From 06caa543d6441e6aa7e62daec59515afed71e62a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 9 Sep 2022 21:09:37 +0000
Subject: [PATCH 01/36] Bump kafka3.version from 3.2.1 to 3.2.2

Bumps `kafka3.version` from 3.2.1 to 3.2.2.

Updates `kafka-clients` from 3.2.1 to 3.2.2

Updates `kafka-streams` from 3.2.1 to 3.2.2

Updates `kafka-streams-test-utils` from 3.2.1 to 3.2.2

Updates `kafka_2.13` from 3.2.1 to 3.2.2

---
updated-dependencies:
- dependency-name: org.apache.kafka:kafka-clients
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.kafka:kafka-streams
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.kafka:kafka-streams-test-utils
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.apache.kafka:kafka_2.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 bom/application/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bom/application/pom.xml b/bom/application/pom.xml
index 5c60d85458a32..941daff544a10 100644
--- a/bom/application/pom.xml
+++ b/bom/application/pom.xml
@@ -138,7 +138,7 @@
         <reactive-streams.version>1.0.3</reactive-streams.version>
         <jboss-logging.version>3.5.0.Final</jboss-logging.version>
         <mutiny.version>1.7.0</mutiny.version>
-        <kafka3.version>3.2.1</kafka3.version>
+        <kafka3.version>3.2.2</kafka3.version>
         <lz4.version>1.8.0</lz4.version> <!-- dependency of the kafka-clients that could be overridden by other imported BOMs in the platform -->
         <snappy.version>1.1.8.4</snappy.version>
         <strimzi-test-container.version>0.100.0</strimzi-test-container.version>

From eee3dc2ce607093725baf69b5f98cd6eea618c6e Mon Sep 17 00:00:00 2001
From: Auri Munoz <amunozhe@redhat.com>
Date: Fri, 9 Sep 2022 16:02:49 +0200
Subject: [PATCH 02/36] update Stork version to align with k8s client 6.x

Related to #6588
---
 bom/application/pom.xml                                       | 2 +-
 .../src/main/java/io/quarkus/stork/StorkConfigUtil.java       | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/bom/application/pom.xml b/bom/application/pom.xml
index 5c60d85458a32..828b66760ac41 100644
--- a/bom/application/pom.xml
+++ b/bom/application/pom.xml
@@ -53,7 +53,7 @@
         <smallrye-reactive-types-converter.version>2.7.0</smallrye-reactive-types-converter.version>
         <smallrye-mutiny-vertx-binding.version>2.26.0</smallrye-mutiny-vertx-binding.version>
         <smallrye-reactive-messaging.version>3.18.0</smallrye-reactive-messaging.version>
-        <smallrye-stork.version>1.1.2</smallrye-stork.version>
+        <smallrye-stork.version>1.2.0</smallrye-stork.version>
         <jakarta.activation.version>1.2.1</jakarta.activation.version>
         <jakarta.annotation-api.version>1.3.5</jakarta.annotation-api.version>
         <jakarta.el-impl.version>3.0.4</jakarta.el-impl.version>
diff --git a/extensions/smallrye-stork/runtime/src/main/java/io/quarkus/stork/StorkConfigUtil.java b/extensions/smallrye-stork/runtime/src/main/java/io/quarkus/stork/StorkConfigUtil.java
index db9d9f68b29a8..a87bb3f39b0f5 100644
--- a/extensions/smallrye-stork/runtime/src/main/java/io/quarkus/stork/StorkConfigUtil.java
+++ b/extensions/smallrye-stork/runtime/src/main/java/io/quarkus/stork/StorkConfigUtil.java
@@ -16,9 +16,9 @@ public static List<ServiceConfig> toStorkServiceConfig(StorkConfiguration storkC
         for (String serviceName : servicesConfigs) {
             builder.setServiceName(serviceName);
             ServiceConfiguration serviceConfiguration = storkConfiguration.serviceConfiguration.get(serviceName);
-            SimpleServiceConfig.SimpleServiceDiscoveryConfig storkServiceDiscoveryConfig = new SimpleServiceConfig.SimpleServiceDiscoveryConfig(
+            SimpleServiceConfig.SimpleConfigWithType storkServiceDiscoveryConfig = new SimpleServiceConfig.SimpleConfigWithType(
                     serviceConfiguration.serviceDiscovery.type, serviceConfiguration.serviceDiscovery.params);
-            builder.setServiceDiscovery(storkServiceDiscoveryConfig);
+            builder = builder.setServiceDiscovery(storkServiceDiscoveryConfig);
             SimpleServiceConfig.SimpleLoadBalancerConfig loadBalancerConfig = new SimpleServiceConfig.SimpleLoadBalancerConfig(
                     serviceConfiguration.loadBalancer.type, serviceConfiguration.loadBalancer.parameters);
             builder.setLoadBalancer(loadBalancerConfig);

From 565f4d42888f2c308d3970b62e22e995059000f7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9da=20Housni=20Alaoui?= <reda-alaoui@hey.com>
Date: Fri, 22 Jul 2022 22:15:40 +0200
Subject: [PATCH 03/36] Quarkus NativeImageBuildStep fails with perm denied
 with docker rootless

---
 .../quarkus/deployment/IsDockerWorking.java   | 27 ------
 .../io/quarkus/deployment/OutputFilter.java   | 31 +++++++
 .../NativeImageBuildLocalContainerRunner.java | 90 +++++++++++++++++--
 3 files changed, 114 insertions(+), 34 deletions(-)
 create mode 100644 core/deployment/src/main/java/io/quarkus/deployment/OutputFilter.java

diff --git a/core/deployment/src/main/java/io/quarkus/deployment/IsDockerWorking.java b/core/deployment/src/main/java/io/quarkus/deployment/IsDockerWorking.java
index 861e77cb98b0f..61121cc405474 100644
--- a/core/deployment/src/main/java/io/quarkus/deployment/IsDockerWorking.java
+++ b/core/deployment/src/main/java/io/quarkus/deployment/IsDockerWorking.java
@@ -1,11 +1,8 @@
 
 package io.quarkus.deployment;
 
-import java.io.BufferedReader;
 import java.io.File;
 import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
 import java.lang.reflect.InvocationTargetException;
 import java.net.InetSocketAddress;
 import java.net.Socket;
@@ -15,7 +12,6 @@
 import java.util.List;
 import java.util.Optional;
 import java.util.function.BooleanSupplier;
-import java.util.function.Function;
 import java.util.function.Supplier;
 
 import org.eclipse.microprofile.config.ConfigProvider;
@@ -176,29 +172,6 @@ public Result get() {
             }
         }
 
-        public static class OutputFilter implements Function<InputStream, Runnable> {
-            private final StringBuilder builder = new StringBuilder();
-
-            @Override
-            public Runnable apply(InputStream is) {
-                return () -> {
-
-                    try (InputStreamReader isr = new InputStreamReader(is);
-                            BufferedReader reader = new BufferedReader(isr)) {
-
-                        for (String line = reader.readLine(); line != null; line = reader.readLine()) {
-                            builder.append(line);
-                        }
-                    } catch (IOException e) {
-                        throw new RuntimeException("Error reading stream.", e);
-                    }
-                };
-            }
-
-            public String getOutput() {
-                return builder.toString();
-            }
-        }
     }
 
     private enum Result {
diff --git a/core/deployment/src/main/java/io/quarkus/deployment/OutputFilter.java b/core/deployment/src/main/java/io/quarkus/deployment/OutputFilter.java
new file mode 100644
index 0000000000000..1d3af6e190939
--- /dev/null
+++ b/core/deployment/src/main/java/io/quarkus/deployment/OutputFilter.java
@@ -0,0 +1,31 @@
+package io.quarkus.deployment;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.util.function.Function;
+
+public class OutputFilter implements Function<InputStream, Runnable> {
+    private final StringBuilder builder = new StringBuilder();
+
+    @Override
+    public Runnable apply(InputStream is) {
+        return () -> {
+
+            try (InputStreamReader isr = new InputStreamReader(is);
+                    BufferedReader reader = new BufferedReader(isr)) {
+
+                for (String line = reader.readLine(); line != null; line = reader.readLine()) {
+                    builder.append(line);
+                }
+            } catch (IOException e) {
+                throw new RuntimeException("Error reading stream.", e);
+            }
+        };
+    }
+
+    public String getOutput() {
+        return builder.toString();
+    }
+}
diff --git a/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/NativeImageBuildLocalContainerRunner.java b/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/NativeImageBuildLocalContainerRunner.java
index b63f2cb92886f..1be0521d44027 100644
--- a/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/NativeImageBuildLocalContainerRunner.java
+++ b/core/deployment/src/main/java/io/quarkus/deployment/pkg/steps/NativeImageBuildLocalContainerRunner.java
@@ -2,37 +2,112 @@
 
 import static io.quarkus.deployment.pkg.steps.LinuxIDUtil.getLinuxID;
 
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.LinkOption;
 import java.nio.file.Path;
+import java.time.Duration;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
+import java.util.Objects;
+import java.util.Set;
+import java.util.function.Predicate;
+import java.util.stream.Collectors;
 
 import org.apache.commons.lang3.SystemUtils;
+import org.jboss.logging.Logger;
 
+import io.quarkus.deployment.OutputFilter;
 import io.quarkus.deployment.pkg.NativeConfig;
+import io.quarkus.deployment.util.ExecUtil;
 import io.quarkus.deployment.util.FileUtil;
 import io.quarkus.runtime.util.ContainerRuntimeUtil;
 
 public class NativeImageBuildLocalContainerRunner extends NativeImageBuildContainerRunner {
 
+    private static final Logger LOGGER = Logger.getLogger(NativeImageBuildLocalContainerRunner.class.getName());
+
     public NativeImageBuildLocalContainerRunner(NativeConfig nativeConfig, Path outputDir) {
         super(nativeConfig, outputDir);
         if (SystemUtils.IS_OS_LINUX) {
             ArrayList<String> containerRuntimeArgs = new ArrayList<>(Arrays.asList(baseContainerRuntimeArgs));
-            String uid = getLinuxID("-ur");
-            String gid = getLinuxID("-gr");
-            if (uid != null && gid != null && !uid.isEmpty() && !gid.isEmpty()) {
-                Collections.addAll(containerRuntimeArgs, "--user", uid + ":" + gid);
-                if (containerRuntime == ContainerRuntimeUtil.ContainerRuntime.PODMAN) {
-                    // Needed to avoid AccessDeniedExceptions
-                    containerRuntimeArgs.add("--userns=keep-id");
+            if (isDockerRootless(containerRuntime)) {
+                Collections.addAll(containerRuntimeArgs, "--user", String.valueOf(0));
+            } else {
+                String uid = getLinuxID("-ur");
+                String gid = getLinuxID("-gr");
+                if (uid != null && gid != null && !uid.isEmpty() && !gid.isEmpty()) {
+                    Collections.addAll(containerRuntimeArgs, "--user", uid + ":" + gid);
+                    if (containerRuntime == ContainerRuntimeUtil.ContainerRuntime.PODMAN) {
+                        // Needed to avoid AccessDeniedExceptions
+                        containerRuntimeArgs.add("--userns=keep-id");
+                    }
                 }
             }
             baseContainerRuntimeArgs = containerRuntimeArgs.toArray(baseContainerRuntimeArgs);
         }
     }
 
+    private static boolean isDockerRootless(ContainerRuntimeUtil.ContainerRuntime containerRuntime) {
+        if (containerRuntime != ContainerRuntimeUtil.ContainerRuntime.DOCKER) {
+            return false;
+        }
+        String dockerEndpoint = fetchDockerEndpoint();
+        // docker socket?
+        String socketUriPrefix = "unix://";
+        if (dockerEndpoint == null || !dockerEndpoint.startsWith(socketUriPrefix)) {
+            return false;
+        }
+        String dockerSocket = dockerEndpoint.substring(socketUriPrefix.length());
+        String currentUid = getLinuxID("-ur");
+        if (currentUid == null || currentUid.isEmpty() || currentUid.equals(String.valueOf(0))) {
+            return false;
+        }
+
+        int socketOwnerUid;
+        try {
+            socketOwnerUid = (int) Files.getAttribute(Path.of(dockerSocket), "unix:uid", LinkOption.NOFOLLOW_LINKS);
+        } catch (IOException e) {
+            LOGGER.infof("Owner UID lookup on '%s' failed with '%s'", dockerSocket, e.getMessage());
+            return false;
+        }
+        return currentUid.equals(String.valueOf(socketOwnerUid));
+    }
+
+    private static String fetchDockerEndpoint() {
+        // DOCKER_HOST environment variable overrides the active context
+        String dockerHost = System.getenv("DOCKER_HOST");
+        if (dockerHost != null) {
+            return dockerHost;
+        }
+
+        OutputFilter outputFilter = new OutputFilter();
+        if (!ExecUtil.execWithTimeout(new File("."), outputFilter, Duration.ofMillis(3000),
+                "docker", "context", "ls", "--format",
+                "'{{- if .Current -}} {{- .DockerEndpoint -}} {{- end -}}'")) {
+            LOGGER.debug("Docker context lookup didn't succeed in time");
+            return null;
+        }
+
+        Set<String> endpoints = outputFilter.getOutput().lines()
+                .filter(Objects::nonNull)
+                .filter(Predicate.not(String::isBlank))
+                .collect(Collectors.toSet());
+        if (endpoints.size() == 1) {
+            return endpoints.stream().findFirst().orElse(null);
+        }
+        if (LOGGER.isDebugEnabled()) {
+            LOGGER.debugf("Found too many active Docker endpoints: [%s]",
+                    endpoints.stream()
+                            .map(endpoint -> String.format("'%s'", endpoint))
+                            .collect(Collectors.joining(",")));
+        }
+        return null;
+    }
+
     @Override
     protected List<String> getContainerRuntimeBuildArgs() {
         List<String> containerRuntimeArgs = super.getContainerRuntimeBuildArgs();
@@ -45,4 +120,5 @@ protected List<String> getContainerRuntimeBuildArgs() {
                 volumeOutputPath + ":" + NativeImageBuildStep.CONTAINER_BUILD_VOLUME_PATH + ":z");
         return containerRuntimeArgs;
     }
+
 }

From dba1b1efdd75043e82c084ee5d08df530c848d46 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Vav=C5=99=C3=ADk?= <mvavrik@redhat.com>
Date: Tue, 13 Sep 2022 21:10:54 +0200
Subject: [PATCH 04/36] Generate Quarkus Maven Plugin Config Docs

resolves: #1204
---
 .../annotation/processor/Constants.java       |   2 +
 .../processor/generate_doc/ConfigDoc.java     |  20 ++++
 .../generate_doc/ConfigDocBuilder.java        |  91 +++++++++++++++
 .../generate_doc/ConfigDocWriter.java         |  58 ++++------
 .../processor/generate_doc/DocFormatter.java  |   4 +-
 .../processor/generate_doc/JavaDocParser.java |  17 ++-
 .../generate_doc/MavenConfigDocBuilder.java   |  98 ++++++++++++++++
 .../SummaryTableDocFormatter.java             |  48 +++++---
 .../JavaDocConfigDescriptionParserTest.java   |   6 +
 docs/pom.xml                                  |  17 +++
 .../main/asciidoc/quarkus-maven-plugin.adoc   |  27 +++++
 .../QuarkusMavenPluginDocsGenerator.java      | 106 ++++++++++++++++++
 12 files changed, 437 insertions(+), 57 deletions(-)
 create mode 100644 core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/ConfigDoc.java
 create mode 100644 core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/ConfigDocBuilder.java
 create mode 100644 core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/MavenConfigDocBuilder.java
 create mode 100644 docs/src/main/asciidoc/quarkus-maven-plugin.adoc
 create mode 100644 docs/src/main/java/io/quarkus/docs/generation/QuarkusMavenPluginDocsGenerator.java

diff --git a/core/processor/src/main/java/io/quarkus/annotation/processor/Constants.java b/core/processor/src/main/java/io/quarkus/annotation/processor/Constants.java
index 3f99646027c9b..60ad1ab17f006 100644
--- a/core/processor/src/main/java/io/quarkus/annotation/processor/Constants.java
+++ b/core/processor/src/main/java/io/quarkus/annotation/processor/Constants.java
@@ -28,6 +28,8 @@ final public class Constants {
     public static final String DASH = "-";
     public static final String ADOC_EXTENSION = ".adoc";
     public static final String DIGIT_OR_LOWERCASE = "^[a-z0-9]+$";
+    public static final String NEW_LINE = "\n";
+    public static final String SECTION_TITLE_L1 = "= ";
 
     public static final String PARENT = "<<parent>>";
     public static final String NO_DEFAULT = "<<no default>>";
diff --git a/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/ConfigDoc.java b/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/ConfigDoc.java
new file mode 100644
index 0000000000000..0ad3e5a327d4d
--- /dev/null
+++ b/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/ConfigDoc.java
@@ -0,0 +1,20 @@
+package io.quarkus.annotation.processor.generate_doc;
+
+import java.io.IOException;
+import java.io.Writer;
+import java.util.List;
+
+/**
+ * Represent one output file, its items are going to be appended to the file
+ */
+interface ConfigDoc {
+
+    List<WriteItem> getWriteItems();
+
+    /**
+     * An item is a summary table, note below the table, ...
+     */
+    interface WriteItem {
+        void accept(Writer writer) throws IOException;
+    }
+}
diff --git a/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/ConfigDocBuilder.java b/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/ConfigDocBuilder.java
new file mode 100644
index 0000000000000..57edebb518529
--- /dev/null
+++ b/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/ConfigDocBuilder.java
@@ -0,0 +1,91 @@
+package io.quarkus.annotation.processor.generate_doc;
+
+import static io.quarkus.annotation.processor.Constants.SUMMARY_TABLE_ID_VARIABLE;
+import static java.util.Objects.requireNonNull;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import io.quarkus.annotation.processor.Constants;
+
+/**
+ * {@link ConfigDoc} builder
+ */
+class ConfigDocBuilder {
+
+    /**
+     * Declare AsciiDoc variable
+     */
+    private static final String DECLARE_VAR = "\n:%s: %s\n";
+    private final DocFormatter summaryTableDocFormatter;
+    protected final List<ConfigDoc.WriteItem> writeItems = new ArrayList<>();
+
+    public ConfigDocBuilder() {
+        summaryTableDocFormatter = new SummaryTableDocFormatter();
+    }
+
+    protected ConfigDocBuilder(boolean showEnvVars) {
+        summaryTableDocFormatter = new SummaryTableDocFormatter(showEnvVars);
+    }
+
+    /**
+     * Add documentation in a summary table and descriptive format
+     */
+    public final ConfigDocBuilder addSummaryTable(String initialAnchorPrefix, boolean activateSearch,
+            List<ConfigDocItem> configDocItems, String fileName,
+            boolean includeConfigPhaseLegend) {
+
+        writeItems.add(writer -> {
+
+            // Create var with unique value for each summary table that will make DURATION_FORMAT_NOTE (see below) unique
+            var fileNameWithoutExtension = fileName.substring(0, fileName.length() - Constants.ADOC_EXTENSION.length());
+            writer.append(String.format(DECLARE_VAR, SUMMARY_TABLE_ID_VARIABLE, fileNameWithoutExtension));
+
+            summaryTableDocFormatter.format(writer, initialAnchorPrefix, activateSearch, configDocItems,
+                    includeConfigPhaseLegend);
+
+            boolean hasDuration = false, hasMemory = false;
+            for (ConfigDocItem item : configDocItems) {
+                if (item.hasDurationInformationNote()) {
+                    hasDuration = true;
+                }
+
+                if (item.hasMemoryInformationNote()) {
+                    hasMemory = true;
+                }
+            }
+
+            if (hasDuration) {
+                writer.append(Constants.DURATION_FORMAT_NOTE);
+            }
+
+            if (hasMemory) {
+                writer.append(Constants.MEMORY_SIZE_FORMAT_NOTE);
+            }
+        });
+        return this;
+    }
+
+    public boolean hasWriteItems() {
+        return !writeItems.isEmpty();
+    }
+
+    /**
+     * Passed strings are appended to the file
+     */
+    public final ConfigDocBuilder write(String... strings) {
+        requireNonNull(strings);
+        writeItems.add(writer -> {
+            for (String str : strings) {
+                writer.append(str);
+            }
+        });
+        return this;
+    }
+
+    public final ConfigDoc build() {
+        final List<ConfigDoc.WriteItem> docItemsCopy = List.copyOf(writeItems);
+        return () -> docItemsCopy;
+    }
+
+}
diff --git a/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/ConfigDocWriter.java b/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/ConfigDocWriter.java
index d7d99741ef315..b2baf426709a3 100644
--- a/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/ConfigDocWriter.java
+++ b/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/ConfigDocWriter.java
@@ -1,65 +1,47 @@
 package io.quarkus.annotation.processor.generate_doc;
 
-import static io.quarkus.annotation.processor.Constants.SUMMARY_TABLE_ID_VARIABLE;
-
 import java.io.IOException;
 import java.io.Writer;
 import java.nio.file.Files;
 import java.nio.file.Path;
-import java.util.List;
 
 import io.quarkus.annotation.processor.Constants;
 
 final public class ConfigDocWriter {
-    private final DocFormatter summaryTableDocFormatter = new SummaryTableDocFormatter();
-    private static final String DECLARE_VAR = "\n:%s: %s\n";
 
     /**
      * Write all extension configuration in AsciiDoc format in `{root}/target/asciidoc/generated/config/` directory
      */
     public void writeAllExtensionConfigDocumentation(ConfigDocGeneratedOutput output)
             throws IOException {
-        generateDocumentation(Constants.GENERATED_DOCS_PATH.resolve(output.getFileName()), output.getAnchorPrefix(),
-                output.isSearchable(), output.getConfigDocItems(), output.getFileName());
-    }
 
-    /**
-     * Generate documentation in a summary table and descriptive format
-     *
-     */
-    private void generateDocumentation(Path targetPath, String initialAnchorPrefix, boolean activateSearch,
-            List<ConfigDocItem> configDocItems, String fileName)
-            throws IOException {
-        if (configDocItems.isEmpty()) {
+        if (output.getConfigDocItems().isEmpty()) {
             return;
         }
 
-        try (Writer writer = Files.newBufferedWriter(targetPath)) {
-
-            // Create var with unique value for each summary table that will make DURATION_FORMAT_NOTE (see below) unique
-            var fileNameWithoutExtension = fileName.substring(0, fileName.length() - Constants.ADOC_EXTENSION.length());
-            writer.append(String.format(DECLARE_VAR, SUMMARY_TABLE_ID_VARIABLE, fileNameWithoutExtension));
-
-            summaryTableDocFormatter.format(writer, initialAnchorPrefix, activateSearch, configDocItems);
+        // Create single summary table
+        final var configDocBuilder = new ConfigDocBuilder().addSummaryTable(output.getAnchorPrefix(), output.isSearchable(),
+                output.getConfigDocItems(), output.getFileName(), true);
 
-            boolean hasDuration = false, hasMemory = false;
-            for (ConfigDocItem item : configDocItems) {
-                if (item.hasDurationInformationNote()) {
-                    hasDuration = true;
-                }
-
-                if (item.hasMemoryInformationNote()) {
-                    hasMemory = true;
-                }
-            }
+        generateDocumentation(output.getFileName(), configDocBuilder);
+    }
 
-            if (hasDuration) {
-                writer.append(Constants.DURATION_FORMAT_NOTE);
-            }
+    public void generateDocumentation(String fileName, ConfigDocBuilder configDocBuilder) throws IOException {
+        generateDocumentation(
+                // Resolve output file path
+                Constants.GENERATED_DOCS_PATH.resolve(fileName),
+                // Write all items
+                configDocBuilder.build());
+    }
 
-            if (hasMemory) {
-                writer.append(Constants.MEMORY_SIZE_FORMAT_NOTE);
+    private void generateDocumentation(Path targetPath, ConfigDoc configDoc)
+            throws IOException {
+        try (Writer writer = Files.newBufferedWriter(targetPath)) {
+            for (ConfigDoc.WriteItem writeItem : configDoc.getWriteItems()) {
+                // Write documentation item, f.e. summary table
+                writeItem.accept(writer);
             }
         }
     }
+
 }
diff --git a/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/DocFormatter.java b/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/DocFormatter.java
index b33fe84401bb1..0564a820dbfc7 100644
--- a/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/DocFormatter.java
+++ b/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/DocFormatter.java
@@ -61,8 +61,8 @@ default String getAnchor(String string) {
         return string.toLowerCase();
     }
 
-    void format(Writer writer, String initialAnchorPrefix, boolean activateSearch, List<ConfigDocItem> configDocItems)
-            throws IOException;
+    void format(Writer writer, String initialAnchorPrefix, boolean activateSearch, List<ConfigDocItem> configDocItems,
+            boolean includeConfigPhaseLegend) throws IOException;
 
     void format(Writer writer, ConfigDocKey configDocKey) throws IOException;
 
diff --git a/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/JavaDocParser.java b/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/JavaDocParser.java
index 756f34b97c105..c0afad96a5ab2 100644
--- a/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/JavaDocParser.java
+++ b/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/JavaDocParser.java
@@ -24,6 +24,7 @@ final class JavaDocParser {
     private static final Pattern START_OF_LINE = Pattern.compile("^", Pattern.MULTILINE);
     private static final Pattern REPLACE_WINDOWS_EOL = Pattern.compile("\r\n");
     private static final Pattern REPLACE_MACOS_EOL = Pattern.compile("\r");
+    private static final Pattern STARTING_SPACE = Pattern.compile("^ +");
 
     private static final String BACKTICK = "`";
     private static final String HASH = "#";
@@ -269,7 +270,21 @@ private void appendHtml(StringBuilder sb, Node node) {
                     sb.append(NEW_LINE);
                     break;
                 case TEXT_NODE:
-                    appendEscapedAsciiDoc(sb, ((TextNode) childNode).text());
+                    String text = ((TextNode) childNode).text();
+
+                    if (text.isEmpty()) {
+                        break;
+                    }
+
+                    // Indenting the first line of a paragraph by one or more spaces makes the block literal
+                    // Please see https://docs.asciidoctor.org/asciidoc/latest/verbatim/literal-blocks/ for more info
+                    // This prevents literal blocks f.e. after <br>
+                    final var startingSpaceMatcher = STARTING_SPACE.matcher(text);
+                    if (sb.length() > 0 && '\n' == sb.charAt(sb.length() - 1) && startingSpaceMatcher.find()) {
+                        text = startingSpaceMatcher.replaceFirst("");
+                    }
+
+                    appendEscapedAsciiDoc(sb, text);
                     break;
                 default:
                     appendHtml(sb, childNode);
diff --git a/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/MavenConfigDocBuilder.java b/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/MavenConfigDocBuilder.java
new file mode 100644
index 0000000000000..e55a495fbc1a3
--- /dev/null
+++ b/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/MavenConfigDocBuilder.java
@@ -0,0 +1,98 @@
+package io.quarkus.annotation.processor.generate_doc;
+
+import static io.quarkus.annotation.processor.Constants.EMPTY;
+import static io.quarkus.annotation.processor.Constants.NEW_LINE;
+import static io.quarkus.annotation.processor.Constants.SECTION_TITLE_L1;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import io.quarkus.annotation.processor.Constants;
+
+public final class MavenConfigDocBuilder extends ConfigDocBuilder {
+
+    public MavenConfigDocBuilder() {
+        super(false);
+    }
+
+    private final JavaDocParser javaDocParser = new JavaDocParser();
+
+    public void addTableTitle(String goalTitle) {
+        write(SECTION_TITLE_L1, goalTitle, NEW_LINE);
+    }
+
+    public void addNewLine() {
+        write(NEW_LINE);
+    }
+
+    public void addTableDescription(String goalDescription) {
+        write(NEW_LINE, javaDocParser.parseConfigDescription(goalDescription), NEW_LINE);
+    }
+
+    public GoalParamsBuilder newGoalParamsBuilder() {
+        return new GoalParamsBuilder(javaDocParser);
+    }
+
+    private static abstract class TableBuilder {
+
+        protected final List<ConfigDocItem> configDocItems = new ArrayList<>();
+
+        /**
+         * Section name that is displayed in a table header
+         */
+        abstract protected String getSectionName();
+
+        public List<ConfigDocItem> build() {
+
+            // a summary table
+            final ConfigDocSection parameterSection = new ConfigDocSection();
+            parameterSection.setShowSection(true);
+            parameterSection.setName(getSectionName());
+            parameterSection.setSectionDetailsTitle(getSectionName());
+            parameterSection.setOptional(false);
+            parameterSection.setConfigDocItems(List.copyOf(configDocItems));
+
+            // topConfigDocItem wraps the summary table
+            final ConfigDocItem topConfigDocItem = new ConfigDocItem();
+            topConfigDocItem.setConfigDocSection(parameterSection);
+
+            return List.of(topConfigDocItem);
+        }
+
+        public boolean tableIsNotEmpty() {
+            return !configDocItems.isEmpty();
+        }
+    }
+
+    public static final class GoalParamsBuilder extends TableBuilder {
+
+        private final JavaDocParser javaDocParser;
+
+        private GoalParamsBuilder(JavaDocParser javaDocParser) {
+            this.javaDocParser = javaDocParser;
+        }
+
+        public void addParam(String type, String name, String defaultValue, boolean required, String description) {
+            final ConfigDocKey configDocKey = new ConfigDocKey();
+            configDocKey.setType(type);
+            configDocKey.setKey(name);
+            configDocKey.setConfigPhase(ConfigPhase.RUN_TIME);
+            configDocKey.setDefaultValue(defaultValue == null ? Constants.EMPTY : defaultValue);
+            if (description != null && !description.isBlank()) {
+                configDocKey.setConfigDoc(javaDocParser.parseConfigDescription(description));
+            } else {
+                configDocKey.setConfigDoc(EMPTY);
+            }
+            configDocKey.setOptional(!required);
+            final ConfigDocItem configDocItem = new ConfigDocItem();
+            configDocItem.setConfigDocKey(configDocKey);
+            configDocItems.add(configDocItem);
+        }
+
+        @Override
+        protected String getSectionName() {
+            return "Parameter";
+        }
+    }
+
+}
diff --git a/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/SummaryTableDocFormatter.java b/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/SummaryTableDocFormatter.java
index 47935389f9c42..654b484967c47 100644
--- a/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/SummaryTableDocFormatter.java
+++ b/core/processor/src/main/java/io/quarkus/annotation/processor/generate_doc/SummaryTableDocFormatter.java
@@ -1,5 +1,7 @@
 package io.quarkus.annotation.processor.generate_doc;
 
+import static io.quarkus.annotation.processor.Constants.CONFIG_PHASE_LEGEND;
+import static io.quarkus.annotation.processor.Constants.NEW_LINE;
 import static io.quarkus.annotation.processor.generate_doc.DocGeneratorUtil.toEnvVarName;
 
 import java.io.IOException;
@@ -15,22 +17,34 @@ final class SummaryTableDocFormatter implements DocFormatter {
     public static final String CONFIGURATION_TABLE_CLASS = ".configuration-reference";
     private static final String TABLE_ROW_FORMAT = "\n\na|%s [[%s]]`link:#%s[%s]`\n\n[.description]\n--\n%s\n--%s|%s %s\n|%s\n";
     private static final String SECTION_TITLE = "[[%s]]link:#%s[%s]";
+    private static final String TABLE_HEADER_FORMAT = "[%s, cols=\"80,.^10,.^10\"]\n|===";
     private static final String TABLE_SECTION_ROW_FORMAT = "\n\nh|%s\n%s\nh|Type\nh|Default";
-    private static final String TABLE_HEADER_FORMAT = "[.configuration-legend]%s\n[%s, cols=\"80,.^10,.^10\"]\n|===";
+    private final boolean showEnvVars;
 
     private String anchorPrefix = "";
 
+    public SummaryTableDocFormatter(boolean showEnvVars) {
+        this.showEnvVars = showEnvVars;
+    }
+
+    public SummaryTableDocFormatter() {
+        this(true);
+    }
+
     /**
      * Generate configuration keys in table format with search engine activated or not.
      * Useful when we want to optionally activate or deactivate search engine
      */
     @Override
-    public void format(Writer writer, String initialAnchorPrefix, boolean activateSearch, List<ConfigDocItem> configDocItems)
+    public void format(Writer writer, String initialAnchorPrefix, boolean activateSearch,
+            List<ConfigDocItem> configDocItems, boolean includeConfigPhaseLegend)
             throws IOException {
+        if (includeConfigPhaseLegend) {
+            writer.append("[.configuration-legend]").append(CONFIG_PHASE_LEGEND).append(NEW_LINE);
+        }
         String searchableClass = activateSearch ? SEARCHABLE_TABLE_CLASS : Constants.EMPTY;
         String tableClasses = CONFIGURATION_TABLE_CLASS + searchableClass;
-        final String tableHeaders = String.format(TABLE_HEADER_FORMAT, Constants.CONFIG_PHASE_LEGEND, tableClasses);
-        writer.append(tableHeaders);
+        writer.append(String.format(TABLE_HEADER_FORMAT, tableClasses));
         anchorPrefix = initialAnchorPrefix;
 
         // make sure that section-less configs get a legend
@@ -74,18 +88,20 @@ public void format(Writer writer, ConfigDocKey configDocKey) throws IOException
 
         String doc = configDocKey.getConfigDoc();
 
-        // Convert a property name to an environment variable name and show it in the config description
-        final String envVarExample = String.format("ifdef::add-copy-button-to-env-var[]\n" +
-                "Environment variable: env_var_with_copy_button:+++%1$s+++[]\n" +
-                "endif::add-copy-button-to-env-var[]\n" +
-                "ifndef::add-copy-button-to-env-var[]\n" +
-                "Environment variable: `+++%1$s+++`\n" +
-                "endif::add-copy-button-to-env-var[]", toEnvVarName(configDocKey.getKey()));
-        if (configDocKey.getConfigDoc().isEmpty()) {
-            doc = envVarExample;
-        } else {
-            // Add 2 new lines in order to show the environment variable on next line
-            doc += TWO_NEW_LINES + envVarExample;
+        if (showEnvVars) {
+            // Convert a property name to an environment variable name and show it in the config description
+            final String envVarExample = String.format("ifdef::add-copy-button-to-env-var[]\n" +
+                    "Environment variable: env_var_with_copy_button:+++%1$s+++[]\n" +
+                    "endif::add-copy-button-to-env-var[]\n" +
+                    "ifndef::add-copy-button-to-env-var[]\n" +
+                    "Environment variable: `+++%1$s+++`\n" +
+                    "endif::add-copy-button-to-env-var[]", toEnvVarName(configDocKey.getKey()));
+            if (configDocKey.getConfigDoc().isEmpty()) {
+                doc = envVarExample;
+            } else {
+                // Add 2 new lines in order to show the environment variable on next line
+                doc += TWO_NEW_LINES + envVarExample;
+            }
         }
 
         final String typeDetail = DocGeneratorUtil.getTypeFormatInformationNote(configDocKey);
diff --git a/core/processor/src/test/java/io/quarkus/annotation/processor/generate_doc/JavaDocConfigDescriptionParserTest.java b/core/processor/src/test/java/io/quarkus/annotation/processor/generate_doc/JavaDocConfigDescriptionParserTest.java
index 292162160a273..b84268727d097 100644
--- a/core/processor/src/test/java/io/quarkus/annotation/processor/generate_doc/JavaDocConfigDescriptionParserTest.java
+++ b/core/processor/src/test/java/io/quarkus/annotation/processor/generate_doc/JavaDocConfigDescriptionParserTest.java
@@ -25,6 +25,12 @@ public void parseNullJavaDoc() {
         assertEquals("", parsed);
     }
 
+    @Test
+    public void removeParagraphIndentation() {
+        String parsed = parser.parseConfigDescription("First paragraph<br><br> Second Paragraph");
+        assertEquals("First paragraph\n\nSecond Paragraph", parsed);
+    }
+
     @Test
     public void parseUntrimmedJavaDoc() {
         String parsed = parser.parseConfigDescription("                ");
diff --git a/docs/pom.xml b/docs/pom.xml
index 9d822f26545c2..4ba712b36fe97 100644
--- a/docs/pom.xml
+++ b/docs/pom.xml
@@ -2802,6 +2802,23 @@
                             </environmentVariables>
                         </configuration>
                     </execution>
+                    <execution>
+                        <id>generate-quarkus-mvn-plugin-docs</id>
+                        <phase>process-classes</phase>
+                        <goals>
+                            <goal>java</goal>
+                        </goals>
+                        <configuration>
+                            <skip>${skipDocs}</skip>
+                            <mainClass>io.quarkus.docs.generation.QuarkusMavenPluginDocsGenerator</mainClass>
+                            <arguments>
+                                <argument>${project.basedir}/../devtools/maven/target/classes/META-INF/maven/plugin.xml</argument>
+                            </arguments>
+                            <environmentVariables>
+                                <MAVEN_CMD_LINE_ARGS>${env.MAVEN_CMD_LINE_ARGS}</MAVEN_CMD_LINE_ARGS>
+                            </environmentVariables>
+                        </configuration>
+                    </execution>
                     <execution>
                         <id>all-build-item-classes</id>
                         <phase>process-classes</phase>
diff --git a/docs/src/main/asciidoc/quarkus-maven-plugin.adoc b/docs/src/main/asciidoc/quarkus-maven-plugin.adoc
new file mode 100644
index 0000000000000..249c48287672c
--- /dev/null
+++ b/docs/src/main/asciidoc/quarkus-maven-plugin.adoc
@@ -0,0 +1,27 @@
+////
+This guide is maintained in the main Quarkus repository
+and pull requests should be submitted there:
+https://github.com/quarkusio/quarkus/tree/main/docs/src/main/asciidoc
+////
+= Quarkus Maven Plugin
+
+The Quarkus Maven Plugin builds the Quarkus applications, and provides helpers to launch dev mode or build native executables.
+For more information about how to use the Quarkus Maven Plugin, please refer to the xref:maven-tooling.adoc[Maven Tooling guide].
+
+include::./attributes.adoc[]
+
+== Discover Maven goals
+
+Like most Maven plugins, the Quarkus Maven Plugin has a `help` goal that prints the description of the plugin, listing all available goals as well as their description.
+It is also possible to print out detailed information about a goal, all its parameters and their default values. For instance, to see the help for the `create` goal, run:
+
+[source,shell]
+----
+./mvnw quarkus:help -Ddetail -Dgoal=create
+----
+
+== Maven goals reference
+
+Here is the list of all the Quarkus Maven Plugin goals:
+
+include::{generated-dir}/config/quarkus-maven-plugin-goals.adoc[opts=optional, leveloffset=+2]
diff --git a/docs/src/main/java/io/quarkus/docs/generation/QuarkusMavenPluginDocsGenerator.java b/docs/src/main/java/io/quarkus/docs/generation/QuarkusMavenPluginDocsGenerator.java
new file mode 100644
index 0000000000000..0020be0a5c902
--- /dev/null
+++ b/docs/src/main/java/io/quarkus/docs/generation/QuarkusMavenPluginDocsGenerator.java
@@ -0,0 +1,106 @@
+package io.quarkus.docs.generation;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.Reader;
+import java.nio.file.Files;
+import java.nio.file.Path;
+
+import org.apache.maven.plugin.descriptor.MojoDescriptor;
+import org.apache.maven.plugin.descriptor.Parameter;
+import org.apache.maven.plugin.descriptor.PluginDescriptor;
+import org.apache.maven.plugin.descriptor.PluginDescriptorBuilder;
+import org.codehaus.plexus.util.xml.XmlStreamReader;
+
+import io.quarkus.annotation.processor.Constants;
+import io.quarkus.annotation.processor.generate_doc.ConfigDocWriter;
+import io.quarkus.annotation.processor.generate_doc.MavenConfigDocBuilder;
+import io.quarkus.annotation.processor.generate_doc.MavenConfigDocBuilder.GoalParamsBuilder;
+
+/**
+ * Generates documentation for the Quarkus Maven Plugin from plugin descriptor.
+ */
+public class QuarkusMavenPluginDocsGenerator {
+
+    private static final String QUARKUS_MAVEN_PLUGIN = "quarkus-maven-plugin-";
+    private static final String GOALS_OUTPUT_FILE_NAME = QUARKUS_MAVEN_PLUGIN + "goals" + Constants.ADOC_EXTENSION;
+    private static final String GOAL_PARAMETER_ANCHOR_PREFIX = QUARKUS_MAVEN_PLUGIN + "goal-%s-";
+
+    public static void main(String[] args) throws Exception {
+
+        String errorMessage = null;
+
+        // Path to Quarkus Maven Plugin descriptor (plugin.xml)
+        final Path pluginXmlDescriptorPath;
+        if (args.length == 1) {
+            pluginXmlDescriptorPath = Path.of(args[0]);
+        } else {
+            pluginXmlDescriptorPath = null;
+            errorMessage = String.format("Expected 1 argument ('plugin.xml' file path), got %s", args.length);
+        }
+
+        // Check the file exist
+        if (pluginXmlDescriptorPath != null
+                && (!Files.exists(pluginXmlDescriptorPath) || !Files.isRegularFile(pluginXmlDescriptorPath))) {
+            errorMessage = String.format("File does not exist: %s", pluginXmlDescriptorPath.toAbsolutePath());
+        }
+
+        // Deserialize plugin.xml to PluginDescriptor
+        PluginDescriptor pluginDescriptor = null;
+        if (errorMessage == null) {
+            try (Reader input = new XmlStreamReader(new FileInputStream(pluginXmlDescriptorPath.toFile()))) {
+                pluginDescriptor = new PluginDescriptorBuilder().build(input);
+            } catch (IOException e) {
+                errorMessage = String.format("Failed to deserialize PluginDescriptor: %s", e.getMessage());
+            }
+        }
+
+        // Don't generate documentation if there are no goals (shouldn't happen if correct descriptor is available)
+        if (pluginDescriptor != null && (pluginDescriptor.getMojos() == null || pluginDescriptor.getMojos().isEmpty())) {
+            errorMessage = "Found no goals";
+        }
+
+        // Don't break the build if Quarkus Maven Plugin Descriptor is not available
+        if (errorMessage != null) {
+            System.err.printf("Can't generate the documentation for the Quarkus Maven Plugin\n: %s\n", errorMessage);
+            return;
+        }
+
+        // Build Goals documentation
+        final var goalsConfigDocBuilder = new MavenConfigDocBuilder();
+        for (MojoDescriptor mojo : pluginDescriptor.getMojos()) {
+
+            // Add Goal Title
+            goalsConfigDocBuilder.addTableTitle(mojo.getFullGoalName());
+
+            // Add Goal Description
+            if (mojo.getDescription() != null && !mojo.getDescription().isBlank()) {
+                goalsConfigDocBuilder.addTableDescription(mojo.getDescription());
+            }
+
+            // Collect Goal Parameters
+            final GoalParamsBuilder goalParamsBuilder = goalsConfigDocBuilder.newGoalParamsBuilder();
+            if (mojo.getParameters() != null) {
+                for (Parameter parameter : mojo.getParameters()) {
+                    goalParamsBuilder.addParam(parameter.getType(), parameter.getName(), parameter.getDefaultValue(),
+                            parameter.isRequired(), parameter.getDescription());
+                }
+            }
+
+            // Add Parameters Summary Table if the goal has parameters
+            if (goalParamsBuilder.tableIsNotEmpty()) {
+                goalsConfigDocBuilder.addSummaryTable(String.format(GOAL_PARAMETER_ANCHOR_PREFIX, mojo.getGoal()), false,
+                        goalParamsBuilder.build(), GOALS_OUTPUT_FILE_NAME, false);
+
+                // Start next table on a new line
+                goalsConfigDocBuilder.addNewLine();
+            }
+        }
+
+        // Generate Goals documentation
+        if (goalsConfigDocBuilder.hasWriteItems()) {
+            new ConfigDocWriter().generateDocumentation(GOALS_OUTPUT_FILE_NAME, goalsConfigDocBuilder);
+        }
+    }
+
+}

From d90af0f22f7a831257fcfa4baeca6b7223999e95 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 13 Sep 2022 23:01:39 +0000
Subject: [PATCH 05/36] Bump actions/download-artifact from 1 to 3

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 1 to 3.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v1...v3)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/ci-actions-incremental.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/ci-actions-incremental.yml b/.github/workflows/ci-actions-incremental.yml
index 01f4d938f4420..f8f1b5253b0f2 100644
--- a/.github/workflows/ci-actions-incremental.yml
+++ b/.github/workflows/ci-actions-incremental.yml
@@ -331,7 +331,7 @@ jobs:
           java-version: ${{ matrix.java.java-version }}
 
       - name: Download Maven Repo
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v3
         with:
           name: maven-repo
           path: .
@@ -413,7 +413,7 @@ jobs:
         run: git config --global core.longpaths true
       - uses: actions/checkout@v3
       - name: Download Maven Repo
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v3
         with:
           name: maven-repo
           path: .
@@ -488,7 +488,7 @@ jobs:
         run: git config --global core.longpaths true
       - uses: actions/checkout@v3
       - name: Download Maven Repo
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v3
         with:
           name: maven-repo
           path: .
@@ -554,7 +554,7 @@ jobs:
         run: git config --global core.longpaths true
       - uses: actions/checkout@v3
       - name: Download Maven Repo
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v3
         with:
           name: maven-repo
           path: .
@@ -610,7 +610,7 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: Download Maven Repo
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v3
         with:
           name: maven-repo
           path: .
@@ -661,7 +661,7 @@ jobs:
           distribution: temurin
           java-version: 11
       - name: Download Maven Repo
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v3
         with:
           name: maven-repo
           path: .
@@ -746,7 +746,7 @@ jobs:
         run: |
           cat <<< $(jq '.HttpHeaders += {"User-Agent": "Quarkus-CI-Docker-Client"}' ~/.docker/config.json) > ~/.docker/config.json
       - name: Download Maven Repo
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v3
         with:
           name: maven-repo
           path: .

