards the message to the server gRPC handler.](/architecture_grps-proxy_grpc-websocket.webp)
 
@@ -70,8 +65,7 @@ protocol. Once the gRPC message is internal to the agent or the server, the HTTP
 :::info
 
 The following sections provide information about using gRPC with network proxies. These issues are addressed by using
-WebSocket and the HTTP/1.1 protocol as a fallback mechanism. However, if you want to better understand the decision to,
-fall back to a WebSocket connection. In that case, the following sections provide more information about challenges with
+WebSocket and the HTTP/1.1 protocol as a fallback mechanism. However, if you want to better understand the reasons for falling back to a WebSocket connection, the following sections provide more information about challenges with
 gRPC and network proxies. If you want to learn more about gRPC and transcoding, check out the Red Hat article
 [gRPC Anywhere](https://www.redhat.com/en/blog/grpc-anywhere).
 

From 205e75296a720e279a4cb6b5252c203903c0d435 Mon Sep 17 00:00:00 2001
From: karl-cardenas-coding <karl-cardenas-coding@users.noreply.github.com>
Date: Tue, 24 Sep 2024 16:59:56 +0000
Subject: [PATCH 6/7] ci: auto-formatting prettier issues

---
 docs/docs-content/architecture/grps-proxy.md | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/docs/docs-content/architecture/grps-proxy.md b/docs/docs-content/architecture/grps-proxy.md
index e2b57c5491..7bd4cbc574 100644
--- a/docs/docs-content/architecture/grps-proxy.md
+++ b/docs/docs-content/architecture/grps-proxy.md
@@ -37,7 +37,12 @@ Behind the scenes, when the Palette agent fails to connect with the management p
 attempts, the agent initiates the failover to a WebSocket connection and transcodes the gRPC messages with the HTTP/1.1
 protocol.
 
-The Palette agent directs gRPC messages to a freshly started in-memory proxy service, which takes the original gRPC request, transcodes it to HTTP/1.1 protocol, and sends it over the WebSocket connection to the management plane. The management plane's WebSocket handler will then accept the WebSocket message and transcode it back to the HTTP/2 protocol before forwarding it to the gRPC handler. The server will then respond with a gRPC message, which will be transcoded to HTTP/1.1 and sent back to the agent over the WebSocket. The agent's in-memory proxy will read the message and transcode it back to HTTP/2 and pass it to the agent.
+The Palette agent directs gRPC messages to a freshly started in-memory proxy service, which takes the original gRPC
+request, transcodes it to HTTP/1.1 protocol, and sends it over the WebSocket connection to the management plane. The
+management plane's WebSocket handler will then accept the WebSocket message and transcode it back to the HTTP/2 protocol
+before forwarding it to the gRPC handler. The server will then respond with a gRPC message, which will be transcoded to
+HTTP/1.1 and sent back to the agent over the WebSocket. The agent's in-memory proxy will read the message and transcode
+it back to HTTP/2 and pass it to the agent.
 
 ![An architecture diagram of the gRPC over WebSocket flow from a network perspective. Agent to agent proxy, to WebSocket handler, who then forwards the message to the server gRPC handler.](/architecture_grps-proxy_grpc-websocket.webp)
 
@@ -65,8 +70,9 @@ protocol. Once the gRPC message is internal to the agent or the server, the HTTP
 :::info
 
 The following sections provide information about using gRPC with network proxies. These issues are addressed by using
-WebSocket and the HTTP/1.1 protocol as a fallback mechanism. However, if you want to better understand the reasons for falling back to a WebSocket connection, the following sections provide more information about challenges with
-gRPC and network proxies. If you want to learn more about gRPC and transcoding, check out the Red Hat article
+WebSocket and the HTTP/1.1 protocol as a fallback mechanism. However, if you want to better understand the reasons for
+falling back to a WebSocket connection, the following sections provide more information about challenges with gRPC and
+network proxies. If you want to learn more about gRPC and transcoding, check out the Red Hat article
 [gRPC Anywhere](https://www.redhat.com/en/blog/grpc-anywhere).
 