From ec6d2cf85fa023d4fb0411c05b781f5bc3aaa1e6 Mon Sep 17 00:00:00 2001
From: Sanne Grinovero <sanne@hibernate.org>
Date: Tue, 13 Sep 2022 17:28:18 +0100
Subject: [PATCH 06/36] Transform DB2 driver to Jakarta APIs

---
 extensions/jdbc/jdbc-db2/deployment/pom.xml   |  5 ++
 .../db2/deployment/JakartaEnablement.java     | 82 +++++++++++++++++++
 2 files changed, 87 insertions(+)
 create mode 100644 extensions/jdbc/jdbc-db2/deployment/src/main/java/io/quarkus/jdbc/db2/deployment/JakartaEnablement.java

diff --git a/extensions/jdbc/jdbc-db2/deployment/pom.xml b/extensions/jdbc/jdbc-db2/deployment/pom.xml
index a412fa6bb6395..a803ad71c492f 100644
--- a/extensions/jdbc/jdbc-db2/deployment/pom.xml
+++ b/extensions/jdbc/jdbc-db2/deployment/pom.xml
@@ -48,6 +48,11 @@
             <artifactId>assertj-core</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.eclipse.transformer</groupId>
+            <artifactId>org.eclipse.transformer</artifactId>
+            <version>0.5.0</version>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/extensions/jdbc/jdbc-db2/deployment/src/main/java/io/quarkus/jdbc/db2/deployment/JakartaEnablement.java b/extensions/jdbc/jdbc-db2/deployment/src/main/java/io/quarkus/jdbc/db2/deployment/JakartaEnablement.java
new file mode 100644
index 0000000000000..c74ed6b81b965
--- /dev/null
+++ b/extensions/jdbc/jdbc-db2/deployment/src/main/java/io/quarkus/jdbc/db2/deployment/JakartaEnablement.java
@@ -0,0 +1,82 @@
+package io.quarkus.jdbc.db2.deployment;
+
+import java.nio.ByteBuffer;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.eclipse.transformer.action.ActionContext;
+import org.eclipse.transformer.action.ByteData;
+import org.eclipse.transformer.action.impl.ActionContextImpl;
+import org.eclipse.transformer.action.impl.ByteDataImpl;
+import org.eclipse.transformer.action.impl.ClassActionImpl;
+import org.eclipse.transformer.action.impl.SelectionRuleImpl;
+import org.eclipse.transformer.action.impl.SignatureRuleImpl;
+import org.eclipse.transformer.util.FileUtils;
+import org.objectweb.asm.ClassReader;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import io.quarkus.bootstrap.classloading.QuarkusClassLoader;
+import io.quarkus.deployment.annotations.BuildProducer;
+import io.quarkus.deployment.annotations.BuildStep;
+import io.quarkus.deployment.builditem.BytecodeTransformerBuildItem;
+
+/**
+ * The DB2 driver is compiled using references to classes in the javax.transaction
+ * package; we need to transform these to fix compatibility with jakarta.transaction.
+ * We do this by leveraging the Eclipse Transformer project during Augmentation, so
+ * that end users don't need to bother.
+ */
+public class JakartaEnablement {
+
+    private static final List<String> CLASSES_NEEDING_TRANSFORMATION = List.of(
+            "com.ibm.db2.jcc.t2zos.ab",
+            "com.ibm.db2.jcc.t2zos.T2zosConnection",
+            "com.ibm.db2.jcc.t2zos.T2zosConfiguration");
+
+    @BuildStep
+    void transformToJakarta(BuildProducer<BytecodeTransformerBuildItem> transformers) {
+        if (QuarkusClassLoader.isClassPresentAtRuntime("jakarta.transaction.Transaction")) {
+            JakartaTransformer tr = new JakartaTransformer();
+            for (String classname : CLASSES_NEEDING_TRANSFORMATION) {
+                final BytecodeTransformerBuildItem item = new BytecodeTransformerBuildItem.Builder()
+                        .setCacheable(true)
+                        .setContinueOnFailure(false)
+                        .setClassToTransform(classname)
+                        .setClassReaderOptions(ClassReader.SKIP_DEBUG)
+                        .setInputTransformer(tr::transform)
+                        .build();
+                transformers.produce(item);
+            }
+        }
+    }
+
+    private static class JakartaTransformer {
+
+        private final Logger logger;
+        private final ActionContext ctx;
+
+        JakartaTransformer() {
+            logger = LoggerFactory.getLogger("JakartaTransformer");
+            Map<String, String> renames = new HashMap<>();
+            //N.B. we enable only this transformation, not the full set of capabilities of Eclipse Transformer;
+            //this might need tailoring if the same idea gets applied to a different context.
+            renames.put("javax.transaction", "jakarta.transaction");
+            ctx = new ActionContextImpl(logger,
+                    new SelectionRuleImpl(logger, Collections.emptyMap(), Collections.emptyMap()),
+                    new SignatureRuleImpl(logger, renames, null, null, null, null, null, Collections.emptyMap()));
+        }
+
+        byte[] transform(final String name, final byte[] bytes) {
+            logger.info("Jakarta EE compatibility enhancer for Quarkus: transforming " + name);
+            final ClassActionImpl classTransformer = new ClassActionImpl(ctx);
+            final ByteBuffer input = ByteBuffer.wrap(bytes);
+            final ByteData inputData = new ByteDataImpl(name, input, FileUtils.DEFAULT_CHARSET);
+            final ByteData outputData = classTransformer.apply(inputData);
+            return outputData.buffer().array();
+        }
+    }
+
+}

From 33c8625210a7691d7439d3df351bd771fe72b2a5 Mon Sep 17 00:00:00 2001
From: Clement Escoffier <clement@apache.org>
Date: Wed, 14 Sep 2022 10:16:47 +0200
Subject: [PATCH 07/36] Change visilibility of GeoSearchArgs.fromMember(...) to
 public

---
 .../quarkus/redis/datasource/geo/GeoSearchArgs.java   |  2 +-
 .../io/quarkus/redis/datasource/GeoCommandsTest.java  | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/extensions/redis-client/runtime/src/main/java/io/quarkus/redis/datasource/geo/GeoSearchArgs.java b/extensions/redis-client/runtime/src/main/java/io/quarkus/redis/datasource/geo/GeoSearchArgs.java
index 2070507f362c3..29b2cd9140f56 100644
--- a/extensions/redis-client/runtime/src/main/java/io/quarkus/redis/datasource/geo/GeoSearchArgs.java
+++ b/extensions/redis-client/runtime/src/main/java/io/quarkus/redis/datasource/geo/GeoSearchArgs.java
@@ -56,7 +56,7 @@ public GeoSearchArgs<V> fromMember(V member) {
      * @param latitude the latitude
      * @return the current {@code GeoSearchArgs}
      */
-    private GeoSearchArgs<V> fromCoordinate(double longitude, double latitude) {
+    public GeoSearchArgs<V> fromCoordinate(double longitude, double latitude) {
         this.longitude = longitude;
         this.latitude = latitude;
         return this;
diff --git a/extensions/redis-client/runtime/src/test/java/io/quarkus/redis/datasource/GeoCommandsTest.java b/extensions/redis-client/runtime/src/test/java/io/quarkus/redis/datasource/GeoCommandsTest.java
index 0d2a365de53ae..ea34b4ef21c71 100644
--- a/extensions/redis-client/runtime/src/test/java/io/quarkus/redis/datasource/GeoCommandsTest.java
+++ b/extensions/redis-client/runtime/src/test/java/io/quarkus/redis/datasource/GeoCommandsTest.java
@@ -494,6 +494,17 @@ void geosearchWithArgs() {
             assertThat(gv.geohash).isEmpty();
         });
 
+        args = new GeoSearchArgs<Place>().fromCoordinate(CRUSSOL_LONGITUDE, CRUSSOL_LATITUDE)
+                .byRadius(5, GeoUnit.KM).withCoordinates().withDistance().descending();
+        places = geo.geosearch(key, args);
+        assertThat(places).hasSize(1).allSatisfy(gv -> {
+            assertThat(gv.member).isEqualTo(Place.crussol);
+            assertThat(gv.longitude).isNotEmpty();
+            assertThat(gv.latitude).isNotEmpty();
+            assertThat(gv.distance).isNotEmpty();
+            assertThat(gv.geohash).isEmpty();
+        });
+
     }
 
     @Test

From 80b2553a3d51ef165431cc4e62bec320bbcfee6b Mon Sep 17 00:00:00 2001
From: Robbie Gemmell <robbie.gemmell@gmail.com>
Date: Wed, 14 Sep 2022 10:13:29 +0100
Subject: [PATCH 08/36] Update to proton-j 0.34.0

---
 bom/application/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bom/application/pom.xml b/bom/application/pom.xml
index e1b284c5a8587..5470a0159dd36 100644
--- a/bom/application/pom.xml
+++ b/bom/application/pom.xml
@@ -163,7 +163,7 @@
         <osgi.version>6.0.0</osgi.version>
         <mongo-client.version>4.7.1</mongo-client.version>
         <mongo-crypt.version>1.5.2</mongo-crypt.version>
-        <proton-j.version>0.33.10</proton-j.version>
+        <proton-j.version>0.34.0</proton-j.version>
         <javaparser.version>3.24.2</javaparser.version>
         <okhttp.version>3.14.9</okhttp.version><!-- keep in sync with okio -->
         <okio.version>1.17.2</okio.version><!-- keep in sync with okhttp -->

From a03cda3e01d8b8d7ce0735a5ec98bf2c0c6e356a Mon Sep 17 00:00:00 2001
From: Georgios Andrianakis <geoand@gmail.com>
Date: Wed, 14 Sep 2022 11:18:07 +0300
Subject: [PATCH 09/36] Enable the registration of @LoggingFilter classes via
 CDI

This allows for users to configure their filters
via the usual Quarkus configuration approach.

Follows up on: #27864
---
 .../logging/LoggingResourceProcessor.java     | 19 ++-----
 .../io/quarkus/logging/LoggingFilter.java     |  2 -
 .../runtime/logging/LogFilterFactory.java     | 57 +++++++++++++++++++
 .../runtime/logging/LoggingSetupRecorder.java |  5 +-
 docs/src/main/asciidoc/logging.adoc           | 20 ++++++-
 .../LoggingBeanSupportProcessor.java          | 16 ++++++
 .../runtime/logging/ArcLogFilterFactory.java  | 29 ++++++++++
 ...o.quarkus.runtime.logging.LogFilterFactory |  1 +
 .../minlevel/set/filter/TestFilter.java       | 12 +++-
 .../src/main/resources/application.properties |  1 +
 10 files changed, 140 insertions(+), 22 deletions(-)
 create mode 100644 core/runtime/src/main/java/io/quarkus/runtime/logging/LogFilterFactory.java
 create mode 100644 extensions/arc/deployment/src/main/java/io/quarkus/arc/deployment/LoggingBeanSupportProcessor.java
 create mode 100644 extensions/arc/runtime/src/main/java/io/quarkus/arc/runtime/logging/ArcLogFilterFactory.java
 create mode 100644 extensions/arc/runtime/src/main/resources/META-INF/services/io.quarkus.runtime.logging.LogFilterFactory

diff --git a/core/deployment/src/main/java/io/quarkus/deployment/logging/LoggingResourceProcessor.java b/core/deployment/src/main/java/io/quarkus/deployment/logging/LoggingResourceProcessor.java
index e1fa11ba794b9..acaf966faf7b0 100644
--- a/core/deployment/src/main/java/io/quarkus/deployment/logging/LoggingResourceProcessor.java
+++ b/core/deployment/src/main/java/io/quarkus/deployment/logging/LoggingResourceProcessor.java
@@ -1,6 +1,5 @@
 package io.quarkus.deployment.logging;
 
-import java.lang.reflect.Modifier;
 import java.nio.file.Files;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -38,7 +37,6 @@
 import org.jboss.jandex.CompositeIndex;
 import org.jboss.jandex.DotName;
 import org.jboss.jandex.IndexView;
-import org.jboss.jandex.MethodInfo;
 import org.jboss.logging.Logger;
 import org.jboss.logmanager.EmbeddedConfigurator;
 import org.jboss.logmanager.LogManager;
@@ -112,6 +110,7 @@
 import io.quarkus.runtime.logging.LogBuildTimeConfig;
 import io.quarkus.runtime.logging.LogCleanupFilterElement;
 import io.quarkus.runtime.logging.LogConfig;
+import io.quarkus.runtime.logging.LogFilterFactory;
 import io.quarkus.runtime.logging.LogMetricsHandlerRecorder;
 import io.quarkus.runtime.logging.LoggingSetupRecorder;
 
@@ -126,7 +125,7 @@ public final class LoggingResourceProcessor {
             "isMinLevelEnabled",
             boolean.class, int.class, String.class);
 
-    private static final DotName LOGGING_FILTER = DotName.createSimple(LoggingFilter.class.getName());
+    public static final DotName LOGGING_FILTER = DotName.createSimple(LoggingFilter.class.getName());
     private static final DotName FILTER = DotName.createSimple(Filter.class.getName());
     private static final String ILLEGAL_LOGGING_FILTER_USE_MESSAGE = "'@" + LoggingFilter.class.getName()
             + "' can only be used on classes that implement '"
@@ -235,7 +234,8 @@ LoggingSetupBuildItem setupLoggingRuntimeInit(RecorderContext context, LoggingSe
             BuildProducer<ShutdownListenerBuildItem> shutdownListenerBuildItemBuildProducer,
             LaunchModeBuildItem launchModeBuildItem,
             List<LogCleanupFilterBuildItem> logCleanupFilters,
-            BuildProducer<ReflectiveClassBuildItem> reflectiveClassBuildItemBuildProducer) {
+            BuildProducer<ReflectiveClassBuildItem> reflectiveClassBuildItemBuildProducer,
+            BuildProducer<ServiceProviderBuildItem> serviceProviderBuildItemBuildProducer) {
         if (!launchModeBuildItem.isAuxiliaryApplication()
                 || launchModeBuildItem.getAuxiliaryDevModeType().orElse(null) == DevModeType.TEST_ONLY) {
             final List<RuntimeValue<Optional<Handler>>> handlers = handlerBuildItems.stream()
@@ -272,6 +272,8 @@ LoggingSetupBuildItem setupLoggingRuntimeInit(RecorderContext context, LoggingSe
                 reflectiveClassBuildItemBuildProducer.produce(new ReflectiveClassBuildItem(true, false, false,
                         discoveredLogComponents.getNameToFilterClass().values().toArray(
                                 EMPTY_STRING_ARRAY)));
+                serviceProviderBuildItemBuildProducer
+                        .produce(ServiceProviderBuildItem.allProvidersFromClassPath(LogFilterFactory.class.getName()));
             }
 
             shutdownListenerBuildItemBuildProducer.produce(new ShutdownListenerBuildItem(
@@ -317,10 +319,6 @@ private DiscoveredLogComponents discoverLogComponents(IndexView index) {
                 throw new IllegalStateException("Unimplemented mode of use of '" + LoggingFilter.class.getName() + "'");
             }
             ClassInfo classInfo = target.asClass();
-            if (!Modifier.isFinal(classInfo.flags())) {
-                throw new RuntimeException(
-                        ILLEGAL_LOGGING_FILTER_USE_MESSAGE + " Offending class is '" + classInfo.name() + "'");
-            }
             boolean isFilterImpl = false;
             ClassInfo currentClassInfo = classInfo;
             while ((currentClassInfo != null) && (!JandexUtil.DOTNAME_OBJECT.equals(currentClassInfo.name()))) {
@@ -343,11 +341,6 @@ private DiscoveredLogComponents discoverLogComponents(IndexView index) {
                         ILLEGAL_LOGGING_FILTER_USE_MESSAGE + " Offending class is '" + classInfo.name() + "'");
             }
 
-            MethodInfo ctor = classInfo.method("<init>");
-            if ((ctor == null) || (ctor.typeParameters().size() > 0)) {
-                throw new RuntimeException("Classes annotated with '" + LoggingFilter.class.getName()
-                        + "' must have a no-args constructor. Offending class is '" + classInfo.name() + "'");
-            }
             String filterName = instance.value("name").asString();
             if (filtersMap.containsKey(filterName)) {
                 throw new RuntimeException("Filter '" + filterName + "' was defined multiple times.");
diff --git a/core/runtime/src/main/java/io/quarkus/logging/LoggingFilter.java b/core/runtime/src/main/java/io/quarkus/logging/LoggingFilter.java
index bf2adb61f2b4f..4f07aaa0afe46 100644
--- a/core/runtime/src/main/java/io/quarkus/logging/LoggingFilter.java
+++ b/core/runtime/src/main/java/io/quarkus/logging/LoggingFilter.java
@@ -8,8 +8,6 @@
 /**
  * Makes the filter class known to Quarkus by the specified name.
  * The filter can then be configured for a handler (like the logging handler using {@code quarkus.log.console.filter}).
- *
- * This class must ONLY be placed on implementations of {@link java.util.logging.Filter} that are marked as {@code final}.
  */
 
 @Retention(RetentionPolicy.RUNTIME)
diff --git a/core/runtime/src/main/java/io/quarkus/runtime/logging/LogFilterFactory.java b/core/runtime/src/main/java/io/quarkus/runtime/logging/LogFilterFactory.java
new file mode 100644
index 0000000000000..d94d67907423d
--- /dev/null
+++ b/core/runtime/src/main/java/io/quarkus/runtime/logging/LogFilterFactory.java
@@ -0,0 +1,57 @@
+package io.quarkus.runtime.logging;
+
+import java.util.ServiceLoader;
+import java.util.logging.Filter;
+
+/**
+ * Factory that allows for the creation of {@link Filter} classes annotated with {@link io.quarkus.logging.LoggingFilter}.
+ * Implementations of this class are loaded via the {@link ServiceLoader} and the implementation selected is the one
+ * with the lowest value returned from the {@code priority} method.
+ */
+public interface LogFilterFactory {
+
+    int MIN_PRIORITY = Integer.MAX_VALUE;
+    int DEFAULT_PRIORITY = 0;
+
+    Filter create(String className) throws Exception;
+
+    default int priority() {
+        return DEFAULT_PRIORITY;
+    }
+
+    static LogFilterFactory load() {
+        LogFilterFactory result = null;
+        ServiceLoader<LogFilterFactory> load = ServiceLoader.load(LogFilterFactory.class);
+        for (LogFilterFactory next : load) {
+            if (result == null) {
+                result = next;
+            } else {
+                if (next.priority() < result.priority()) {
+                    result = next;
+                }
+            }
+        }
+        if (result == null) {
+            result = new ReflectionLogFilterFactory();
+        }
+        return result;
+    }
+
+    /**
+     * The default implementation used when no other implementation is found.
+     * This simply calls the class' no-arg constructor (and fails if one does not exist).
+     */
+    class ReflectionLogFilterFactory implements LogFilterFactory {
+
+        @Override
+        public Filter create(String className) throws Exception {
+            return (Filter) Class.forName(className, true, Thread.currentThread().getContextClassLoader())
+                    .getConstructor().newInstance();
+        }
+
+        @Override
+        public int priority() {
+            return LogFilterFactory.MIN_PRIORITY;
+        }
+    }
+}
diff --git a/core/runtime/src/main/java/io/quarkus/runtime/logging/LoggingSetupRecorder.java b/core/runtime/src/main/java/io/quarkus/runtime/logging/LoggingSetupRecorder.java
index f10f9c3dab731..0a3f419a390b8 100644
--- a/core/runtime/src/main/java/io/quarkus/runtime/logging/LoggingSetupRecorder.java
+++ b/core/runtime/src/main/java/io/quarkus/runtime/logging/LoggingSetupRecorder.java
@@ -254,13 +254,12 @@ private static Map<String, Filter> createNamedFilters(DiscoveredLogComponents di
         }
 
         Map<String, Filter> nameToFilter = new HashMap<>();
+        LogFilterFactory logFilterFactory = LogFilterFactory.load();
         discoveredLogComponents.getNameToFilterClass().forEach(new BiConsumer<>() {
             @Override
             public void accept(String name, String className) {
                 try {
-                    nameToFilter.put(name,
-                            (Filter) Class.forName(className, true, Thread.currentThread().getContextClassLoader())
-                                    .getConstructor().newInstance());
+                    nameToFilter.put(name, logFilterFactory.create(className));
                 } catch (Exception e) {
                     throw new RuntimeException("Unable to create instance of Logging Filter '" + className + "'");
                 }
diff --git a/docs/src/main/asciidoc/logging.adoc b/docs/src/main/asciidoc/logging.adoc
index f946ff505ef15..3a5cb4a1cec3f 100644
--- a/docs/src/main/asciidoc/logging.adoc
+++ b/docs/src/main/asciidoc/logging.adoc
@@ -325,7 +325,8 @@ These filters are registered by placing the `@io.quarkus.logging.LoggingFilter`
 
 Finally, the filter is attached using the `filter` configuration property of the appropriate handler.
 
-Let's say for example that we wanted to filter out logging records that contained the word `test` from the console logs.
+Let's say for example that we wanted to filter out logging records that contained a part of text from the console logs.
+The text itself is part of the application configuration and is not hardcoded.
 We could write a filter like so:
 
 [source,java]
@@ -336,13 +337,28 @@ import java.util.logging.LogRecord;
 
 @LoggingFilter(name = "my-filter")
 public final class TestFilter implements Filter {
+
+    private final String part;
+
+    public TestFilter(@ConfigProperty(name = "my-filter.part") String part) {
+        this.part = part;
+    }
+
     @Override
     public boolean isLoggable(LogRecord record) {
-        return !record.getMessage().contains("test");
+        return !record.getMessage().contains(part);
     }
 }
 ----
 
+and configure it in the usual Quarkus way (for example using `application.properties`) like so:
+
+[source,properties]
+----
+my-filter.part=TEST
+----
+
+
 And we would register this filter to the console handler like so:
 
 [source, properties]
diff --git a/extensions/arc/deployment/src/main/java/io/quarkus/arc/deployment/LoggingBeanSupportProcessor.java b/extensions/arc/deployment/src/main/java/io/quarkus/arc/deployment/LoggingBeanSupportProcessor.java
new file mode 100644
index 0000000000000..71bdfdb1b8160
--- /dev/null
+++ b/extensions/arc/deployment/src/main/java/io/quarkus/arc/deployment/LoggingBeanSupportProcessor.java
@@ -0,0 +1,16 @@
+package io.quarkus.arc.deployment;
+
+import io.quarkus.arc.processor.BuiltinScope;
+import io.quarkus.deployment.annotations.BuildProducer;
+import io.quarkus.deployment.annotations.BuildStep;
+import io.quarkus.deployment.logging.LoggingResourceProcessor;
+
+public class LoggingBeanSupportProcessor {
+
+    @BuildStep
+    public void discoveredComponents(BuildProducer<BeanDefiningAnnotationBuildItem> beanDefiningAnnotationProducer) {
+        beanDefiningAnnotationProducer.produce(new BeanDefiningAnnotationBuildItem(
+                LoggingResourceProcessor.LOGGING_FILTER, BuiltinScope.SINGLETON.getName(), false));
+    }
+
+}
diff --git a/extensions/arc/runtime/src/main/java/io/quarkus/arc/runtime/logging/ArcLogFilterFactory.java b/extensions/arc/runtime/src/main/java/io/quarkus/arc/runtime/logging/ArcLogFilterFactory.java
new file mode 100644
index 0000000000000..f653c300c3ada
--- /dev/null
+++ b/extensions/arc/runtime/src/main/java/io/quarkus/arc/runtime/logging/ArcLogFilterFactory.java
@@ -0,0 +1,29 @@
+package io.quarkus.arc.runtime.logging;
+
+import java.util.logging.Filter;
+
+import io.quarkus.arc.Arc;
+import io.quarkus.arc.InstanceHandle;
+import io.quarkus.runtime.logging.LogFilterFactory;
+
+/**
+ * Creates the implementation of the class by getting a bean from Arc.
+ * This class is loaded automatically by the {@link java.util.ServiceLoader}.
+ */
+public class ArcLogFilterFactory implements LogFilterFactory {
+
+    @Override
+    public Filter create(String className) throws Exception {
+        InstanceHandle<?> instance = Arc.container().instance(Class.forName(className, true, Thread.currentThread()
+                .getContextClassLoader()));
+        if (!instance.isAvailable()) {
+            throw new IllegalStateException("Improper integration of '" + LogFilterFactory.class.getName() + "' detected");
+        }
+        return (Filter) instance.get();
+    }
+
+    @Override
+    public int priority() {
+        return LogFilterFactory.DEFAULT_PRIORITY - 100;
+    }
+}
diff --git a/extensions/arc/runtime/src/main/resources/META-INF/services/io.quarkus.runtime.logging.LogFilterFactory b/extensions/arc/runtime/src/main/resources/META-INF/services/io.quarkus.runtime.logging.LogFilterFactory
new file mode 100644
index 0000000000000..d114e9f1e84d4
--- /dev/null
+++ b/extensions/arc/runtime/src/main/resources/META-INF/services/io.quarkus.runtime.logging.LogFilterFactory
@@ -0,0 +1 @@
+io.quarkus.arc.runtime.logging.ArcLogFilterFactory
diff --git a/integration-tests/logging-min-level-set/src/main/java/io/quarkus/it/logging/minlevel/set/filter/TestFilter.java b/integration-tests/logging-min-level-set/src/main/java/io/quarkus/it/logging/minlevel/set/filter/TestFilter.java
index 30163df431240..964a97ad1850e 100644
--- a/integration-tests/logging-min-level-set/src/main/java/io/quarkus/it/logging/minlevel/set/filter/TestFilter.java
+++ b/integration-tests/logging-min-level-set/src/main/java/io/quarkus/it/logging/minlevel/set/filter/TestFilter.java
@@ -3,13 +3,21 @@
 import java.util.logging.Filter;
 import java.util.logging.LogRecord;
 
+import org.eclipse.microprofile.config.inject.ConfigProperty;
+
 import io.quarkus.logging.LoggingFilter;
 
 @LoggingFilter(name = "my-filter")
-public final class TestFilter implements Filter {
+public class TestFilter implements Filter {
+
+    private final String part;
+
+    public TestFilter(@ConfigProperty(name = "my-filter.part") String part) {
+        this.part = part;
+    }
 
     @Override
     public boolean isLoggable(LogRecord record) {
-        return !record.getMessage().contains("TEST");
+        return !record.getMessage().contains(part);
     }
 }
diff --git a/integration-tests/logging-min-level-set/src/main/resources/application.properties b/integration-tests/logging-min-level-set/src/main/resources/application.properties
index e33158f666c73..89dddefeda7c1 100644
--- a/integration-tests/logging-min-level-set/src/main/resources/application.properties
+++ b/integration-tests/logging-min-level-set/src/main/resources/application.properties
@@ -4,3 +4,4 @@ quarkus.log.category."io.quarkus.it.logging.minlevel.set.below".min-level=TRACE
 quarkus.log.category."io.quarkus.it.logging.minlevel.set.below.child".min-level=inherit
 quarkus.log.category."io.quarkus.it.logging.minlevel.set.promote".min-level=ERROR
 quarkus.log.console.filter=my-filter
+my-filter.part=TEST

From 1dec9051562da6dc8d81811f678f52164d7f9019 Mon Sep 17 00:00:00 2001
From: Rostislav Svoboda <rsvoboda@redhat.com>
Date: Wed, 14 Sep 2022 11:38:25 +0200
Subject: [PATCH 10/36] Point to configuration of popular email services

---
 docs/src/main/asciidoc/mailer-reference.adoc |  4 ++++
 docs/src/main/asciidoc/mailer.adoc           | 24 +-------------------
 2 files changed, 5 insertions(+), 23 deletions(-)

diff --git a/docs/src/main/asciidoc/mailer-reference.adoc b/docs/src/main/asciidoc/mailer-reference.adoc
index 67dff0bdfffcf..2aa9e6342d6f6 100644
--- a/docs/src/main/asciidoc/mailer-reference.adoc
+++ b/docs/src/main/asciidoc/mailer-reference.adoc
@@ -368,6 +368,8 @@ quarkus.mailer.port=587
 quarkus.mailer.start-tls=REQUIRED
 quarkus.mailer.username=YOUREMAIL@gmail.com
 quarkus.mailer.password=YOURGENERATEDAPPLICATIONPASSWORD
+
+quarkus.mailer.mock=false # In dev mode, prevent from using the mock SMTP server
 ----
 
 Or with SSL:
@@ -381,6 +383,8 @@ quarkus.mailer.port=465
 quarkus.mailer.ssl=true
 quarkus.mailer.username=YOUREMAIL@gmail.com
 quarkus.mailer.password=YOURGENERATEDAPPLICATIONPASSWORD
+
+quarkus.mailer.mock=false # In dev mode, prevent from using the mock SMTP server
 ----
 
 [NOTE]
diff --git a/docs/src/main/asciidoc/mailer.adoc b/docs/src/main/asciidoc/mailer.adoc
index 882d096f1bcd9..e85271a91c4fa 100644
--- a/docs/src/main/asciidoc/mailer.adoc
+++ b/docs/src/main/asciidoc/mailer.adoc
@@ -181,32 +181,10 @@ In the `src/main/resources/application.properties` file, you need to configure t
 Note that the password can also be configured using system properties and environment variables.
 See the xref:config-reference.adoc[configuration reference guide] for details.
 
-Here is an example using _sendgrid_:
-
-[source,properties]
-----
-# Your email address you send from - must match the "from" address from sendgrid.
-quarkus.mailer.from=test@quarkus.io
-
-# The SMTP host
-quarkus.mailer.host=smtp.sendgrid.net
-# The SMTP port
-quarkus.mailer.port=465
-# If the SMTP connection requires SSL/TLS
-quarkus.mailer.ssl=true
-# Your username
-quarkus.mailer.username=....
-# Your password
-quarkus.mailer.password=....
-
-# By default, in dev mode, the mailer is a mock. This disables the mock and use the configured mailer.
-quarkus.mailer.mock=false
-----
+Configuration of popular mail services is covered in xref:mailer-reference.adoc#popular[the reference guide].
 
 Once you have configured the mailer, if you call the HTTP endpoint as shown above, you will send emails.
 
-Other popular mail services are covered in xref:mailer-reference.adoc#popular[the reference guide].
-
 == Conclusion
 
 This guide has shown how to send emails from your Quarkus application.

From b653c645914a105163089470ef47d3dae124d730 Mon Sep 17 00:00:00 2001
From: Jose <josecarvajalhilario@gmail.com>
Date: Wed, 14 Sep 2022 14:22:38 +0200
Subject: [PATCH 11/36] Resteasy Rest Client: Fix truststore password issue
 with Vert.x

The truststore password was being sent as empty ("") in the JksOptions. This caused the following exception:

```
Caused by: io.vertx.core.VertxException: java.security.UnrecoverableKeyException: Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
[09:59:27.352] [INFO] [client]  at io.vertx.core.net.impl.SSLHelper.getContext(SSLHelper.java:480)
[09:59:27.353] [INFO] [client]  at io.vertx.core.net.impl.SSLHelper.getContext(SSLHelper.java:469)
[09:59:27.353] [INFO] [client]  at io.vertx.core.net.impl.SSLHelper.validate(SSLHelper.java:507)
[09:59:27.353] [INFO] [client]  at io.vertx.core.net.impl.NetClientImpl.<init>(NetClientImpl.java:95)
[09:59:27.353] [INFO] [client]  at io.vertx.core.http.impl.HttpClientImpl.<init>(HttpClientImpl.java:155)
[09:59:27.354] [INFO] [client]  at io.vertx.core.impl.VertxImpl.createHttpClient(VertxImpl.java:338)
[09:59:27.354] [INFO] [client]  at io.vertx.core.impl.VertxImpl.createHttpClient(VertxImpl.java:350)
[09:59:27.354] [INFO] [client]  at org.jboss.resteasy.reactive.client.impl.ClientImpl.<init>(ClientImpl.java:170)
[09:59:27.354] [INFO] [client]  at org.jboss.resteasy.reactive.client.impl.ClientBuilderImpl.build(ClientBuilderImpl.java:244)
[09:59:27.354] [INFO] [client]  at io.quarkus.rest.client.reactive.runtime.RestClientBuilderImpl.build(RestClientBuilderImpl.java:332)
[09:59:27.355] [INFO] [client]  at io.quarkus.rest.client.reactive.runtime.RestClientCDIDelegateBuilder.build(RestClientCDIDelegateBuilder.java:64)
[09:59:27.355] [INFO] [client]  at io.quarkus.rest.client.reactive.runtime.RestClientCDIDelegateBuilder.createDelegate(RestClientCDIDelegateBuilder.java:42)
[09:59:27.355] [INFO] [client]  at io.quarkus.rest.client.reactive.runtime.RestClientReactiveCDIWrapperBase.<init>(RestClientReactiveCDIWrapperBase.java:20)
[09:59:27.355] [INFO] [client]  at io.jester.examples.quarkus.greetings.Client$$CDIWrapper.<init>(Unknown Source)
[09:59:27.356] [INFO] [client]  at io.jester.examples.quarkus.greetings.Client$$CDIWrapper_ClientProxy.<init>(Unknown Source)
[09:59:27.356] [INFO] [client]  at io.jester.examples.quarkus.greetings.Client$$CDIWrapper_Bean.proxy(Unknown Source)
[09:59:27.356] [INFO] [client]  at io.jester.examples.quarkus.greetings.Client$$CDIWrapper_Bean.get(Unknown Source)
[09:59:27.356] [INFO] [client]  at io.jester.examples.quarkus.greetings.Client$$CDIWrapper_Bean.get(Unknown Source)
[09:59:27.357] [INFO] [client]  ... 26 more
[09:59:27.357] [INFO] [client] Caused by: java.security.UnrecoverableKeyException: Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
[09:59:27.357] [INFO] [client]  at java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:446)
[09:59:27.357] [INFO] [client]  at java.base/sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:90)
[09:59:27.357] [INFO] [client]  at java.base/java.security.KeyStore.getKey(KeyStore.java:1057)
[09:59:27.357] [INFO] [client]  at io.vertx.core.net.impl.KeyStoreHelper.<init>(KeyStoreHelper.java:109)
[09:59:27.358] [INFO] [client]  at io.vertx.core.net.KeyStoreOptionsBase.getHelper(KeyStoreOptionsBase.java:187)
[09:59:27.358] [INFO] [client]  at io.vertx.core.net.KeyStoreOptionsBase.getTrustManagerFactory(KeyStoreOptionsBase.java:217)
[09:59:27.358] [INFO] [client]  at io.vertx.core.net.impl.SSLHelper.getTrustMgrFactory(SSLHelper.java:327)
[09:59:27.358] [INFO] [client]  at io.vertx.core.net.impl.SSLHelper.getContext(SSLHelper.java:478)
[09:59:27.358] [INFO] [client]  ... 43 more
[09:59:27.359] [INFO] [client] Caused by: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
[09:59:27.359] [INFO] [client]  at java.base/com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:975)
[09:59:27.359] [INFO] [client]  at java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1056)
[09:59:27.359] [INFO] [client]  at java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853)
[09:59:27.359] [INFO] [client]  at java.base/com.sun.crypto.provider.PKCS12PBECipherCore.implDoFinal(PKCS12PBECipherCore.java:408)
[09:59:27.360] [INFO] [client]  at java.base/com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede.engineDoFinal(PKCS12PBECipherCore.java:440)
[09:59:27.360] [INFO] [client]  at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2202)
[09:59:27.360] [INFO] [client]  at java.base/sun.security.pkcs12.PKCS12KeyStore.lambda$engineGetKey$0(PKCS12KeyStore.java:387)
[09:59:27.360] [INFO] [client]  at java.base/sun.security.pkcs12.PKCS12KeyStore$RetryWithZero.run(PKCS12KeyStore.java:283)
[09:59:27.360] [INFO] [client]  at java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:381)
[09:59:27.361] [INFO] [client]  ... 50 more
```
---
 .../runtime/RestClientBuilderImpl.java        |  5 ++++
 .../runtime/RestClientCDIDelegateBuilder.java |  6 ++--
 .../RestClientCDIDelegateBuilderTest.java     |  4 +--
 .../client/impl/ClientBuilderImpl.java        | 10 +++++--
 .../rest-client-reactive/pom.xml              | 30 +++++++++++++++++++
 .../client/main/ClientCallingResource.java    |  7 +++++
 .../selfsigned/ExternalSelfSignedClient.java  | 15 ++++++++++
 .../src/main/resources/application.properties |  5 +++-
 .../ExternalSelfSignedTestCase.java           | 21 +++++++++++++
 9 files changed, 95 insertions(+), 8 deletions(-)
 create mode 100644 integration-tests/rest-client-reactive/src/main/java/io/quarkus/it/rest/client/main/selfsigned/ExternalSelfSignedClient.java
 create mode 100644 integration-tests/rest-client-reactive/src/test/java/io/quarkus/it/rest/client/selfsigned/ExternalSelfSignedTestCase.java

diff --git a/extensions/resteasy-reactive/rest-client-reactive/runtime/src/main/java/io/quarkus/rest/client/reactive/runtime/RestClientBuilderImpl.java b/extensions/resteasy-reactive/rest-client-reactive/runtime/src/main/java/io/quarkus/rest/client/reactive/runtime/RestClientBuilderImpl.java
index 12c830977b9c8..81c315c22837d 100644
--- a/extensions/resteasy-reactive/rest-client-reactive/runtime/src/main/java/io/quarkus/rest/client/reactive/runtime/RestClientBuilderImpl.java
+++ b/extensions/resteasy-reactive/rest-client-reactive/runtime/src/main/java/io/quarkus/rest/client/reactive/runtime/RestClientBuilderImpl.java
@@ -95,6 +95,11 @@ public RestClientBuilderImpl trustStore(KeyStore trustStore) {
         return this;
     }
 
+    public RestClientBuilderImpl trustStore(KeyStore trustStore, String trustStorePassword) {
+        clientBuilder.trustStore(trustStore, trustStorePassword.toCharArray());
+        return this;
+    }
+
     @Override
     public RestClientBuilderImpl keyStore(KeyStore keyStore, String keystorePassword) {
         clientBuilder.keyStore(keyStore, keystorePassword);
diff --git a/extensions/resteasy-reactive/rest-client-reactive/runtime/src/main/java/io/quarkus/rest/client/reactive/runtime/RestClientCDIDelegateBuilder.java b/extensions/resteasy-reactive/rest-client-reactive/runtime/src/main/java/io/quarkus/rest/client/reactive/runtime/RestClientCDIDelegateBuilder.java
index 83e647ae666df..d5f998178a40c 100644
--- a/extensions/resteasy-reactive/rest-client-reactive/runtime/src/main/java/io/quarkus/rest/client/reactive/runtime/RestClientCDIDelegateBuilder.java
+++ b/extensions/resteasy-reactive/rest-client-reactive/runtime/src/main/java/io/quarkus/rest/client/reactive/runtime/RestClientCDIDelegateBuilder.java
@@ -182,7 +182,7 @@ private void configureShared(RestClientBuilder builder) {
         }
     }
 
-    private void configureSsl(RestClientBuilder builder) {
+    private void configureSsl(RestClientBuilderImpl builder) {
 
         Optional<String> maybeTrustStore = oneOf(clientConfigByClassName().trustStore, clientConfigByConfigKey().trustStore,
                 configRoot.trustStore);
@@ -249,7 +249,7 @@ private void registerKeyStore(String keyStorePath, RestClientBuilder builder) {
         }
     }
 
-    private void registerTrustStore(String trustStorePath, RestClientBuilder builder) {
+    private void registerTrustStore(String trustStorePath, RestClientBuilderImpl builder) {
         Optional<String> maybeTrustStorePassword = oneOf(clientConfigByClassName().trustStorePassword,
                 clientConfigByConfigKey().trustStorePassword, configRoot.trustStorePassword);
         Optional<String> maybeTrustStoreType = oneOf(clientConfigByClassName().trustStoreType,
@@ -269,7 +269,7 @@ private void registerTrustStore(String trustStorePath, RestClientBuilder builder
                         e);
             }
 
-            builder.trustStore(trustStore);
+            builder.trustStore(trustStore, password);
         } catch (KeyStoreException e) {
             throw new IllegalArgumentException("Failed to initialize trust store from " + trustStorePath, e);
         }
diff --git a/extensions/resteasy-reactive/rest-client-reactive/runtime/src/test/java/io/quarkus/rest/client/reactive/runtime/RestClientCDIDelegateBuilderTest.java b/extensions/resteasy-reactive/rest-client-reactive/runtime/src/test/java/io/quarkus/rest/client/reactive/runtime/RestClientCDIDelegateBuilderTest.java
index 60f80120fb6a7..9a0ec4493673d 100644
--- a/extensions/resteasy-reactive/rest-client-reactive/runtime/src/test/java/io/quarkus/rest/client/reactive/runtime/RestClientCDIDelegateBuilderTest.java
+++ b/extensions/resteasy-reactive/rest-client-reactive/runtime/src/test/java/io/quarkus/rest/client/reactive/runtime/RestClientCDIDelegateBuilderTest.java
@@ -109,7 +109,7 @@ public void testClientSpecificConfigs() {
         Mockito.verify(restClientBuilderMock).register(MyResponseFilter1.class);
         Mockito.verify(restClientBuilderMock).queryParamStyle(QueryParamStyle.COMMA_SEPARATED);
 
-        Mockito.verify(restClientBuilderMock).trustStore(Mockito.any());
+        Mockito.verify(restClientBuilderMock).trustStore(Mockito.any(), Mockito.anyString());
         Mockito.verify(restClientBuilderMock).keyStore(Mockito.any(), Mockito.anyString());
     }
 
@@ -151,7 +151,7 @@ public void testGlobalConfigs() {
         Mockito.verify(restClientBuilderMock).register(MyResponseFilter2.class);
         Mockito.verify(restClientBuilderMock).queryParamStyle(QueryParamStyle.MULTI_PAIRS);
 
-        Mockito.verify(restClientBuilderMock).trustStore(Mockito.any());
+        Mockito.verify(restClientBuilderMock).trustStore(Mockito.any(), Mockito.anyString());
         Mockito.verify(restClientBuilderMock).keyStore(Mockito.any(), Mockito.anyString());
     }
 
diff --git a/independent-projects/resteasy-reactive/client/runtime/src/main/java/org/jboss/resteasy/reactive/client/impl/ClientBuilderImpl.java b/independent-projects/resteasy-reactive/client/runtime/src/main/java/org/jboss/resteasy/reactive/client/impl/ClientBuilderImpl.java
index e8020ea6c1547..6afe4fb4d6e52 100644
--- a/independent-projects/resteasy-reactive/client/runtime/src/main/java/org/jboss/resteasy/reactive/client/impl/ClientBuilderImpl.java
+++ b/independent-projects/resteasy-reactive/client/runtime/src/main/java/org/jboss/resteasy/reactive/client/impl/ClientBuilderImpl.java
@@ -46,6 +46,7 @@ public class ClientBuilderImpl extends ClientBuilder {
     private char[] keystorePassword;
     private SSLContext sslContext;
     private KeyStore trustStore;
+    private char[] trustStorePassword;
 
     private String proxyHost;
     private int proxyPort;
@@ -88,7 +89,12 @@ public ClientBuilder keyStore(KeyStore keyStore, char[] password) {
 
     @Override
     public ClientBuilder trustStore(KeyStore trustStore) {
+        return trustStore(trustStore, null);
+    }
+
+    public ClientBuilder trustStore(KeyStore trustStore, char[] password) {
         this.trustStore = trustStore;
+        this.trustStorePassword = password;
         return this;
     }
 
@@ -164,7 +170,7 @@ public ClientBuilder clientLogger(ClientLogger clientLogger) {
     @Override
     public ClientImpl build() {
         Buffer keyStore = asBuffer(this.keyStore, keystorePassword);
-        Buffer trustStore = asBuffer(this.trustStore, EMPTY_CHAR_ARARAY);
+        Buffer trustStore = asBuffer(this.trustStore, this.trustStorePassword);
 
         HttpClientOptions options = Optional.ofNullable(configuration.getFromContext(HttpClientOptions.class))
                 .orElseGet(HttpClientOptions::new);
@@ -185,7 +191,7 @@ public ClientImpl build() {
             if (trustStore != null) {
                 JksOptions jks = new JksOptions();
                 jks.setValue(trustStore);
-                jks.setPassword("");
+                jks.setPassword(trustStorePassword == null ? "" : new String(trustStorePassword));
                 options.setTrustStoreOptions(jks);
             }
         }
diff --git a/integration-tests/rest-client-reactive/pom.xml b/integration-tests/rest-client-reactive/pom.xml
index 8889bbc39f7ad..d81583d01c89e 100644
--- a/integration-tests/rest-client-reactive/pom.xml
+++ b/integration-tests/rest-client-reactive/pom.xml
@@ -11,6 +11,11 @@
     <artifactId>quarkus-integration-test-rest-client-reactive</artifactId>
     <name>Quarkus - Integration Tests - REST Client Reactive</name>
 
+    <properties>
+        <self-signed.trust-store>${project.build.directory}/self-signed.p12</self-signed.trust-store>
+        <self-signed.trust-store-password>changeit</self-signed.trust-store-password>
+    </properties>
+
     <!--todo add ssl tests-->
 
     <dependencies>
@@ -165,6 +170,31 @@
                     </execution>
                 </executions>
             </plugin>
+
+            <plugin>
+                <groupId>uk.co.automatictester</groupId>
+                <artifactId>truststore-maven-plugin</artifactId>
+                <version>${truststore-maven-plugin.version}</version>
+                <executions>
+                    <execution>
+                        <id>self-signed-truststore</id>
+                        <phase>generate-test-resources</phase>
+                        <goals>
+                            <goal>generate-truststore</goal>
+                        </goals>
+                        <configuration>
+                            <truststoreFormat>PKCS12</truststoreFormat>
+                            <truststoreFile>${self-signed.trust-store}</truststoreFile>
+                            <truststorePassword>${self-signed.trust-store-password}</truststorePassword>
+                            <servers>
+                                <server>self-signed.badssl.com:443</server>
+                            </servers>
+                            <trustAllCertificates>true</trustAllCertificates>
+                            <includeCertificates>LEAF</includeCertificates>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
     </build>
 
diff --git a/integration-tests/rest-client-reactive/src/main/java/io/quarkus/it/rest/client/main/ClientCallingResource.java b/integration-tests/rest-client-reactive/src/main/java/io/quarkus/it/rest/client/main/ClientCallingResource.java
index 5b6252ce83a00..1e311fef17815 100644
--- a/integration-tests/rest-client-reactive/src/main/java/io/quarkus/it/rest/client/main/ClientCallingResource.java
+++ b/integration-tests/rest-client-reactive/src/main/java/io/quarkus/it/rest/client/main/ClientCallingResource.java
@@ -21,6 +21,7 @@
 
 import io.opentelemetry.sdk.testing.exporter.InMemorySpanExporter;
 import io.quarkus.it.rest.client.main.MyResponseExceptionMapper.MyException;
+import io.quarkus.it.rest.client.main.selfsigned.ExternalSelfSignedClient;
 import io.smallrye.mutiny.Uni;
 import io.vertx.core.Future;
 import io.vertx.core.json.Json;
@@ -44,6 +45,9 @@ public class ClientCallingResource {
     @RestClient
     FaultToleranceOnInterfaceClient faultToleranceOnInterfaceClient;
 
+    @RestClient
+    ExternalSelfSignedClient externalSelfSignedClient;
+
     @Inject
     InMemorySpanExporter inMemorySpanExporter;
 
@@ -165,6 +169,9 @@ void init(@Observes Router router) {
         });
 
         router.get("/with%20space").handler(rc -> rc.response().setStatusCode(200).end());
+
+        router.get("/self-signed").blockingHandler(
+                rc -> rc.response().setStatusCode(200).end(String.valueOf(externalSelfSignedClient.invoke().getStatus())));
     }
 
     private Future<Void> success(RoutingContext rc, String body) {
diff --git a/integration-tests/rest-client-reactive/src/main/java/io/quarkus/it/rest/client/main/selfsigned/ExternalSelfSignedClient.java b/integration-tests/rest-client-reactive/src/main/java/io/quarkus/it/rest/client/main/selfsigned/ExternalSelfSignedClient.java
new file mode 100644
index 0000000000000..7d2610f75b4be
--- /dev/null
+++ b/integration-tests/rest-client-reactive/src/main/java/io/quarkus/it/rest/client/main/selfsigned/ExternalSelfSignedClient.java
@@ -0,0 +1,15 @@
+package io.quarkus.it.rest.client.main.selfsigned;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.core.Response;
+
+import org.eclipse.microprofile.faulttolerance.Retry;
+import org.eclipse.microprofile.rest.client.inject.RegisterRestClient;
+
+@RegisterRestClient(baseUri = "https://self-signed.badssl.com/", configKey = "self-signed")
+public interface ExternalSelfSignedClient {
+
+    @GET
+    @Retry(delay = 1000)
+    Response invoke();
+}
diff --git a/integration-tests/rest-client-reactive/src/main/resources/application.properties b/integration-tests/rest-client-reactive/src/main/resources/application.properties
index 392722ce0c912..03c013f85ce30 100644
--- a/integration-tests/rest-client-reactive/src/main/resources/application.properties
+++ b/integration-tests/rest-client-reactive/src/main/resources/application.properties
@@ -1,4 +1,7 @@
 w-exception-mapper/mp-rest/url=${test.url}
 w-fault-tolerance/mp-rest/url=${test.url}
 io.quarkus.it.rest.client.main.ParamClient/mp-rest/url=${test.url}
-io.quarkus.it.rest.client.multipart.MultipartClient/mp-rest/url=${test.url}
\ No newline at end of file
+io.quarkus.it.rest.client.multipart.MultipartClient/mp-rest/url=${test.url}
+# HTTPS
+quarkus.rest-client.self-signed.trust-store=${self-signed.trust-store}
+quarkus.rest-client.self-signed.trust-store-password=${self-signed.trust-store-password}
diff --git a/integration-tests/rest-client-reactive/src/test/java/io/quarkus/it/rest/client/selfsigned/ExternalSelfSignedTestCase.java b/integration-tests/rest-client-reactive/src/test/java/io/quarkus/it/rest/client/selfsigned/ExternalSelfSignedTestCase.java
new file mode 100644
index 0000000000000..1348f532290fc
--- /dev/null
+++ b/integration-tests/rest-client-reactive/src/test/java/io/quarkus/it/rest/client/selfsigned/ExternalSelfSignedTestCase.java
@@ -0,0 +1,21 @@
+package io.quarkus.it.rest.client.selfsigned;
+
+import static io.restassured.RestAssured.when;
+import static org.hamcrest.Matchers.is;
+
+import org.junit.jupiter.api.Test;
+
+import io.quarkus.test.junit.QuarkusTest;
+
+@QuarkusTest
+public class ExternalSelfSignedTestCase {
+
+    @Test
+    public void should_accept_self_signed_certs() {
+        when()
+                .get("/self-signed")
+                .then()
+                .statusCode(200)
+                .body(is("200"));
+    }
+}

From 5ede0cb5d7b8c1341ac26567494b1979b2ac3af1 Mon Sep 17 00:00:00 2001
From: Georgios Andrianakis <geoand@gmail.com>
Date: Wed, 14 Sep 2022 16:28:20 +0300
Subject: [PATCH 12/36] Removed unused field from LoggingSetupRecorder

---
 .../java/io/quarkus/runtime/logging/LoggingSetupRecorder.java    | 1 -
 1 file changed, 1 deletion(-)

diff --git a/core/runtime/src/main/java/io/quarkus/runtime/logging/LoggingSetupRecorder.java b/core/runtime/src/main/java/io/quarkus/runtime/logging/LoggingSetupRecorder.java
index f10f9c3dab731..70b062345f61b 100644
--- a/core/runtime/src/main/java/io/quarkus/runtime/logging/LoggingSetupRecorder.java
+++ b/core/runtime/src/main/java/io/quarkus/runtime/logging/LoggingSetupRecorder.java
@@ -55,7 +55,6 @@
 public class LoggingSetupRecorder {
 
     private static final org.jboss.logging.Logger log = org.jboss.logging.Logger.getLogger(LoggingSetupRecorder.class);
-    public static final String SHUTDOWN_MESSAGE = " [Error Occurred After Shutdown]";
 
     final RuntimeValue<ConsoleRuntimeConfig> consoleRuntimeConfig;
 

From 48d0c87cea8f911cb2818c2cdd67d66a5c98ee55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Vav=C5=99=C3=ADk?= <mvavrik@redhat.com>
Date: Wed, 14 Sep 2022 15:50:21 +0200
Subject: [PATCH 13/36] Adjust 'challenge' selection so that custom auth
 mechanism is called

fixes: #27180
---
 .../main/asciidoc/security-customization.adoc |  18 ++-
 .../security/CustomFormAuthChallengeTest.java | 108 ++++++++++++++++++
 .../runtime/security/HttpAuthenticator.java   |  19 ++-
 3 files changed, 133 insertions(+), 12 deletions(-)
 create mode 100644 extensions/vertx-http/deployment/src/test/java/io/quarkus/vertx/http/security/CustomFormAuthChallengeTest.java

diff --git a/docs/src/main/asciidoc/security-customization.adoc b/docs/src/main/asciidoc/security-customization.adoc
index d3130db9ecb9c..456090e604ee2 100644
--- a/docs/src/main/asciidoc/security-customization.adoc
+++ b/docs/src/main/asciidoc/security-customization.adoc
@@ -84,6 +84,8 @@ In some cases such a default logic of selecting the challenge is exactly what is
 
 [source,java]
 ----
+@Alternative <1>
+@Priority(1)
 @ApplicationScoped
 public class CustomAwareJWTAuthMechanism implements HttpAuthenticationMechanism {
 
@@ -102,18 +104,21 @@ public class CustomAwareJWTAuthMechanism implements HttpAuthenticationMechanism
 
 	@Override
 	public Uni<ChallengeData> getChallenge(RoutingContext context) {
-		return selectBetweenJwtAndOidcChallenge(context).getChallenge(context);
+            return selectBetweenJwtAndOidcChallenge(context).getChallenge(context);
 	}
 
 	@Override
 	public Set<Class<? extends AuthenticationRequest>> getCredentialTypes() {
-		return selectBetweenJwtAndOidc(context).getCredentialTypes();
+            Set<Class<? extends AuthenticationRequest>> credentialTypes = new HashSet<>();
+            credentialTypes.addAll(jwt.getCredentialTypes());
+            credentialTypes.addAll(oidc.getCredentialTypes());
+            return credentialTypes;
 	}
 
-	@Override
-	public HttpCredentialTransport getCredentialTransport(RoutingContext context) {
-		return selectBetweenJwtAndOidc(context).getCredentialTransport();
-	}
+        @Override
+        public Uni<HttpCredentialTransport> getCredentialTransport(RoutingContext context) {
+            return selectBetweenJwtAndOidc(context).getCredentialTransport(context);
+        }
 
         private HttpAuthenticationMechanism selectBetweenJwtAndOidc(RoutingContext context) {
             ....
@@ -125,6 +130,7 @@ public class CustomAwareJWTAuthMechanism implements HttpAuthenticationMechanism
 
 }
 ----
+<1> Declaring the mechanism an alternative bean ensures this mechanism is used rather than `OidcAuthenticationMechanism` and `JWTAuthMechanism`.
 
 [[security-identity-customization]]
 == Security Identity Customization
diff --git a/extensions/vertx-http/deployment/src/test/java/io/quarkus/vertx/http/security/CustomFormAuthChallengeTest.java b/extensions/vertx-http/deployment/src/test/java/io/quarkus/vertx/http/security/CustomFormAuthChallengeTest.java
new file mode 100644
index 0000000000000..696e130ec95d2
--- /dev/null
+++ b/extensions/vertx-http/deployment/src/test/java/io/quarkus/vertx/http/security/CustomFormAuthChallengeTest.java
@@ -0,0 +1,108 @@
+package io.quarkus.vertx.http.security;
+
+import java.util.Set;
+import java.util.function.Supplier;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.inject.Alternative;
+import javax.inject.Inject;
+
+import org.hamcrest.Matchers;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.asset.StringAsset;
+import org.jboss.shrinkwrap.api.spec.JavaArchive;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+import io.quarkus.arc.Priority;
+import io.quarkus.security.identity.IdentityProviderManager;
+import io.quarkus.security.identity.SecurityIdentity;
+import io.quarkus.security.identity.request.AuthenticationRequest;
+import io.quarkus.security.test.utils.TestIdentityController;
+import io.quarkus.security.test.utils.TestIdentityProvider;
+import io.quarkus.test.QuarkusUnitTest;
+import io.quarkus.vertx.http.runtime.security.ChallengeData;
+import io.quarkus.vertx.http.runtime.security.FormAuthenticationMechanism;
+import io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism;
+import io.quarkus.vertx.http.runtime.security.HttpCredentialTransport;
+import io.restassured.RestAssured;
+import io.smallrye.mutiny.Uni;
+import io.vertx.ext.web.RoutingContext;
+
+public class CustomFormAuthChallengeTest {
+
+    private static final int EXPECTED_STATUS = 203;
+    private static final String EXPECTED_HEADER_NAME = "ElizabethII";
+    private static final String EXPECTED_HEADER_VALUE = "CharlesIV";
+    private static final String ADMIN = "admin";
+    private static final String APP_PROPS = "" +
+            "quarkus.http.auth.form.enabled=true\n" +
+            "quarkus.http.auth.form.login-page=login\n" +
+            "quarkus.http.auth.form.error-page=error\n" +
+            "quarkus.http.auth.form.landing-page=landing\n" +
+            "quarkus.http.auth.policy.r1.roles-allowed=admin\n" +
+            "quarkus.http.auth.session.encryption-key=CHANGEIT-CHANGEIT-CHANGEIT-CHANGEIT-CHANGEIT\n";
+
+    @RegisterExtension
+    static QuarkusUnitTest test = new QuarkusUnitTest().setArchiveProducer(new Supplier<>() {
+        @Override
+        public JavaArchive get() {
+            return ShrinkWrap.create(JavaArchive.class)
+                    .addClasses(CustomFormAuthenticator.class, TestIdentityProvider.class, TestIdentityController.class,
+                            TestTrustedIdentityProvider.class, PathHandler.class)
+                    .addAsResource(new StringAsset(APP_PROPS), "application.properties");
+        }
+    });
+
+    @BeforeAll
+    public static void setup() {
+        TestIdentityController.resetRoles().add(ADMIN, ADMIN, ADMIN);
+    }
+
+    @Test
+    public void testCustomGetChallengeIsCalled() {
+        RestAssured
+                .given()
+                .when()
+                .formParam("j_username", ADMIN)
+                .formParam("j_password", "wrong_password")
+                .post("/j_security_check")
+                .then()
+                .assertThat()
+                .statusCode(EXPECTED_STATUS)
+                .header(EXPECTED_HEADER_NAME, Matchers.is(EXPECTED_HEADER_VALUE));
+    }
+
+    @Alternative
+    @Priority(1)
+    @ApplicationScoped
+    public static class CustomFormAuthenticator implements HttpAuthenticationMechanism {
+
+        @Inject
+        FormAuthenticationMechanism delegate;
+
+        @Override
+        public Uni<SecurityIdentity> authenticate(RoutingContext context, IdentityProviderManager identityProviderManager) {
+            final var authenticate = delegate.authenticate(context, identityProviderManager);
+            context.put(HttpAuthenticationMechanism.class.getName(), this);
+            return authenticate;
+        }
+
+        @Override
+        public Uni<ChallengeData> getChallenge(RoutingContext context) {
+            return Uni.createFrom().item(new ChallengeData(EXPECTED_STATUS, EXPECTED_HEADER_NAME, EXPECTED_HEADER_VALUE));
+        }
+
+        @Override
+        public Set<Class<? extends AuthenticationRequest>> getCredentialTypes() {
+            return delegate.getCredentialTypes();
+        }
+
+        @Override
+        public Uni<HttpCredentialTransport> getCredentialTransport(RoutingContext context) {
+            return delegate.getCredentialTransport(context);
+        }
+    }
+
+}
diff --git a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpAuthenticator.java b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpAuthenticator.java
index 0a2ce19a3343d..8b2de1d915bd1 100644
--- a/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpAuthenticator.java
+++ b/extensions/vertx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpAuthenticator.java
@@ -137,10 +137,14 @@ public Uni<Boolean> sendChallenge(RoutingContext routingContext) {
         routingContext.request().resume();
         Uni<Boolean> result = null;
 
-        HttpAuthenticationMechanism matchingMech = routingContext.get(HttpAuthenticationMechanism.class.getName());
-        if (matchingMech != null) {
-            result = matchingMech.sendChallenge(routingContext);
+        // we only require auth mechanism to put itself into routing context when there is more than one mechanism registered
+        if (mechanisms.length > 1) {
+            HttpAuthenticationMechanism matchingMech = routingContext.get(HttpAuthenticationMechanism.class.getName());
+            if (matchingMech != null) {
+                result = matchingMech.sendChallenge(routingContext);
+            }
         }
+
         if (result == null) {
             result = mechanisms[0].sendChallenge(routingContext);
             for (int i = 1; i < mechanisms.length; ++i) {
@@ -169,9 +173,12 @@ public Uni<? extends Boolean> apply(Boolean authDone) {
     }
 
     public Uni<ChallengeData> getChallenge(RoutingContext routingContext) {
-        HttpAuthenticationMechanism matchingMech = routingContext.get(HttpAuthenticationMechanism.class.getName());
-        if (matchingMech != null) {
-            return matchingMech.getChallenge(routingContext);
+        // we only require auth mechanism to put itself into routing context when there is more than one mechanism registered
+        if (mechanisms.length > 1) {
+            HttpAuthenticationMechanism matchingMech = routingContext.get(HttpAuthenticationMechanism.class.getName());
+            if (matchingMech != null) {
+                return matchingMech.getChallenge(routingContext);
+            }
         }
         Uni<ChallengeData> result = mechanisms[0].getChallenge(routingContext);
         for (int i = 1; i < mechanisms.length; ++i) {

From d19b9e51ab16975f47fb6a5b4d2d8146577fe053 Mon Sep 17 00:00:00 2001
From: Fedor Dudinskiy <fdudinsk@redhat.com>
Date: Wed, 14 Sep 2022 16:40:37 +0200
Subject: [PATCH 14/36] Refactor Qute loop helper to make clear, that parity is
 one-based

See the issue[1] for context.
Also add a new test for this functionality.

[1] https://github.com/quarkusio/quarkus/issues/27931
---
 .../io/quarkus/qute/LoopSectionHelper.java    |  9 ++++----
 .../qute/generator/SimpleGeneratorTest.java   | 22 +++++++++++++++++++
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/independent-projects/qute/core/src/main/java/io/quarkus/qute/LoopSectionHelper.java b/independent-projects/qute/core/src/main/java/io/quarkus/qute/LoopSectionHelper.java
index 81b8502db1072..1f11ea46fe198 100644
--- a/independent-projects/qute/core/src/main/java/io/quarkus/qute/LoopSectionHelper.java
+++ b/independent-projects/qute/core/src/main/java/io/quarkus/qute/LoopSectionHelper.java
@@ -278,13 +278,14 @@ public CompletionStage<Object> getAsync(String key) {
                 }
             }
             // Iteration metadata
+            final int count = index + 1;
             switch (key) {
                 case "count":
-                    return CompletedStage.of(index + 1);
+                    return CompletedStage.of(count);
                 case "index":
                     return CompletedStage.of(index);
                 case "indexParity":
-                    return index % 2 != 0 ? EVEN : ODD;
+                    return count % 2 == 0 ? EVEN : ODD;
                 case "hasNext":
                     return hasNext ? Results.TRUE : Results.FALSE;
                 case "isLast":
@@ -293,10 +294,10 @@ public CompletionStage<Object> getAsync(String key) {
                     return index == 0 ? Results.TRUE : Results.FALSE;
                 case "isOdd":
                 case "odd":
-                    return (index % 2 == 0) ? Results.TRUE : Results.FALSE;
+                    return count % 2 != 0 ? Results.TRUE : Results.FALSE;
                 case "isEven":
                 case "even":
-                    return (index % 2 != 0) ? Results.TRUE : Results.FALSE;
+                    return count % 2 == 0 ? Results.TRUE : Results.FALSE;
                 default:
                     return Results.notFound(key);
             }
diff --git a/independent-projects/qute/generator/src/test/java/io/quarkus/qute/generator/SimpleGeneratorTest.java b/independent-projects/qute/generator/src/test/java/io/quarkus/qute/generator/SimpleGeneratorTest.java
index 5784b8a310771..e0a9a012fcc94 100644
--- a/independent-projects/qute/generator/src/test/java/io/quarkus/qute/generator/SimpleGeneratorTest.java
+++ b/independent-projects/qute/generator/src/test/java/io/quarkus/qute/generator/SimpleGeneratorTest.java
@@ -143,6 +143,28 @@ public void testWithEngine() throws Exception {
         assertEquals("10", engine.parse("{io_quarkus_qute_generator_MyService:getDummy(5)}").render());
     }
 
+    @Test
+    public void testArrays() {
+        Engine engine = Engine.builder().addDefaults().build();
+        assertEquals("1,2,3,4,5,6,7,8,9,10,", engine.parse("{#for i in 10}{i_count},{/for}").render());
+        assertEquals("0,1,2,3,4,5,6,7,8,9,", engine.parse("{#for i in 10}{i_index},{/for}").render());
+        assertEquals("odd,even,odd,even,odd,even,odd,even,odd,even,",
+                engine.parse("{#for i in 10}{i_indexParity},{/for}").render());
+        assertEquals("true,false,true,false,true,",
+                engine.parse("{#for i in 5}{i_odd},{/for}").render());
+        assertEquals("false,true,false,true,false,",
+                engine.parse("{#for i in 5}{i_even},{/for}").render());
+        { //these two are not documented in the guide (https://quarkus.io/guides/qute-reference)
+            assertEquals("true,false,true,false,true,",
+                    engine.parse("{#for i in 5}{i_isOdd},{/for}").render());
+            assertEquals("false,true,false,true,false,",
+                    engine.parse("{#for i in 5}{i_isEven},{/for}").render());
+        }
+        assertEquals("true,true,true,true,false,", engine.parse("{#for i in 5}{i_hasNext},{/for}").render());
+        assertEquals("false,false,false,false,true,", engine.parse("{#for i in 5}{i_isLast},{/for}").render());
+        assertEquals("true,false,false,false,false,", engine.parse("{#for i in 5}{i_isFirst},{/for}").render());
+    }
+
     private Resolver newResolver(String className)
             throws ClassNotFoundException, InstantiationException, IllegalAccessException, IllegalArgumentException,
             InvocationTargetException, NoSuchMethodException, SecurityException {

From 2c798aad2e9559e9f4a2b12ff5b98b8ddeff3c6d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 14 Sep 2022 21:39:38 +0000
Subject: [PATCH 15/36] Bump nimbus-jose-jwt from 9.24.4 to 9.25

Bumps [nimbus-jose-jwt](https://bitbucket.org/connect2id/nimbus-jose-jwt) from 9.24.4 to 9.25.
- [Changelog](https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt)
- [Commits](https://bitbucket.org/connect2id/nimbus-jose-jwt/branches/compare/9.25..9.24.4)

---
updated-dependencies:
- dependency-name: com.nimbusds:nimbus-jose-jwt
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 bom/application/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bom/application/pom.xml b/bom/application/pom.xml
index e1b284c5a8587..0b2914d12e1f5 100644
--- a/bom/application/pom.xml
+++ b/bom/application/pom.xml
@@ -201,7 +201,7 @@
         <aesh.version>2.6</aesh.version>
         <!-- these two artifacts needs to be compatible together -->
         <strimzi-oauth.version>0.10.0</strimzi-oauth.version>
-        <strimzi-oauth.nimbus.version>9.24.4</strimzi-oauth.nimbus.version>
+        <strimzi-oauth.nimbus.version>9.25</strimzi-oauth.nimbus.version>
         <java-buildpack-client.version>0.0.6</java-buildpack-client.version>
         <org-crac.version>0.1.1</org-crac.version>
     </properties>

From 8ad6a4a4b6e5c22638dc6ed90f389ce32405b157 Mon Sep 17 00:00:00 2001
From: hmanwani-rh <hmanwani@redhat.com>
Date: Tue, 23 Aug 2022 14:28:17 +0530
Subject: [PATCH 16/36] Docs: Optimized introduction of OIDC Bearer Token
 Authorization document

---
 docs/src/main/asciidoc/security-openid-connect.adoc | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/docs/src/main/asciidoc/security-openid-connect.adoc b/docs/src/main/asciidoc/security-openid-connect.adoc
index 0b03187201eb9..ddb149202842e 100644
--- a/docs/src/main/asciidoc/security-openid-connect.adoc
+++ b/docs/src/main/asciidoc/security-openid-connect.adoc
@@ -8,15 +8,17 @@ https://github.com/quarkusio/quarkus/tree/main/docs/src/main/asciidoc
 include::./attributes.adoc[]
 :toc:
 
-This guide demonstrates how to use Quarkus OpenID Connect (OIDC) Extension to protect your JAX-RS applications using Bearer Token Authorization where Bearer Tokens are issued by OpenID Connect and OAuth 2.0 compliant Authorization Servers such as https://www.keycloak.org[Keycloak].
+You can use the Quarkus OpenID Connect (OIDC) extension to secure your JAX-RS applications using Bearer Token Authorization. 
+The Bearer Tokens are issued by OIDC and OAuth 2.0 compliant authorization servers, such as https://www.keycloak.org[Keycloak]. 
 
-Bearer Token Authorization is the process of authorizing HTTP requests based on the existence and validity of a Bearer Token which provides valuable information to determine the subject of the call as well as whether an HTTP resource can be accessed.
+Bearer Token authorization authorizes HTTP requests based on the existence and validity of a Bearer Token. 
+The Bearer Token provides information about determining the subject of the call and whether or not an HTTP resource is accessible. 
 
-Please read the xref:security-openid-connect-web-authentication.adoc[Using OpenID Connect to Protect Web Applications] guide if you need to authenticate and authorize the users using OpenID Connect Authorization Code Flow.
+If you want to authenticate and authorize the users using OpenID Connect Authorization Code Flow, see xref:security-openid-connect-web-authentication.adoc[Using OpenID Connect to Protect Web Applications].
+Also, if you use Keycloak and Bearer Tokens, see xref:security-keycloak-authorization.adoc[Using Keycloak to Centralize Authorization].
 
-If you use Keycloak and Bearer tokens then also see the xref:security-keycloak-authorization.adoc[Using Keycloak to Centralize Authorization] guide.
+For information about how to support multiple tenants, see xref:security-openid-connect-multitenancy.adoc[Using OpenID Connect Multi-Tenancy].
 
-Please read the xref:security-openid-connect-multitenancy.adoc[Using OpenID Connect Multi-Tenancy] guide how to support multiple tenants.
 
 == Quickstart
 

From c218ec86c96e4e07638fb0bdd0c1c573040279f8 Mon Sep 17 00:00:00 2001
From: hmanwani-rh <hmanwani@redhat.com>
Date: Wed, 7 Sep 2022 14:04:01 +0530
Subject: [PATCH 17/36] Incorporated SME suggestions and added graphics

---
 ...y-bearer-token-authorization-mechanism-1.png | Bin 0 -> 87898 bytes
 ...y-bearer-token-authorization-mechanism-2.png | Bin 0 -> 72522 bytes
 .../main/asciidoc/security-openid-connect.adoc  |  12 +++++++++---
 3 files changed, 9 insertions(+), 3 deletions(-)
 create mode 100644 docs/src/main/asciidoc/images/security-bearer-token-authorization-mechanism-1.png
 create mode 100644 docs/src/main/asciidoc/images/security-bearer-token-authorization-mechanism-2.png