 :::

From a1d1ce9004d1b6ae158250d8d0d0665da59e0789 Mon Sep 17 00:00:00 2001
From: Karl Cardenas <karl@spectrocloud.com>
Date: Tue, 24 Sep 2024 10:15:22 -0700
Subject: [PATCH 7/7] docs: feedback updates

---
 docs/docs-content/architecture/grps-proxy.md | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/docs/docs-content/architecture/grps-proxy.md b/docs/docs-content/architecture/grps-proxy.md
index e2b57c5491..cdd72bd2b6 100644
--- a/docs/docs-content/architecture/grps-proxy.md
+++ b/docs/docs-content/architecture/grps-proxy.md
@@ -37,15 +37,21 @@ Behind the scenes, when the Palette agent fails to connect with the management p
 attempts, the agent initiates the failover to a WebSocket connection and transcodes the gRPC messages with the HTTP/1.1
 protocol.
 
-The Palette agent directs gRPC messages to a freshly started in-memory proxy service, which takes the original gRPC request, transcodes it to HTTP/1.1 protocol, and sends it over the WebSocket connection to the management plane. The management plane's WebSocket handler will then accept the WebSocket message and transcode it back to the HTTP/2 protocol before forwarding it to the gRPC handler. The server will then respond with a gRPC message, which will be transcoded to HTTP/1.1 and sent back to the agent over the WebSocket. The agent's in-memory proxy will read the message and transcode it back to HTTP/2 and pass it to the agent.
+The Palette agent directs gRPC messages to a freshly started in-memory proxy service, which takes the original gRPC
+request, transcodes it to HTTP/1.1 protocol, and sends it over the WebSocket connection to the management plane. The
+management plane's WebSocket handler will then accept the WebSocket message and transcode it back to the HTTP/2 protocol
+before forwarding it to the gRPC handler. The server will then respond with a gRPC message, which will be transcoded to
+HTTP/1.1 and sent back to the agent over the WebSocket. The agent's in-memory proxy will read the message and transcode
+it back to HTTP/2 and pass it to the agent.
 
 ![An architecture diagram of the gRPC over WebSocket flow from a network perspective. Agent to agent proxy, to WebSocket handler, who then forwards the message to the server gRPC handler.](/architecture_grps-proxy_grpc-websocket.webp)
 
 Below is a high-level overview of the order of operations when the Palette agent falls back to using WebSocket:
 
-1. The agent initiates a gRPC request to the server.
-2. The agent initiates a WebSocket connection with the management plane servers.
-3. The server accepts the WebSocket connection.
+1. The agent initiates a new gRPC request to the management plane servers that is picked up by the in-memory proxy
+   service.
+2. The agent's in-memory proxy creates a WebSocket connection with the management plane servers.
+3. The management plane server accepts the WebSocket connection
 4. The agent in-memory proxy transcodes the gRPC request on-demand and sends it via the WebSocket connection.
 5. The server's WebSocker handler reads the request off the WebSocket connection and forwards it to the server's gRPC
    handler.
@@ -65,8 +71,9 @@ protocol. Once the gRPC message is internal to the agent or the server, the HTTP
 :::info
 
 The following sections provide information about using gRPC with network proxies. These issues are addressed by using
-WebSocket and the HTTP/1.1 protocol as a fallback mechanism. However, if you want to better understand the reasons for falling back to a WebSocket connection, the following sections provide more information about challenges with
-gRPC and network proxies. If you want to learn more about gRPC and transcoding, check out the Red Hat article
+WebSocket and the HTTP/1.1 protocol as a fallback mechanism. However, if you want to better understand the reasons for
+falling back to a WebSocket connection, the following sections provide more information about challenges with gRPC and
+network proxies. If you want to learn more about gRPC and transcoding, check out the Red Hat article
 [gRPC Anywhere](https://www.redhat.com/en/blog/grpc-anywhere).
 
 :::