diff --git a/docs/src/main/asciidoc/images/security-bearer-token-authorization-mechanism-1.png b/docs/src/main/asciidoc/images/security-bearer-token-authorization-mechanism-1.png
new file mode 100644
index 0000000000000000000000000000000000000000..13271519264dc182954789dbc0ad9f9d410db594
GIT binary patch
literal 87898
zcmeFZWmuJM*EMR=NK1-zDBX>8NuzXkv*<=8Bm^Wxy1@eJE@_Y!MY>Bmlos|}_Y?2;
zW54_N{_)+1$1TEI*SfCroadZljxi<?YASNr7-SgNu3f`ckeAlDcJ21wwQDyG&~CtY
zvYwL0!e6BBGCJ;>&Q|VTrmmLPBrKfGEU6S6O|308EKMzZ5WSWn@D3(hEgg3q<;Ozi
z&W>!R$k(uWJG#KTuU!)n_jWNgx3_esGPAU{brPl7ZD^sPvb7MU(dJd=P<D~Bw6T@<
zb+y#=Rnao{wKo^Epb;0N67d#-3piT3n^Ji@Iykurd5hBgb6p|$8u@K@8mfO@;%+ZW
z^RJuIQC6dpa(1<(;%DPxHRs^qpyC%~<K^SCG&AQl<6)uV;^5+9=ip`M5M<>L5aQw$
z;^n3K_kT3-fvy%-LK@Pt|Nc1mmne;mySs}JJG+;c7n>J1o3pDmJEx$aAUg*aI~Nx#
zyn@xu$I0E)o7KsU_CHsUwsbRhwRLf~b#|gcUeVOd*~49w25$CWPvPkD-^)6={d=Wg
z&Dgz7UD!F<IFL{EpBE}C|9`*K(eb~pc5~OT{Ga>%f4#7qmXC`iyN0EkvxloW?41=Y
z@}pdYq+Bgc-JM;voShy1vyf^w&hE}`HqI_oT-<CtR7}dI=C)4A?=b)K7G-521t&Lm
zQzvsv1!++lxCooAt%Z;@pQNCypa3@)7Z)!lr;M}!zm$YDzYIU8v<x3VClBX;-Ye~F
z?%`<Z<o=)cTKvy@dH&b;A_KzF1wL8Y($&_}(n8kN*^%m>rxvpP-|vO<f4$zn-)r%|
z-wV9;e|ZjexEXfj-u@qZ{hx0^03pBpZ}7rD{u}<5P7w315Zt?X(WBR{YxXEeOK5pd
zZe@6RYjs{#$EmEp9+uku)<F381ryT^jYOL8a2@8z+jy7{!f!lyar?RiVSezlXOU<(
z6nAruGjW9^gc^^lva;4Dy)?%iB;)Ca{>ptGm~dO|@6YsEO%c@GsrNaw!k`Ypl|=jJ
ze+%OIT6h2TCGy`V#2dqS|Naqm$R79i9NPbRsr7p)x&OYjZAk59%zv&z9g>xE=idKZ
zRb1+x(0{Lj8yF_!{@<%mUtoEx|Mx1AC#3)P1OKyb|36z&+CK$KZxb;k!z*n^3m>P@
z`FcCgHu{_%SpKDvq;uP;-(+)-Xi=c%`f0E(hewl=@ZiZu9@}qpaXkigt}9*9<Y($3
z@~in`ZmX|cCBiKR2h#W<3>BuBnWb0H{%l$gWzs928HUIY=08s1g2Wu*zHU(O{_EoO
zP=St1GQ5LJ>H78Sx)oN+H2V?Z;kEv!<?agM7Akfhp5fAbpf<#pq~pC;+ZP&0Or5W!
zpqQAi1UFR~_J2e2-zV+=9=iWCk7+!_48f(@$ya>yz_8xkYsTYemHkgP<K`l)f4^$_
z>GvE0=i%2%DO{Ehh%fwpeJe=gcYdHBB7aA1qr{-@ppU&JBsBEL2hDd7-Vxv4C49Rb
zClM3=j7}ac?iL~u<8!@QCNixx$5jfszn>p1RPHm@qaAD|=XV;`s1N+>`;DK8nB7Rk
zZ54~PK7mnntVoyJyz7;;5l#y3B^oPs0_|}yzw@kglp5V}GyY&s{_*yd*THh{MVhGJ
zk!gDvufzD>w*n>fyZVa>VgYCNKR;)<B968uGzt`N-?}CLBBYj9VX19~h5825mmi<B
z6TDSFqcd3j`u%GZ^$tbPn}^zPD8uUlHK{MiTAVs$MkG}-QkMm;>b*o0WXa?1W!!IA
zrD4<PpHcVr!XzuWBBWHM8WW8X+<iy)=FUAunJ_F;SguCIQrGL(um7GOAEpHR9ImqN
z(#XY7z+*iwk9?$QH(6;r7kIvXdbk!#AsEl7nwi3FZPgnuQ_M_#aVL?Hit5=>S1PZ4
zwZnvDL?M-?sKroblTMkL<<~@JjeInjS#`RNKX9iiSz;NV-m9o&2=Ur|e~*GqhO6@8
z$%77Sc-pz3tG{(_YvC@d{V8!&mx}P%?O#?#`vp9=#v!SAZBKe!oFMMdh|w!1zSsJo
zvA@_Eml3k19OL-#w(a&*&F<0mlxn7k&+qk-nz_IR2nQ%XZ6$^Y#{7%9S|4ws-f<W&
zeU5Vx_2><oVLe>H|I4arWfHrwimS+(`>@e(!ICKd(}RLN+j<nQj*-yNP)B&^?wEV>
zqSW);QFmGOawKmrKD$gv*%(7mN%d61B@Am_o@3x`_LaPzK4A2~XXdl`n-z3<I^#80
ztXK7bhNf-FYjHo|V!wN;+A+#fA(bz5QMuQ+#>p^=Mfc>f`m4`NPtoEM%d{VJTlJH0
zn%z>4d8qxlR{!p$RbNu{Q_TbhWmwZBPIFmJSUw21adf`FU+vCreNtB&nQ8E1H)<q7
zUo4c6kcg+E-Vqs2A08ftZ5&7!JRHuE8vE(6(eV;O8X|jb!aA$ippGj>9Q|kwUzLZT
z!hN|X4vVd*i7sUCXHxzZtkD*&PP4zyP^M@E_toY3ZcD)V5vy_Y1)L`Ntupg&BcBzb
zJCiizJK609Y3#<$8$UiJEbCR-O?**c-|gF0Nf+R>>Q7ckU@+aF2<7MSh7Deyu5$}U
z!QM;RK;`dig0g^3&KD9AviCOVB{q2y9EoMV1pfU^b&Rf+zPI8Rds0{!by;Eoz7Iuq
zEY16pSPAougZ}<WP!(f-T0|nlgl<KTPJOVRY88yR@NRfKn<{9(lQ<X^M`eNRXpvg(
zX$h={_eib`0i%la+xHdf93M|1aE7wPvm(<U?XkhRSCTI%KbGuBLi^`X^(J#J!S|4H
zU94YI=(d1po2amUr<!%yeLtx2Xwu%W!BZwR-YV<PH!>f|Pq=NnwdQ09^&`T3uedf|
zM1Rxfg!HT6IAM2|-j_J{XB)hBw<ap4V7(f=ob#vtZku3XwD|tnfFtcNSsC#vx@hlK
zxk>AbmdmqG=G`&3(x|0SPDNdRr8ze*>{nQ#M&4yj6*0DEaD92F^CtEBNFFLq6Ly^9
z{+z#(-^>6WxnCE;|M6QkL)mDuP>K^J;u74p*lf>qPV=t$)?mkLj1Me=Lq25gx|+Iu
z6pSu;`q{u|{>yXNpd4+A)8C`254GOAY>k(}nd5PqPR4wbB^iD~qgnX)aCKmFw&^?+
zlXy=lrlsa>C12(1vD@!VKh65>Hid_WYa98<oO7d5e-CdceywADA4{pK74faXZEdim
z`Rsx9U^?gVFN^-<{UPzIt+C>%U!(8h5W?PnHlFC?g_$TXIQon^xBNYVTa<cvXXSB_
zK^D_&mei&KT|@l#>!FUv)m1TKXX|;!fv5ELV?~~?pW@=!cSaIn5;7qZ0jqv>NLbi6
zokfexNyn*bQ?<a81ynI%hOQ>eQObZd<7QW*>veDWgG(H~WsIhD3x?p<IgEQto<FWD
z-!^B`^W00Cn!s&7-_X5#<G5TlPp(vDdU}-TR5b0wGOIaT$evN$aMu1(w<cCxC^=gy
zkF7>a;NR@*?7h7`$S5T`Wi)hjA&Ux~(@-0_DgFBW(F@pvE-(I`{i*Oh1~`Kj_Xj>c
zKwoRf*0)YSYu&8Vw)!_Sby{<ZdbkF^Q$+D^hkZnn+8@D&T&2_xPW{jQ*jo@o(cX`%
za3gM5Vz0nr;gE&Wx_;GOXbV+(%NG3>PIZYg-pb=c6sa(*-UP-W0#y+N{7@j3-c4d&
ztdQaB?c^n!BnsyxO4V$%a|)jndg^!wTDBP3wqK7B(zHUVL<Kw(5)BPQQ`?A={uJ&6
zi_P}M9Viq69vg(GkMPSaddt1{7a>KSL*1+VGoPn<a!=T^aleb)B9*zZNsW%YFOfL`
z7M@lv#$l%ZjWhaPQM&g~7p@>DgzSE{N+OS`a7~XtzGOwQC+imZ-5Qay;<lWT=o&%r
z5cBnx>wQMc;CBvO&WRo=Lhg(AUHvD@Eg{}lez}Kadu~sbv|ReWdGO?f{-lYSC{H#z
zcW;V4@>Y>SUA&T!-!`v3I|7}pTM;j)j2)^$_5HL%X3EN<A~f|`I3IS#1s)O#0^WP`
zkdR)JPf2qdH~V)+5!X~Tq%(#s4GLN*M-n}hwYjBoaa!XvQ*S^d)ezbOiF28`QvQH_
zC81n;LnTw>*Da;r4y24RxQ=XP_H`j8>3@`que+@eQ)5j>5HJ?$+<l-Gew6QV&5!%D
zDjHrLb=l9*ZF?8UA5gcjDFlWU-~aiZF6!rbd2!kvhAow?_Fzq*z;CABgHY6qy8I(y
zj*Ga;9|zjkQ0KdAE~0R<(d0gRIMlM^BTn{A340@bOiZYVbLA=P5q;kgV!RX#=5QIg
zSW0>>fzo(-rMoOT!>ISo6^`V|MwaFvB9;Wh{l$pm-uZMZ1_tzDA7}3W6G1;*7UL+n
zEYOBZo9YT4t5dwrhP)-B{n^0Z4<ZH-{<qr63TxFzkDdu$=19F<R6ST7=sRsrp?}A?
zQj7UGikYZ5oJJ;+kj-GcDXojVLV6^sZY~nnrhZ&jFq|U}=gu7l4>4&YD}`{n+3>>&
zd4b5*If#SZ$tuh@^MyUPpNR0g8uJM#+Ddi|S1PCRWrzi&R%*Rhdu|_)Tp0Oy#%)M+
z^qp$=kJlKIR9whR4(ZWR;)xTF^&rI{tY(x)iQI=hC=fIa4!>9aZ2pX}JKmYe@;^}c
z{gun^{Al|wi>`W;?;pr4>FJ1?n6Z1o73I@QXr~dyi|p?NNl7fL=f0(O(c=WTm{kk*
zBEbVbnbQ*^bz+LO?v-0u)W-WIyan42@MR83^K1yNMdZuq+!Lx9$=-|7=s8_b#ys({
z`|*(%N^hW*V(8y57vm&^nZeG@r(I_(r#^)$8I#QcenleU-v%>;p@7?WCL?QNz@H!5
zj)4r;&4+`+fC^~*n?D-2h^-7TsO=T88`Qc0F44)_+jH?d*t*WDo_p&$;FmZOy^?p^
zCcGwJuBF{nNVFOGd$w7!+j1p#_xTAV$Ej(idW(biBNutPHge(QoXa_kg2;p@IRCFe
z-GLVA;Ayd*?jWvDGtH%e5|)n(^EXJ`6>o-ESHp=_eIS0)cx+#gF)Z5^NltSXGenYj
zR5U#*jnVo_#f#w)!Ky6xC+y^Vk#53KF!!^&`x3JCp4*C|is&98;pJP1i*_7w|HTN#
zlcVFgpc>zMZ-cK(K7Q{$gG%itHhHjJGe_f<Or#=vSMA+f<3Q5Wjh`j=+ZI2Q*KB<%
z&uIa~+hwQ2I*4GC=FAMb^!a$GGk_PBZV~T!_4k<89kP0k-P$dK9{7xlHcWOvhBG41
zBkYQnf7VQwZqUwZvP$PZ+bYs2yTNT9rKuD5YpzAy3?C2AH0&k*PiRovLNUeveAo28
zsUP&bjSCu0s7Rft6&BG671l#$F>8YveRGhj1d8$WeKHs@EK32HJ&kGPRBG}&j>!oK
z7Y;i6^-fAsvS^5yUCj5lP5-xQ$0;-Ne=?^xZA?%A2mYOD;$jjpe*sp8wzBfaCy<_K
z`k~Dg7R99eCfzD`7l6$^AgJw`hM&?z=6hQeL#{bE=P#z@al6+N*^M)g?rCtFw%wAR
z3gZfZhnD9_A*i$d>Z#aCtgAA)PV@?!Z6zM_*hJ78;3Nq-&dv7dJuN26)dxI0-|rLx
zQWX%Wm5I9h9aGSCximZXw{uNpq1ajujta{g%*2a^-R7z0fCi5_ToWX0L<oCq{2rFV
zL9`_@YrcObU(0G{uaNio*K}P4HWf{`!_~wx2Oal_ko%UUfNH5n$$|Odddul*+J)ZE
z-?tZ(7b4JfKsWxO_(o5AH|+^>!<}X(kKz{4Vw<-`cFRQG_>c*=8kxD>U@d!V<ZBC|
z<!?C^B(!#T%jGR#nfV8^0mp{c9tb}LOR3KA1%Oy{e!HTnJ|bfj5w6NC!P3!?aEG%c
z#ss6gnobs@=thq^sBKkB2L*WE36C}_F8C5#8^%tfd4+!d`{$?ebSj53u|SM_u6_8V
z_|-+QolA~LByQOYn&5@(Y26=fsFV1Fl>mbQ60-u@I6_G-m%VMfq&_o%9Xd$YX&62o
z`_83lrSRhNXv!J75<a(f<*Sn=96PF4c$ZxwxL+R$Z&&>^O5?VUsj$PbcA9OhgH&5N
z;lSV2Q;%o3hM7Yx44+$J8}osU8u$LkAnD+ivW&5vOrCE_!2~N3>5gk;Dgyo|d!?rB
zW1kJ9Zs)WyH25bN&$%w~73hVBynGQn)FnQ?N0F(6b!Hwb8g}31f$vw$%zVjE49ML<
zOVRv~T}~PR_`S;tOvN;}PtvFzBRv20E{jQ;Z)Zjqvt0lhN2kmiVvs1xE&KEY4<=Z2
zuQ220$}KSu!qJGCH7q*9@rWKitwed`kdfIRkE_s#XH7tCW=}`qkt*!PrY9Gw5;gOb
zkLTv2Uq(&7yqVWU5mu%RN(Abi2<-b}6hB;(T<+lD?82#i=dnG>%ht!|CcGR)-gJ4k
zNw@ap`OTy+5EI#gK;y(t=d>#;L^ZVW+kHoy>1r2{GGx)=I?V8zrB)ZvI99>cit$?r
zhfYiGX)PviiUO@WR2l$wth(j-hAU~jf2fhkm|<6oLIizG%38g=+ZOWSMYF2tA3~#%
z#5wa{HcF|7i40jZDK`38dks62RZ(-ZtD*<APd+^@hLaFC_x50YG}UgbC`A+H<oVAc
z-KD7jbUG%c_Y%P<V^=SEs6_GD!h@BY@=W}XXS|@<dgmACvYUY1{0Kn_1ku|xIvKWa
zB0Gm`Ls#>`I9u0O9zRaz)$-qDp%X(k26uaL^#gOmF=-rVW0@9sl4_mtr^hA3>F&@A
z2?!+LSb5cej*X4X@%ICMkHCX!2C1nlCv%uWbzd9G@-nV!RjRdsu2w4r2&}653A)Zy
z(WS2F3dNo?hO?t>Vf!(b$m$QcjGDq4pHBfLtL!=}tEEr31YH5x)3>RX|M-VJk6PLa
zSOlH>WQLqPHBJ-r2IUs$T~Q|Jb74XW6!Brsew)QLMcR|7r+--a@fm(d(p}>_w1H1K
z%AQQU4bZG|h>}q=n~cw4J)FeT^Xl^N5!o2OLgQ}pImTU<o?=dtMB#_U)1g5TC_7oJ
zUjY?tHM%zy=td6W;@>FDI?8Ffq+eDQ|62*&iTa@0Yh8RAMBTk;0ruz+qCMzeG=j4P
z-NKwR2JfWF*?#KxKj>v7x%Q6zi|DFO!;siH7B?;~?iXYGxCsqoDC@kbq{lJWa^s*U
zEL2Vt`moBTUN}h@2*-8j>2g^&WyKo`T5ASdM)4VACRYonTI`K`H+1EkT&S<7E*~_!
zW?N3&+L)+V1L#FlLb_G(?;xs1!EKp&ub!7)<0TzYnY>x?<cc%ook~V|T^EV#u~n@b
z?uDgz)d_Qag!e9#<vOn*t&ds}#++Z72QEUOpY#eE<75(>d)vJe!I+uMX^x_50ZsW%
z^SP7$zWdH}ok#;;Vwg>TmiT>h!c%H7_w`}eZS~Kn_x)d6?~j+6LlbgX$~=}PH3Dg$
ze~18w6KC@#jtGa%Fx8D?#|0G1r-}#g^p*sg3Y~KI145+n#Sl7Gc0|g`x$aN{7(X%U
zgrD5V$T?X5R)AT6e!G;n@44Rd`XoKZ&Y-^HH%#ie0GaLyxtFS7?6xzG@60raLt6JI
z5%v9@D-%^zxV(F?(&t!Byl}PkLTEh2C&V}Lp>~WO#_jPYKd&M(zVD+@c&mrsqajE#
zggkOFu9jlOWn(B5F7Q4<t{A?|36(O-X#F%&K=ajBv4em<|MVsL7yaSHa^iz&uhtj0
zTP_YTQ937|m&HRWqpkkXb+&#=tWdomeO=J!AfFULIn(HKNF$;C00$L%J;V2E)cTmO
zZg_tUbtVtd#8*mUnW*>J#G{q{{$4$JEOi^L0hk9!zqvPWMWuCb3|BtXuP)-ZVm_E+
zq3P{S4wU|qq)0zbEfw~?#Q45oJcOLBt1ua2mIOVL)k6sXd3g@WG$#kg-WzSBRw4@V
zK>zVlQ*u6sFMZTE{F{$w{oIy&7IJXVFlU!e*Rt4kO6TFz1)^!I+t~110~|d{1tj%`
zA0MCZ%(cvshsw39pRA`wQZ|WH+hG;=wZFuf())CwUt%Qs8(T>b;3qkWWq{E5V9l&=
z-xB}9x74%OFY}qIRj>}bW?Ig7gzfG=xS_8U{;B6RFe*?S4k1YbP=+e%e6TiT49s=f
zcRonh(0UNCtQ~S-Q3!DO9c>+%ePQtbAhmY1$VvL`Y$4arpLy!SN@cg`IQl)4C`Mqo
z93P<b6Uy%OVM+TRABis8XPcH}a-%!}7R>pq-NTAh#>oEeLx_{v0|{Bpp{=bgoKICS
z_TEOjbr$h-wTi(chf0V#+w!Y5qIRtYPsdb+4!Kd(kUi2!oF|ij6NKH@)i$*4@qD)K
zNX6lxqwBT=iWV+FU>r3UNT07k%_+1sC4Z<v{7qxB$**R6)ue>#{nUvk5M6@@Sr^+s
zOXh%WvGuc3U-moRQSM_56C?Ht-v*$8`#Ap5#^rI#)kG?xmY;v&;5j5$hsJ)0ky^~w
z&ro)N^;B>Ew)P-D`AmR`sYi+kVFFy34={2Lw-#f?FHe9|I-EGLKKuQP=Y7AAH+xI9
zdlpU|-jtTy>4V4NbZxxEgDusuPuv3|78AIwRlLp#->%#oE_j#eyU~hzzep|Tg`mR?
z>FbI~EXaMB+~@-|Ai+u->weh9qMP=->kB{`=ZE)PtRNpE_L`#y;&k!bRLK!WWav)6
zp@(2GZl2z7PqYST!m3yK$jGKiv+I7)#eRmcS8l?|LlwW@BXXk4JivNR7XbA-T?XAA
zMaQ3sMrwTlmge#vbAL5=>_=XqHP^38clCY9uD%?EW-a~AD;G`ZSt7Ps039?S{{Z#Z
z6h+EymEDV^ON)6u#+r`Aa0V(m$0Fi3vI5U~?^<#7@w?1_0USD6o9VGRhE2jT4}o76
z$`TwLtdz*qs!YtHW8$@dA3srQDy6S9V)Te1L7^(5vF}Yc?aIjQ^)0!+67QX9K}zO#
z4jl*qik2PG<LPz+x8LjP<m;hh(9+equ6*VBk&Ygyo+OkRpDF66F*|L%QO_U9Qq9AS
zOGxu7U?JjaF^YY$_S(B>o;>tQs{yj|7!7OlZ;*DhvmZT&C3xaxDmAG!infr(rG_eU
zJni;fRR{I!BqVC!aUF>ol?SRq>C_^C^8-rttl+KDLEtAs>1)_!Kihzk{-{&72q{%r
zwCLpxRw37Av?m`b`q(`nnPfN?G0VMp@uJplFkR5-m*2+skkvrU<rk5oAwBq#8H!Ck
z=+OO5wFCtL5{F~94=_<UA$Nw_4a%GR%0|u)ts$NSG>Tu`*jwKUpwQ?uJWhUw5}yR8
zhN^lTZE9^?>6AVUPF0kn)5&YQ!0zRWnu0xH_41q-F%MUC|9JasI`G@~)ntkId^`QR
z<!W#iuT~6MH|*t0O%eq0i35f!)O&90K?h9p6i*-9B$56!?AAOIJzM%p2z8H*?-5)(
z6_{@!i!t*oiloZaICS{f(%H0^=v954ykJmE<{2zAGQX3nJx+q@29<>Jo=|$Qr)6K#
z0K@YG=YdpSL9=tuH0$sZmIIQTBrASgIHAYm8B0mHYe4X)aZRmf0(%jsU08oH1zijr
zfv*fD_r&~@FJ6gUt|yK0xTZU&ybQ0y{`Pw|0%-LZ5_tI!wgpB&w>}M?+Z26X0FI{G
ztn&wD%_g~|s?Adg_y=Q6!%C2h%(2{8l>JFnGn|_3jV7BBn!w4xzi0bs_3YS0hl6i9
z%~!21PWGX<S{*6#`0m37#Gy%)cBezJ19}rl7#g0K=K~g&emw>e4Jcr&nuS>Wk>)WI
z4xzv(MIV@aG7?OXV4};<h4=wH;#6h#qtYV^SByXFJsEPRfMOPd^q!uC^|jRR*oox^
z5##NNNWLel(CJYIT_9qwH*pf1zI)TQ)|1&~<h5i~q_J!f$sKg>kCabiNr6M#?dy6r
z(hxEq#Q*-*T=t~Oa<mKMz1p%=NxY6PpC}frBlyv~T?S}_*SZauiXNaW%+Js3^s*D5
zy(Vui&{J)ePaS{3Zc>3+{MK!Ewn>1=@5B*37#2~ZaHno96G+dWx;J0gBl^)2hl1VF
z($6nXmSRDZDX3hGudwKi7Z17wWUn4>HcaE(A5R3L39kNX7hhLfbHipn5}YTHkRjq8
zt^k^DzzL52jJFmYH-B@r)jxdO?)xWg_Tw*(b;jouE7NRg5x@MaJ@gxcxYwGl>$e0p
zohwHXv+qQ=jRsCv*%LF$krpJfO?&+4#r9jVYG|C&P9DdnS9DnhYWOL$iA_Lhq1ZAs
ziLZiA?ZwM(>q9;8>XW<SXzKT-neKZ|yW5v`G7^$--I^V8Jw=f-2&@*M5t;+en=cNO
zurOkohfw8Ub(V^jJKUr!x26Idh0k!rPE7ifIiI>R5&bm8eGdE~K|*pyhcYqeT&Mpl
z(ZyQ=uFE}SK<yXlj;>L6sPuMx4)_-dKU?R<xFCEe;gCJ~@yRD6?}bow0tUi|Pg!QG
z6vCIEIda&J1~6;-94s@dWnXKavr7az7ug+F7CKza0|hH3CFQpAb;WHhjz6BL`;vK$
ztr{g-&T#$JV+kV%OU)gd-Kbowf&8wtbJ-n=*oF(=6mqfrf9)pUeSmvcYgs`W7d4Oi
zUy*X}v|I%~R0F)6#^*RWR;<6@3TeJu3P*I=+w1VSwY9Zb&?N2I={F_zZGa1r+zS+f
zt|8T=3sXC;2p*+sJCc==yT<dfAQ^Qmj8C&6DOLtfIOlpoHn)q<fM*gad~pNREgAM7
z?DgubJ6Vpd(S9Yb^KSAb((Vk@k4uJup7<AZMU{^uSxjl43-=(r_(E$ki-1Swv-{3e
zj)gx7*g=6<aCe;K_|mtcaA!u;YQxM@IG`t*>2Mg8(W=RtQ%7tdM%DG6(1q*wJXrEl
z$w6n?4|z2Ag*_c0Z*pQ#Q&U%_LdTc{LPCG!uTVps_i8x+=>=&UL^3_PQ{@CzUOloJ
z%G_?A)qs2q{OMP2xpoKO*qGEQ21IY8V?Ke?3E4ZvPr&EE0+g4o*!!yO?Dfz8j)m7-
zHiY&edmtf?4Hm<CLd_}w+0f}_2q4;$xCRoLN1xwBE%lvNp_D<Jo8*8}FIeykI1(9u
zwmO&Q&Z6(14bxoL8n4Cnoe`?1(n;f7m&V!d><q&u7xLU%7r>tq7pTsmwy)lAMfS|k
zk~<MRqeg>!HQ*Q^DS<;s%#F8_O{B8418r7xy4{r9_fuj5*@WJi5~@0iS8pyf+|FMk
zBY>M-S|jYma4ll#e&9*#EPjp>Fhn1WTbi-0az4MKH@P|A-rnB*igc+lql-cGWImVz
zdR#Z93JdZ$EE0}uni6r{<7$N;wLX|>zAv?g;veDnEnH`FtoSErLLekhJ-fT4Rc@i6
zpDn7l=KHCqj|DwWCt6^6aj`S1`dXx;9}hGH8%}B6%5m%v*|)jBmiYmw^&7RKeD>(Z
z&6_W=NX<4s2v1thpz@uBp3RtBZ+dqNDW`{}6%Q&o&D*j3=uwZOkpUu-XeM_A1TyJ*
z<pqV+7q>B86aln|#MKBY-x@@G8!s_#0i+T`A;<-sH{TZyubt^6@(Wy0p2Pw#1mw14
zE#^n^<l5WXik{nQ7T_06Mivv~buBDVhk2qidOKWpp5}+=cXI4;*ON&A3ySF{B<!_w
z0lne4ueNt0Qh+<`=LYhVq0n@?7J+O`;@Wp);xr`wWQhj_20Hs?Y|dWEWjG$*?%$M~
zRZ9;l6MK5(-I&Vntg<wK@*P(X;)+ovon&PZuS}6Fb`sPDe-ODrO5V4@&jM)~GEX27
zKGlEU$;r{8GCv>B17<IQjmG4*fa|;`!#<;1xHx}XwhQg@!B69$sw(^$?Mz}xZ`H0>
zq{M6nC!NH`YNjmEROr_@oe)KqzR{h!=?z`<Q(le0(+7aQ_s8E!MHI$&F^-IL{L1Tn
zj-E}!lOY1j1WaBN#d}E`c}w6TSb1Vh*gtBQIK63#mVr>zffX&1ta?iaDyjj|%tNvm
zx0vplTQWTcPClJYp!)K7Y-p_&i#<ib>DK<IS89K$)$Lr8j=PT;%Or_x^@dWoQG*;%
z=X^I=?XIB2X}B<<y}ujU7SKtN=}7^^9;=HoUlQX}tBCT7sZdtSuXF4z7v)fM(-jm9
zAZtUGvQg<k)YHUubT1v0@l-c6AKw%4c8S2Jw^<M<IWzx<tHdwE)2?>V)mu&6fnyjA
zDm+RCcSKs-IG{*~7L9t**=}!Jx)ZfxJzjnHFf)}p*+n?J77xP_>96A$8cDm0BUPVG
zmxe}fI}*r(60rdIrjj?<0SnLP4QR1UjCKMT;(kXC2LosMC|D%8l$4jt397C{zMY}9
z8DLWw03nsUX|D|vjSD5>OW#{|XSQ$(+IFN~I%!{`Tf%Q0L(1J{m3aUSRywE;DkSYo
z!2~xOLbQ@sXr(B9mhm?31uAZSUPNq+m(e~+J9p5H-PcXG-Cnn-IteiQoFm2d6O?Lb
zQda9~7?V+BWTC~`MmFq$TCoT-=1X$fsRAWp^0h@46sL!RImAFE<b@7b+G?sKb6H}j
z1}(p#O22+|@r}@%;NDaqeHd?(*%W8QwI)!rA!bAYf#T5b(>W2!B*vK8j)mk}-j`=U
zJ+DK<!h&-9^EI^;O)PgMx&czI1QiL|4ra=Ikk1iflX7ZDj|iybv?kE-?0Fw&q(-g*
znO!;72kJ2}RGN@nA?=!q?O~(hP^N=ozujTsss;67OU8h2CJO5ZiDN0~t9og-3^!&P
zjv;dZrh2A$0UZ(S{ef%LLnSSszg%R-Y|EWygf1jvDMfL0?1t%;l3tPVM$#tV^vkf^
ztukx)eCwO2c^6jYXGq$hs!f%e-b`8qRb^11aCIOpp`cp0@c6*~<_rIx=<z~5oEG^-
zN5;sm&61X8&uu-HX4c<Py{FK(1zzmSVbyz-*NXR!O@ogAwu!z?<-{b(K{h{6=>)s2
ztSgOGhLk-pBAblg>9HxDnDn>!u^MM%GG}SZls~P%dLakaMhjpNdk6(a$kuMxTKE}i
z7wi47?KrifL#qbO`N>BuUEo5#K0*ZUHXY-3p;CH(VGs&9->w1c$OZ7{K=r-3w(Zkl
z4Z_M%W^dyFbSThotrT4gfVReL7WAt1^f!5X@)MBM>V`dM>CA!aTZ4wnbs10z7<g9M
z1;6xyU818s`|9*y<&%C5n+j1@yY})IVq<><AXuw`)VL$$Lh)rAw9N?W<Vr_`kS5q{
zE_97W?CT4^eT{x`1}J|MObTUYosv>gJ|f;<-lHP9a`=|8YMf{w^QHdt@M^y2dsu3g
zA{Tq@`}QM0atQv!Mq~N_Lx^)vNSZss%+|0`#7^YH#Wj%^7nM7hyemC%!K-(JGH!qN
zVR`?D`D%<*;ra=jBnLOYz&=1HvVm_5D{a)zJ?egb|DefCnRx3f<+o@4-g6p}q?r{E
z97{Es0Y|!iyB*ujXB!WH7eIv%C;PS7JeFp^8XP|jBpZuvIn`r2x`WRiAxPc<bYcQ3
zPe$<Yjo-t<SP24H+cBL!7H~ZC_A#F=0S#qN@eABy<CfXk=TnsFSG63ZWyJGiql(I;
zgoM8V1$FxIymv=%Lq50wt>=A#8lQW-ET-AYZ$!rfo>WoHyDU_<DDWRhU|Rp#_yHCP
z#&OW~5-MZG&TJs*C!?ndA%4y1thVtCpy;K&`Ji251Ub)P+|6MHBp&%5EzG!U^Gv{*
z1~;{0FWv9o*JtOBE%RYK-XV&d0)2Y~WHvwQtzg|;wdJpGqG*Dp@|HF1UN^j?^bI$w
z_1Ju>HFCE(q9n-_yeTyf69=F}PwDA_5V;G7379&^Un}FXNSRXFxntsE&ER|e{%bTx
zKogmlnT<a^NRn-<F584VetG8}8fx8q3^e_m(f&Iz8WT6d{m;SXz-u!+@A(!%&eG_A
z>MHj<qT<hLwm8$?)#b5x>Sr5mEK%k{q)fRnR!pu?YWwRJJ{ehLPueM6K~l=t-{)!N
z5mro7Q0^d$Xb0YLeN_S#i`!{hfPB2?311K&l<S)I@~)Dr<>StSffVjF(9m)|Qy(y0
z0ITFENPUTdf`Ts(T`|ZKP~n{p6L@L{IwyAY#A~T~moM^S#Zn&&xoa@&Y&*`Kz_~b}
znoP32pyN{?Hu^rkF?M9GlhQi&?!-BQw0ZHsIx8Tl&3wZoYBodEkB^0=NIg$><?EY6
zHSA34z!^9`lb^jq9&0}561V7i4LNCY3E%ib9tpqGG_t@}YCk>_Knk0XmU17vmO_mJ
zL_$|RR&1|{6LU{EOt>}Dr;^j5)g^!UDb*4M#?4}?$jI#>xo<QyG~n=*EY-u8M7vK$
zlqkH(RoH8hNfnH#Km8nsP(wP{`GcR>-`}Hf@H_o<EA|6GNiI>(LkXQhDILGT<1d4)
z4Xxqs+feR@!5uj-rPGETOiLglvupBu9(MuFWFsL{hg<%3_^6`TPR-fgF;_lZKNN$=
zMQ{C0@k?U;f2eX6pvp;BnZP0Qq)3PJA?8?)!h);OZOy{1g*AbrYtAMa`C`fRX?x?J
z4TbePp5xa5KQA3?CZpL(Ds!Km>W*}waZ4Z&eVj7%>Y!H>8_fv~n-l$`6iU*@q)tvE
zss#{`GvZ1h^LG!YEk(zbX1?&-sk8p_?0UL6`-x+x6h?EgM0@D^5AZpp(iqiH$L6SZ
zdyaBD40GZwoq!}R_c24p(d_977;&;c*OGO=nB1b~O4xH;kx*G;SMFnPK6$a^&oE`H
z6u8%lnm^f#J+%?lgBz|p1_H<%W=)2${+4@&fn^?Me71L1T7VfXPF*tQUO4($-kIX-
z;2Ss>aIDTcsj~glm}Fl^0ocf~Wc6%3UJyPNh3ke?T^Gc?Z=7s9N{FT18YDP{^X{5T
zq^`(2w9lC3k559<)9Z=;4%z}c00<&qMQ}aS-@R0F5M*oqXxP9P8;VW78nLjj4krN>
zaP`a(KkNK0%!%g6=^64F!Sy~k1&}6jki1H!RpunIk@xc!K5dFn-{m;Dexvaf=)JrP
z0U}M(-%Twh>l~ecs?z*5Q&f0_cH1+(PY|^!d)%dMTc^}8T$nQdTElRjTr60W_iMni
z@)XbL<Vqsu^;>8xhil83uRV3HBM!1QQ+MxH<{3skcFstqQofCO7g<)pi<QamZ1f!`
zAo~PBg*EiFOtQ<e@>pD<VpOr97H>g2tfq!5f#)ds=#c<HoU}%vYL-!+EOwT?ucZB4
za{%N}PV5lX(u;v4)+z2G5$?bXZ`W^<M-t$`hz?Px!bP8Z7d(&wmLbSWhbw*7p*@Bf
zdniX%<OCG>_%9{|+}B@|u8gPBKm1uaI_td@4OMHju$&$}8=wNjh7f&RaEweDGf@qX
z(#QvzV@amH{f@g0&WQ7kPbJ6>Jsp3}_x?Yjr$QS;@HL6G4;?IWH;bLRc~2eaurNFT
z909U@Nx<>RYDyfTnMN(4gdxglPh7!+cri2BT+Ulp)Jl>O<kmvRRk=I72Cc9OA($)!
zUKPCM3-15$w0N>3f}l49K)A4@6eG7fU*c=6<ISJ3Lp$d_9zePQpWH4tp(MA4KRJja
zvUiPi{JlEu@snONd*y&0skw9#uiiHgiDO3}mNc4`XtT0<vXV{#7zAg|YHvcfte*?!
zoja5w$=xh%p$X<sIq4JPy|ry@Y~sVagJwSIgHsd^^+Nm0?bG?SwS`rFKPc~lJ*s^;
zveXOcE_P;VC6&%|&442*MZ90HJ}ppu13gk`5wN%y%e@KJcQ|iIsEyV2on9;h2w3*?
zpD&w#_<3<`?8joD*cGTLUOzt@R!`CI7wJ`f#Gde2yx%TZU9%7MKK<>GNY!-TD((U6
z&>{dmf!3!Ia%s>VN22RPuNiH<%423m(1M;26tN5}<f$Jp)`XwE5a2tVPY3E}!bSQA
zCr$O=b;8d~H7_4~Gwp&Zr6`@{nCGvWE+D}Sh$bx}zX|JI_8WF%$`TV%ysMw=J9>-Y
zV6Cdgz@kqabvP_!icP~%uOGQ@F~FcSYLSa3oc2OLEhIVH!3L9>N)sM7H#3js3V@PB
zZ_WI?iJq6g3>s%&V)Rc@m-%aLZMFt|aW`&bWXptqbR69YxEn`gp#-1nxGiL-`%#A_
z99<w%E>ZC<o3iY_z3)~j!NXIJ%pskXFt_d#<tlj-CS4KqeE|nPwq(u67(2s!fAiPX
zEvlVn?6Bz~O?%_%KWTk<;Xw(8R7OG;9bDmk;E4}fUzOlk^)e`LP1hydh|)n=ft?x%
zGs?=)N9j*$`g2__SqC)S?QCmkZ9i$3R43~gKH~sQU^MgkE-iZnol}->Zav~Y)$7`E
ztUT$T1x(}!D;9MucV@sZ)qkG&lcEQk4J!YHE*H)_*k^K|o4KHW4Hk9TA(0}-b`%V{
z6uHx?UI9T#p77;Ke%pj)ui*y~wg`%c8qwsvZ`re|PRur~loy}@?zu(da<rwZuaTq!
zWgzZ*PA}hK`;z208A_U*WfX11jc6N<uTQG^Qut{oGI&=$j<4pJFZhFpDCY;n4FK8D
zX9R?DU*A0JuILDjJ1(bUNIq)0x+HI1v!(W@yr#my&}*R*pz&)MLD<T0UgvCWf=LTh
zX!OexXm*JnXw9ehJX9(`m~M{f2uHr`M{%E!2sAk+uH$3i=nRTdpU@cRd-U+&w0g37
zba-(m4pReb4HuRCXf?gRVzaq5vm%-}tE9G+(@G`wO_Q<fK?kM#@mnQN(?nm!5FvN}
zFG+m}&mK<<vI3TaVO=-w!DKOvTB5G?7-2*5n0ap&83%T$@SEENQNhZE^ObPw)oiJm
zLu7x5K_7cj@aK*nttOvtZ(Wq5AH~#k%vL*xDY6@FDykst%$EPB!Cmsq*LyF;_^WZp
z&Ec6J=YsL$ZLlsxMmY{=U+?-k<8We?R1`ba?BU*z)#PT}o$H+^$@wXFpu%Nmh5A)l
zWMhB4+DjD;n-08oCSlbj8@hD;aTZ27o}xIS2^48YWj@od=mUJ6hc*p9OmEKV<EYEh
zNxKX5iwNjCg9zR>R<e!dx({K~5Y%b*^4o7nQFe_)$TZW1iT1H}Pv>={^sW^cZsap0
zjtp2kL3{zyd`z5cz<BWyGj@$PY+^*@ejMthq343~e3?-9Dq06FK`h~fCglu0pM#F4
zboi8F5uabKmaO1wf%+v*%sVEea<53rz?}gaZY6Xs)nVeP9EimZ@FVE*#-b%Mskf~X
zb{G~e-ezx)eRFY^M2?<fM~zQ8MbCeLNKFNXEY3q;x=zN)VL$`pC&@`q)3^}|rT&vw
zx*q>V4)U}+o+RjNg|j+UByAn9r9W74R?g%$&;_#EU<v&Si28<#ca+1rr5tvW-BniK
zQA45mQbjU>qoD|$S~?eL0WU2r1@FKvAYCw?l5$y;vb_R#gQj7DYSyftJqS%;>s`7h
zZvUu`TDmCp`ec<dOe@HX*?8f=UwZk<X-K0YAiDDCdd=FfCjb@IHlg7Kjp)luKzKhs
zK6!}eWm~t<wVl?y%wC6_Sqi7Kp$n<4P)E*z(XoDpE*SI#BtZmjE<xYl>%f7gi&kjB
z><}bhVC#S>`wTjka>uXMyQEX5zpHmHwu%3BrF>iDl@#=%XfUbqKdJo4?NPwc59JXN
z@rS|*5{+=+#R)iu1d@S+Fk^GbdLjKu(BRYhgwyTn4I@wwL2wO9vl5}-pT@00XN_bD
zk+-u_h@v_F5Qn>XM;1AZ=CMwv4r;?224ynqA!6=F)r#qIm*dUq)xAn>SXyO&Ssb`;
zM?G=Z$LY|XZXCi!SZCk47j$)suag)ef2|__PKGomehs>R$@V&-k2wqV1sb+90jz*x
z;%3@pkHwec@v|$6g?1q0{GqFytg?R#DC~Nws?m-$UMynNu0-+#GlE7@677nnnXl_0
z+WptJZP+X5&w)~c!ubf))ut^K#a}nxR7lAB7SQ3}`)5op$i%sE2mn8D@UX)G4~QRV
ztrtdl&HAjtaa&AJ7j(Nr&Q}Dm58XMwf6<^Na3<iEGJZrFE={XiE3qUU0zhaD$b2AL
z?40Z`ts^ZofGQIqWRe;E5e$4=aI^0W(}g@f!ac#rRVo7me%<qI7TDi>RiHe<*LVzQ
z0|=yQ$Y08-JfPpJ_!5JC3*Pe}3F!_;GJ1lpbh9+AT_)zwYCXV{UAF}NrXyElz?*dh
zfh3*CgA=&i?g!ae%6nvFslA=h{D4;xIb@+9IR&}p1u7Cx0a@esdmRrCPeSdhYFw>N
z2t?M&_3E8nq)5EngQuU;Hi5qgWCWCe8v559chkFCj^ahGn^gr}UBcakhJ+yJH`4Ch
z6XJnJmyehQvBVG}&!V*#imQ+gQ8-TK$e;}KDvg%!xSQ>f+8^-U@${H)Z=s-k%+jNa
z;CoU22#xyUhQHLKM~|SUkLD{Zd4~g!^_JcEvKdtWfHQY#=?;iRO24f#STXwkYbG>@
zpgkgIPr!l&25lgb!W-%orfbou@oy9PQ%mEc3fhepVmobs8=UD093?m)KG1L_mmsGx
zVdoKM7s@o4N0@Pvv@j{zHm8g}yEv*UUU1t3234Swy;^vAzu9}=?1c;!kS07o!rK9v
zW=KdW&^bwlTQEUb;c<iM-*-LdCAd2TfzAYSqQ-en3=q`dyczXHRL9nEgil31=x38h
zmHr-o&pcvPMnSTlysSE6e`n~1H)CTowL2!HxxL&InnbSq@)N=R((1_K-yh!ehsw(?
zCJXU)W|ccjsW6>~KU%(5PP>V6(1vOq?3hrf|1p|hTL$$lF_YRnlJR;1Gc7c@k7G^0
z@X27NFH6^mGnJKB3RB}2DQEBDK8Xho4dr-Z$sitvIPT!z(9TJj?HG{C)vV>KTx{#v
zJwzY#B%#06OwS}XC4o8WuCH1GqfIPpOMx#mccyPHun|fLxAI+!F;+hi6O;_UW#7>m
zby{bsxtVnIh4wK!Z{+C7FsQVUsT1w%Zly$Oc-9WzI5u+mzCqYqAobGv7!HK6=T<3K
z?;I==>h0STEh1l`6)3dXe@=^>{xYa74d@K5ynFfgcn%Ey_XS+OD5Cvbg%J@Xr~YKB
zDV^ZP8hD?qAX*`UmOd5fR@`MbqWHAn^tYG=p?OG=p7c<gt!;S@fOG~qGRC2wWzg_-
z3aQmB3&e1z6%m0Pu>?#*d4?`n?KSe{<3N5S{EU8k<QIxwhakl?>>W@j=&U7}Y>4z|
zXYJ1H0)txHQHJAT3Rd2tpo_hQc7R0G{?aTk%>?A}3i}5)r?|0B(2HR7>V;ldXeeH`
zOc>JqI;b5Zoh9TEIeO#9jg$F)Nya-M2^lCQetV~?8e^(x7LztWD-6IXUd72x%qeUt
z=hUCdH)h%OEeEmHv+xINdkuR^2u<nCLnIyPM4*aZRogzP60ztHT#e>u1HtZ(6L;7X
z?T>%B)C$);V$HZqyz-Votub7qD4sS%o<k;*_>jO&vya@*q$`+U3m-O!08J1)tuyL`
z543t_Nd&d=zC-0I6H3O|(J3`)1(~g*(I!SOgT}{WUCq^VXZm#9Jl0gr+vxOsOy3#E
zr6?R`gH5hRutb9rTG)tK4!Sy@gUCKH3HC+mu)xiFg02U8K&h+DsRZu>?a$K?5s)@C
zlZvkC^isee6?6v(x<O1DEHzLEvVcjW2&)?7xDS~O>BNd}eG)PaC=+Qb0ms7G;gI+U
z?J|t(k?LUUqEhde#JU0j`Eda%TrS7^>l!A;IdobzP%d|1*MO0CID2F<a{@gsn3GQS
zyYH76HJt&CN0EOw=w#s~GMPQ_*hD|r{%9j}afLG=rF5NW1sb|DJ1|O)V=7^4FBpP;
z`n#WdXue&5RQx%P)DDOYA-!MD1e67qk#lL#CLj|ghW3>(e)OG|gRc*7ITdzCC_tA{
zG!*4I4>8#@M6zhb-V7G?GcflcwSVbM;dr~m#($Mz5514mq1@tU>$GXJp;e34so;x%
zlA;*GYGxyxas<Obn?I6j6Wp20(s3N$F>4k!0!0quJgq;ORpJ2b7%f_%l2;uxt^BWv
zRj81zRE-DbY$ryM@flkIt|7SS-+f;(9ui1t_9^+9h_ZvuzXOd_<4-1)N1@aAWL#W0
zP&1xVjx+@Rt?wP2ZSsqFa0iIW-|Gul4_>{3?Jtw>|C8=uk{R5+sKFOG>oR7U&7?8Q
zvFVLz-GsuH&+#%W?DFDpNLB1~8IE+u*zJ|8mAA$_FfGH%Lp~*ILqe-U$>%_VjYG!a
zS*}TlE$jxS9x${;DL*V7APd3u;&|T*<#V#yQP{LC1Wvjp>AQ2B=C(Ywzg}D82<Vj5
zH)Nrdfg7tA9SkX=a7fm&RbWcy1U}X_7v$TzzHn!4898^oR2aXTege(53(2jO{M!T4
zf5YzFJL@1&y?`V_A;D@4Qa4CjY`W!iA|liI-&ABp;?yp1jiP%5qI-L4+_XL9YVxAe
z1}Jih!=-5APdIigz38|=V<7jvgohIHa&KXNT?q>K@zw;vl!dy?dxa(8-9~PZro=XV
z?s}m_tox&3KewByuObqSp$e|#KXLepzXc=;_>Iy4ilm()H|WckN0X8WLi&bKoL)Rh
zIxGZ_I44h4V+|_6s(#@802`PUr~@LgNo>e-8T7J1^)f9tr;Vu_0ZF#rYgY`W9hq*+
z6|2NO7IrtolnJGguvDe)zy&Rk7D^3xSo+>Pe5=fx{{>ixcCcEBXEDnYe!qSb1r*!P
zqtLRSjTAMU5}?)^f}h;Jq$%uoZOQe8%1t#~mc&14veMEvSS`3-B1{Tk&A=dJGI1+r
z{<CICb;IA%k$eN9_%azo>}#kAq+5TO#F;Ximfcr-xWs4U)bwXe-$rZM5zoKjD|sm%
zY@Q!j4q&yU`qe9-@Ef>1mrq5u?$~25E9aee8g|9(=_f5*@du3)H1$cXVbD?fN4<B?
z^){%U>3&aN+j>%WXS6D-n;BWdgj|TN{e!$AhUz1lJG(NOc?$##kLRbDJ_Un6Hu2E$
zK_u(G`Jn)kh%d@-5GQC;Rd8REDg{=Q1&T=%6N4CZh7AMZH9>f|Uxlym69BM^9Q4p~
zHfkIhC2sxoH$bLJ68{R$5#A~@dmR7a_avSbTtvt*0Y}1EQc4=Dn<=MJo-)-zb{>(^
z)fj<<+L6bwxko!QO6oc3S|vsSz{DkP0DldGH-Ij5LCe}6eHR-L)oBbl6*wGDR6<5Y
zKj;)d&XiACIPsbbczJj42ly7bZNKG%FJd;&L313^CyrJ&Ks}&TWN*|)DOY@#qV34Q
z5K;pq2!Jh`gfkb2Q*bJ<=~Xh_C<i+yWIS4y@M{<qz`OuZg}dTA_}GM|lp`6s({ya~
zU>7_t@EmhvGA}0QIaUWVl;-2~g_{kDxTVP#&LCamPzXE{U^eg*dQCwV81ky@i|FfF
zK&y9NK9{8N0*M)E%e@a?Z-otTgSEA{uMMQtKq=H;#eLb@0)vWF?}4wmgk-zi1rgU`
z(Ti_D{GkU>Dp>p+KcU$d%e+gG=e!((2|;3f?JDpx2?&fAHsbl{>z+ojH@^oZ0$LwY
zjhEt5>FT?nlE$Y4AjQYAz{H>w^-X-#qY?e&?xjku@cqlX%o@vJGt5U=I>*<U%gf6H
z2U>dpsN5zIn~dg0I0+4bp*eGPuC#8<6IZhx>ARBCV*aJbUByiS9=+=;<=&Gbo(;eS
zf5sC>XVR(IHQ%Z5PEZ?;lQ^h?K)6Rzd+)nI{U^XG8^ik;kp&ezT%89{IjZHK0FBKg
z*d2R+D48>FKqVjRai$3AcD9NBb-2mOrkOS&2w`(zm<^QhB*~au{XJXoh`%M1ig<Ha
zjz=aOK6s214Ji+>FK{!5;89llph2%sg)%bF{$xwvxye!vHy6CZliE8!Y4E(Gz`+e9
zntydkE0`u6vWPz=18X-6GwZQluy-Cx!<EoTu)=8Z4EKFaNE=YRA{)jpHF-V_W{F?H
z8tFX5^lR0I(Y>z_6j0VO_~nr`3lfyFJ&hPhpgf||-e3?`2)h6g#$d4KR@7gZ_QqQn
zXCRE@zwI_JF!oXhPn2y4&^h803{O!L+}A4xdr8%bU+oesx!<3S6-vUlAoRgdUJl$1
zJu8!lHVlXjbsg-b%*o?a)N;$auLTS6I8OeC!p5bZ`$X#I2N3)Wn$0>RA>SW9KV-hF
zoG`O_-tjciERAAHRto18F8V8HJ_f~B3CCKI>Z4~Ri!yl{wRe|ba4Nnx=2!2ObIT0q
z%TtHH;Y@++?h=r{XoqI83jF>P=Nv77G~wTRP&b1d!D9y%ZXg!SSczc9hw=-(Ud7l?
zP%3L2r>rz_nV+Xuo3!2_zm*Iv>33>?b0;V&;{ZgVP5`a67RY{U1)ziTbnQMA+dqkD
zasJt7{h(=rKLJ?v<J~#cP%>QHXL32dVD#bsYI5!)H_;?{`xVB>un;Kp7(Z!<k+aF+
z9HeN(Un{_>3yd~+J_UBPXYku}VFV->*`sR3X(7it!GtPztWj%(x?hrDA!i<eZi|JD
zU8UYiNBRRs!Vln7_Xi2&71m)4b<kI9eps>vbZi_W+=n4c${zz}qgNctxxLFE&Mugz
zQ`pQk|3!*1Cle1SVPM}2a{ctXL^s;SFokkIyl9X@Uefw|R!@IxXW6+H|Kf1L8!E@A
zC!ea_e`!37PaFVkmJ?DokAqDU71sqA^6jF@c$o%A1_C4BFd-x49W-8??9}Wbwf9b}
z%yS7T=C-cmg};%NnR)<d2f%U6mJ4zeD9dk0FwOZ*TU8BJj1AcNDYfH-s)Ry?+#B1f
zm3=@u0k{NHLr?XWU)&|;Ds!0NQbEJO*nqis5Z9SR;HN_H>q`XvCaIyzm3TUB7&<^T
zf5=R%u40qOjZ0G}K_0x}*%pEh8CQZ7sFFv@2HB6UPilSds7Y^IYG$SXAx`!L4CRvC
z6FEZNiPD)0J5x_;ZW)_t<AGMu3E}_Cfx_Imek=H1S<FYU%npL`2UF0s7(90|Unnfj
zofu}t>fkl|<+{l42!1K%L~5qx2|x%CLz7HGvQCLsw=6wtH8bT);TzVOA+6yeM%W9z
zHJ|<17U%~s7tU4y7&QAeAdilY*4fvicI7Ft2x5AbC_f}b3x-%PpFgp}ahM?6<$X}E
zl})|l#YhBcZLx&=H?o$*1yE^!_`&==XNk4?(+UheJnBss4-&H+AM01zzH$E%It64H
z`Xl&l233dKl4&=88L2o-mj|o{SCpl{3?4b8mM(vR0Ru%<pomRXSjP%pvqM@_9H(nX
zX3ILNwQmz0n4S~OeU5x}ZemEzx`iM<c0R3vb{<3>zJis>O}3{+IudP;>=EAmc9_$r
zKg~5C?5vo2Ir$u?vHix15`IOu=r2$Q1PDlSg8nBQKt+;ig}^9H;M4;Fn8Sw9ske;%
zc$~Ye{ysn{2A8HRq>r4OpaA*Qi%NMSjUjJmIuOJUtAsl5eakT)>+t!VSCnjPa2o|B
z5cK;`1`boz(Vjm6dqJz!dm8f0|8a)UpI*kS<x0px#_-D>a^)9n;pw1}m?7?8ve5q(
z*+N$MFeKXp0egJ;_Z$>xeuxmQE9fqvjN%8y#Xuf|dFrjC=K}1eSO&KhS9Y8^?#7+p
z^KaNl0(radv*b>=zmAR$(Cm&_94}JX428H!)7#esAsoT%K^}+m-VE{yr>uWxX#Pxf
zQtisUyo8;eF-8cf80o`Z@H5^AFU_$_we#FgEyYx)=3ibKpLoJ_97ML@Z>W`1Pg_gj
zv_%%96CeA|KS#wNdf?t?8PP;c|LCRp8;W<mbRqI4i+x=u4mgkj(T4x-P)vY{2KwE)
z4>Fm-acl8;;$=k0Mavk?SsKZxGw;4LmED1*nAmVbzpV8-IQx*Id4b4q|CceC+b##q
zG?9W$B;f3K9Ic!{4un6{fXWwg!TE5=0CA47ezm<74?PGu8wbHoMyq7_^8dr$e}{AZ
z{{O>x+bp|~$X=0Ew#;N?Ws~fX8ObUY>S>n<Wy?xSWNQdzuSjM{hz3cNa@`*F`h1S-
z_xt<0{<)5?<8!<|@8dP{d_ErMdEW2$+d5q}UHGtYg!k@!hlOaq#T_qsdl#3VEB+>0
z6b)hffa781w416Oh1F@_p?!66kqtXXxl5Fdjcs1s=1oO$E!_Zgrh{9yPlQY~M8bzc
z%_7n8x!%Xq2NfT`*WzS58X$){%K*BVSLlH}qsi%GQBQSmN(nBGj>m00tu!>sa4>A-
zoVM}%COe$zTCYK__f)3f&;VE}W>xOe4Q>oo)xCI`_6TaU`=pU#-oHnkR|8=Q8sRVz
zZ(sC~s1}0*ic$PIKCSeu!iK86XmIy(^Q-spvwOsNEkCQ)o49XS9%T>P4di;d<ik_=
zMCb8tps#TkUZT75YUl>T_Q<3o`FrFNMWYnAw&m-iD4)l<2JcEJ$Ws@+tWCh>ViYXn
z{p+Fi!8{VwsrbX7RtG{F6d?@3z)E|fu5P6Yh`^DK9`2Qm(gTaqZPCi5JlHFVIq3TU
zAi>L(83NwM-T5NT+%a;_&tioS(=B&0DA#$Wvl=%UKdUI)ME)A+SUl+dJms4Q-3Klt
zrpx*^y{0H~?Z3;CGc7)W$L~o|o{M@5r;&Aq=bmKWU6*1>q`gv4j-$Ir`P5=G-OO9|
ztv&Z@+p}lSF!vA8?UrSGQF#l)>z@;666DUfxXhTHIM-Kw=9Cmmm_}4iZ)i^V<^5LW
zZ9iiW63~Z2yoE)l4B<MPvfcKQRmumA=4enAl^rSPp__InUPWJ={#Ed);PKnubwBT;
zCC0htx!NIXn&Y^~q(nQ8or#lPCzn{|e~$up{=1OPaP1egp7f#3fvuIoj3C(nqXYX{
z$J8FFKozr6*e96aaAgOL-;<D4thErplDFJ7geM@uU<Da=BI3#wFv;DMKGP>!n5O5E
zIfDZoI1J7)W)aarTWot}8S-ghPmt>hAoqp?>c}VH7C>onilWpL5ele&TEY?EN>sx8
zagt$IECKci3t~i~)?REDl~-GH!mr2xi$rN<N8AOT7&;85jgfXgcAkY}^8r+0Dfw@I
z@$Seu0wY59lb7b|7T13Ho3u4IBlrbu>?H=(rTOE%DANzQmqpfdQn53iJB*uMJ!&;t
zZ)w4t49w~p#Vfvh519F0<i2n&AStY3+#Ep1pWO$XpF>Z$y4a;$5n~Lrw5w=?pnF$c
z0k-5Q!#N<vF(jVo;@!2(_v4{~Di2vg+_#d;lo5kBxX&cBdbZSg%8m({=De=*J?XdK
zwAnB-jyCd0$XjNPd6f{?#P5F;5cYvt=0u78)*uZbQYXah9)FVS#-kU79?NOiTSln6
z%P&*{aZS2pr*ZA%2&*AvF&+aC$5Dnpbtkp1LKAZP^R(2d<L+Zm((A)60jh4fAxFH%
z-CngSf#sj*aX2Ynny3VEa+KlfhFf&c&Yf((`S|RYQ30v~S}qGahKECCu4+^5C;hfX
zut2^`Oxp+nusqi7QU6H~*$j`BjKbcfbi6y%k)db>@&m&uvoEdF^%ppHd^9kZ%)m-(
zzXI@fP+{3m^ses~D*JlUz=UnouKk|B$gZyukP0v?*n*nzFX=hve6vdngfOE!!7qe<
zV}jv(o3^)3$Hss+m_z?*<i_IJF3aWmlZ}q98;9B(o8VY-myLU_DQFpWTsbB91%0OX
zJWEB^O0J~M4$dW;ME8>{EV7(ymjcSfeM-oD-Uv)+xkvgI8RcEw^N061kp6?`VxHo}
zigG`~W6G84KV$y*H*|kS_5^4+sTX|VDPts1r;ydDWJb%Vl06l?>;e>k-{yuY_HV^A
zj@sm4qQq}-d+yBx{hDHe6%%9EkjBbI<tA`2oFn@RbwpQmQ{6{vS24t(2D&P0Z;4Pg
z*zrmCQ_5cT)0=$)aLU-gNsFH4W~{PJ*A0BNWdh=ZJXHLgxBtNR$~9Os1E2{$+Pgsu
z^|1ArzTyGUK{)RZS2-8_Fw-b76lc>MhKzLyV<xvB&r7`xdLP(AI`KvZu);)<QNgYh
z5`adaa?ko{k@2fEgl0PbBQV&{Zu8w#2O-X$U>TpN550Q4JkHjyx@8*MB98UI9W>3T
zvc40}7l9X&J>~$MbmrprJrk;;B{%E+h0dIaXditeD;?#@bPyOj&s2!}#YhO!Ud^-Y
zjRZv?YLIo|<wtmhc%yCHuVch#{KBZYds4;y(?uFqrm)<-<%qswfl?o>Du@P$k~(1g
z$R>guyazj)a3Vj^2G~LxW&&xFQgPP9?IDqyr*ng7y6`yRe9BpP_8f<{k?q}RX#oL}
z^EMHIKU2bSP(_^krxrVKl7X3-@F7rdcN)rVP82c`(uSDsmnlF=@O!G0<RVuwZzKzw
zb?mG}!)TNRxa4-jVk)7+GN}#liG9b^ypfWwFTO7Hh@ZeYLdS5Ij^&`SH$axci}#|;
zpy|TH-?C-PKAYNsraNDgg;?H>OVR^av$Cp-Up67qntpt)Yt{$|kSX76rL05E>(jR7
z<WFxCKUR&yBStk6j;}5pf0u?QHo;!W1NMU48DdRCV@=6!{U^Us1u;HFb-qgjf(zn3
zsdzp;p@y~QB<n7ASU~ZD1WH}^l@k#OGgTwfmn-S^rCyLhF3$v{bNS!i%gS0mv{m_$
z7ftRDAtH|7cUyKO2y~41hm`wJVsw2JchJ)qXay7$6qP4lbl$|_!Sks9!gn*isBt}P
zE^mSPEvNRUR&7yH-Z{K~fzN!uhM;LP9oNP-dgr~w2+N~{Ivf{xt!7AlZ7^kK%gf+k
zTC3Qow}t~0<u^|sIYK_2Wr*%nB^?!CdDFFtnfpe?$9P`u*i+DE{`{dzxxz%qVe#}S
zp@1hIW;#E5>YLM??<v(>Riz)flXr0IvkuLbyI;YsHr92&@)>&c=1<*(YCH+_`J<0r
z;_luLzV9%vJEb!vTi$$7kTmZqCPi@dv9t#tkC$FaSn)TZW}S-lf2-`WyV-tyabx?^
ztCMjKN8NKO(;X!DrmY@hcboUD-M84$pW)AUF(9}2phoL8m*6uW7CyA=`DPdm3DrkF
z9eK5Sk>vlr6{FKyi5h>AEXS>tcWb+yETT0HqfAbR<HO|m%`|j3H4GnFYGQ9N&9(Pu
z)N{WV=~hwhZE!E;0r7<uwCs1Dcz-3OK%wQJTAN4|bLGd08xkH?o)nx3vdPB-*p{4S
z6~AnKd8Ig~SHP>R)%~T&r0qAE+UD&v_p3<mBekzh_TST`E}--M61tajE$;SYh`=o7
zARn539mA;H`;?sY)R`W-!=F^#547C6dhg}%$h!I29+Amh(}E+mWv6cb|HqY*7^H{4
zp8xvP%Z!5Hvsa2%=~Nr!{|1td`S2atUGZJ$Z#L(l1BX;eLn;a8j27hAW|&HMYAkCg
zf2p2>36fxve)C~SC!FmN+o)F@cD24w&sCMJaSfbf`#x7g$G6O!39Lm)TUE)&ODn(+
z9>*cNN1g~-@G`CcHvWJA9nfwdr%<o_0}yQr-=x1EIP)e4XTvAu>+BK#`}zM*hU)(Z
zVrgSuw`}^mysmB0N|l&8j#NrWH(s4U%P9n!J<S{ZB1BR)HU1(WzA<dbQFrvjGJE!;
zu2rLc%#0kmkKF$<cb{I&C%lgLrZ0uMHl0A%ALrh7y$yBwL~VdL4k*;*s=#mgd!`W=
zM!*yg(Zr#+K=e@#TplwekA9BAA-lb-2(RF`2OL}#^xds~IFW~J%a*G>BocWrJGKXp
zu+)?`5ph{hlhv33lRiKg7`^N<69QrwK*_{tv?2tg1U*Jn@Cs~fdR)IZHH14Zqkn@w
z9iaJ<>wK}_m{K32*9Awf0JynR;hQduR8aiu?odB_zV>=c#4oz@iRgnX-1<I7?6N_$
zBl9)=3;Vcspe10zF9I>H2&53xM{x|E!f7>vGe_ERLal>Nx*VRIFgoo+=hvWn#CYO-
zJqB(>L)0iu_Q2c!ED^te6Q3hr!-RCOYZ8?mF;kO=DHLjXCDa{IegT7icmWV;_W`#=
z#bEygT_v=SAJO5C!DkJ&zSOy0yA5Bnd0L<|e$4zWDTT;Bz@x_ByP?BY>pfl%Z_*xm
z`bQXkfQm!&A~Nc=XNsF{=gws~R~C!uSaP!Mxx#6iJJ<yfOiFxs3F5KiiK1o^93lS1
zx6c9g^;|xLj}HapE|`p<ID+>w3kFT4wjWx_q9bs1VAjANdk{ix92qC7PV@R)55atl
z?g)%^<`z?+v}hE{CG_yY&5)l2!NJ5D+B`H_twFh1475|L3$8bh6(IbDL(KLWYU~#{
zTp=*I!ok}ZdhFR9(|d?7{fWRkU<5n^TuKLBT0aC9rQp#^sQ(x9td&gUTw<zgmmW)#
zaMH%_+PrBKUXl;`S-8gb@7uSJhsP16I>a2#Xsj4?5tg972mD{+oj3y@M$v6c5`Kdo
zAff(lG5!;?JI1b{$<c!GmY`MkYpO-a-{KD>3F#{=sAH0Y%7F9@gm<p|A@)!b()b9U
zKH5z5R6d6r22@`GWPv@8a63mPoLM4PZpH5ZvZr~DgZ?Je?O3FXoLE?d3mE_o{%_9R
zy$lQ~XhlcxC<p;~1#8>;IO<#Xop!4(d?JJwEGAo24X|iRFS5HH_vVf};X6*pIA$qx
z&1_G(N5P8nN(U_yRpx_z<<?W;K@mFcz5;XM6aC@(<Ped3_>7MZYuP9e*Zs$<9lza?
z8Hb&te<~3fjg0qM^uyh?d=HJ)Sw(dYzcMACaGZFTL7^uqTYOZrL*R+_7cQizlAG(!
zKWRw2Uh34^pRGnF>T}s3@O@0_=H%c%mD35|M5e8jG*cZ$ZL4n9ALwdcrE^#j*%zAg
z%PGBUrG;HKJ}ak99}nZd;O!$%y4*+64-&x$$3>8o>DhC;8S83f+605U`>U&*@!+b$
zXq1lZ9;*ATA1n_z2E#k(K3N1wfD%U%;4yd~JF<N|>keXCIRbbL?8{xnr)R&|C|N%V
zA*@~qt@2*(eDwJ;AZZ^8ark>Lq<f7mu3`+%&dz3|pr$UPLLepBejrJ4RJ%mCkdc`o
zP6V(xXy*r|Kide4&s7>ow{<g>ej`(bko*vRD=5z8l8JmmNRcittyNx_z_xqOi`3iE
zU8k!n0~T_At?ISi6F!N482##`<rBnI6W!k3V__-g$);#YEgD>jbB_W8)Lw^sYT-jZ
zoF}fy9_)>s{~0<zLKeViG9>-gy}5kJW-sTKP1)*lT(ojMxAtmZ%lFf`nsdpB@x<1x
z>H)@A<Fd$mZe7sUxvh4AmVWQWtCX|n&K`U6G<fvn*zX?lY@Y7*FN-aYQ^7dvs(u~<
zXT&O!^8sriJF>7)fO^ZfFP}fh4K{3OT;u2G2lc{o#es^C<DQkJC99ddDofkJ<*1C{
zz`$&U4;!yX%04%?<z@}KdurRu9Qv3Y{Ppea_m+G)PkZNVW+v~rd!&R#(qe)wo8H*T
z$%*%dxvFBJ2sihOw{PDL4ecIjGK}xj=i;(gy@KS<nas4Vw@@zN#nUd+ut?m-h7%MN
zjA(iP{(YhG9qjz^FxP{cLP=c9qhOFRo&jh;1|j)V!)9nMhDSyWS8zN5fr^ibdCi>F
zhN+6Kn!6(t8yZ8Mu9?N*lS;qlOJV$PudkngmDIgAKUVyLS#clUvbx$#Gm)X@KTk^G
z=o7W6U4baBxw(18w8$7oJ?(eU94CtV?5QY2zqLyPaXWqb^iS|bpis);Rx6W%W5Jk-
zo?ZfJj|~kCK={B~DJUpd`!RV$O3NYSws*jUeEaqTH%>fqjGU3xwqNdQfhYOv#wl@;
zlyGR<0P4Q&?PVAtr=l7HkBEgUrZeFxSY_>b@+6VbDrM*45qmLrLzAbgt6)aZ3!eG0
zrzak~$-N9(D=0WPcQZ37EbIk3?w%}_&D6BpBP&i2v@LV=5%%!`z)3(E`^LsNJR<$*
z2Q@kw=;_5|fwZI^IMt7%uHl>src%|K^XJbyg~U)5e1McZ<rxb1ua%Xx=|k&9Hg$40
z1*WV?!Iy~qQ$QjP7i8#~3Yyg8oWZ%Hm8`#Q=W_r4ec%?qAxePuhf7o=@p<8ipxHds
zpgKIJi9dXQ-qX{GXRE2Jt1o@wP143~4DcK`O3IMxsHRRC3njUJ-N&A!%5u*%nudIk
zu(m-_G;SrmS$&qY42Scsojc1B{1HA=xMj$Y!k^RcWre7y=;<m2Vd2)6mX@;9*S0bP
zApwXHSBFTBZ$Eylk3Hp^S{xWKch^jX(6G#{kCKCS`6)Phv?7MZeNUb|nX%H<ZNnLe
zEEDlUyf;#Kbc1qkw>xSCx}b?`;%xRIWty~+o4ZZwY~ooTHa0g?^x6-a^e%F3W@2JG
zfLaKg!rrC7zu({Ae|C0uhJp`egbH|W>6I&*j*fuQg$)TG#l-!znVA_ZXL!Fi`aS~c
zZ5+X;ps3j1-hRx;s7soPipsrv)^8>ufUU@&*ZvPi%*Wp2s%;{NjbZihqdyAu)JK%X
z6M!i$Y}_m%DH%Iu_yK2jig_D<KHagXaxn)~{#8_Vwmo||s)T6s#j(43ZfgOkL#wYg
zhj(26{p%~=iz0-qft*}9G>%;{N>V_mfwpT1(GY$Qa4KRAXlZGo0KKScYV0jK#$QHa
zK}{YjaUg4f9BeeefsyWi-r|1V>&^7|VPK%+si~<64hmw;EUOm{??-_-{M9Rn-2OZn
z*%fRoVa6yldN4#&FDPvK0_Az%Ju7Kp;Zu0T1I*0Km58dqyM8-3$ThDyj<XeT*+@sn
zj$lKh;yy0Z{eEWTPc#}vvsA)R5%(NAuOKHki1%=u-tK7tyBp**rlzJYGe`rXprkzQ
z=Lc77KV(c%gJ@J2V6ZuXt_#vBO&Y^^aml0`H~fKu6NzFtV(b}nTpgmeSh>5qtD6xG
z4{D7q_s?NKy=6}GZrO>HwlRP@G-$fNp%o$PO-V?2gu(z2JIic&c{w#Tl~4vqI7KBV
z?{X`~HgTSZxDrt9OA`DfL>xF2EB4m#kI_(30TZ{z!2!U-V8hW#b#p7LXya(tIiVy<
z-%I_5R!GKDg6E$=su>yI-L`cI2~qe!*4JNX_@b<0e0)5Gt1N;J($cmxS%&MEX#h3u
zkv;7wNU_J~3k_vF$Du!9+Ukd++~a1(xjVPM<9hzSp{eN)xLc?#R9TkTj@Ji1Z@e&0
zBnk8eV2xh5u)+Euq-#y#SvoG8-i*UfATAk^vBJ&8#pj13ne->G;ZcpPo!v#|p@3hT
zRp-zLqFZL%9m}#Yyq9zz0Zw0G*Zue%z0jM2f`Z`SU|`~Rani7`u#jF%x20acaibg@
zH+VKe7lVdFLRwmLYQmYr*xt+Q%f!SbW~H%bWs;=6J#1_cYWtvJeD&%TwvI1kB=!sM
z@Yv@3<jRl<&To7g(qjZOsfi|o6AeOV=fe8(2@Ih)&_Cg2v(nMQ%oB&Tw%hAPb6Z;)
z+8AJ^VKnv*-7o!b8wpxgh|varnxF47p|)r<%3e&#!B+<!$Glm+m+*j;mv=NbFDxzH
z#i#?M2)Z{O8-s`)ZRzr63QZB?whoYSd_is{xN==vbMutUOb%9);ywxriivAnj607`
z`gSv3uGDvf;*VKIuF9o52ZGBiA$Ou+7!rci+R$|+zKt9)uB>f==mPkU-VA35kA*4)
zzfG>i;hoHzyc7JD)SpM|2$ea?7Q)9)IQojE&U{06*m7F5wzl>mommGI17Vjg4OV!?
zD`i~=;M2q`z8QKb6`IM3i3Toh$a)z9rF6Z3x*^`XK=NJZJ~}!EIUKs`j(j$;JVxvm
z78W?InwB<ha@Ew-bWkNTlx`uJ9cXrZgooeNWx!?ws<_SuJWQY=HJ#F?^K9Qi9Y7h1
z^M~|9i-m!!@ae!0D~iH9Sb~_DbdDS$QjYQOBxz5fnxL9psl!R~{p;6fB~U*q7kW84
z^<nb@&}06xq%wzvP>sC@xDfZ)>=O~u=xOQb=olM2BriXdLPy&v&cyZ8SywV?)Fei6
z@7@jfY;&O3jxA!KaYNTp3e{HA8`;R0xj1&j`BSzp-GLGag&>E1!G)Q%@nTc+t_RPB
zid@q!;dj_seqDuE6t(`Swsw?@@PPx5@qSU+UY0>~ceqxpRcgOO$SR{hgd5v^NpVRT
z0(9+&P~2Ghac-^#6Al(s^mBU`r$f7D1|SYJd<V>S{&f*U(|Is?XqZA~AoO#4_V#6C
z7>&Ro*j8ew#t0|T(9qDx$exjRpJdh5b!TV+4|R_fk)1qw(#-4)W&~6M%(FB!Gz+hp
zay%P)<j;O){1U9{jnnEW0^>GptPRjHG%_-Ba}&z(Yj}_LU+mnK3K<@G`Cs@H`9rO$
z1-+|3fByXSE7!GzTnBFfGv<wy6qi${giTjfej6GZPNerwzKqwrLiIQUYjyYTTWM+T
z9v&Vyg@Qgt&*to2adU8(oSJg_X(J|eyU(rh<U(Q>x+;QN!JMdjGb~IERiaBe&q%QU
z;Q3+y#<l2OS5{Y7Q=dptdZ2%sEVHNL+urE?B!+Bfb>FL{#}j!{1qK3ya*IuvJ#Y>U
zl&b2bS)RlxYxHl>Y^|=Wyh{U8y7oMbY-SpN=_WgS_6NGS@z;~y)YFLVw7}RHb^Pi1
zJx6cdx;07PSTZ2G7`E2T%N69A(#456>rPCATmyOuMZ|;G&ti#jn(m5U+q>h9ixh|s
z+J&b{Nqx{!sLN$x%y+(Ab8tiV0j^J2kI_yEM};-LML!z_4vT8#^*{;8CgZ)Amv;&u
zlk^ql_{3Ycq6d)#v{mZ1X>qrQ-?r>Om@e?Vs75L;9-nzA@J*MWc8{3k`^E-elg4$y
zeaS?iKSunk&5q2fIAO*3;o+0_{h%vrB->;`|1F*dZEnQPgG#NJcWR{av+-?1NZ^Zr
zFq95>0<0Crd6#c2SlhnV)6<g?laX1$rvy;)08U4ABi)MbON)#2UQ%jSm<aDbeYy^|
z8m@nCZf*`7Sxig>@r;-fjGA;w3a1yGxwwKX|9eKamx9jWNI8h${Hs?9oF29+@Xb7u
zlE-)i8-8<R??VRo3%`$-J`%@vz^%&Y=xDrdUELVf>=d~(ZW$MkY>PaTxNvXuS($9F
z(>a}l>(_hHl)|rp%;<4+)=ElBVEl}Pk`Oy&T--OIl?i4%TJssO_95t%%gUs>rJmfx
zBR!eiAfedlx7@WoL}PBo4Uk2Q{_bW+i6rd^uLVvB(9s<>N<9HpNE9N!$n!YOD+nF5
z)`8@Vx#u%t>v3^$K0ZD!mUngcNeHGC!bzWNC^i21v!|EW`uljnS-)zKL+@(gW)weo
z&>vO_?1fW3w<7~0Oy72HRXRJ@?}08uAWU*@em*TBA*b5~$)~4kg&Lyt@G3wF$?j<A
z%E`@z^t2YM21f(XCTe&=DfV#XOdoC$+)FIHG}>bBy_sTmmySGv+G6?&$9d&v#BOqR
zjeI~EVGjc?P8hX@xDCO;3NV{@HaGj6KK*gHN^;^W?ogn*@@ndI$j-BF4ULVBFJDH7
z$CYsUWRl-h6EE3NIy)$uZx9(9dlVicCkYF4^8r98k1a*y-eRb}Ca&`1>)ZDB?L#F$
z@X89cZ(sMG2b|D#-{<$ulbU`n`udnMvGRgprLeNHiqYAZUkYrcEybuvS6iFDl?iUA
z9b3D^*+?wjXV31x=|w+FEvaToWm2>~D*u_m<`3%-maC3uW$i7)j25w2xbs*EVm(U4
zj-spgmdj{S$U20VoCbrwo}ZuJ5{7JOAG^8otLLXTaj>G_zOBU&q6BaVS`Wj!K=e@2
zq(9VmjSp3L@$>M!3#&A?EOWti8_XrQr7|n9P&)#y?7(?wI2B?36F^NZj%h3|+HfNG
z3KN(zqsZv9b7)vW#^1ercX)UhYkvoalC=VB*gLi{b~!(Cm0#$v>B3<E*1u<p85Ip>
zJNb7&Q^rWUoNQ;bH`!J89V8r~M@KKRW5*7cynz}KgFx(y{s$*AQ&IxHjH1MiA)VCB
z%*-cv$8ta1Ffh4b>AeM(1DoB&KfhL2@vd?Y5jiPP%7U?7sBHbAAbO2TP3=U;0zo5H
zivxS$;K&>p7=VcvfBH{s4uD3xDw=IKg@Um}X&Sepo<<cx0^Ie=i;d>luN?7;Z|CQ4
z+p>kQpEFAkTgme7XLrgZ+if5#=~-B+z`vzEL9dmyjXD&oV#W&m5MpjFQ0!ltSY3Qx
z^@0|EV)E6i7gTWdi(LZV|J=lcQIjuc#^eiSoAawvz&!14G)$hst7|yy<1Ef8Gvc!K
z`h`1|<?cmBMOe{LGjZ;8U;O@ks`}OcR;cw4bhKtDKhN6RJ<vx${-NNo_j+@K+dfhg
z7Q1FF>v!<gk&9f}@5aXo*AdjaKQJreuOsMl4bZKB^pksRxrdh4pg?cWwTH^Iqv+id
zpN|44IfIUb{2k7t5gZZ;^l~;fHh=#7K~H)3h?j#yFJ|1{U+2&sBOdW9dI|KDnW&23
zHnj8TP3+_c5dum)Vazt|)Y7H4+=C)Pxl!iT%)wOOHy$AEK1?~Ha;!{2NgtXSPEI>)
z$CPk1`Nr>EHgFi|V>ZL|gU`5(Zh#G|49{<Lbd<TKvTp15=pE66-i-NW*#5xjVxyyP
zDV?h}7sDE<lTnG-c1dt?VZj0(aDaOFTfeZd9E2X~3~%m($GnUb$Uu>vaM-eE*`A6N
zGK|xqx2Fdk0N75_u?tk&zA2!a)6Agi-ctRh#6c6~|NVPMW75Jzz1Zm4u=|LTLGlIl
zH`pEn(H*qW-+V#su<Pcj!7{-yYd!TPg=XyK=N5ap)_hLP%i9a{_|dHgr;`4((=KtD
zhV)DOBwp*t+9c2Y=pZVB$Jmp)q@*PCwXNSA92~-~)}TSd)(A$XIPJw-qZ}7$M_OBp
zf$2_+3{6Z8lh-4-e+uR12S8Zn;N0`l(iP}?hilH#BxN}V2meAqC=%cbZyR5#s;YYY
z_zaY!KQHhByf>QJC@M9GufxH?v1M(Bsm03N9PMf-zyQKzYA%0RG#QpAUS3|Julg;1
z++f>g##3XqwKyESfV<34?4Y2cstH|xa{W5-OntHjY}^A&Y-y_vK^wHS=~5rdHjt5#
z$$AFArnJYP)Y?!%pBs*A=taL{gpP@cL6(^PjnVVJJeK(3;_2?D%SEcreV46aZaudt
zqOv;$oLyZl0Phkh@GpS<Qf=SDz?Gq{Hum)k>ysRF#9HEB9|8uS2s@&aB-N8pzCOmW
zpg~DWHedbq%VFONip8Y|XuOoQ{BoCk?R0NcRaRQp1u>o6*}h#$Ovx*v4)6g^;-=cj
zGS)(4p|)mJ1sP~*+(Y{HdrbD}?&%2TosButY?5#yLEYFcbU)61pPi&XQ(vcd{mBq^
ztqPx}4po`(nh0G!5w5;;gp@`Xko@a_n!ed(6({mET3s#~{i8=?<KmjUbgHaBfBfi%
z<}RluLDhiq#TS#c=H$%GcnhZ17Dl1?ZcYh(ef{{TDEbHemwQ5)qAPr&hmU6e@VM1q
z)aT}4Z!dOnCIm;S$i96IatE3u?CqnE@3pYr(3EtFJ@AOuRQGnND3&8yS|z2WFR0&T
zDzsfF+^CuDg$`z6VPRlmVuDLfaM2~g?L|nA!iN*JA9qLi+%<Qo9I(me)Mcd1J;OHh
z;e)e>$GtamR8A+OJ_QO6=?Gr<(6C2s1_=qH7B)A0?b3=tdSJk#3dV6a2z^wqjs~N$
zRi$x*hCu&roE$07LYJS8aJ`A_HPiYT7JX-CXpTfe5e7c^_pb#Ke10+4xp&GoJ<wjL
zF4kn{lBAuzY-FR#<96Ory!Y$q%9kU8P6h=>e!icYV*2PYdmypQ%zgjC2xB9U0bV|p
z+ONd}o0@)vM(W+@i7IUIQ_rJmkSXC!f6$|8*+RX`>e-T|NLk%&Urvbwtg(DzV%~t9
z0RdvZ2dCt#B|XBtU)85*ZTFu(XCRhBoX7yfOl6$3H~jo?lD7KJ$)Y#bH^kVTDC^kj
z=JC6K_*6t6xBs5@=tpUyX_TqSPi1!5k|}0G!L8aw_Xd19{{mpR;3XB10xIsp-~;Fi
z1(UQFK7T7XP50;4)XX;@z1NgaPNa}B@YRWdob;#8QNqI1v>z*ts9?UnzUg{I_8(4>
z(^@qJQ_gA2?MKfZn)&?GO;WyN8=a!YzuANCcQKkSP0g3sT2xfg=m^_x9?&T=USv-z
zI9O*?s&iJ7>_P2FanZ=y`Ooc&2hte0f`tC{lUzT4^vr$7c)Y&a8T#naqxt!Hj0sKr
zcQWMiRPTtqI^@l{+Ih>BVNkyP<M;>rM&%e%24iSEG4bHHYVpwT-@m`e_-1l)LGSE}
z+oh9|t<KIut~W$OXa5ZB*_AN%WqkR@(_GaKli0|@wMr>MP)yhTG~MRG8@I>n31+4y
zE-Sp^$6C1<&Rmxs{k|@-^z5;*9tB;}x-@0Mg})DFX7!p*TVju|-E3X*7;CMNg3RSP
zeFnoovA-_}VB@ghZD*tA<!24$Cx+Jo&iWZSvloPu*s0$9H&pP@OGfBkdf*(g>2hHX
z6JttITWi&5?4!hp)6`URw;iWMhFN~MM!cs9s*DS0R^gkfms2<9`}bf?<mlBl1PZHU
z-a55%nIvSaqH<9?ue7X9@MVeJ!l33pU7laTcIgjO(!@`39o)j#@o8?f>ORwS8i_p;
zi<*loM_bcF^zAvt;D*arLdP;*gzqrqHGIO9yTI-K=SQzeyuk90J<18!pSvFS%zyeP
z;l)`sMUMj#da`s$m;U?j`N!JYEP3xuxo7ORQ@v71FCcdP2(OWApy}Seshz|6{Yiqm
z5>H%Mw`OBJ|Jlu#C3G=zhVH*f!SD3aRu4C!O=G@O#<V8ewr<_Z8r#&;QqA_#CcfG8
zj|Isz`NZH+xvkF5g9>?vmGZ;B{Zh0(H6ScAjnnGC?|(ROHS|HWuKIdNbx6qUNZa}I
zhkiI8kV>QB65{^1XoZS4JsFEC>{%1L@oT!IY_l&_+tTXxIuWJMpOh-A_DrYZP5i?r
z)YUu9&R<MDI5w)X;JGWgC_Vk2iS>F4iGBC~{&St@W1Z&Bj6K)V(+|yze?T5=BCX--
z|GsJKnQ!fj?Q*LYou7`~JGV!tgN#m*;=jE^$|$MbRGPLnm~k^csH$!uAuLfRgQ1(j
z;V=IH2Esy6K&<z}dy6|$UO#-!KPZmA&Z{QI6(qMZ6#j3WSzOa@zx>!|Evv>#?JU#D
zFjB^UKpBaYk#za<M~;`T-z(5|ALE~5{JZ?Il1)VZ+knLX7XLs0o7mm|&pn65mR_bv
zb*`j8UY7(99eSFT^^W7vFXl(qqPsS~3=scVTdNQvVoV)um_NX(ohi_}*-&!-S!_CD
z--TXoN$LXJ&Xt~REVRBru?G|B0~&UPBdDXOgE;6OKJ@nXentj1qDbt<>$&e5r3x1W
zAC;9E3orsf)1b0dDxrHhQL4*#y>+V5RFweO@MEIqq%|Xu)B>QIxJ%Kf2;=b+T+atF
zVn<8M&w`Gc!?_eYb|9GhJM`M9tc#0_JoJ%ub#)aLKVSnxbm}1t6lrN`Yil7%+TXi1
zIdD^`7S9D;y9cGEzQ8`=f4pxXp#Hgu+-fJHMlnFA-nun3ICvg-1i%DzYPB=Csh0S;
zQ{9r#B`z(!4$**qx?Enji=W(a8=Fy(`+({WEvj%nwyXnZgUgP@Fw!47#4*+~wTOue
z_8*ua)1a!rjXL1eIFPb{NyAvE4x<)GS#e1`0<Q1eAD@e|1prM4A{zpe!i^g@nnGe#
zvjJ?4L3O99x~awG@gRy5Mw!IF=hfdwe?j|N*R|FuJZ%}DiEuQm^?RkHmO#Pco32ie
z+;;HvWCzCp0p9J~JXTgiKx_QwA<9O%Lt>5?1!V3qQBi{svXkhzfgiS0zh%iYa<#J)
z4_WaBq<QUq!Vw-YcIyEB(Tu~Lh}nM)dB1ka0mj>}*qYhf=RAJ=*!(1!6CjQ7+&|l+
z8Hk06pWme>QQ>h$MVR;AgIQywYy@ZnjW-hq2L#Z60O>MX+1%x&HY$=jbm-8VESC(`
zeQaS5oG<fUG|Zp*tu%1T(^Iscr^%+y=0q90)D;N<!AG2p2T#uH3wlr#euSDsTwI)a
z9#aBvYmX9I3862zO$6RH41SLQHv-(Os;N2Y<dmI~YFEYfdL6e1{9Ij~djFnur)wB$
z6u`!bDJhkhnWaYqUc7k&{?a}e+$<mM0bGOg3ZzLUanmLn8*zOVGY$XW)y|b8bZ3G=
zjy_WT!5f%qbc*{hp!k9r0_edgJs*DM3aFc#qBQQ#M@X-x77Ggt5%Lipz6Apb)*`s!
zsi`RzogBT#mgz}JpgD2j)kP7IwTGubybK7O7SGXjbNdK4ropYlxeMRFYp~Q^boDhV
zVoVx-a!wwMFUT4vhz;Uil$Mspe&^xm&plMAnQib|>|trC+C}?bIrN0}h6fKG#0q#`
zcvNzqOEHwA=oXI^8EbseQ`K^B;B2x3Hd%uC5h@?Fs?TkAOS#xOn|rPTk)@`jRQ14?
z!e)|#_vUal-W5pC#hm}X|DBIQO4+%_LSXqIzTSWB2!N`&$w|;#1yI>EH8rtA{R#tB
zKE)nJJ#Fou@a1CF2=~+9Xm$jx30hS`ySl1s_IuDZyXPhFP5#D2f$u^^Nh!s8^xuVe
zBe=e<gc_?KVqg9iTpgN4;SS^q@2nGUy-)Ao^Ca*Ie8XgmKW!1#E*G<5zOXusz=YP}
z?V~(_Qk)r}pCB*EVJ|YiV^oBz%f>)WVEHp=UX|eWtOl>q@T^;yEdluG`iU8_AgdeF
zMv+4iV80tHnzqn3J%Zin^_Thi7{SIj074PJ0E%c!siTKSd(yuS5{H76Ys3#_(PRLL
zGJ=9yx!p_iZzcKp3ji4ag+~(ryrb>aE5PunES@(a<KwaUhvAq9J#@wExV80bx9`9@
z;0Yf>Tw~<c3noH+7^b162?ipL{!(6E9)B9zM1m%s#K>*D4PPQd!l?xZUKjA*Gm46e
zhO!@16#`EKlMgsA1R{{Y?cO|iGwTP^Q}rcQTvA#Zlw2R6S<2pEsmX8H2|PeiK><u&
z54!PFr{;hT5te(P4>OM4oR|?Ab6Yz*ahX;;mdH6+F##R`Wyw($78YK5*>?4=;0JfD
zJP8J%2}x@>5A9PO+b*Z%f%3o#n2?m4{PfAg%PT%((yHuI+_-?vkALU6x{2l1v25<-
zR#4`+m(l<~;O{^tJ32bTTvP+v5;yTN`aviR01O*Ohlf5@7j~Q+JWs)-7T7mtky}Vy
zI$~thLnH_xIu0k|;NT$eQ81IPVB#$A^*?`ZhsOs<yYV6jisR+(EH~9W1bl%e0*;#d
z9uyk7j+6(0SBE4eeX%jXr8L|JgOanY3<N64%fsFM2@>j|Dflool^qP)1<P<6qOwNq
zCd|!R`ubmR`vl>(-eIc)91qW}o3IW=iJFHIbTIC`c!f87Ms5VJT8u6B@Z{&upJ!(+
zKs_(f)?qx;h}Q_bcX8#QtZX2#l^Gr-XajILEAv)kAtoW5jY`#5WS^V))c`>eh;&5-
z@xokRB_;9iTs2HGeNM3_&nOVY-ouAtsk;5RT>#4@CWiX4<p?g%aPMqsk@J413=l(u
zNXmt>ylZ&47LOOZ;&DX<0M#Nq9T<7BRKj9&IzTk#<Mk$hEskLpSKW8B7Yq|tn>J4Z
z&_uV#g9Isg`*uKJAYfkVq3*)Nxv5B53<~;5Nc%qxNkg*11_~+n&D_1acSAx#Kmi*t
zRd*AvgLL`n4<GE!{QZ|v`|^y6ii?Y{T)AStqYB(6TqY`Gx^E`LTRJ;6d0i@SVq>Mn
z#KobmZ?o^ag%xYJZ>BagGt)f(Wt+EGoL+(2<9vOG@d2<!C1;_J1Xtz4=%BK0xJ{DV
zvu&gC0FM8s)M7)-apJ=NEjqLj8hm~{^jav^giNHbqvJkyj-8#IT)LiUa!pkgaFtK+
z^a05a_VX*de*Jnt?lF{sWg^ykbW}-EaZeIS!xuDZZl4=KWr!TG`zR?Xac^u79(Up{
zoq?=D0<>R58O8_LMhUnRrw+Di)Stq>j}Rq#0fSOfvbpOyIX8F8&hFZ^YvSM;@#x+F
z-)?=@*tm5>IT~j+j6H;65W*-#$q2Fg&=>PTEp%h4<IIvuk+B|rBVIawnBQSi<>Kb<
zo<U`OR9d=u^Jd5`Ymu1?40h5G+!A&!)DTQG=8+VyU8F!02EpO;>-*f5&EjbwM3Fzf
zz4trnn(gaCmePxcwyNF%s;c#n{h$;)3nxHj{22C`T%*_%p$a+TPFmV5qar`K5l}ge
zLp3<98-g49+|EFi0h24DF`~S_j6IFd#jD4W<5X=V;U8IW9V52Ay}h<J<&FoCBkt&Y
z^-63f!;e;hByGc{o*u-+Uym658NT`3;v&8T$nr8v4=l^BVj@}O(Z-*VN{~Vz8NeC!
z6&R-g(MsTECOp{BAe(^Z7IGZG6a0cRD0C{xtie)N<7M3DM&ah)YioE`mqgIPF>kfR
zVjacvf^4t~0ZL`|Y`NB=p}1--rg)zN73<>ivS)Wr1c)2+Uo5|08bXM`8v6nIR$K}o
zUQUYC7!#vF+r}>GOs$l>WPj#g8^Cqvy^usU+N<+8AMuafq*xdHy?g8M=qIL*K{JEr
zcvUqUl$L$Xt6z*({4FF$1HreHRU3uCj#NE;`gFEVh<-DGb0D9L%DiwQxeS$mLeR}l
zR@NX8<j_8W+ywFuo8>t$;XvL2k^%be1#3y%cnu5~l@S#NL01{L4p3Nl4ivz?pv<@c
zhMgZf+uIM^kL2D-@evFNb}Awlx?bQJu+WI}`K_(3#hjYUsy*Ty$tQLN1Si&hjd`TS
zzSMnu+V6w9X#GbjeKwy{Q{x>`{-14>WF5ilhxdu27oy;=Z=XLON9t=?MTNAp9d?(e
z=V$m^z^madR9ZH+VVn%`4?%r_!eLW&IuG*T{J`x5SLH)0EtPbOj*q9Iq}0~Zf_A7W
z!rh>$%{y~POV+)V6lNWrR-%jUd>2}vCc3M6Z{5WK1ozgUCQJ^swV|HA0`!Skyh#As
z@I1jms#=4C0MDqGg@=zX<51{%n2HF24K$EMB8l8luO1bz$CjU9kc7Zu8vVnK6>-V;
z)(xj#b)Q_gcf>Z8zUo#&#tkC@Mx>4N2a!6t563VcbWfRm)M8)qo=~Jp61mgJ5qfa`
zf7`%%8>{=qLd2{1_Tgv<QH{}h;c~u#nWqH%i86y;9spWiUS8xI+s9sGHnpk2s5dxz
zfC1rHZD|pbmk-8TnK){WaRcy}GRx~)cpsCro$TzgyIt<yyVscTj54DB?OPTn1DU;h
zZBZ`<?42tYG;2=_i;L4`qK|K<{!xn>v0qk}g~L%I733EVe)P6Hr`0f745VDY?)z)m
zLsCtGJZ$mnS7s=nk8GgGmu46*H5MWSzG$G)aYX;g5~5b|xbXAXv14G5G<~icf?;e?
z$}F@f=-s0bK$~7sR)$LAox6_ncnmU;j~_l<Zh_X0g`Hh=o8JGF_&9gyN11vaR#mNH
z;i0}q(V%&OA=Me*FeCEPrA@JiOVN;GG6MLF>YbwtZXU^O=z3wuer)MsX=!O|`wn6(
z2+LSFIH2zcj!;E^6pJ>0yAuS30iY$Zf-zX3*PANsRDuazA78}n&HY#jtmI$l0^#6`
zmIKey+uK{>1i3KwvMcz>@*{aY&<jA`f^=EhK1(aBIlpQ!PDJ)Uh9<YiLFgPZGBUss
z5g`I#-D6{8b@^I5Iu4H!u{$X##7ZPCqFp*}cDjnq!2*fy*4AuyRNE18JabrEy9J{Z
zS`#9M9BIh(YNwDAcPHrxkBlQ8GV>;92S}{Y8#XE(%{MAS`pJ#`C*nR}ryM|VxKC?>
zk5YFa85x<>S#Xfl{jIHY;8>)NM*->f*4kAkcvtn^$^Mn|(p*2^&{M4^FNJ^i<@2n+
z$CJ*P6LsmKMv<{;LI<fU@@X>u1ECMsgd<eJBF181j!F(84C^k=D#d+Rp@dxkZ<&lT
z6LTpjqA#`II#8d98*@R06TZjqGv9;QqLrnHRrU2A25QL95tYo&!V;N)BHiF6SK|CI
zENpXBw&DK$4~U>Elw+8&&>+3V?%kWDUHa(J*IRT?i@GOp(|x28%wz=Q--pz5wEzEj
zyQap*Y%$6*gfu8A{Xsil=m-fmn%A@b{)hLmLT8bY5$AI>RU)q|tE((MeFTy{$l;z~
z%)Wj5HsQ7(t+QGi+G`}nOy%|m_wI;@h&1+^*vIT;?-1HqT?VyyLxXzA3~F=s*6dga
z2fyRU%1T1>vmLV7u1VYfR;@9waoZj_`^U*pn+?5vOI*u_h$d10<IG9gNl<*y)7zgq
zg}U7hSpxbkI1u&qJHgD?+3Zi!E-A*tBnlSvCh-!1fq`6vqnwQGR%)t+fkBqB5X#jk
z#6@Tt{6D_ddVloqI$gPn@0L*5GCKMMS}QP1YR%SR=(Y&=`S38?NUNA~30klyviz={
z+j_7Eq@|_(_~hkx*Qsi~?nUofHZ?bA<!9~E`uuq|Mp$%a5E=`JiI!a|Sy^3;g@z5`
zN{7=Y%&V-=FTU53`t<SRAUa7ltEC-#*y8dLsDG(*baWIQI}RgJOX{QYa&p_q$ZoOp
z&!~`L3R=A{Oi!@OCPKAp!0315Y6kVB&tLK?D=R5oWu&FeYK^pO?-bp(2QIVkBzJ!$
zoz>S{j0-kkwojjagz2!RM&90V%}BEDt$MaWmLm|1sBtSmLKteK9B<mGu=u@0yMY;A
zrXLL{wt&3_TQ~1KlNPTOBNJ2Jn>oBqj45CH2GXhsRU$eIBO`jbS&Ty;KJbn9n6!))
z6|&sBotKw=W}#ki$slHHx>S29^GlN%4ciEN+iN%ITbB~0@&=ODPZ(|fLwz-s^Z7|H
zuM=7~OzPtm&L?WGK2}y=-?p-ga=pPUA+(@j{k7dY^`-sm4qA6xEx?<6-NLy!bU)qi
zRugkoO-J9hKfnA7UW)L2cB7l62oG)S-)pp+YkRnafJIq~E6e1dVqPNM{v4s7DGBED
zhu20dj1+lecaTMi-;mll$&>ge;B~La;q~&ThCqySv?BoF+;I=xM`(DHjz-j#*Dfh^
za7RZ5>#_&lofU4*Jj2r47|(Hvp1n$9fuX}>HR@kSMrWAU$nQy-(Mo@MYxVg9L&3M!
z@&6F28ChV~qzq$Az0sUchWkaR->#Y2D|xN|D_23w#INP&y{_G6{ODH6TW-@UXOHjn
zSJ;>C`wwng(j`8Meq<Hn`fr~DkLP+GRva9uxm7rs_z!<o<Obr}-ODX5c}&~)TU-Ah
z_OXwpSNDfTx4vF*a{ITB^f>@7FHxU=Q0Tbe`qRRS+iG3^)pB%m8vWl7kyF4PKu4#z
z`O(u|{Z*`~2UZSM1fTbv8y?XG2|@gH_i{aW<sJW)C#NMl>zS@-lEU-O)6Fk$>a<g~
z?KrNhbYAkDb#TFtnwsjjDZcgpzIKKI+7d<yEj>>a&+`|<`7i#Z9h_#rF(qs&eHl7i
zscxU&mt1WS_x=n2!$;p&TWK0T*QO|x*37Le>#b~m=K2rT5UPmMnkjsrkZUI!9e3M}
z>QCIZ$in(&M=hhG+wT?_<RpqL-2DHHot;S369R?ung3(Hdv(Rag9euUH9K7Fixa<1
zXa2<r3l)U;vct&5Wb{Hgtxx6K%4iyEF)BPSNqBVsC2w-d6q9vr>XS~BzTQqt!DOG&
ze_x^{+n!$T?axcsMD|(s8NA<xJSa8eamqHzyZ7$4Gkut<QJY>HxvRDN^G!kaq}ScM
zQl@s5EkC|F^s>%s^C>;~zYou_%0yR{|LL<fRZiEby!RA)?*Pf6bpIsM&NH<Zk<}Ue
zdP06B_00#fv&YU2yzsdDG*@=lU(yCL5(%bq0f~tkwsRZxHyAo$F3;+n7G|7Mu)bxr
z*eS8>@{Nggw&A{KX?0cgHzu?HUUpd8F=h46DA6%puGu#|o_hN$cG~O&SwZ~d6c7tM
zXxnM3w$tBky?&JT=1tuR2P<$0|K4*WCJaTB%TuS*(i0`CtMpu^UGgS^@BV#)qzom{
z3^RhO!BuGrzDe%JX33z70_BBdc>n$8PI6+INv+jc$65Sn^7s8!U1!{y@J;3KKmBhV
z3+;dUtoY{7-iv)#DjrR{|F?$8h&6oOZ9ZF8vf@cJQ)uRYf1jWF8Mc(H`B&-x7NRfj
z|KS~oH}(G<zwrMSUt?%TANhXuw>(dhQs)QVm!$kaA!1JzMiE|^SMSf}7z;@X2vRpK
z_fQ#sABVQW+`>Y!LidVMQCnwc@@|FBYZKHt8d9-4*0>)yT4#c_8ysZip6Wb+Z{K|=
zfmq{?5Ht!)9N?WgwYWV-+&5{*3WS_ZMg|6Z%l9rqRzRSY*fWqpKqGRmcQ(V7BT;(_
zwGDSfg?)eq-Rb1X<mBWZA%|~fWFYf*0*EklSeX8SIRCjW>JTH%&p(ZU6Ei!o^mI_l
zrAkS}YBt^&`rU_;MB0+1{g}Wkw!v7nQtomQ9d-03%nibpS=s^u0?M7B*-eWN9L)ma
zjBXb8Pvr9~qFeg#;X~(gCP$GJa6!yO$eP0?#>AaV89zgANErb{0uBt9#~<i%pc>TE
z)eY(RL8f?$%K?6gdLXFi+7#xFX%QcWiJ(by*8iv`YD2v3I}FKZ-i(9h06hoCeoA!>
z4U=vrbAbHBEjxfQq{l*FN}(TPJqzA?%evcR%OYdeFDC;J8yvEP5Td!YwX~#UVR`xd
z$BOAhsUGz6__*>iGH5&fp7r$f1ia}x6lpE`@+vUV|9KkXp<jrn5u+~mqU~ypVEF}I
zK8CG#J}d4aUqt6wWA|bk7z?lkGtWz=m)TNZN#K_6r$9d0*>Ml6U%<ysMTk>C2Vo2(
z<Tz4NW#}YjW(R(C)}&Oi5%5~~p}+j7K7YVY;a?MKFmQN!dIEXqmgm-u&c0ytV1H{J
zXH!zj#xoPjuf2k@3j5o<zeLWS6OAa3_5$8wB9vr#ugT1Jb8o~&U9CK$2-S-Z^88Ge
zw)aJyaXY=8GD&6QwY>~A2K?n&s_A;u^YaQ$EsXB^Iywx!ynF=%fyx_uTVj2U{5o_v
zTr-{%cMD<4Sz203OJnQZ$#GWQ#n4!^+N^2VpxZRcM$Bn8a<*CG#y-WQV^5;55{IYI
zZi1oBV7wH#WfWsQkRoXIFnA%C#@ok7B_!kebq7moL#e0{0PB*HrD%!quDV^MFe&C4
z$89220Gq{K+R!4!lSX=bu~=@pJ(iQltvS=AZ-yHhA9lkYl=524vqDUHDI+BXVx4ZT
z<(vTw50J)`S&A$V4h`KZFE%PNSSQ4{g)r`5H1oF2zU9)OrdU!^!Yt#~^z2+n2*hVc
z-`rJED=I1~q~t)plYs{=W@)-aSyx-@ofr_%-rsNfKI5TAK`+x$t*i<cs>ZJydBuCs
zb+heeVM#^zd=pIH@#DvR?!J1HC}E_dqf=+Y0nEy!sYROWwLc(JOcImI)OXNY%FN~!
z98nie833LVZA!2(^YeG51%mZ;_tP(ty<yUm7FDoj=M_0({NIBlX#JlBDzDQM6PJK4
z0opp@s81`&UHG{x`vuTZXuBMj$G+P?{DI*{*8ANB@zox9=Ws=h-^bU2Kw}4n0%@yr
z*NEU^<O(+|1Bn8OLzXiLAOvU}C0Wj9AQa~jwc8a7JcVE!xn!hAl%RS}j3<$lH*WbR
zk=j;Y4{`e6Ak?i>hPGgu^53RmpJKZGh3VSfb)2~K48d1u<eSoV98OF~ScIewJQ%-{
z68kx@shDL6hd83#Eq7H>Ecqje3LwxKKfhr({{W8=`R8mhP?UzG07CMI7@a_;U=f@d
z0K$gpzNp(JCXkKV!tW78aWIW=SMPzS68i?2JPb6B&dyP?7}wZkya@{_TK3%BTpf;C
z3_DRB1Cw#DnwwoQfnxS0f?DsWay)bb4v&HKaC3s`eHCF>S665}$8hcK&&XpjrkFbr
z7kp9A{zjLTZh%D)mni+x^s8&!0Is)FQo`EMWCK_Qml84^r>bJx#YxmCqHkTI;Tfe-
z#IxHn3KW&NO*5R0fgwzp(7pnceP-r!ilY8>css_h!zrHtT!@egq4M`fnj4~5VB^V}
z5uu+DWqSP;(Il4U=6hdjre%VHy?K)W1YkB=LwGV!@Ld)(ewz<4293U~Jg#tuyI<jO
z??jb|<cr^|_PM%zl1B|8xj%>0PS`DH+<<EU_Qpy7m5@*}^SQm?oLL8d^&5`KtZlo)
zu&*&}W0w&AegG;7ty4KnOWHA>#K~@UzYMjYw3NXk@;Hi8iuSV#=3E)t-HoE@dRJN=
zTi%-yX^Jy7c=q;L09h|mz{F%T0bOxxTKYAypH)v`2x+_z_&v(=-B%23pf4t*>W~T9
zIQs39DUkXC-BjW_wdi45OO<B$RHVXN9YDQ-pQ}9GGQjZqLaQx2LO44FVyYT9AeD&;
zv6SPt?l1lS><==i)(InU&{E;!$KRnNCgi<9hi=@symuXtETpVw>11I$N+hoSqjlgO
z%>ZN$z78ybDDLwCAs;DFhsA~sLC+g&kd&7<1^gUm!OtIG;w2z7<ubt$ZPTy@RACkK
zy@s}`P*PN%V^n@xga3krAY1g_P`LXEiv1)Ze8-@F>ak_WL8U#H)o{XJeiaI%z|1t*
zRD?c*m%jLrgIi;|@w5VSH=Y*MyEy+2VDX<kISrx~|5^reZLn5BJitMA=LjuH!wSGO
ztf{EUWspCT&PO$#ika))5OhgPje+YE*Nvdn%=OhwTwDW<Ct#&04L4YOq##|Sp@}B~
z&7fYjf;CgTu(DD{_ZNiE7n?)gA31tb*ZylIx3->M2YARVR6p2vx+d`X#bv=HeMBD9
zN5LicL>bBg>RwVE?m=j5d^bCr3c4Dg1~7lZtr9Hr#c7^`^4;PuFm>Xh);uZKL8`k*
zv8Fu%r2#myH9(O>GgV3ccgP@$_nq4@UgQbdc_8#PsbdJTqzRq?(pNe|Lf)+yw5049
zcVxHW53CmubQf&d4W;Tqfx3tP1Wl>wq6keu!$;CIkY_8Y8;84a_wzK`638M;0`3(T
z3v1g{`%#PsLE3s#*!6LuYD14Caewi{hss`!Jyoc}5JuQr?3{cAtWp++G#H9^2)$g!
zhX$OZn<hgSrV-5*duF_Tt9TADG(=p`TXh8*BW|+}*%ZW;sX+b!_n!9g5$`w&zz}Za
zQQT}Lb)~#3Gl!}@OExq#)L1y9to{n{MwB=*UTpX{mR3-(kr_a79Wo5>y*df?ve3bU
z%Y=>54A)PiN}RZH?Izy`?3;<EVlbh%anv#2EG_+pFb4R;@cJevCvmRLp-U3T4qF7P
zh@Ou|35(egyQXk^sfVX0a_XXqr3?s||0n)Kr&)^oTV7ZBOdc+aD<V?xA+Ydvweu@n
zLjndZO*#vi`R9K{o2WH+B%<!iTe;_uHPTjalY=Ko!Ait)K6mcisn>-B<@4^{UYp}Q
zN!oNekTh6WT9zZ}NkRg-g(U!5U~KBixe%aXn7y;{m@24pkQnw0w(^@7_R`;>e_*)Z
zK~J;Rs%0Q*#kApTe*83=MCM&H8U#D+<l&K?k|Gck=b0w!yG_khfDxgx#zn?lotGAI
z9-w-l9LQ}W@;=d_MN@X?)YY9syM-fY!89u;x|ZaZuwv`v^ce0$=osu-$B-Y7oxsXL
zUayRh2r)wW>B1;^AtN9tC`!s8C@AQyrkie?;%8DrkE#o69et{N+89<oydtC`;hPK%
zfeP?`!L23t6^f1O%1R(ScJe_HJ5X7*?&|yDV0yIF0B96E2;M~FD0-ASEZ;(lm|f>y
zu&9T|&^%Hc*EmA-ti;q|;s)wuLJjcIEU!jaG<hw=v*aD<&3*fyp}yjq&T9@Rz~738
zk<GlxYr&SToH6KLWu+a+1U^AQeEcGVeX)gq&|(%UASwY|Vc~PQ?z`nx&n{FNuzcYO
zvYyz%I$6<F;j}w5ww~1RNfj$S|A!xmIyoRdKwUlDHGSfqm6NsquHFF9MNlo!Cpqxp
z^_~i;s5a*g1YnQGgoc7bOHU7{p6BbrYv9(UOPS?Y&0EBCRHa#1g3Vh3RfL@{hp>E<
zI_Jc^L(2IP4r=QSFilpvi;aR~beQM*?y%2##!~3Vzb~J}KxqBeHSa!*&XPt(y<fWR
zMyrR%!^a5A;??tbj#%f|(_g`j<>chRnWUzwis#^idrVO4K)pd55zU`Ln0!#DS@oiK
zbJ31Fcx5ZIYI2fuU~A)j1C4_bBGMM<A+cVA>YfY?S!EcWFA(Ui7LPC#Xtztdzi4v5
z+Xd7RaWg@iBjzN+mfBWcncL9zb*T%DOyh(KxUH1HbiG|T{CDlTBD?PggIcGbdVYbG
zvAMQ=@x0<S7Shl)_P~#=XXzlBAz&~-2;J)%t*G$Fgpx>SP|gp!_VD!PT{00e0Y{7Z
zt1<coLY}!)PlRYNuc3V44gj!C`2_`<>gsSS5!O+BWO;PJ*qg9~8k|JEMv!6;Fnsix
z;bSg(cL{w+v^KO}+0(VO7rlncMG!R(PX~Z%oUjaAJ;$CX;+cV!wAZw|=|}s(U&ysq
z|8$r>zNR=0CLP2l;unbL8;TLP)!4esT&}1%E9<uN%f+9_Y!Qpa`-TH1;=uziXXpHZ
zVgrGPM1Rm=Y%4)TkRt0rf)&Jvh;z{}_c?!Vq1TjmK$=zge_|EooIEP$!n!M^a)4L~
z2hrxkMlBGCE6}V1CM+fN9J1w;TK?y8{RK2ANcV|e2G_cA<!`5=`i0wRQFmazLP7q@
zv{AAg@+Ai^H2v7=C#|pY^6_mOFR6dl-Ccr=D_rQCVLrI+z+PkYz?<#8!so_9z8!UU
z-xp<<`$__CtVreR0jq;Re;)414uFrQaYUK?1KoRAsdiD;HZF=o`=Wg40PFUNz>wIe
zDAf%oq>?!YA&4$K>Ty9d>0C~iACC9NU#*099EzzW%_3v_R@6Fd4!)oB)6+jHf3%X=
z8ej^C01pJ&MGCa#PXhvFJ2pMZc|ioMYH6u7gLA8_sfm6Wft3WL{dkXvNIctY>2AYp
zQ*YjPl+UNJXmN7v`d(}-M7>>c_-W`Np_k1<4*K5CP~^a0b#V|1lWLsXRGVYym=0@d
z7Ubu%`pV_ZE*=jj&J<(Wg&o8o9Fel~`B!+ji1O9vMmUs+&Kj*!iIn{$I$WD4Ar`|K
zVG=7*BumlcmoG7VA7VHBQD~TZ6Iu}&7L^rnk<io`G`)OD));aQa*{niF>4^3z>T=K
z@&w8rh~+=aLtcnX3H(RjpLAYSj=fe;z(4T`pg-r}-&X&mqvJaPcX2+xrJy>@Tf~kq
zGNK*8{p2Sh#3G+3hGS&pFGMY<_7US5i>W+Tza&@4Yi#Stj%3AeCQr}*hGhO8E;Yeu
z4?<!O66ldafP0ZZ<ie#UPD|Yjd)!e4(>vr5gkTBHGgy47ahPvQAsss?BPzOM1UGfW
zU%$@ay!*hHp^69SqHyvuJD?wEitaTO=rn1%rc^`6<hIqU9<=N-*lG~iP@HUfqe}!d
zQ2a*9Y2`Dp9!OEYg#UM=gkK_+`T$~Nw<HfEHI}eF5irPw$_r5HC&PqWdt68A`2THW
zyEBh=?f38BpvjLl^pUQBjJ}Y?YFH9r!DN42UcLrkKz2;PB)$DF_<1uGgLiJF<tM6n
zeLWWpHbO!|&~4iJB9WU`XVQF28^%?f%j+Og(B+2N%cYBoh-^PWSBQoXoJI3WZOjEP
zB0~a%(g-Y7kcgmpdsI?V1tA73psC{-REF%^v&}%VoQEs-;R2?M(VDXl0?15p_F%e-
zT#V@d46D&^LQN!5$S?)W#JMBwEiw}p=II&heiwB4hXf#e1PU_<6+L4F#Ka8pjO>=h
z%-fm~@qYjv*<`Pqz`h;(Z|)Nti3n_ZZ5Q>hdw5uZhi40efQ?+-gPHeK`)j)(Z^9V7
z9Zp@St3YJ~7IDV;RWgS)h*TNFNn4InxAmRW^I~47n5SX|T3Zj}XhiqZ#RC82=vstb
zRI<LS)J=)yEmmk(VH910e~p)i#~lR&^{bGqcL4T9Yxcsf0K;r=Sy5F22PQzc!j|`b
z(1%!J$iZNiCVzIv_<i$}4TFQ#Fo}WItv8$8RJYOvp#yPm*&8@M85kJQZ~;ys?pPt_
z2z2oiXADW-=&lpn3@0m*>w*TdQB4_j142g@ar^MxT!(IDR=e`}_)ZXzU$K*5XCz2y
z%-tK;aCy`c-Xqv!I?c!$FLmjzme4=nU|(b|gW(31<2L+-nBI=pz8^}lSGFBPJBQH>
zdr%G(=umg)?%lgfn6E-5qMH4zqG{2dcSLol+v;@{;!OyF56Xa?94q%D3_<|4FxJCk
zXdALQG2s7V@4er-?)(4ohL9*^g~$xqk&%*_SvDETUYQX|sYFId5u#*^kPw-Xkx@~0
z8BszZQY7PZd+NHb@9{m3&mZvp;oEUs$NN0r=XvsaJ)e(pzu(q9_|USAgToDft%G}2
zd^a;|XltvO1$%KOQ2F}$-ehDaLTgJ1S`r7SRaK5HjFUMIfa;bW8|5_?MN7Wh&#ueQ
zCHZ;@b^QY7+d~U%Ys(!Hl<tw`L5ft-Yezw&#}@6k4@rtfHxtYt)`V+j#N@z%JQQK5
z;xQ7lKVdThB|7i?_W*NRUHvTQaCO3R=NwyFjhDRIyf;S%EUvjfz8<As=Cr@O^n*ju
zZBBz9Y#ow|Ja>gUsTU;+)z5=X)$Ic~*Vd*fm~+<Oh4Pw1rd}eNWPmLMFcWOe87^#R
z$55npPD_h&>iB&)A73Wce;Rc)Zz|@EQPbfNIL_Wq`PR9=uP^k2Eb<s?C#_r3et@vY
zV$qRV9+{aD9`fL3(2HS7IL*=MCKbhpP07Qv?N{i<SPCk+-c6BdWx)^D1uF7l<II)C
zI)#ry0SnYGox__=J6#vHH-AUg?_*I5+m9Qxs%eKAdC(HFq`bZPetv!<PwQI5hr|q;
z9x#a*vxWwCV7Gb1$x2I)$U;{_w|FG6hB`lh(JJ`Gm&mKJvpfqYEkf$fU5sF*F?=I`
zSAsdxui4J-N+8KxAt`u4u~b-0Xx3G&6tkBWHm6zIltf2y*bDRYo)Nq$p5~!$B@iA)
zR^E^o%qC+JlR-Uum%(MzSTRwf_noe49%%PC95Qib=~<uA&D5j6nNw(KzeMCe@0-rz
zsuvbZOWW39nXK|PV?ucBuC+*);&$<4R$?EP_FY>~3%c|;=4eZ(#vUhrV@37+*rJ=0
z^r5#$DQF^W8861f&T`srxV+Yi8u0N94+VS<56x+iA8epvJX!XnT<Wvu#WZ-!4E4^c
z+pslzYpQoM2$^gA(VM#PIaEVkiEhwP<I}spB5bY~=ZRm_I`l{U^me;i(*}Bz-%f>R
z7sm+Bq;qW4rR^Vg1r;n4!3`VK&mMoNCkSD5RmCfyBTe;xE_lVA<82I5lWW|#H~Y6T
zoY+jG%YlCdP5}BCAKCj5+o8-%{KWG`AWoyOmu1*X<qM<(V%1Cc;^GYNmfAnqpQ#si
z5Fo5@&*M)m#F3Jw5wU?oM=NtG$kpOHz?lKnF``qT*udX*4-T$EJc9f$z-Sn7o*W-<
zoa*EHVE@=uZCs#u<F%S5mebHNnVJrukjDWhdIJs5<D5qG@HeSYt9yMWe{)#&kWCXM
z?hA)lcL7-;;?pZf|L515<_}?Gp;zK21-dSKf9KUBX{&@9Z=kHSbnnpsKb7hLvT0yQ
zwk!!XQ58@5`S@OFg)c<Tt?Ju{ko7|jM<mk#DY=PI_WZIT|F!M+t-tDg6kF&vw!~4k
zJ^Mp*GjVUDg?sB@N}#%-Y>XR~Jek-tqr6opOK9F96QlO;OeKU+P;(ZQlr%70A4d31
z%7H1NRPjVXC`(ZVfKPDk%IQRx+)>slbB7{$6qah@H;0Gc!@zk!95=&QVtDoQx-~NA
z{|u+;y<<(=KT!;^2Ts2H{Co&T{s_9g<+uCKr`Yfots^)rD>D<<<(IEt|1K{>l(^mV
z=urZ9p<n!N@VW5pbGf5O2?Z8zNYtcpf7W&eD;A+z!Raq8D~lJU_|xd>dy{vpqsr;V
zP+UM9`6xTv0Y!)ByOf_L8=TycCd+5ZTR1s47gd9)fsj#38`MogQj&wc{oOD3k4qa>
zA&(EbL7lM4QNcdpq5HNKZ`}H&n3F`Mjy1#jOh*w6rsUJR!}?fmus6y?S?`jVX%v1h
z!{6old^4|pz7Yz*&XWd)-;an`o98H0X+Q2ONOQMV<}*Jlru(A(32#(+d~TntW{Og*
zw~x;yl)pb@goN@t)B`_1KI*kaGm+uFb<>-O;KZVM&FPH~O}r$Ytb>S?Lj474KeghR
z8OaKY2$(;~pWuON${3}0KI}v64ALiPE}}a9@baZns!piG1sy}ECQf9(WUx7s_8d~)
z>x%#~*Q2ZdMn&g3e%O?J_HEYUkecF-)CTS?X<Il$!zFZeNMd*yo^WnqP_C%5R!~qr
zc8r7$fyVdL+*7&Lv`?zd9!Z)XoC%n%n00%4DvdAZ?=n~IYYaJjkhoiE-17~qSjurF
z_-K(;kkF3yjroSLfdN5v_1u2gh)-bQR}sgX6(rWVt>G5vtJ}A4Cnkms;O@uNK_raL
zC`yEH`jPLb%X=qGIcP?@Ue(fr#3nRqB-Bq###%K8UKGd1hn8t;&|5uzEC}-hf=jH9
zQQmDrenZjE6HrZ&HlvHauV}dRc*o<43e(4ViowwF<<ynGQEjH4OQ)5v?NHb;{YIla
zh<qPE|Mp>MW41^}q%zns?>&|*DJHm2QBjF}9-(05TglM6A^@yY!t%Kav0I78zkBQM
zNt76uFcfA<M_)ha&kFFWnTl`1k*YzD{^GPihcKnRHFX8&01_IQ_wE%s?cnC(f~=oj
z;Oa#{+N7^-!2&)01>R+(T$Uo4YN|nwumBO`J7Ii?2pSF6(0fE|U7`R)QKy@_HY2e7
z$;!>$)wTNE*AuZ_!Cyapx;hp~s_)L&u>e>LsG!ei!}d9AkvaQ0{5^)gw}GqS<hja)
zH8up|Z0!5@D(7wiWnpoVQE6-P?c3}6D=I30dS_;3g;(F`j6fjM!#Mb=kQh%@-Sc)F
zr;$D6R{*=3440n4lul${9y@kLI2%R{NCXMhD0+SHkP+56y;1w(!alrZ_r+lXR0Cek
z_op4R?tk~${OSq&BzYv{>eZ`FdzC*smo5XXW$H%#8cuJ91&JdA%!dK2Q@N#DyY{I{
zb8*=~kxWI^2Jqk0ms&^>5uoZQeI1$Qg%Fs4c!0;%)kl0k5Ro&SmjY@@X*$^-QH9;D
zE8~5ZTbFSOc_Imk_%M|@Ij?$p81z@63nW6_iWgDd<#jvLRgOg+7G<f;;^|2`GZ2U`
z3AO)liFbq!a!#-8xr{?2a`+6-Xy<f=HS2@KIws?YLd4_#!Fb!zu`%7I!9j~mJ$eR)
z(c3t*Ik|%sIVg;cjP5$`kt4Z2hBM6idAP9Xn9i@Vn+o@HFpo9{Ee7F@Dw|lstKmJ7
zjBqNE2PyS+h|d68dI<tK^h^Lvfo4idN}{G!l!EFrTsUH&Lpbf7qeN$CCsjAB$1Ho5
z#&%lsL2LH|)WJIb2W1#Q9i{8LLai`V7NRf)v4n$HvTkhq6@VywOy~Lzd3uMefA|_N
zH#e9|_Bk8B#)OT7W&6svTcH!a2+706fo9GZYFlF9L*fM-A;et1`FSs`3?zTuTnwzs
zSOrW8mf_I&I`~VGnk8#2Zc%y!bSyfgT)LZ>NTe0wEM8h#f<FeqN4z{dD#wo_xM0Wo
zzW@fix(uG1N1Z34!4O7~S`Y3eGdnvy|L{!t%QJxtG(%f=$x$;hE&@<tq@!DaH!M<W
zs3UlPoW|?zO(@z&KJAsTwXq=v85)RtjJ!bmjuM*V89oV-6$$+=h969$i*KB##?kyN
zOpJ-b)BLOlGPj5%Kjq*&NC>Yvi`|5x5{C$$bp=_u&Jy}k5J?xO9%WO%fNhS(%G!Dq
z1Bq#V!d2FA<?TJmZx9dy03jYE;_IATTrQ5c?}@E~6Aa;HAYhWvvxHL6Y-&2l%bS%d
z>-l_Aj4o+*!dK^!L0UcT;k=9tl5J=Lg4;Y9#E^T>#7+c*#W;CyLOR=(V&0H#z7z^I
zkeA}XB!)GE?$bHQ+{i=lS2$Sk)ov!Wkri%S*r-rAcLY_1z}Ez{$KPMpesHO$wH3Xz
zQNo#sz2~TUGD3+g*2k~FgM;!%${t8X4NXl?Q6yag_wc%m`<oCI#u=YhD9sT7o`@6r
zXJ9h$I?*XGM_QVihy54$vSxCW<@R^$X{L8F-T3<LTSQ)mL=9-8_q*P<pFw(w-B`vZ
zfl2gKi2LYrF6~q7)Bgr=x*PyFgJI$yRUwj~&K*c<efCWC`e^qVSg6QLpFY(KTpSJ$
z4~JWd7-!+Qw;8v$g^9`1$8&E}IZF6$^TTZL@tG@&04vrv5e>&oy@EK|iII^XUHT_8
zGcwQ=&Y`w>7a2DxOYDT|8<~2O`1W4s&dt3P#rlKPH^NX2J_wvBiacQFUwk2d*tt2j
z?F*i>56B@_Dvm0mjf*-w!zV1PDuoEVAQ!~{d_&2T-X{H@2dy^31v%3CuAk2Bcf~ju
zcV7(1fA?;0=l(k_z_mnenjN%eiH{C-#v?-m0|}%9V<dpN&yNv>A}NYiHSXJBWr}vp
zVjX#YA`FGowE=&`qsBf=OgL)&!aeX6NfF8CJA<<|=O*g!Xk^-xa-Fvqo2fJxHs+&4
zfwn<j#~+rF35(-$+_E`o{hF)!wObx>!oFNJ+ky-UKyH*SDn2fbLk+S=bK&31bsh-V
z-qMU>07PdDC`R0?4<6uc8^U#qt&*0(_b}zGxJ7oDm_$t@({2fXmSO=w8CTK03je;`
z!~`$K=%L_{kf}rVha5JsFf%0A^FT#8p@xJG<fL{Smxx@mx3l|&v7++wOE|Rep0vQB
zkAqjAb|>oZ-OxY-wS}WstDZ<{ZK-mbRQB;HMQaOODQhC_W_0vPR00r^LyC=3%E@UG
z+zH5bGD;>7oc2IFFc^sR3pT8dEBqgkHCY2IXYgw8-@i}wRD~}(2cl-e77-gu2Q5Eh
zrm-i|(m0D|Z~o~|X3;Y<%Ny3WFsLBWhI!QQwhIX1<(7RhtaV?QPKs5H_g+v+zlSUn
z9i1!VKvZm8T`lzV(hld<>W!b=`LO&F92QI46{yOCNVh3#@NsZ_;vFO>ZWre$f=F@Z
zEb7;=u()4$S!%h#mTmVu!Z<-0<6HwBigW18`1p`duLbZX3OH-AZ*eaG^ozN7Zwdlg
zB<$>_U;A^0awp8YXsjVS2LSm7E+7Gc*2YF2At53G3kQGG#e?hl>&i}+tWkwn&ZzM^
z-%hG=(<Upv82wY8M0drlK`Wzg?e=E6vXkkZB_I$vIThv2xPPB$qFE_nk_!a{t*l&j
zkdSNKORK0D=<e=rY2im%C@Wj>^eJtzTg)jPKDx=t$%M}~0`QN`z=_x|eH0UF8ygx}
z5nQ&-BNr!gc?NEK;Q9CfMEuWv<dfp=9{+wPE#)2-r<gob&=(o6=K=WC<n8a@|HLl!
z!~CfR&UjovQ4k5EdRh+l*_A#i|2OEFmK?=`1H;l8zK&9Ce{gO{WX~=yH!;qJGwtv^
zlYEQa(f3!w%)U=dB%l~%x!xmYRM83eonfHNdaz?t&tbvQ->DoQ`577G@o1;y6M4=%
zs_v0^O|{{eoQSS{DMO;HtbL`wbOT%@$@+qt1z2P;^uijMsA!%(d$tDF2Nbm@F{*_k
zIPJu@H-~2%zM_hR#sr(_IFv>P1|^93K&TBrzY{6|>mBq(PHsxm;knA291+ElrW;$E
zdWLce3%R-O%9Sf1ZcQ9hOmDZ?lD9)CA#HrkA776sAntwflDXI6D1ke@sfDI<M^WRh
za1OS?Z*N~;%|bDD8WBVA!GaP*<lFAoVSXLZA>Vy9{&8Z=i7GO64vEYRNJXPc>4buz
zH?7UNlsSHc4J&2_XYA<xFH#a$nqFSZQc;@dg~kJC<&`n(BKivR$H8v{8tI8mIXOlF
zESb07d=>FIursFM#z6kNC*=R_En-AeY%>5b3q!+h@Yx9ZL-7*s6o8!$8B>F1jE8`<
zba_?P$Cod+HUp{(KXqjMCu+&8Vj1lFglWypcffL25sifo8g^93$22nEt(>7;T3$|b
ziZLL@#8Imw1vwW?^dYr6Si?PW??^9U+ULHT*tMwkQ9%>9tUz4rLsNJ%cT68BffFKP
zlZJ){>?xh64&Go)eFlpbFgieNG*j$wGJ#n3Ala*YcH%Fh;Mp#Gj$yepl$$EnfJs}<
zLG@Vb=(vgdgZVyegotKsI?j6s7lAWoM)Ey@Kn|Vl+m+2{9Zf`^5C9=W0l2@F43U(-
zFGK=27gg#DxK^P3NvdMlKq1yH5qtls=z}H~3FfhugHa>pGpjwQ9?)u~;B_Ed^#MG0
zn4t+6kCpKoKb#kk1dI_v^1|znDr;-y?bpyQck}p)CNjP~jedS-X{rb66fMDqW8Y9m
z;flg=ST${J6!3z=&4wtA_7;d^d%fAYN8A=458W=J3vsBFm6g>Z$Qpj!;6uAIBgkle
zf9rL}I3S>|&HWGvA*+^%Uq(F+QU%C<XEZD0(7Crqke9Zn$r;=mLHEf19dId3&G0*3
zK1a^NemsJlAIS5kX+&m04KqQf`t;$$O_sVcA#b|7ONU%oa^E*Fg*TTkxEJ+3x5s`$
z!QPZZ+@ii3oG}kY_)rZc#l~LWWxw-bm{r|dC43wJB<rmQ3Nx~^Q9HRn2op+Hwrg8M
z`UO;32Wu`7$CLMm(T(f%uZu3HCwM9#mL47*fyrbk2!HkX*xhY-w#Oya!eI^zED$v;
zsQLMYg;+<N(2)S`!5E`X%621-N|Y03d`q2r8>MRmT@c)zyLJ)LRUneVjYdaDhef(~
z=0N-bHU(s3o>3mLEzfy-)0y=pu-~l7&CMl7+rfM4V|wb;eVComF_8a4l{bl0K+?LF
z7InE3!B^nhMTsYY7&%JNr;s_|&@+4PWoKf-6#nVqOkF0VYmj*m;lnYZUvE<r9l0N?
zI^{LL)bawCrshu00t;j^!p0_xf{)>VfPe>4u!&SJ&|07O^rUHF{P|5nEM$~z&qr&@
z0i|6>O29nhkQ|u_od*oP1fr&P@1e6My1FrmTOF-UIvCt6@j*K~Fh_0*Jz!0`=u}-D
z-0q;NSTB7Id_X+o44cH5m^$5k6|b$t!(_fvO}l&jJahR$e0=ZqNZqyi&KJtemSXOV
zEW=Zwr7Q`_W94gi#Q^lYCscu`)E^my_tyYIOQ>FdD`KvxDW(aE*@E4Z^_<U~DtFh%
ziG#{~L25WV?j|L<*x7vnu0Ao5llQv)4CRPG5k2skoz6=49W$Rip{`@P8PpfNA7CpF
zh_HtDsvz|1UX5(cZLAds%PbvHkF#@vYl@Cb@J`Eu<(5pA3qfNO+j52Y_|&wt1O)^X
z@8jypq4JqJwB2oDAS9~ya0q9$;jB<oSq@3MK+hnwq~*__bBJ0*wQp?hhP`z1o19FS
zt{APXuBz~U8?SEv*2Arrr|mbq@>(aYvA1dW;CP_mr(riBac0~Pkm9kjwRu<*%{@|T
z8VD!FANJ8|#iqhdj2}LlIL3cqQsx_~<Th%3xFaE__d{@qvty3R?sFC;JVW}Y^SiH~
zx%sWZaP*hS=r%o0)3F>6>bQv8)>m&9ST?<V)Ka1x4;8J+J}&!7Qb{Rqb1CIC-DH&`
zq+9#0%YNJYQvO`TYxWoZHyY3QHAY`&`t(64j(~svfxwAD7lAkIad!NMv|4(W{YLGD
zpH!tP=|%jO@6<8%I#Hii>I{z!Pvo*;-7Z{MR!g<FmntT#SUab9NNnX`S>MX$$G#?%
zA-xTEe2F!o%<vJGn}2_D`UzV{s8&%|#U<Ic!y7)k*IU@10|;Gi`QjC)VF-TJ$mn<B
z>|?#W+}v=HJ47v%W`C7vL2_>(W(0TxxNwBnA#)J7$l>?1Ez50TaSA@B<FSmDUk|yi
zpGnjr(mnwT0PP1$IW#<+V%E2T^9n`%`#E}#(0_del8E3m9AqMQTGpOjKY=<6XRLvM
zkg)KxCHJf*61pePo)y5HEh55L7*(N*I8Q=`6fc5vgXw6%lF+<85ApFh^#e)Ikwc};
zfoo-8z_dzm#ofgqRc8ek4UR6hjc{-A8cAIflokvOmlryZ6NGAoHzZqUN9AwOZkKhj
zv3cpbQB~xe8o?dPnL8|By7ws}BhZ(jsKF8jU_Z$Oq*qn72_wMgfBwX!nW5+Oa|$WW
zP!PPwB2r!;dt@MBl-||VHBqSExwo*Opy%Y~k#a5Gmp1@3Fz5RlKOHfpQ?k+xy3AAI
z?;ST%teASN1qVq;PvgTUIr?&}*Yk9;*M5tU`lKa5u1piq<0$dVO@d39W;;y~Ig6bK
z5VD0{KP|235G|A@IKS`<pWmGb_Uucu<P%|gUSA$IPc_IN%V-l^IKHTP_Dj0uC#t~?
zRWeKCB)5fo&vtJh0E0#wic}l6)8^*pr%r|Kf@v$kCPM4_jC9sVY2hBv5kY$ti<1x>
zz-|iN4sjrb_m|h5K8TV9nIrJcozT<-)QhefqEJ4rr<-!9*zr(0@50vY<yHR`u5hFa
zBT*oxUo3QY+{hW|o}HbYQSbn1e~&A$T)8T>rTj#s>N!XZ=zh=5IrTr~*~v^2HuEqa
z<p`>MgU|uUdS8FkXj(EwTNzQOc1V^v&9YqQ<F<eZf9gXurSIOcQ_=AuM*<2-0OOtk
z5i{wcJDET7U%xRH78XWMyGS0H=9}~0+w{2YYqS)w-C<SZJ1ZY|TL`(w7SI)Ph3Gq2
zMjP@G>kF>6P9e)@W2+FXK$Dd-RG{rdZ~$!$^gNL5g@%<$*I?E`dlUSmlaPL@U$nCN
zgkh*p@oz!frd1_IzlaoRWXGTdhf2jK5e!5riUDGzAfSS@v@OT0s;hPFLCxV3G&D3U
zr@r$CvQDH!KuYF}MhE{UG7o@sts=ey6kVSDpXM*<5}<SWiL)1VHk4sLk*ZuVYF*Ag
zsNRrdk%`diA{~|5HvkR-(C46~RyGLDMokaw<{A9q1@@VGFc3Zg!H6mb>B8xU@kTKG
z)!fHNQb6jyQO@E3%87@QXp=iSJ9VXQM@Eqryl!pv2S%c&udfSWL9&S~n;JIYe#lFg
zA^VuBJ+>FqdqipxKFpEZDE)8+D3^{r5kT?ybTzZD2KF00J<!exB9_;0BF0?!_;8Bf
zXc(TC9`7B=5(f2*w7XC|fS^ZV3`o+7l4g6;?+~|~$vVcZ^F#(@R64zK#A!4t#2``h
zMl?3{>!SaYAgZ1T#}d9N^Sn;klvRYEzpjL}*e&2NjQtQfTD>8xmUeb=SfL3Cp@|pZ
zr-e>gup~koQ7I^dBew^j!9lYCwIS~cz^^2%T96gGOpK<E!zGdTpaMVV<&~wC=mi;e
zOql3tdCt4ZBSbjowqD5CL7R*b5H=vR=B6ghk1fCjUm;85@Gr*W;K75sOjZx$P@ADo
zg#PedQxmB+@M`llJiIj0uIQR{{Rsl=1aAZk{PNDmV@kbXK=?t+r+4ln9V8ZfIYW?9
zUZxpq#$mnL_YR|v*B%Y5*DEyKxqm-0YM)%P;wn}V`S#a9R@~9IqkqenvI(v^<AJjJ
zFG9=HgH9g#MNHzQH${(j=x4|w*(IiG!dA>KUjvvFv7>lYOMCED38WgJAyy|Ou)=rE
ziF0j34{aOX_ova%#$t60%nl%2l)xp$#Yw=82@V_?5hf;n06Xz>v?06P{j0TABTfUT
zbQmNf*39gfGWsu`!sbCO;wS)A5&CChtSLU0N)M?d!f7$V7F`5Z_aWrUpSuXEIOrD_
zB+F<#Y?^K=ya)P=dGkJAUSPae@$?$D5ED``?H>Jbs4P82BVHT)GDoZ%$dOBh_O5LB
zGJupnps4U=5KZiO;lgv&gh(yD;oez@ECe*;P@F$Jj7E12&q-U(hv$Ks_@#U|?$@kT
zWMpKlF)g+`7zFz&d=Av0kh3CmC%cbGzH%G+fX-=g^8J2c;Ta(HC|LY3TABCc1Hsd$
zqg=$E0U2QUl-dUb91Q^gnWtz$&^HlHKqvF#<xabEMg`_FaB6h@!DE1|=J<EdbMVyu
zbjPY^#{^Ng85D}x514%VfG|%NeQJVsic^&2BYsBh^pQE@QYYxxPS?%v=W}xf+TW$8
zr9td2_Oh&~Xb-+C^fw+xa;LBF!et3Y56Ac)6xDzOfXd+78h>*?VxFMm@V$vF3OYLO
zsRmorV{1^cx`SoMv%)F8yD7pOcN0c)uD;m13yns^-t)k1;HZF>11j!P$Q=v{aNhGr
zgYzH=#2jkFUpQTIaweckJ@y4K0;h}*Y61NJ+P)wz;0N{xtP5d-*N~MKRSaptSx0J*
z-$0lNFF=9HY|Zl2fgqR8OC(Nn!@(-!H%Z^XL_8)yxve5(2U1BIcbi$ibqZRzi|>Im
zjW4XQoFZ7|8tEnFUQ7TLxYI&BGC;Ok`9?NsI5}CEnPp*5C#?R{JDDZOt-d*&>sW@`
z16x|p#6%jaCFXUVPP(O(x03d*qcx*wIJ^T85u}1DzZDCcNQD7$lU5t}HE)zSb#nS+
zJWy)5k!K;Yq7Ii~LK6Wa5>yL%Fwn80-Npc1wJB=sZEcg~1KHkV*n$V>D(L2+3MeTl
z0VM&gJUfqAVzZ%m|N8zOu|#4TJ9;S0nZfNOTJ7$*PB%xJ1CD^OoE&HcOo64$A!^RY
zFgQU0ZY|9|h6UM7O2pRZd(`I7Du1~Oa5H;TH2duMxRHT@0q*o-zF7<r;LP4v(712p
zCF~cGh26XQRyvR6<S6(0Myl#(8qSh7S?_Qz;#AM@%U#p#m3(e~6jF0sk^xPgBw?E#
z_>FGAsfV}~W|hqr!Qgw*k=z%zqwt@bNRNhTgvCL3oyw;!x$bz*5-XyPtceQ>$skCu
z_CyK*(v&6kvkh)kXyR87pt^F?f&ejV0qyz<7!@Rk6SJ|=Lbrc~Fd5tQD3X6Lc>yRN
z3INpS$>^MPfXGk@&?Lq~!?*f5B6!d24uGXVSR9$Vt>>fLaC#%@1prJ#-cu?836qJ`
zJj+Evdh4A0e3f<}6w7ZV_EhCmo<=#q7vh4E%{HT^Bt0daOLvrev1LH?EwEcEp2f~$
zi161@^<}lWW<?xNo)o@6F)Ui;1!$d7$<Nvo*TU)w-`^9pQapS1I}mUpIRJe*5+>Z;
z*)d<wd!hrt&_g-KNut8iRU!(k3NdSewH`C~K|qASM$7T<;|~HmASgxsi)?!Yj%i|<
z6$RaVwHIp1Z$>dDE53_~Xi)()u8u{%8T#TyTw6FyP>Ae7=Yo5lk&&?kzZ(^$>1rIW
z)Q`7tuIaI8`=KKqP~~#3cU;-FUhl-%7W%haXV2<Ngdfjy#G}kOL5>O{QVc`E4LBLd
zR=-$aiNUZp2GJJ8l%Xv5;2(*P-*2=^s9Ql);w&<`a6x800uLDd!TQH9)YLSSCnp<?
zSIHa}q!#HLF1E7!PozTs2uvDu5<=ODXb!wF1Z2oy@`z3Jk#Qs`0^fV^0HEU<fS@za
z3fmGwyTz7_<f3gZ`*}TQ{ke`y>w=%3pvjYm5I%7xdI7aSDKg@+y8_F~(a9+>F3tzK
zBQU;`qYAf{gLDcpAtxYz(RB4YZAE`cr|4-9+j|OD-c)hm^C6U!;pSF0mRSxKYbXy}
zby=7_>b6h`_5%ZV#*PY~dfI@44uK5lEOH(_dcH@>AiZ<x?_XjYFYybAh%~E#tMUef
zp{}lu`f0D|nPcgNk%X~3?E}LiUaPnk1tJBA3l~sn!XL9!r>uG+ovJQBJ@!3^^S6V-
zW|%c#hO#yles+{!Sh%TyjSRD3h0T3X+u>vE%my}$QrN@w(cOggVMjj*>~r>uivGAt
z#&+z>(oH5X!7fM^m=!*l_31XMqrU!rjs!^Vh*T{$m_-jAWQg`oEdPxxyz@Xcdb2Vz
zMohimqqyK=U}rC^e6~HE<0+FgC%QRPK%S{;-Yy<GY?54;W1DF@C0U8Li@+u5bUi5)
zph+*VtYzB<7QVi|enDS!={v@&-~`0n0Xh@l7r2T<naO{N)TUbNo<xq-l=2z!QXJ!$
z8il-!!&Cgo>&VGja!FCxSS5k5tRW2<MFN>t8(11L_JAkwr~x3uVP6H$5Ln!fYFP>g
zAd~yG5=0?(hIeL<9q>P(w2;y38yH-N{6N9lO&({_#xSB$gaN(*gJ}mq7fFL+7)S)s
zy`8;1b1i$dF1Re(Fm9;ov?C;W6aEl6bJEtFUpjAL6Je8J{D@k5Ckj-8CdFqU_7Q+1
z$Y-JUk+mp{G&C{_2?@bWC=>I;P_N^wA)m$r$1w(vwxf#33!ILO3V{x_2J{MN2ucfF
z=8a8FJ%`PiNN{+e`$$$P!ugTLT~GMaAl<77$wDa-KJ)$K^Pdn85tJ%&Wf0aQX)f*c
zSuM!-B@x3F7YCz~M%8iFY-lw9;H*gvt6d3c{o>Un2c8r8YEV<87Ux_*Fcr3w!db9s
zoSjYU{|w2e2_e=*G^GlzdeKkv$Y;Yjowb_K1QHc!b_KQ+d|$f{20|<YdmRQnSv_4v
zrH(L<R1<VxP?S(WE6XV$Kw)TgVhC>;V%F;AsXTOjgo76!TkMmFfIxlK;JbHVzr3K!
z98G-WoUa<+_ptpIhZ1_B>p#F~Gttmkxw{8~agvDC(1|MmlO%x-G68dAc@7@@iFO1}
zTnik&X};=pFxGRBQT8|VR3Q|rwD)u+IvL!Xc)J982>YjZ2LjbV34vsO_m(yBAhUHF
zllSKb7ia!pdfnUwK)O(Mqur|u269R#@>M)^bJ;`O(14UcP!Ode%rkC~r8k`Fl)R1+
z8wKFF(I$u8Nc!ycM@?w(^cyBJG4YABfT>3jx6=uz6mpdPJ*R(7zW;i1NN07-I^NEk
zDqR9U3wsX!lF<QBHy=NmFAzly^?@f#?7T!_+^rd2+bBb!%*`PEks{{IiN7aZNg`U%
zB@wwzqUlKGVfbe0|NDDb*d<j}Qr;n~Q_RT>)ySlvq(mvJl9SM4WBLHPG+kX9R#rKT
ztHYw6{Cx!WSyam~1Zd*?QBc^tj21DNSJrn1K9(-1s>8aEf%^y2Tlc*hu1VOeMCbZW
zAdbGW^6y^Xk5^S`tdj3SbOk+cTsDk$9SD_!>P?ubm;X-7%@2x{pcMv{YtgH#6r|$G
zVLu=k^vI=Ui8s)9Ql~_2-Q7#feyyw9ytkor3C5rTl))a}-pWc#zu~d-fu4c?oT^f<
zwuA#%@h`3PF;+BEoZ{k7hlFl)igYF4yBBUnql?c-g*_#g7yN^ol9Xgot%`<qap(H)
zYGfhi7=1R^c?lQ^_Tc3E_dx`XVC2{joO|CUCof>$f`K2#d;<9KF2;7$u1qBjg5JQl
zgit+0agNI-^%?RkZ_3wKf<Sk`ST;7cg7wiSAE-$w<mJm=DLELL25gC%IJ7^$ZBFF7
z5be#r;Yg$yxt+V4km*5(|C=C+ic0d+)%!`Ci!IwPuGa-`XCf<k5E~nN=gt_8=WpK*
z7+LKTZGQm^wqGU<@6eJN3a$e<Wey%efAQkQF_`?&<^=idDJMCuSE{T^%Hv5LA3;Z2
zGg{n7MHa|^Xu#Jzf<XnCYbOoOXy~i#&==GkM|;g2lw4DzC!|%0Ai!o6(_-<eg^eF-
zbZfPEUHC*nz9P-HoHgzYHFY;IGJLn-lsuw^$DXJt3z3p#u4s|l$(gXU<X6N|1hBhY
z@>kQ9O`^QeokK0rNPb3(I;g-!Ite2P4hI*OXA?+^<+4zkjB-w=qjIJ79h(5v-tdSB
zUCL~ous*5m7Ab@E@};-Xp|gbu1FiMl{rUm|-v0g_8*zQ`x~OAD?0O21r^uQok12Y)
z4FuIvbpt_VTZsq>e7<xs46^`m=r2i8?3P{so1}aAPIHE-TnLv@XlQNX!W~Ikp~1XL
zZMlP)c{&-U4HZnQ#nwFnY)Rth3J!GBPKO6`jK+qhrpjuU@SI3xn`32oGv)8P-1wQ#
z2F0RL<-?4=QC}DsAcgnx@fpN`Wu$3&Z@;g4{N+AF?vP$@vB88;XP=XYCQ}+clj#+D
z%nYmVcT>gB&GCNh@Q?l$Vj(rp`@j=f;y`r%O)OX*E3^Z39W%%7$}BV(<FCKH)O5V6
z?^U^CP_fkVHG$5O%fU?_O1sRm!=5$puNIHn#v2H96Ka>ccYk*%?b=307NPBoF;3+U
zZ`sU;&`zKn35rT$qq@{|Vb6OT>(RJRq!xLLUO#W-IZ2fajWxa809tK#5_e-x*yoLs
zj`(@^?h$i#q+M{Afnzr`Hm<CwIFT$3SNv4U0Nn=4F=2U=z)V3z^Up(i|0HmI4MY#b
zl3>r;Y{fw-BEb&&hp_|27-)t+Qd@}{WhPZgd;c>l#Q3#gr)X<;J4$#x{|MU%3>%04
zzDrr@9A%SL_SRf2YB+*;6r-2)P#bo6qvHnPm*4||H&Q1*iD(YKsTu!%o0z8nqLqNC
zX;x1)B}r_gGIwh8d_qO|?~kO&|C7lfdGP=C*MoxHr2)SCX$I;3`%ec2Yb^>V%9aLF
zU3ge2IG0@r^EL6uyV%6k^lXIiM9s+j^-^{IKZdN-oXdFx#Jcg1ck>(GzBe_%Qz<^1
z>@)XrFp<7HfIK2}ZOi|D^7pX#%-}eQBbGl~?`2flTYfxWb4y84Iq>%)#f|?ACz#z=
zT%x0%zFXt(C2yY>4xZU}+N8OayKMjaGgc$%Xm>pNa(C?c;+tBzKYvRW6sc}p550GV
zcppSHSc_i~tYK=ZTYSdFv{!~PesBAuM`KNRtTwi+TR1rt1d5)Z;Ty5kS1#KW)}_Z;
zRHbq)MpMX+wrx02p1N~7w_s+`a+`LtXX27;h-~J&hR3;{ZM%)wTM~aiF;3Ar9Ce5$
z@$a`_C4`2gz8*JloNCQ=7LvB(s@SF`_-%@=`|fQsYkp5BCvB%wR8WhS6+_qew1U~J
z?H;drlCjaC+IE@C)h29JCMz#W4@4iAseb=9FY-pX%?ag5!b&l*xbAaT-}Gn0RC0t9
z^V(_d3KbL6)3tWIUbTUr_Hv|U@tk-0CMb~iO_15bCnt79>h-dc%!jv(QPs^ps`4kz
z;$rcWvh2l(@49lqNZ&=b;L+bplAG4q<vN9avX2Yx4&PSxY+qWfYvSn(hOX*%+Ejtl
z)Veks<Z4G(*Yg3j^HIKexdqsq6Gr=D)RI~6bC)%78S`Y;j_o!kzK`q<oVth2KJc1f
z<fu+-u5XJoER7U=*U8|=-8z|nqndN2oAn&0GaaFot<B3X);S=UPam+z-YKNO86$1d
z<`%<qE?o9eTF<+8w`<u$-7KL@aV|A*?T&SL$jV%uTk$5X;*i{{@%+mVw#v$Qm4v<0
zB3}P$?LE^SZg&*CBW{^=b@%iPa*9;s7Ubs@ls+l>JWH1L!FX_%Kc07uR@CRy?B8!)
z{^bJu<wwM7D)UU=G>Fj*ZXz~1@n`L{4+BG-q}PGToS_+gwjY$<x*lqw6RQ7R=nGQs
zx=g!HEzC@au38mVDxH;PQ|^-Z-wG6Ro)XM;R@(YF`^a}0!Pc-b1?50e;=2-mq)tuG
zzBQ4N<>wvz`dd%L_b=~sp_Xz+^naIUQqI%)MJW-v?m?dcr3d*RH};U`|MpOESC{F6
zql;8#^zm6NHBy?@VB*CPe=1H5_~)Ll?b2(Ny1l#8GV*^vQH7)U^FHd%*DsXC{<H0M
z4{jU^8-Mrz|MkCz^8cadu<8P5f)_Qh6eldzn>hAyzDrq;pgRVS=HwP1Q`RE0JIb7x
zsZdV{Q_z*}BqzSY>R)1&EXXU@kXo{|_D;~svgRd$`j-%L3E2Ul7!AcG*y_=o0kTJV
z>M2KDRTIO%$qwRhRnrlO1Julx=Yysoz{Pw7Swv|szzp2n(UAhMBO9#S*|R@VQ+@QZ
zTE5KVghT?S9s2wICz4;3u^JL9aCz|)p=2TAfm*C>Y&PNr3GGH12tv|rh{9053TkO=
z%feUu1oUIm$S4sLn**p1+q2WaGV{m1I5;x(T1pLwt+G(qK-_QZyNG@$wTJfYUnWLm
z>84#V7k0=RvBw7n(zXr*?QcvIhdSo7Mdb6nM1l{^YNcl|fL2R{2<dUgys{M!$nVU}
z&zF3&G!g!3Ypa2=anc=n+QVWIt#kR4JCI0ynMubzm@nw|(#>3*rt(8w`?~A-b+eqR
zd%C#>a=V>#viU;h5y7gVNy2a4QQMll^ewp6$86uEz}bbYi2~YcrOHt;NXqqRpKRQ$
zt5h3IU9sp(pk9DZ(GviWg03BCE$omGzbr@Zzyu+>Hpmvhn~R7ng34c9Y%T>J!z)mR
zmbs*aVAH=KlZQ5}0Tn=7+YWY0wk1VFNTfj2|N8pn3kPMFJ6vT<3&RT;dXGTLVpQY<
zOxbeZx@8MMGEX7JckXn?sf`3WN~9Yja(A@rt!2V{msS7IUNW4%=m```?2>yB$gOn5
zQ4yFti3Tt_Br8;expdxrRlM(VtilR9G|tNa_yQak=A>@QUsDjF=D5cAVL`%QpE|6Z
zB&FLK^@rq4Jwy#OdTMH+>FHc=yz&_~-oxs~bI=zpLM*2R`Zmy1w_;*+_4U*B9>Hu)
zL~opVaRsP_*ati*JR``5V)%@p4m8RGUqQ@zd-Y0f)iyi|Zj*4L#sAk=t7~i1NAEjj
zW;S-4NS+Q3o}AxFp8oXdJVZW2<(`NkN>fc&h(H;Q?(Nk-DR2ZAphP4%#0!~)PymYd
zY`}Df(j$<?Lk+Uu`PeFOVMlLxRuE^Ra0XAkx7Qalt3brioe1-9pOlP(<ZkKxN%<qb
zGprP-;*d>>{ei_-3zb@^vV3+B1;``t8BnzQNL;N`5Jfi%6$-S%(2u+Wm=JNsV+F(!
zO2H!+=DDYo4`4AYLQso#mXVfLZ&s9ooL59-77{S|i@zTud;*#Mi0HpI7CA&`E{)Fx
z$@WMt9yI&m^OX4;bRbrgBO_OkPU8EGTY$L2?oov)V=iabiTf1*OWIek9Dqs#4uIN?
zdhgy#=u#o*3i}#_Y(QWE<p_~52ig}}k0u5MJ0?E-002OwPGKGT@0LX)iDaKEimAi^
z7ehX%$DiZB2Vrs<vzP(;;4I0h&B(Atl(#f^CA4oeq*2L7FELwvhjSJW)RC?kZrKp)
z90l%>AD~1fA=!h*p7;r16*KfE;q&cCN4^z+8KCCgqTr8UI~TeP6L=1ZuH=9V>mM8v
zKqw>p0mLI~;1uXXaUe8XNjJwVPISIJ<3!7Od=Dj^>;a>RhdY+Sh10pCkh+c>GU9Z3
zi|F2Dkmb_ExN&3zi`@hhQXoYbBO=1XPha|FNF<}mf~N!qgL;090c*R1Buz1b=`#@D
zHGmjQ3^5NX{eKBeHOzrWVi`V4oOc`JirjR8kK9>D_Uf727+Bne!}Zgd%a_*(u^%Sw
zS=E!!0kXWMkqK~T5E)0|ksa_S6J#e?Ek<^BdEf?sjV&!LgL-99wE!Rn46B!_gG8cz
zf`aW(oZ@lyKefXmYrH|wXZIv`7^l7<l4cn?%>k@5N3t+7F(t&s5i>domqCtszEPX)
zQ_x5!f#*m`F?Js%<_JSMx8*RtWW42N?D8;8owtDKF!FC2I3E^r4RAgP@C1Z~i7!ly
zL4!ZoKoTDm1*+=BNO8EF>8%l@`wga9c5r<Sd*A>-Cj`X+p4%Qd4nqqIV&+2#^*b16
zpScgujEsn4(L#{*FarT40&;<Ca-+wUa$JF5=a7(LAkA~2#t1ow-{mK03J`_jHOC>T
zCMK-EDE~odrm%w4)wf3_ozoXw`|EKE!bXJ1%JMW}#61s=e~c<-ss@xDA;-8LL5!B&
zcqjKZhbdoEzielh`ESOL=sM0H1YS|@1Y+nX`UYeRJ~U|KvjZjS0&yUj9AWOZ{yGRH
zm$ZybB-;^L*w-L})6dcpyDaZ};ldw?W|z=KhQ*2Fv;#R#PEKA9rvfa}Fe0?Iw(6{-
z-w$D?qfh~ZMWj|UG4cJrKZ%b9tdE$n@Rpo38+%X(LA))1VU>e@e0<0cBOcEI!OJH|
zegNA>KMCXtyYxpv<%|G7{~RWMJ19TJib50zhAPul9~^Y)x;c*%8BHx-km{;63o{gX
z0SvqN_Q<7kGcZ6CKG4_q&~(AT`~!48MP$?zk4=g=(NGQyEQ9X4hz-{;zlS7DlR?k~
z@qWPsYzTy`V_1~j2H!>wCTIc`<>E{V;u;^Oi^-y?oPKD6Qx`i0dk>&zSfvN}HCTNY
zN?HnyH=<LWM{TbY{Z4zkkgn*5U6hp2q@g2qulX~ML?}cL5P(zrABgiBToSlxTcBwD
zCmm(K@R??A<pd59K<n7wgv&yMSpKI^yRBro&hh$~!+ev1_>DXd4DzW2pnC$)FHqQ2
z3|%7gV2DTL2g4j40|Q>^!whp_b|mim1?t<|j{~UEb#Qc?K&%I~Xn{(4&Ox|{(f{S<
zQrHnr{wp9>K`aH4dopyUJ%h~wp^*5@P*y**%(`fyuWy5?C@@pxB1P^9a6Y^Oq%sI_
zalKTmj6PW%ajJu>$f?Nfn_WP}(eV8Ux_+v&_2@^>=DkoHDxHyzS`vG5Qf^KeIRYLs
zO$zJUUqeY6G3Nw<)aNl56u52J*%Q0nC<Kl#PESvFenA<>di<oAvNU2+*4n>yZ@>um
zLI?tG?cv2U$1~V&PL5A=@?ZntX2qP`4jctIUuUtK>yj<=jsE`qyZF8T9PskAda!PD
z%hL!NI4vK~5u?`drUn~+v>H(wR+!`v0}LBCFJ{Q%Am083xmpPM3d_?;^1Cl1d{RrR
zflOjAGjndO7}Wsn#a6^g!YKe=j}DmPeaI#I9;i~El!v`Z7nWOMMgoF~DjwhMdrek^
zI*%CfTP0IX3?|3Xi98wkKc9CetEA(m1NPexj3roT!frc$Nx?yECllw*O<R<5DwcGk
z@p56>#~#A<f&pBB6d$ov<G(O4G)(=AB2uwZIxp{idlKh^il-gp-V2uVnHP;K%6F`|
zZ>Z$f>^C~VI!w_h_HKWR^nk`?=AaTq7%J6b2@+iW==eG|{C7-k!7_s{48_uE0|Rg9
z9f%kR=t*&)Kr_Y1^`Kut3}xu*!se+4e%Q)m#Z1aL<J)vUK+&v2U*J4kQ;kyvXdBRW
zUHUgu8u#v;>NxVnHtl9kYDER1NSBZ>kgvQxMqUb*f8V}if@)%eE;nJP=mKX)<YwUF
zgWn2h(AWVAh(j-88$vcKKBt!(V!eB-TR`i>=q*j}o16E8r715bVpNDVmF->0m~=sZ
zX&I{+-JT@TjoPMal0oaH`rQq;_0ZP`7f<9HeLJK|v%{o;CFaL-)Y#U!masi)vR(XM
zbe!!1GPbzo<=2t1fR{N~2op>lP8SSlO;7OK<xA}HhzK7U@|b3tlQR<{n~FMky)h#v
z5LQJ%Rv-zn3EnDJUiblw9hF0<kvEU7d<_E~-G~8#OT7P5Md-{4IYTGw>EZDTlMnso
z(o9CuT~5H=8Wk#z7YjuiB+iLzAIg1BvT<w@<ITE=X*KI;V<7IW`T6GXgh(qU0TG23
zXb&J@7Dd)7a8yQ~Ga>a(=e8#Fz`KI29((tOFW%2a>bEFqYk&W#UXg}jhy!ua5MCt=
z>v{1I=8je(qQKgDKzpMys!;LR1qf)z;7TnX3og2PTehD>KBbK~s_6YgLlD?Y;!47;
zId&G`1}ZR>A!UI$D7@nC-i0+C8cUc+faPna932FT%za9y1^f>tQ5hH+J+p10oilZd
z;U$KBXvT*;kgq_s5QU+=2$DZm)ozw=#HEPEWRa%OHA}>J3C6)Z;Yf4SM9CXYq&bgU
z2yFp<;_(@#I6_z6x=#^<GIlv`TU8Y0dk;+6vm2C)PLSUlHQ{(;r_|ZBLDh>wF>1Ma
zc_8If+R<Dvec;#6`iK;f9EC;Rd4Koo!ulabv8H@seI1?w(mqqMeq?v0gL}XlGa+6{
zpNVYlnvjJdQy=4LKPzChq5BbthEW5^>rzgXKc`Q$pP_Es-oaoRnSM+;;RcJm)k1WK
z>)-jsm){4m_hB0bTZNklcYIh>l(2vR5Na6GCO{uv8DrwnTEai*hv^R6plEvL9}apM
z@=`p9hG<P9tPeB~Og5eA#{pg91VD%lMuUs<^G{-|2i%pY*$~V&40j(?r{)$GkPSqh
zBP(Z(PnPx35ZvpGrpAvA8}bs$)_T6w2MG8u;EchHBA8^;JP@ph=AfZIZ3m-p07^-0
zJFv$S7~tWoB<7t88XY<#FdpTT=(2EY<A)4D)A91<ON@@uu}6g}9U-2xCnjB`;RiG~
z?9v|lK)e}$@=LGYxqbU7-0PTK<0&J{_l}22Z;l}!kZv>E#m7U9BIV|CWx>VZnaL55
zyY2OJr|G_;bZ9*;DN}}$tXhCU#MyzCywMpl!(e?_!--cOk^^FAaX2s#8(!=vWH?LA
zh+yU7ylD4ETS1PHX<)UA<ubW8?5lU1kX|)Z7Wl!?pQ6Ss@%$8Rr|ZtzKbS%Y+Qje1
zCPY&VjxW8Uhv5sm;3C>ARHitOadA!$*9PK=Q3NYW#lNIH*BZ-@Us?M~_S3FPuoYI;
z(Qk2-5bYwSUiht%2RcE<{}i?B5<V)Ca|5;|<?^x<>Q0ctL`N`(!o4f#8B`x5Q&YL?
zHLg3RY2#2N2O_ctZ!Zw)o{IC+;dzkKc}>3KnKN=9{HgJeNW>#h5=Fy=q0G-pOI23T
z01`90Jm;G7Kmxx`mf2n1_WJcIgewqV@#`HdXWa`$$aC0%u{($H3t-ygGL1EdcMAhL
zda)N?_5)Q<cY0r4^R1u~<rbt#d3f)LeDQ=f0L@Z4f(ecuJop}NnL#JVi_EOwd-6Zv
zri?NoB#rp3h&I8hNt=XZqk$L~2>$*=(xKNNgn~PTN%1rx!8(PXF;S|f-QzfUm+tk0
zBXBOO-K<6I3pOv5Vs3DKwD36}Bri=JBY+I$z^w&H-XHc1j=IcD^Z^i)px07SQLz>|
zt+j^xA10G!Sez*Lh?Bg(JZPf;))+!1G*+-t;29zu_+>E8PKcxgFV}_dy>Kkwh!`^7
z)WplhwY8gpkr9>`=oe5DoxtG)xIkKD-#lF?N%v?jqGGXE2m1S~|BNRAi?GgSF^}Ta
zp_L?_AC@Q<-{@7|L@k`+h^)-nbI@M;@L>Qx=_aVhpbkKjNX^}}hYZf*8F*2N`#W%b
z4L7~?H3nVYlRG?d0HlRMB?f8cDwsz4T~>)RrG6I;AaR8}(vQmzF@6<Sf`~pBwhHA3
zd8u=YKY!};(M=TkaY@$zLPBLmvDvqa7Ncc%XG1)UPUlGAT7d2g#lP)zO<%K9F4sTd
z3V~8>*J}Mq>54GfPTv6fLVKyNSr2Ei2+O^`P+Z=G(UYIC{>)PKXFZqmJb?cUI+p`4
zcY9tN&+IRW4RKUd#n;P=_VC!+7*+~$Bi8z>HGh1i8DGb@K}`)dI^pw}dpUT*_8)Wc
z=Frn!_QPb0Og&rxNQ_GtwZ8=I7G4aFCTl5c3-v^;5Cw#H-i(MifCTQ{e7tuHCZ35M
z3W0pp4ht2J7S3hzm(X~m(9jDY%(Z(}Z2wgABiOD%P2(ZcF%&BH23pb!DBn^yU3v!j
zK+`Ji;BjAIWx#U=H<V5t46UJd3gZjR+o)Ma6_l33e-JTsswH;TD~+e$Ow2?7sS`Ir
zu1NbStWU=QEmS>vlOMl+HIi9`sL3T5p;gwQ3F_Ofw!#s09#y>HT4kHK#vy-w9nwMN
zFQF7%SLQ3?gS#&#uL&@jfS($RzqiVzQ6lZhS@C+^1f%Mfnr9fo_9GQ*{lwfNEzNFO
zlv;D{bVxZ)IT^n9T*HT_jTG@AL#@~A`NHN$)%kS$${9z$4D<1`N$2)BmlRjD`bd5|
z-mSCBTi;>GM_M&>d2*3_n{pA$bg4q1%8{($vze7TSv;ob<(7>lnQI-5l{487?F=Wm
zy4E4-uis$EdHGz_d&^(!`v9VEkY8Z5@NzMjM0d3zU2oaNOpCFndgS9mN)V@|M|upC
z!H^D>eUJNzl0fyutY60Fj!&NCY@cRkFZ69oQVlxmn9l0<aD$Xu-&gZ2dE=r3#h19@
zve@{$|I1&m?HP^xQFcPKii_CMT{k`SZGm`_@zI5&=)<Hpl<ocb!FJ+_8kzMsfIHSa
z4kv!py&VK3GsV&4A`w4X?Wca>AoFQV<bm)OB>6T{(h~`ybtt1#S|?%2g=7J-?v@bn
z6g9KCAl634{eVl4{6_f9!Ynb8t#kdB8aIN}(>tLT{5Tr@sjIsiw^xfT`Va8{H{o4W
zR@WhBwSO&p{yS3*26+09CpvTl2XZrI>OF^~nb^K)=dr_Z21&(sIH~^Ur;8AbK<9e<
zTU3BjXZt*0$c1w22reCLj<T~QUe5{S3jdup^5HR?7FTi7lZwx?Sj2Ezqci-WkZ)93
zUcOT7V%AZim<n_jnHV9QPN)B0zknTj4iu5lc1~jzL(Pj%ZgwFYGqec6!Mc$G3_a?R
z)aQ?>X|~_TVT9@y!{eWvOgRc@bp4E+_E6IE3#%IeF`c!P1gjFL^*z(nxwN9H$~;vE
z_S+)omuGG;>(cJ_3qU<z00V5G9obYvFkf_@j!<qr4QrwA?me9pts{cW@7z_=c;egg
zOET7jWwlAt^QaqjtdtJVCO8@!zferNr$9xn^xebU&@fXoiplqQufF-U+rSh@6|zT1
zt%H_dvks{SNql8USi3;Y^KGy2!9Y_j<Bd@&|M<vN`MC-ntv8Kj2^ZsWO2)-m2}Dg+
zxY69e5=ll<$q`9O`e9N;o@U=*zVvZ>@g<1;VY-G%PrU~67Kl>R)x#XOWH0oFh1R1`
z;k&s7qIi4&>%~1gTzR*7PGxid5K2REW2}>8mp>#l*!>zvOWn7LfYJ2jz1~k#I5J9x
z)&o%EI}gVOr7j_e*2xfU;G6s^`6EB{l*CnLQ96bJAJyf(&1FmeKrY3qaQiTw4%*bd
z{aw2mQeEw;<j5L5SWD5cpycK-K=}r=3KbhG-Kz6Kc4M-}#-8~P)Vm0a&Lr@|oBe)<
zhH<zPAv;F=b|^7u2on6vq$HN{9|#qJd>EORjks$81wgzZs#%N033VAY=EWrqu_%=$
zOhc_108JNsBIO-#-_AlN3|@Q%<p5G!bQ~ZlP<GoEEVgc0<u`}?H6(e7{yAPrM8ToP
zg{nr^!Xh%S36oUut!M;lM$L*2&tnloMdnVu{luqNFf?!qJbv^@_mKfy6-4EQnR|p_
zd7k0@bhxbUII2+T+bJpXKt%EHdSL<~Dq00b6p1%@FR%VG23|>Nj~du#4@1{aq`|<R
zs3j1$_EmoU0_sg71Q%m9trr#!M_HqqeCY`7tVzbj@6*#zeyc{Yh83nAI(JQCok0%U
zjB_}{Y$S*r#r)#*hedQhgbvy2OgWJH%ap`yMPZCW#aQO$?8cWbxsDte^yX>bP_5!X
z#wK9MT7bg`naT;tHcunn(ZG5tr+1EoCR~J0A4=|849&(tVeJWHJiPSpV2=_@Tu1mP
zQeUUE`Ci#RMd3qGI(Xg{r7ZZKc!=f*P51}!f`K&=xaJfH+l(f_Y@pzuLU9BrroxJV
z#yH(E6C%)1GGh+YqN;6HBeVfRP&#iS)jZLlqz+@OS><`5Rv;942D#8vCnO|514YR5
z0c-LF?b9y%fbpe8TehWIlR)7#_Y0un$1?X6pgjXBpV81P5&-c8`X8iF`tZ}zLA~Ju
zO)j21f?Kca3c;BF>eUM}i)JxiD0UOj%p-0i>P*R;BpwI{$L3}@d5%Dp?A?&O?{)1q
z^nb3fEs-kwj)^M6bAx5bDE0tX`{>urk=8Fd`(X(RaNSthTAv^MZ*hxjs;D#qb|Pfs
z04)KYTF<P4euDQy{cN<gyE_Jffq59hYe%pG$}#jc`0RrT1sGIl15Y(kV5AkAmAyfj
zD(wE!Num&h0XTk0c$A>)OM@E;1s~DOe33p7-{y0QNkRfy{HV8EnwsnpyTEtW!NK>R
zMI*cqIQZn$)G`Kft8?EbEC)O^Y*X%?Y1{m-_EA2NL*)VmVn0GY1(Go>c=t)Ut4}(Y
zQJB-b02P7YD^K<GX$bY<`w69_*`g{I(|QWXI$k*-rsW~Lk?Vk`Yw_p^hY@;lswuP%
z>rhe8S%DWJXCv!OHrMoK<vIs&kJA18`Dgk0Lg8={Fmjy(KnSxD#Wp0GHjbH&lQ^v`
zvE;&H%;2`!`o###$1NoV2e2CZ(X_*aaPh*0PeFcB-|=kmRry;BEh-s`QfspUO_7Ge
zl25W2k;J#5UD;Ua8m_KF<3otl#Wg6m6GkvvdU{}jSs!K=;c#k&T>sg#2XMI{%cIdN
z4#;%>zyL5+QC{A0VCI1^*i+HU3dBvpo{zV4-&}YWQMLkeKY#8{8eG8EgTT?O+Fx?2
zOXQ|MxQQ#9x8iKse|`n-?;KDvc$N5_Kt<M@Slmn8huMrd)QW_N_)82^*KsYqdwG*|
z(yd!p^m9_7?s7yXB3%j~HW}Mj)Di}|x>hGDp>tHOWR6rdh$x0UpNJsO)(JAnMA6ud
z)(f);FeC35EZzWpc5g-2`}x?pg@pjv^hFbzDpy8cLH7CX{d-uhY;ho2r;MR676Fc|
z>ofUo8%N@v3<X7`=3*MC8z#z?6MlckS0fCMEh>$SnS9b1@q{1UzrUB6wsK4GjT=y<
zj|pQKra40A<oDx=w?DqVK1gtPx_8v2NtBf<DAA?_3o~Akxe&}?zm{+ZV(kaAJ`~Mj
zLLj~ZA$2?vmLCdRka`i-YlK>J>dBM-iNy}H;*A~yvW8OsfS_PQDOx+}(b-w|A2R~F
zeFFpjm~x*Z2WsLAa5zk-?*v@}<^v{!hZYjoHN2BJBi!r!E>R0B901|@`0-h+C_t$L
zSb(T^JHiRuwq@L(=_&v0PRAK+ND#||Iu9vFiGx>HsJ;(2k|@+>sI<|R&<|Dt8*4D7
zA3M7<WDyxbORUVy%Q(g2ol;L23}tFE#vD+{kz&r+Ck)oLehv#hp=O(P1Fo5lVC-d*
zE7sDqbadCPnfO@6R^M|vAI#nuXO_mh5#7+Fp7{<88%laDoXs!eG<e3pR#b&x#&Kcc
zEMij#OIZ`L0rur#PEK?oAMC7Iwdcb9qDvLb_ymV;tb%W0`RuQp4wM$xJVdDWq?Xu(
zd-nY4vx&Y0mJR1bKMq8kxF`xRC=<sSEI>1esJUE;t7|!%a<mY52Ii97_Z@nUDh&@3
zv0nKA6wn|6m^c;zsHJE4@=|nQxb4$_fNrwuKS0;bPvyQg6Kl{5i2g+fa7~9cF9=cZ
zirx5FQf^fqpSHO1xtYVJ?{|sbt<3LFg;SvVzd2mIgyg`MK{FpU@K|%O_cw*9lADFy
zuZJRsZ&|oob!yn!W}tpttGoq<+ON>4+9@U^l!t>zm;MLDA|VfJ`6qGc14)LKU<uCx
zzTNh-y$|ijo?(U(_8%zLl(@LyLNH~2U<bhXXqet^++*=CE_a*I+NFDk?D$!Wvu}iu
z;)L5P2|;M6n-E}wut3%He#}iI7;XEis)=#Kjq1#H3vrPAdY|&Ax2p>lA0!fjdU+so
zPWAB<>V6U=Uj^Y!@Xews!HAfPlp4)%-|lkI6+{&UkHTW|P64qKyHZ7+;lv2|-S2=+
zTVR%#*2b4=L2{-ed{Qph&*3*PE2O{bn44o526Wcl1Q&wy4X*|v36`F%?dK!o>Gpsb
zr2epJ9j1gFISC26YKF?8z7HSLfBC<B`2$F@t(_gJ8E`FhUwrn`9cGA7a2Xi6Qd=8X
zU3RQ$NYj`yoo+Gk`yiR0f#LGf+@r*n3}ZE|eX(l0b##sil9OM%qSi^zsG#GkYfRHf
zy2bisc)^SSH2tCV0tFho5j${9<JQhc#}xew58he-mOT6>@DN7}iORuGe=h{gYt1BI
z9Jqh0st`M8{xi(eIE#@RNqB%XnlqjuvgpFjnE=y_+we{Q%puvdX_E)LX3gf2K<W7K
zzUlMD{oi3^5>Nc>gHs6Sf>+oF!h8l3?ynbTFJQF%Y=lS+!ZdVPxZ7f!+myI(*N)$F
zK?p$RZJ=B@WLjPL$H&IFcno=8mHvPg2NHSix^<l3mKeH~|0+yi_95G=>3e#*t}UnL
z3tH+NC3;w6{XNQ)g$Y{(f{rDDM8eAGfAL~lC3Y2+YuQdcLqESIEGTc;LD+Ry5U<fP
z2`-OG+T)CC+qo`R7Z@62d*N-jEV2&PiqWcBFgguDavnJ0{PYE1z19VQF1@|Izi3}Q
zXNXWap>^`4@1=%>fTXxM9udTb(X+7R3Am%E0g~%H9`@#sQ;cTELk&EeO|-I`ez+9N
z(0<mmEqFf(oT(I1a)`dhZ_F7yhmsWIkIeP-=8?e%f8;DtrlN2~qc!aREk8V*BJ2Zj
zGK-&A`@J#%-DBcJ9u6F=JdhGZcpx_VCE#r!DMyH^_Vsgyy9t3^Il8pJQE!}}K(H_{
z4Bq|w-$Jwh?1P(G?d9r$CX?;t<hKf8SkU{5QiZq~abQ<6=%|Oo9(#k$-w{+L>Zx06
zng>t?tiBCg;~EoB)I!A~h*@Gfl|FZ3qTogV-66}%g;@}|up+|39*r4sRSsT8Ryh*f
z)e?cN5n~3#jm4Ak>5kc-MXc$3zWM#1-!caJ9bm4RqQ%$`Pk02prfm<w;`bC#`d6M?
zZm(i<Z*1h&fSpoJ*PV*x{p@dOcEa#Ow#t#Z!Pmr7z4G&AO5CO&@`<5<{y~Xx;FbY+
z4EFT)kHg&D#3WhTua-XDhJXMc9C9_qxDZsXK(YimfaE-TZ66UDig;;8c)Ge}W1OvO
z>HOwf_9I!IXKn=rRXHYwM>L`V5K&mmj6Z!ZAz{MQWLXrGDJEaQWAYc2E#$;ve0(?v
z1i84Bju_<q1NWvL4fUFzdkum=yW9Ee>!ih&{V6aX9f74J`pEAD7bz{?_oieQgnSU1
z)AaVO2u8o5tkBE9IfvbKm+{>m-vJ-qqqaH)W_{(k5D&<pR{4r+zumr=@;u7GZVKbP
zRP?)31h|Tcyf7pX)CC4E<z_3WyW&Q`8lLURPx^aDf0~y35i(0%v1GudLy=#G^8*Iz
z*jUY5$;pEEb?*$Lu*L+d3z!Q9SI={;PP=#u-r@?#LK4OPh^jdxA9ymgRHAm@&1egr
zd2)*7T7Uz?CO;tdwQHl-Zj%rH;!v)Y2UmrFEi54HU5y6e`!Uq3SZF_g{fd)b2|rLU
z@$q@_^)J95vE014;hRGB6o4RaVAF<XZ|!u@bLwdc#GeC|j@^kTE9@ZYJ`{jY%@AP+
z*F8u^f#y$RV+YT?*z}waeiuX;P3`%B9B>wpMX)48+0*TMc;4`ITQD3!PZl!pd}=UX
zuMDrgz{M)V1my!x1)f=rZ^)a1_2P9~Tjl55nrrj%wQ_R}yH(RWXGTs`k_K^LZNtkp
zZ)&eZ>hs1&iuaDX23|9!MnEajO@QUC2|2!*jfklHggZ-I2zM>zjvd7^=ARxu_=(<%
zQ&RIPk!_E5wenYwncbC{lW$~1u4+Y99axRe&6r2AU-hGYhxkEaZwVtlK!dl{x%Br$
zr&5JbF}i<Z+|dOwIADpfV#2~FNG0JcY7?&1imZq_8R4H5cQ|e&+4lG6ul4sYH3X8;
z?~KeixM_`VK1uO%rR425uV#<_iEOIXe9^eJczZ>mU2qfQ|7q{5!>U}rZI``m#iYan
zr3DEWZ6V#Ev?8?>q)P<cSg0V4v_URfx&(_Z2@w!bDQRixJ3joK=lpq|`|r7zXFq#y
zg|+zB_r33Y=Nx0qG0B?=bFJnt8E$7b$1z8)7`AXfujxbOhYlm@0InlOX!XJIKG`a5
zec`9QX9KKjF-D-U{nf>-n?K)ZKU_M!^DJ27KwsY@@_aYGaEOR3;t9E8=UiVFUl=~^
z`8(p-ub?f>_EiXEb(pC*0rmn+b;I_S2ev{HI=Lv9pm`{70_vRwy3+Zw`P!H$iV_|~
zP^7HsV1NIKeUg%rl{Z?ZIi|DOx$*2`?7e)QYn{@YY%5{{t~D^R_Jx}GI-uEB{Te$s
zRXRJ3pCcoj{)Z#v6cmDPVd?@StXsENgbP>YqDLfQ4~8lzL<q%<@}p@EGs85(*ku*3
z^ERty-m4CrIy=wZqB(z<(dUO05ABo8U&Ga8aZW1dEc;pciB@>6njNom;I=+&xt41}
zJgA4s3BZ74LlpA6IlGEtS<+@kM02;-KJ^I-sV%ZSsfYYHb*b5Y=R_l9lFi<<-c)&!
z9rlc3tj_1%e3V*<t{ymGf#2LuN0$#LN~}rYJwj|lN8+T;*ILB4CsAS*n)Y)}oTDZq
z9Y{VszoOE*f0{4eM&q(WLG6k23GK0zr46bkJZ9%U4f1d5t)0pzllzAQg_I+hr)9TO
zIa}z|`kQqUDw{p2vd#0V?Qt<@1KscKz>#y@mc;kZ?O&u4a=frR<+f(8Je}Ih)|+}5
zSPnxJSY2R4;EYDQI3W;1^;yyN2p}PfW23B0-_wf9V^Pm7>|;mI=5?jWY|K+tWc)Pv
z>#1<#P+w23&8ySJ8X1!*OPX~TZq;9=Q`?N-P=6S|^83H1>Adi0U5Ao$AOHXzdk}y*
za$bwYg!uU1v$Jk+<0Xa~S;TL{Ye@YU&TS%bohj%T?d|19s~{W+7{y&h5Xix=ITv+a
zOGhl_hbAch#{>HEKH?>oO!!m=J0rS06yh>2bKrO<_O!HgLQ)bOUvQ*9^7O=DNtUp6
zO^d!)cQTT^2A?s{)UT=knug!yy3@WuckMa<ioNvo?MM%^IMdt4gKzG@8@oR^`f?qq
zm`N~)d84Ik!vy=WwNI<pkx01*e?3R^tLOWcb7n48)~{~AR>&6oxyQGD4T&UwLC@2C
zS<tLVPejDc#yF<v@n+(04{m0}k6bu7t>u*?#`=0Vb*umUTW8x3zH9rCFY&44UXdgk
zuQiz!+O~V|-Qn2%Ct@qjj@UpRW)kVez!6*sDU=~u(y&3@j4#TfBHy^y*Q8j?U-i9f
z4}L)U?+=Vdkvr!XX@-XD6m^#xetZ(nXw}$+caJH?yOTn>%1VXGY6HA)i(jn|E6a&I
zc?}1r#2y2KEhGt^!K{sMzDabyXf(6S-?$<%XxG-}_TDa(ttS7D6TSD|r(=vlccdo2
zykzO4C6OGtu<F16X;F%kug;F`yE61>)0#yKY;PPV9@at=AHq~`Hk;m9p$&4V778n(
z{CJR|KUNnel-9aV@ZLg5MK|tW-L|W^ji&~);wF;L@4p^ilTDeb-c)}^Ek^Lq-Xe`|
zb$u0$*(%1%SLOm0Ii>Z|SSLL;CtKt;1y^h&kq$k?qBf;c`Sx?`jvZ8e6QvMm;<=;#
zpy~FF9@$64y@irzN(LJKrO{pzUaw)sr%_PRb>@YtgxsS8Hrq)gk==M2KIJKF_1eNK
zitl<gwhu78;He+5J#ysT_WWL%#OA56+b)fFUAz)%GuVddB8-2jzdQXva_Z6eRq7g&
z`@_|Rk=E*#xAVhC@yDxo?P>9_N@v<$q>Tnw68SV1dd*!-wmmuMba9tIR<;OT`c~2+
z)9t`+$!#Pr_eGAj5%v6yqbhpp>I=^t?u#C+p88tS=Wp@P<oLB?*GZ)B<5It{0%H>g
zgKsBoGw!&zTob$9)1Zt2i|D$~>N-=4(N&EZXlFK<;q-0E>Q&bG?{&bS9T?lt`SN~m
z$V*>C=k+&QNANm6^6DDfbFIZx#{BMCy=UJJiWy1RxSekAC4Q49ZYat0s0==Ca$oJx
z2jgv?rd{8v@8NqaPyc>zK6CPpvDC*jt~GKS@Us)Em&o$7*;iQ(&ofub(vVDSNZg;*
z<%s|LewFwc;>+<MR?O<xp$Ejf;p_kZ*y?Q{{SP-}ohos!#KScblc`jper=&mtOhyl
z<^uFK8xW#a?`3$VR`R5s`9L6rd5EhIvSIGz^FV4kEFA7swYL{QpC>9>1XAeKsrr_d
z*+T7r`IsZGKbvN0#VEAATTA+GwfdC4uOL>_T?&l_f0WJZyvgZmmez><LTdF>s3;(f
zRs?-)(M)YdJ%YB!2r^?vE1}v(i3S~qtXs5u;g0Rw1MTVC9^0za3ZdcxBM-fC3i|Si
zqR_q6WA$QPukwb#+NQv|S0-7b9jG6QALJ7e8JAsL79kf=f_xwHgxjNeWyTp1vsBs$
z1x-D@Wl+XAi!SOteDHuUzKM>$(0w_KFnAFCU9zshi)|B<P8?p7RZJCm09W_0$iaoK
z5Hcb(r%E8ufB*dVLmtpd77!6}K~{&X5vVae?{z7lC^bnBKbz`cKn&Cvz0;76TkwWJ
z!r~@hAQVwsSEtxro>#s#kX~gg1*xN&mKIybpUJ2dm)<~4s10*dy39@{q~V&h(l2uq
zS43PRkrwa%=l21M*VM5hluKamqr$@rQJ+DOs44sF;I;>#_*P)-vi}MEVT^&Kg4imK
zRW9hT;G;vX+5y1~2nHx(YbaNI6ym@vpMe;BuPFpuFuaU;USrJ8$tgN^#}^fsUaH9u
z1I`fQ!;(nF@l+}=ofpRST|s?UV+<H`nltAc>WYf%Xw%hJQSsaR7H23Dzwjy>wfqa^
z+LT)nl>R|mq2|XvEe%0!332!y&fnDH<@|71tRCMK!{+f$3CegqJ+3(TEdZ*8lREXp
z)r1j$e(&o_SuEkV5;O)6r3R?g)%m^ql0F#MX{F8{J2&>_T(gi;a{I<jv~O>?4i@&O
zdB6M8&eKw<E<NBEAY#J9Z`Lp=M6t0cRTCZjVbp)KHtUd`*JaHOq?G?G%z)rv!mo#g
zg@sIZ0)2u9jLOqC<()67;LRIr7~armYI6iZzeYB+^RGCrkCYGoCPO15NCijw`(cyX
zM^~Mw8x%v6(aK?m30t^$=_Q(U*$U9JUWNrmffMnzN^!EMxEcMQcZKY->bs_M%w<j^
zW@ArcrF;{Q%0OB`b!8=Fqg%Fb-;PqbkJ72%SDPFCl<wcX{##-O(3+5-I^UP?Qjyo_
z^UlDB7S^Ehii*Ko2xlnsV(T3@ScJa~KMxgJT_(<fpuQLwTq>A@%bA1B9BKrmwN)@D
zViHevB6&(lM#h|NtZ(_LbZYcv)MqXw(aH(Y(1}88(!k!Y@l8d762$7~{8aMwln#rG
zLO|VSGe**3B1v#x!LEf=1M<RIuuw7_MYt*GODB7{dG-?m*#ieo?4Cx(-kGc|xUWLC
zX9ZPoO_VqxG(tH>V^{X^<Klp#TmDFP`?if9O$iE%?On@oixf7leh#g!7={9<C>j`i
z2d&4U4q1*3s&$(5m2RdLLJm&2bYO&$v{Y0?1nxUXgRVG5rU6L^9*GJD*d=`YLH?{@
z^V|gFIOriWDi<k&$-Z&KUWLdrX~h0i0x^mY<#S-Fb-t}({fo0;18<?7<c7toPOF4{
z=LzHtDl9Y-1cis|XlSr(idm-#K@x=7Ut{Iz)n6jdhQ#c!Aw=G;fI{GzePmrlbv0qL
zLzs-s1=^gP{4R8PRydYM&c0v?w?G#r^N3e5heC+C6kZ2;t^qMI&bY#SCHf(#6T)Z!
zn-Ppu?;}3WEKqq0Tp^WZ&B9xn!}*Rdr4in6oSgD(!5KZ3owkkg#F$JJl+pbS@wR$m
z8}YeWIXD7TfkweM2}SB}y&~rdHJ`>c1Q<jj{b3RaGlyd?A&6Yx13i_$rEapz=QG*o
zm*EkDc#Hra023%yHa5Rhcwo3Jj+fPile<y&ymJC~0)XP=k)jLT0N37xrv%MF+X?-E
z)HZQQ{Gly?s1rRx6;_)UKq>nB`5m{_?CL|I#lj*}LzAD#&oYs$mDW8p)Q$&?w@?{e
zBnZrcVcx*!N_AqvqtX$0YPYaL%%ACMG8fPF(VHpH8{qhmg*Xykb&WtbTHYARs=o~D
z_InS2CCCPOSol%Z<Cm_V0jU<?hZziz1!^evsTc+f=w=vug{N5DU^{uzvN&0&PpRW^
zZ*(MMpF-JnXV|CEp6+=p>(<mp8?pjw5Yy0f#Yk=|3ti2ex4NKH0$Cihj_nxBQbl?B
z8H^gP?g0x)OxPvobSgt4TyZfRa%glNL>t0Se$ARSD$n*3^TFU50*_nn{>mJzrZE^<
zgWbhO=`my(IRq{?WdV_YVS31+wm)?Z$~rt1okHw)LI;N92wfthn8GV2whWt#fInB>
zPoq-;^n(no=LhC^4Oud}3I5=W1mc0RWgOzC!1v(q2!0SNGYhV1DD{bz&S^XjiR<jF
zCOsRW|3!%vxCLwx%n6vYXRUp%HGF|e9mi^5a4-S&15w3=!;&{KGgB=T5DFuoX+2KK
z!()(5<bV&&sT7pn4jmeZaa1`lzR7I8nKII<&AW>>c*+J32mFo73VPMEaiD<kkq!+L
zcYE6wRvKX?y$5&4;hWXNZC3##@!sMM$3U-vPH3X>4^*svc$G#>Q1rtFw*e}j6-qcl
zj=w`jym#mp@5AOd))w}1`BMOIFdgBto(?<=aq9XAH8wVCqR{}yI-0r6l#P!aIdT=0
z4QOPnU|P6dgVN>L1mY|@5)Lmg;AdrF3Ut17gwa0(l`+dw6d1~=l|_@lL1JkETVPGD
zx+irXtw%mX4agV3Ofw4!X^GJ^m?T`_vVdyZtyk<D>F>EG@1wQBriwEM&Mg^fX_mlN
zaqu;q*>6<t3kSOLA=vtqe*73e?D?@1qBPhu6Gp`Z%B!Pu^VC6%abWb!N5XPr^B>rw
zGV|n7bw=)hR2!2?O4)x!tv%)<^RZ|bNc6yvN2ANX@~@q^lnrGv7{$E4Q*R(TQN)2i
z;)qYp{ketJKO|%hy*RRWfvgd9aEgP1`mtNO4jpy?q2MGEu*XZX8+XJ7af*P8fpWpn
z?$9X%_e$0#VJ;_4XFJ^ZN?T+r2_v_OO*ya#s0q6m%?P?$T7xbrK{9$U;<<`W1`4%V
zvbcDTVT*&1u|SymD~!cu7Z9+As2q%?Puq0`DC3UH%Wk*!v=izmUY<@RhI=r;V$~G^
zMLox;vnS(a%TVv+;nM@PCwmNSAod=xmy#+6e;T9A`UNd$P;hiP^+%`_?+x;n-Wl^5
ziCm>!@cRZgvT{mjp?%7Mb)?nmn3U`HB45AQ6<bg%c?M8@U3ImZ;sU~6)`cdTA3Ny<
z<hn0g`}z7}5|o8gVw^`nz#kED@h($78JCpoWl=Plxg=78()1~#P{l*elJJ4-VYB&r
zFQ=KTXroMJ{CmnR-2`)p)(7+YaKkj%_3cN$IpKm?T^i*DL1(sn>-@@Z*o>$R5g%E1
zFd!B5=QFYS_)ph-?^Zd|^KlKlgtDfIa9hJHsh^fOjNwvQp{-IJ{;QBlCUggmdAgqa
z44TgjiY07*DU?N*pl1<C(FAcEA$5douqnL!=2IqdJ@|reh<+Y00M-pG{|U{rwSjHX
z{>b#yo%Rb}I$}e=Zy)nW<p8=4Amv!b_Uhrx;(sIa1(u1D7cP_!p_xxEN=#SG4zx;j
zMTIXF>_<f($$bwyQMoILzC;(pvGjRAW?3Tn#nDI%dqgi7^b`{oSjZ{)gKVBZm`j3A
z=^ZuqEMa~ge5#Z7rmVp&*qaH2U6@7?w&ha(d}h><daV7Y@hp*)gE1WN`?v^j9&I&U
zfRuY2m6Ym1Rt+Y14SrwLC~bhWBH<Kr4jvw5=U;ufeBO8N;{-gwaTzJAI0o&>-o=_n
z&)sXpCeepgcEh177M;UM^-I}wLJvo6<(&O|d=7Kt(BlH>(_$pwU;#3&G@Vy=TIn$u
z>WeZk7tK?MxDkTgFE7Q^(>;ZDNBGvyqXBID=FPqt*Oza>ateRa)syY&2^~d~Ff%jJ
zvSV$9=nWhbtOwVIo++Uq{r`&D!w<I6PK>#&X#d-fV?gR~5oT|0PGc4e?xry;kesF|
zlD*8ulXoNN?0ajEcZcHyZ*_i~{*&q^rVMctTt7j`MFj*vhyM;x?gdFni}q}J3L>xr
zC>VOW-&LN}oRoz94yDW)070kWsu*AN5DX;d6mu-ifxAOx1baowjg-E3UG_VAIRu4c
zN1Lg0+x}4Qs6Km~x*+{~^yxYC4~sZOrqH5;_yjT-3?mkXuPmm6mm&os8W)T+=0Hg;
z4QJHt=hkxpLym(0DmnD;=6xX&0K^1~w{ynRN}QzJ@>SqT!j8t3h(Bm&Xv;8p)+Xry
zuVtDTSvfJl<XP;=HO5=fc=OLcs33;HVB}*0tet-V^=$G<Wmdl~7wP+LB}Q`-y+{Iq
zpn5%e<m282fiuL3lCRS{<!z>&i-rte%CY!w`wfI0&^QZA>5^4N3q(TTVx=qV;2VgB
zBbDS#SKK^ghax;Y>793VUXTM4EHex#H{jR32;dhd;iuNeZSGeTd{Ow`TfcE5_|{5}
zz<_}AVRFu}vf#h`wtI~;u#-LA<{P7MR-#1`W?Y!G6on>18=(9|mlE&wN8wx%P9s?@
za0QOJWo_2;hakH&VLmj6WX0qJBdI>^AptbhhM4}dWs6_EmY!_6C=@jKuB;psTP<*W
zr9Sm+rg%MlT8Me!y;&dIA;&=LwWi=ie7|~v!Ey_CMS`?YJ=BOh7=_A*h~qw<J6WnM
zC9f~kc@NW|Q#-H3^r>5OZ0oM18JxASNKuFzf+ohJ6h?7Jvi1;Gicr18ye}y!K@bB4
zmTP0udOz&EgAj|qB`%%nWhRCh*dc4wF~Cn-bSpxl?Q7?g9bd7maU$&5wab7vB>FZ~
zevl;NfX7`wdh~sbvQ!PgbF5e63^E8euAewfrr&SnzRa<o)h948#*ZH$=)}1}WL!a2
zgw5{`^qmML&8(x^AEPI&qDQ1<w}u{^+-kRfx#G@3olJ8VU4>0qPuF+i5C`t<`+EVx
z(}kAe<-n*YeH7qGk_iW2jB~&Mp0~TwbF^q)X;2tMo%zJX^t5O(>Cn{Fw8(5P%;1Tt
ze5(FD){(q|LMO5(bZ^e1okS`EwzV3H<<@RG4X>t-h>8+}<2QPoHTNfqV!#yr0;P5Z
ze`9SRWN$90hye}YxXnjhfy}`NrqTxv2qLQmNlDZkN?WfIN_2O366*~13L)`FwoXQm
z9_+W!3@eELgW5qR0=q7?rRoW~VhDl<!P~#?xlU?$csOCr1j#-dZr04i1TmEsYQZDZ
zCPqdTcE0v#qkFCL7&C^TT`_b5<e1wFsF#$*Y|Di<?i*ML&>8tD>AW35T8hY}6I@b0
z#GaCS4UGXbD@20*;?TZ*MyC$)G9KTH<GmN~zuKP>7a50|?53qN{I6~MBjouN)3uV3
zoq!VD8M9LboxV4*g=pql!bE-FL)^5oJX?&6YWJZ-=u%Sy<y{802rb|Y`ubf!bq4Z;
zyZsIzTrEN`K@gT*ot7WA!+ReraR(y7RCHSkUzXQ+PUv~fQ3p90G28$wChQ`@J{Eac
zQ+62^4DSbIk+dklY$ct~VBF=vb?^d&zz;tp%ZwG$;N*n*z#HsSb%b*HCZZ3S5OId1
zg@y3xL$)g|isOrel{F6mEVW=XA4UemP+hF%PK@(KS)-k4dgQzqCV^2XRGnNR0dX#R
z+qrc+>A*T7uMgQkqFC7({_=Dd;M827TQ1#Xl75-4LU-T39S8b34-LA8U<+1m-8=?y
z$X5`Ulv%!taj3eaMYydTgU%}`cr!p=*A1$G`9h1Zlp6Qd!tnoiBIj@Hk$gQ)l&3gi
zKsX?~gXb96cyYK2ppCemzCPq<8s3^ue#FQ@rNBHaZuRrt)YTIAHJ~w54QCkwb$ke?
z0IaS#^!|dBSi}WW((5qRN(hg_OiDDnqQ*)(1iTGVkFc^zQ`-t0Zb9@>{S|X8q8Cwd
zaOd^V4CHN7(n=+lc3A=vumvQ*$GB_P;f%PT$-P45W7o)c(0;{T`1>4mF-?Zll)?#_
zftSvqfdRhyUna^vsB7xtR7+~ND3BNG?t6MsQc`9JM7K(y?HE2aGW@{JzEy(gHP2{G
zI#kYl0v&78{W0!){pW8_{Tj#ms5(*a<mGC@tIOh_;JbK}nt3cIa?OE-F4>8lTp1*t
z9%SS_w_4i{m5vLm%BFIEe6W=y^5|m_R$)r}m*u;U8Mtaoq$N4ezMi*HUN#Df*LJ<q
zw0J`6vGh&u42+9Ohi5Dqp8f=zXuUh)YTWuBwEEc>pbzE5$&=+-G){u(c*O{z6h|m>
z^2t*CoN?uzDozL;HTHNc@O=0T)tgjmAJhq^^@pdUN7_nX%^z-_pPSRQu3(-Rk`&?)
z#lTWZ>zkO;^vkhlyH!3#%b~{}y*?2A_RN~Wc-=)59c}@>fApPG?BZ8%bzMb-H(7Nb
zVoj&td#DYqU&dHMkCZu7?VE6@a#yq*@Gu55&|MG`_pp^`Cf4SjHgqo1t1Q1s^hq8+
zF0}+!8mBcx4ayD%36WK&P=6Dq&$Mr*<Wn?}9jI%&H8IIT3X<O@<tkvbwzpg6+@`}X
z&;RFNt4v{5-`S=hcD9#FWu444@v`5OzucDLNj#tBtQH#ECm=X@VXjO+)bfsypU_2$
zjjq?xOVNd`Hx=aM7|7PwAz0X_sgv$9XYF6nlRq4joqlHFFsD$loq5jLZtEalYLmrV
zs{5q2NnPFF)s>jm>77?gwdB;vh)NMv>xd`!Thu<!c$%q_K{jz~dKNio+0hbwZ-@Jn
z?O@Qr9;BSf?u>J17kD_C*dNZbLRR$sN8=|k|IcY?B&SQvrtj(Ag5Dr)6uw)wZl&i7
z$`}6j;u?QdQz6q}xZ&dV{@;bdeMyB4Kh9N`It5r|h?6XNjuDs?scx>j*#J$T#C#!$
zg`gfv*0_ONhE4cs`34CW@Qf3nrTfE*sw&8VS_W((bwVnm35{<@;fBqiAUyUFILYsW
zg9&o*J4DWenK5JNT~$)rRb@jW9XPUzqx?RIJ}K;ToNTtE!?FUKNS0OvS3@G@9Q2a(
zuehGmjy|)MlCs@0jm3&ImlB(u$q1<dfq~-}j<9SZ(d}D(n*++bQml?&sO{D%(sP6G
z1(T){AKt$tDJd{wexu2-jgZG6UIV|y5X5eWgQ<M;n~W=6S1QH>#@9-8e~c~1Z#?j>
z%S9*x27j$L#l`~nviO^!3?l^00K!6ogX3C;!e*Y*ZhL^+Nem<Ry>y6h$Ta$MAO$!-
zTY^5951%uSoOhYm0TSInaj6_wM2W`O#sQ$x5R)=Ot+{894e$ljFX5L&H4@c-T8fK{
zC;YzlJO{6*eS_NO)3v-8Tcw{$8Uk5I@Wp`nIb^Jvh}VFWHY<9c@Wy-py>s&6AL|I7
zb~wEZ`4+;Y#oWvyjgU~p=(TpX-dSng5V=^OOn;F015}GVb@ku4o~qh{s6#?}B-5L#
zFfE^vR<Z{3H3(BM^5|p3pj6=bEI;fxQBg=5@{5Ph4Jjp`BfoM`k|jsi=GXbf#-!C4
z+t>*1x62P_)~{>*L7A?~#l@OOSVgcO>99O)XIHB%wMWGxO!Xzj$Dwx+`Avr#c}S#x
zDsnP+Xt&dm?m!Qu2ZQYoYD=9I6*_`rJI6J`_`D3wo;Q845GE;YCtw`+Sh=HDJxh8M
zx4du8Ve9z5t%^BZAgpFp9>fX}3VOJLb*w!x78-G(NIBD{=$T7k3nlA*n_6#@$Hx&&
z@I(ou5_V&>WKN6DFIP7dqD%`6Rf0;Q`DOP0n9T{QTi`l?A;{7>s7iV{$iLdInk-QZ
z_ljBfJeq>oxb#|jlZ!%-j9tZV)QsmC)XqhB4%kI}0Qz6$V>A;jJDBVocTRVAi-l%^
zM6F+Q!%6;U!q22$<HG@9^E)E-gtusWgx6#kg9Dd*QFmZ=^arpCyoM9LJ{~Br8(sy7
z6bBmp2LU-Gxpn~RpIVH9HaI19YPh>Q14ksRt)()#ug+jP<DUKdS=MA+_zp~t5P4%T
z)%pe+WjL)u*<yv}bL#C44~vUeAl6z&2_pRq^@BSOuf$7XW2l3m3_?#g0TqV>Dke-0
z(2?(F5$~mm%5)h=BPJzyqge-M0XFI!fW&As<SFzh<d9Edwxme^TQ;ExE^%=;La-xf
z5ukw_U+q4K`dlEuF`ElKwk@JQnTN?Suya6lMFeo8NgFX(4Se^E<8Ol&jt8HvLDWg~
zdY}MBA6qm%eg>W5jvWOv`PoPP7ctfVNQL0((`X?b$Bc~dYEL!oGBv5~Dwq3^cNV3k
zDW!Ppyaq5{!BCk;2zd&F^rY9&_5pkYVh}q&94<lT`h>=I(~Q<|RkrD>074eg5Cy!4
zP=i5thX%}~g$!k{Fn`st7~i!xdy@?dd3OzzLdD+uAq{mA&cbO4Tg-7p@-KTA8?fr(
zy{H?1ar*j?3F`Y00{wk1bH4GB5P~5m=4@Uw3#(z_$@|!Vx_$xqY>)QlWahQOsu<tF
z>>O;c0PR?kQ^vESb{JJ*0VffaKe1sJp}a<qvE#zIju1H%x}%aUCj2PCyvK1DP%`)9
zZmP_>Ne{t#ie{29g;A*hY=g4A$KdQ)JkPB?M5nkW)w;+^+E)m{<qqyxxwcB43;QOc
z3(!|J+;h2u2?>bXF`nqzKozHhv-nog^q0r`*qb;-8t(0NMQA6U6?)<mh{w|kF(NXO
z7+t$K737h4{OQOM@uY<!`+IK^_}vx^PKawb%c7*NJ*y^l-uig!yOtKs4u58Uvz+$c
zS5nN>54_6Qk_|pK%-%L@dvmK_=6gyrBJ`87u;8aYiCSG2NEAb`^S3Ck&{hV)6LFog
z$5fSP9o667LIRHF2|tHs!?bAshB;($WuHEA>J^?rYdT}V8bTBU?Zb&9v%t1c5r_Es
zO(6V2SqiTm1BmHSUa|PILS7WtSOf4E@<Ba4J(ZhSPS|nap9skphQ2J1KXZek=_#Wy
zL`b2n;eqU$Vkmt8$>igxgrkmmg8a`(93bM;O{z4L4gdxb>GKAui9k|_ju41}C0~sb
zi-VOW6I0X8lwZvQ1K7qWG=*8OzKzVoZcu&#w<pkIz(n7m0p)KG+zq$mIP@r?G#P72
z?ZP8wTeE^`Gva@~ucPe%`hC3+JF5Onb_P&k7y@`ddE(DQ=*pZYkk6-TWyw6?*3C!T
zJ?i?;rU7DvI}qlSZ{&yRJD#C*8BrD@6GLMBrN}5X^A+y_m5goI0S8bDj*?Zz)I?CN
z@D9Q*>r%v9*Cl7jq6o{0J{{+iua$;WufOWKrmnrCTVzx&A^w=k2kfcnb@-^p$j&k`
zvQ*>Bm4UvSYT91R(*@$>X+65U7ZVzc-GNn{d#r(LSLIB+%>VhA9j)B}zIq!^Ms1&y
zka-RG>^M$yLdQS~Jrh>*1;b#V>|#7)DPeAs_^-KVcym5I`7OM7JZB2*h6uCciUOLT
zE|f#i)?)bdO>{e9y<6lDux!rIO$_wWdo>Pm>n|W0NLbZd8OWcnrAtjkhKADZ-#-HZ
zCJdF+kgc+<ppT37>>qSW9pKgzx%Tl9z%%t{A4gOqI|C!7y3k>HQlDsi7#PG}XI>WX
ze-u59s3MM>7l>w-%Ae31DG)sQScKz3u;KtIXxwi$E=dLQ0Pt7m^5v7gF`DQT1{AF*
zElq~56svd2c?q65y;-d{iIG=vav?`eT1V{3z4>Tp#}SR5_QA;OW^nW&W~LI{Pw4e5
zk5pmR&uFd&(mMC&57C}!{VLoQxfI~hD=eyyn{{5Oac41QWFBp%y7;)LPv@SdZx%=}
ztM6&LZ3dX*cyO%uxJ-YqKWn2kaCFF$<J*@A5(HftMA;$cg>p{A<C@2H(k_u>yO1`r
z`p4&HW;W$bKDzKZW(Und+1$5=WjpL{JX_z72#<U&m~d90IY;2eG~_5W6N`y;+HKPD
zuZVs_rm3DCY8eAwciX_=MboWQ2YaMYGKDjrT|n<mSVRQpc5uv<tbogdkqP6@02s~?
z*jxqXCc5z6xQd6%2(+yjCBhJ#F<7nw&!ft%tjFTw|0xEdU>&3o2U|U>pnzk@%S%CG
zqw7W)ljisCZ9=05nX9YPb8zF)=6*s^$#PbR<9>|RTpLxLomGGA{EKMF0!pC8?ac~j
z=9k)u&W(<cEg^gZ4}>l@vrN9=@(EL1pb}yUY(q_5yFeX{gbN#g4!ad)D4RDLwQL>i
zBW`KW#g6X4wY(RRW_;Q~wZtW$@F`@rt2}$iW(R3yb|*if@38zV<hq#qu>#UokkY@0
zLpSC_$<0g`T(W>D3dl;cj5#RCz!lIZBm&^RUAnylk2eGzqbL&YYclmI78Mxl96V(B
zys2`xXK9Q;%g4J~bw8`m#22Kio$nt`%TG52>VY=Pi!LsOd@X?TBSmk6%t!MPxv0&P
zs?gFGJ{^DQhHMo4i+ZqZ^f^Tx<c~{7Sco-fn{Vn)T3n3%ne!?#%(XUWFw!e@n$Ogl
z&e^P1S_W<b9Pp`n$mA*|BjcxvDcLY!**RxPjSJI%M7xf(^CF>0`2LFJ?Ar^U`E!=l
zFCBNa?|5@z-^}c6u#&i-paYf(aRlFMt<^SY;v}QZkcWpSC2t*TBc9UcsxbZ=_O3S+
z_hz&%;sC4;C!dDkgo7gq+!@j!&?tm1I_FzLUSEgMpx$xX7N@Rqo7y|Cxu?`}#Y^;6
zzb;kGO$V16oVspeg81k`BpuK65s9iXY;+O8H^=@b!NCW_lOZ2pxycJ{6Y0P+%2ozQ
z!R>@}VZ()~FaR$iwBx1D+`;&QebvZ(av#jnXcA+_2><|m4_X+0jg5&TheAJaSj~R)
z3&DuZ*Y`6RC!}NO`K8h|Y1X*yVd`J%F?;>l5yv;8XB@^MWBuSngUeG|`^dxyo(w?2
z*AFy)4coxG3QsB8ke9yp{)zsgLl-E2YU0i%D_Xg-ANX}HRo%+_eMH5aJeQYCCaAOQ
zRm$y!Nu-l8kk~<G9pprWh#g$fpScb0D|5{yd-2)$oNAemQ=ZWP{(hHHhy)=HjL7pj
zBnuh^bXD3&c5&*`XvyA1uMm=`0<H$%Yr(qqt*BdQ0h#PxfJmWv&zoe8#J%8V3Ic!w
zRUy7Nsb;D@VOw_4t+F{3eG7Ot_*tJbD;U_Fi=}J?Og9gvB5=Du^NjPJkq*VZAqRi1
zkXXBJT}%!{{VXp({t%g9p|)+5zwgXBX|~8ceVIM0`cfrOH0teOygjPUI$>`6BP?+*
zgJZMDF%wFv^RbuL60`)vV`JQb>o;s5cs0;G2d?q&AvyA`7IX697s@+3JJ|x$kfNc(
z2ixTk+4?x-LXZ(4Z46LyLbC#xW-pjdRaXc6TEYQMgqe@+5cc23^3vHOMDyXmzJ0pT
zd?Ss0uw^(3Gt~et&d<-w%t30je$%G@zCJ=4ft;Ek`fbp+d!h@I=QH|)nXLTgVIqSy
zR=A9grI>xR0UsB6!=XlRDZEi#Q-R*va5Z-SQ-F0~uOn~F!q0C9O$Df?v}(z${`&>`
z<{q)<gkD$;Cln$K<3gboij9tzV#e9ObL&?Bt#OA0Q|!}Q;aX#>&KZ(dA4OzBFN6ES
zy90j^@tfIj;;g#aCDv@4eg*Q+{L_LYi4UBbSPAlx7rIg2K%kAdj80iVPm~`YP>t@z
zJOdb3;=Gk=Dgt5;kn~Ge7j*q-Pe9R(5w|_aA{<iIC(Lv2d)x)V1L10kwo>Fq<K@Sm
z5tCrTK46_hIrY(+5xpY~Db9WY>t_VQ(4b2}dNr8M*wRL2-d*dYgOFH$a(;HK7-O~+
z#h3Vw9C?ZKx?#_N3sAy}>oC7d$cdzsp&I~$tT5(ailC+E=YVUY#!;N-*hesE95Hcm
zE$P(wY>j9whuBvjq|_VGwrZvs*I0za3D3p%Y()V){LH>2wW5b7<~GosP68b7xv!H7
zf~RFzn^D!_P)5g#3bS7^<bFru8Sg$Oxwz1^60~zre`US}=6!H!AZE)z3ZYWm<`l|g
zLbAMee>Iad$!TYPg>Fa+`h9K+XzS@kuCJyskUhg`WsRBWNIH(Y1|0xw59Afa6D+Bm
zVZXNwWS6iz65Cpl=l|s17nNabm*)cJp&;bYuSCqP!@UE|4B(X*v4M<4;NUizuS{g?
z3-9gB2uvLSeCBCUwf6H*1|6UK=CAw;F^NRC!R_eJ$T4Jg5|(QTgq$N~hJm@IGoR{I
zhz?4SE8q|TXC*!b9w&%e3;_dJf*wRR&OP?#Hrm?kxQ9(O2|fo1FBhQJAfI|3hl|}2
zf?-Z;4$wAnNCE*eH~0e}L&qaD36=<Hp>*`EO+0p^b&@sV-opNkFJx8Q9eW)yQKQp&
zh|`Q+Sa<<}CP>EnkSH6|CnRqbm!512T352NNDn`QTB1Q=?idHASo?~IoLlb0>HWj)
z-I@dB{)hu!FHc|GA^-hq1&vpgcp3rWf4`!a0}2!h7s`nPSsv2X))Tm}7&&041UwH-
z*5>R8`rz_y<=VLO&P8G(B0A>pUR$pLogxq>|7skaqJa)R^XLmWzBgEixfb+L-ufN{
z5M=)<DpbEv0#eLczcL{#wUnXXK2B*8<3*B&^k2mZ?S&YkDk~!cDL{|zTo0(+$|s>k
z$>w_pbEnAS;`+uCZ!5nVx%L>q)ByIAh0OPF*vDqK>1=Hh-B;_U;-T{|$^uzwGS}%=
z4BH8jBVRQBdY!kz5h^Vf=H7<#`|Mm?1n5@CZiHHm&zqk&OJ0}pbxOfX%4<s#>u-5{
z)a#7h>So7ileS&j*Z_-1vT~art-q5`_OcI?<UsbPYvZ%Cw~mX~@?M<SQ+EE_n$<3V
z)qnZao6T=#^fK(%+MK6ObLrJDw3YQ2=L~*sqA^Z9L0eH=nzGP$Mo}}Ts9d{QL2dF_
zS%l(QKR+s`lkAR4?Ub-Kp*lZ{T$@7U$7iQC0@ZZYZzq*sVN<rQ?fhc(trbqhy@`v~
zwyxUk0bew<vnV&hwzQm;wxJZzCdj0C54D}_f8DEF#$FcDoqT(+)=;39{Mh+KS%j?W
znB(>xwa;Ezx>`i+ympKLPYEdw5`LfhyvqpZwF}Rf@gKU5E?EK)!<W0s|135(ov$=k
z|I};WhnMit{*^)JOkeoymCE2L%Vx}mO3?o*RPZDTRlB1Zi@nWeOk?FK)rn0{y|0}k
zzIm3&VEE47@11dYD=zHN0at)6Uea+qLs@comFYPG|8kG*n~buK(hu1mr4-Hci?7qU
zES)VD$pjzs>ThgJKM~WDms;nNbz(Mnz4w(mLRuaBn5aWdx2RaN=`G9*ZwfnIC6h$w
zulIp*RnEN%pNeQp-(UJ*-pZXSE$pusn_YEPfw-ni#5FmlHH-I)FEoefmObGU8ga|1
zA`5bVaN=s?q0iFr&^Xmz!jvNOIw4J6J)L#`U+V7=+p^k#Y+_^3r(V+}^<s|dgfI=8
zUveR-(zkL1Pwi@=$Ud%;kzvP2a?7Q%c?Ik3p*L<C;_I;`t=7!HPhISt>DP=YN*CzR
zuvjoEVDP6;*w5XezyHLItnEA3W_dHO(K_V6VR5`CPU%*%v$JKr|I*T9_CF!(Ez|#g
zo~OZj?JU(zY)wNS2UNU@WL`TQd#M^@MoXDEJw#V1ap`q>tJ}MIhVMIPWv!bv_VvYO
z`B(oH%9V6G(q_8laZM>|ZYWyPE$u264vWxMUNKB&8=fr9{<UZ5_91p#%#s5pWc$r}
z!{TRG>0hS&t}Nze%(VYeNQ$VsUlBJn{m3Z#Z`49x^$GDlwZQhFPU*6rF{kP6`ak=8
ziEh+@p8%uH4!(^V^sNk}KN|=f@%y`LALO5mnc1~8AE`@~Yj=+S9&DmZTUQiNYX4Ty
z?DB}ZMuB7^^MmyylGi^gsc3<5EWFFORO~j~uwgcn!f4SD(8_l+4NEXoh)7Icu%h>2
zR`0-k_i4sRx<dno4Q7?YBEeWsd{_T2nB9Xno}cEW45>0o>M<@>2}NuXwt>(-^!Vz_
z6Y@kV7oJF)zjZz{^Z1KcsC7YUr54d-()71KppjE|ZMJCh@`x4ZYmXv6BY~M_{BHTp
zig|bs`Jf!-S*7CN${ilYNoULjOhZt~{a0s!&UN?k51V;7KCk|Kjt)8=p8Ts<wuN|e
z+rRWNp!ie7MG{{k+lbpkeC;ImEAdtG;s5^_aUcG#Zpbr8ud=i_Cy5slqJPtHG}OGa
z9PLsCsR4Zdt=@&=wCx*1eBeS*q<2dojGLMcYU4YD8xv|4cS)(ZMyM#jN=fRe-LA68
z39ISD1g1GH4GnwOgzZSz-&_Qs?Bynaqa0lN?^L&?A!v7y+d)ZI1YRWUw<Dgo5;vBY
zdujPi0m6?InF5mM=1%Z}4MWpVdVnE@x4?P4U5CXjrCvb(ag8z2(eS;5u8wbNsw?WV
z=~G~{S(LzSI`iM^3sOWZ3h{~J4`7u@95c$&vazuN%`;+OP-t(=)3l_4QUSRup*=kW
z_785Fvn>M$y-Fc?!P!n&6rwR0EtFb-FONlSp^dO@zm{&w&>FHaV#u=_@l~RT2)}f!
zcELV1#s$!{6Ej37Camr1Epl+6&%sqA_!#jik%S=499!m;5{gKHHW9EG9M-R0PP9%3
z$wK;mlnC?n@vS!@2#AOMGo%KI$H0JK03<Xb;ipZ!3l|7sB1qxd2{fZ!=T#@i(+5B#
z8b0O>Uub;I&xh6+d%Sz`HgHRfCB#l`5tnv=qKiCfS7}8)TGmWCY<D5BiIO#u+<~Uu
zZ&@^6-7`Go6g!N-wmFe_RM#(q&wG7PlWIGafy}kNLLyp$HFk#H+Wgh%IQ4FmHqlqN
zO4zuU)>5*90s?YV-lezR6zs5Vgxw$z3dQg<%1TNGe01tUXal(g1rQkd09917xPxr~
z%QcZ~vpN?o1A|f#gJOA06)O@N=t9k|TnYJfZJ?td2W1fQVHAxJ`?w5^jivh0S-)Zk
zes6ujTb5lb`OB3zz?iWlL0Z9p`y9M4H|}77jp&J6fO$HAwW)kZ|3uLH33I4BV$w3T
zXKO#IxG5`t2FUr0f&8j*0B{-Tdwp`E77u^V`5g^8m|Td_mB<FAcN(2RO+W3eIUhT5
z#!l^h*-k{tRSxgB$Y3dZSWT?eb?tkFzh`DTQCOoFdUmWU^^Ld+ygDeL93W-XP+S14
znF=Y?z6b?Em(>f67aCP4thBp#r-KSfOG^WUk7DB!<ge(hkO%pU4`1qgRk;kg3Uk>V
zAS8u_O}i6JfcnCbyA}{Z^mRbx@yf58v_XYKAfOFnHkjD(d4J-Sd~Jml+OP&jSl|<D
zUrP5vE9?S_&}c9GQg|iJ?f^9frm@lEol{T~%O?!)z5VC+)xgxxXAYTjc?^DjU4~7I
zAsM~x`DOHb_GExM$Y(zihrL~YhLCpgQ7GaDcCURVU(^^c0KSJs#)$oGK+G;KE<K-6
zqOYKD8Ni|dA0HuH15u5Kjy>oGj0n17(0W`ZS?29CK;Z)p5QLHkiau;*0FwV~-Ky%K
z<|KS(OxAkl><$^?L)gvw3mxtGh;{=2EXmMtT05f%PSQwZ$hpkXkO&J#Exo7of`or6
z(FDN7r3YhP)Hrw;bs_aUVKpjplD=>lV0;AIP)|<)_P!a>hd^43$kvo%2^v{L-V8OQ
zCBW6gCkQ63uR4TaKm!tP7gDLt>_0l$ks3)pLTdEFYULI0!6vVB6n2JW4eiU9b8%Tj
zb7~IoGy)Xtun6`b{2SoB4si*O!>EqkGZihZHdV}OAaur;)4n@DL<>ZReY-jC%3@>G
zG88nH80cCAmY5Pp7}93-l-&U%#m-KIL)3Z2#P#t9kmFtZ`uZRVjsVvn2h^^aLiip`
zVm@Wn6BySiV$S#R<I!3QmniIPY|e21h-u&dq!*(OLqLyiQ`-0z4-y7;;F~(GT-F-E
zb7oI1gs5@|j|^_W6_6Di7Xj2mR8sgWf>lmT$)}Evqe-Jc)pLPffe7!j3&J6+ND7Q0
zibKsYD0#%Idm}sAw}6#iL?Z?UMzp{an9OA~Gupv^i_mC6LyQTF5EX#}a3o~g==)$|
zT0z$b5djwTsRAvxI^2He`B$!if$<$QSU_DokqoZd8Ry2P_3Pon04sx&+}w(BjqrS(
zfXGQJ&)Nt=G$4kKj*eOPywOGkiU(X*b4nc`6+}|F&SYNZAj}X@gz4WN;cuC+o`)1H
z*+Nh?VhkQH*gmk8=}87Afg-v|SkHm&$N7J-%K!Ph$^j0Dh!mpsM@w#8V{cDSe1{(H
z)(o6iF&sKSI{M?a^x>{z{T&!?2l^ZQh1!TvlEqU$56bQDa3$~0h*#@XDVc76;MWMm
z1v@HcC%@*b)GZuVgPv{UCm@!Ku&eFy#o1NhkQ#pU19-}(g-Q!8<(MoU!`A<^5@0<o
zt>(FN|31|+Hy(Bo2&&w#PH#{%p0E1fp;s~)(E%Y4kcWzySwhA2c}R-T?5+<XL2z*Y
z*w~nhj+&(8gSHW)(x<f6^?588lS6svyl_0=HUsNiFfTYU-7;Rz*7DIyILEf)<n@0V
zDqt-}Y1XJ(Q}GChvL00F(D_7zQm#R77#|;>h{!ic1pBDjCn8q*0&xs{-}(2nN|5(m
zT3XuvK;PA58s_@g|7ap<1v3TRC<acd1^!Wbc5rrLA`~W2u+y%&`KaRh#P~QCM{SM!
z(0AvshB0Z$myH9U=3wuNmM@CzzJ!M^xXc?+gJPF~IV*-d5=-0_3lt$C&uQ%IEfwN^
zET1HDKrgsu2R5JW&Rs{)5EvYUb9EWyr3Dx(jLs%^Ca9k9>Q49p^9G;{6Xzll8wccA
zRAH$aeo{ZNm$j#Z;z@5Otb!Ujz*bCC*1UC6_-Q7TW(`re(b(+xr>6DlYmbcQ!NJ6Q
zdx2Y>9NfeqPcTk)mrKPE-%mt3zRI3QP1%oTjz1!7NMs}oUl<~rJ`|mqIR)2=gCdU5
z8=zj-dh3#h9tngmm|$R#k&#g^&MR!z{jWdAJCxVe>1P<rTUn)7YN#c03JSIuoPu-I
zb2%2f3+7C!YHE;Auo0#;+=mYz=Han|{Sw8q{{Au1Lb&Q71ifsg9N^SC&S)vNtRtC^
zu^A?tqTQ=Ko@(jgg)$EkvK2KFLk3OX+Z7_SSp0jPB}lE^A0|+#bWm4<V*=C_{>1hp
zkbiJKe$Stu!R#COW7=W<EHslqD<M>(M;-<e^tJs3jj%nNHg1H{%e*6hIw3BSf{2QB
z*))KLo?^EZm`)AZ=EH9VNb`39NVR}vHDD_HEl+c(1#Tq}Q_Z8rYX%1k%)dm?O$p|N
zkTYs%d>L#`#6sunP^}7xzK%m6`ZpF9q*>e_%m9HQ<w1tH0tQq{y!lvXU|T7>4WStq
zWM94eL@`i*&@4+UtOmxjNmj#8hMf&D*t``Ywq{%y2=rm3A#mgl=P{HtGaEqkg{cD~
zM;3BF!A{2ySDt;kMjRh9O@s7_&2*S`U|Rnor;`X$L<3pCF~E&E9roHdW)a2+>o0=G
zmLXul&cFk38CJxN0v<<4L-Q(VPAW^~B_Eq;(u_}1TPL-9?+K?_!X0KU-03J57NanD
zRIebE-Xm?(h<8*(GcpV=hHtqoU^YY}A}5?AbAcF<H9O6lsey$)tk$F3bjuvom&+q$
zup8>X5=9T6q(&k?2gfiBPa4lO(5BSYX|M)DXOM6Jc?~QG_dkjG3&5#30yxKM415#8
z0T?WFszgU7pLZ4;^#N*FXjSh$c!1%~Z{y?34NgH_r%X}W5Q$Wcd;>00NVbqv5UC$z
z#$roTstMw}yegcNzRObQfiNOgQ^bv1BBLggg%qq9L$_Ue5ZfRK<cjwmVkyo)U3BBH
z<s5B1x)gBaDW;qV2{~iKtH>pf<`FuK+aS1KHi3QZ4$s7cRqb(Q#%DBD%Y+`Fdab3e
ze;VhRGk?x?Dg1Oj$o-D2`1NjE#U~;$cQ}YDB$sQSuS4%1G+-uMMVmF9JM;<2mM6j=
z;_SrHQ>T==FE^=j-hI_FRAZc>rmdzH9r+4#bYE8fvK30WLKm0=-E^;R0_G`%s%xw7
zXb>cyj8oILQf=3^3s+fk$k1Rnr`@)Zl|?@$s$tDQpw`vnckH>seUI__ynlZ#L5JBh
z`XTkXja#^L*^n!9@d;X@d(cLIP+Y@z-IGA~CyP0Li}YM8QUZR<Ah<QO-){MSlyIKd
z%*b~ZxbSjy;7&gqbp`V)>yCUHw!fXF7!l5Ot660Ew#uEvoOOenkz{0cj_2!Fj0xBi
za8xssEFvMF03ZjF>A&CP<i0Xe7TT9~)>$;AKkgUVs6FdQugFH!#-rcUd+{H9{SR&5
zcw5)oz1h?cW=4eR1iH}(KaIsw0VeLjg$Z9EFg*K+zqY*l`>QpnIK)4sH#JFGKbOBs
z!_>=b${4s64vDn@$G!_HDH-4HUwA6`C8DM#q5iq;M3hEV67l_#`{&MWDoMpu&(W>y
zjXRF-HG3-LmD6dJ^w<nrnB=|{HVf{PIl_58t*HvBZNam$Yx`GJR=fP&w|W!b^9@%W
zpU)X!vZ!F=%%;dWZx_5wys~5r*_-<V*5u6MV)A4l|G)rkZ}H7wL*uJ}yU-lniIUCK
zU448m<E_|a<M=tRvzoJ_8j?!{a&>UZl|@&5U%_t}C1|K#O=io`NdJc@1JdzfN;t)%
zSnvD@%QUhg(`l<OC0g6I?V;_}AFdF6_F$O_luq~8E2V3`wv0a&J>AKCvh}c^m%CK!
zu6yfWy6^CG-`lW3`S4mssr7XC*3!Ik-?I6$@&(%fi4eEL_x{zEerRf{vg=}H^`B9j
zA5WfL_Y&y_G3={9GP(E5pFg5qbKXTaYL;gTdYpI;Zj-HI`yh6bqA1=r-;->w;mA!Q
z%{-CV^mTMPr*p1zY*|%dQY%OO#>j8|=}psuD^4?g`dvk3L;UjH|1O<kk8+*)t(e+L
z$)V)QZ6X;&{bTDsqUVyb()J`r&uuayV{%SG_Hcji$TJ2pw*rTqEo@cS1j1-vth;@L
zTYTwyzeMOdQkvU(p%QyV*I(a*x!tC;_5b{?>vCM!*_@Q<Q5w6auQxbKbZJEJR##(l
z<-lCQm-@R!N~uOp<nXzLe@JN#cx_7LoyFg?U2|XAquhE9+$vmp=BC>e>b1Qw)wor3
zdF!dFi45r@gw@2?7e6>jqm{BzgDZ1cCa#ksagmNaF9a%X-0wm8{oRA5e$A*>oVwfe
zlV{5#aSpD3n#*=-d$nbz^}uVRWRvuZb>Ci>EsTIi@XT>ttd@-`x>8ly_U%;yRsz$m
zyE}fn&3#kt5On?RDek(`UDq-Ch2_)25HnW&Z}-i%?hD^<MCHu|M}3=X7K|*kYjbtG
z%9wy<RN`?QzxY|VLiZ(or{OX2g2@hU(V$3gV`Bqcw8+V9&P}6nCoB#XE?15OM-|VF
zt<)CM<5%u{B(W)XMK9N8{ypO@{E`xnYn8-Sk~p=Nz_Hv7))P`w(z}0F@vVP%16&}H
z)*mD81nD2i7sO`V^;Ck`%!d!&C6@F5!!I-oG#b!#fB5a~ot*(&#SZ)~iWYb0UehI8
zA~fB4vrm@<c&JFP%fCzE4acNs$%o~wGDVSZgJ+^oUsUdK8a;pap$-Zefw0>RAyY8{
zZ$n*9{!UwYd%P9PiuC9c-T#i~5ZlX%k3)J@KItM5w(law!{e?LbfkC(8<C^xS|Zd_
zTevl2_p1mG^rOVHwDi#{YPYz4C5S6HUpdQ1C?hX1fkl1PRakrL;DErQ8S!2-I?8)-
z<Afr<3{8VN4>F4Ehr?)*9yepf8)80Fhi8rPB-CID91+%5R=$T49b@Kypd-93(<tKe
zIm09Tk>1f_Ko<i;#~s5{o@*)a51i|`&v?t^#@*e-O_v~j_+cp)#l*y<X-KJj6Rr>k
zOzX3$Z9#`dq8(<TC7SHJXyxkKIbhqs+FUpA(6u;f@WvB~6Iqt__Cemm&j-}Z6b4J*
z)J$a#mRkR*b`()48ku&6S$J?ksGgRwP#E!>_=)}HPQqA(`6btVubcK~#P2u|+i1qW
z6mJ#LdNW8*#%O>?eg8!(YipGla@MDSM06H6HJS3Y#q7Ki6jP~}8cdgz@5^Q7;_?ku
ztH;@9FI!K1o-O%sk4lNnXvj+-K9bGd)xG-9i)M;0;|0~4i&{C6a*_Sr<9~krir4Bk
z7K_q1kJd|#`?r@W6c+QPVIaX3d}Vv`{(=O~wGq*eeYj*zVr*b+@12v8C$YNyFYrgz
z0bR|yLDRB-PS)8hBsr<-4w~yIPd*EVr3NY}@@uwmrf^EmA8)2s)31%SwV<}9g^%~O
z=jj|?4I}4572+o676%<eWP*$!ODB&dWS6T>h@=Mb=p`ftF?71*QGV5A$&RQE?dNu=
zm7#tX($tPmt_u|Cs+IZsc^;jpdh^bpe#Aa;oL|#R@-;<qyw{f!uaH%xZWql_h5Nwf
z(3)3B=bVvZO*W0C+Y=C~Tbn|4MmO2pBd6P(h1oaQ6HEZ<--^k?wt~S4$?w56{gbUX
z?X9h?$!=zRba8QUsIpB=Opv0r4Hq_3Vk7}!eUXcMn<hJ};$d`U$HNblnh44tMWM@k
zFJ^6@>*%a)Ub`9*cS%R~<ArdK!I*p98p|_s8zK};dL6S0=BzjOz@D#HBq_N)Nb_!O
zGp%-&o~{L;@0i58{z+=DZQzt61jhXPaEUGZS7WgIsmeEnxw(iF^bO$ywxLE>io1$u
znw^W@(oCtnHV(QSlG<p>7sSq#8XwehC4{qCD_6(AR=0JDGBlFJp7wx<(Ys3L=A4{i
zw680;kib#(*|cfEHl@RRkoxK*O#P@`M*Z<>L7YhpFp?U`*W9$;Jh|0bcxcP&Q6NET
zz8pA}dt_M(KN{ITH1k-i^(vbv<F<`ipQwTbQ>dQ#!fI?Qd+pzF(0fT@CkDsqB<tXM
zw?F*QlxS4*rM*>0sVi-cNSsO{4{{~-umtwL6RGQhU{)c{W@KBe(S-(!oJ8HyxJEN`
zo@JvUm&6##ou6$-za`Lx$gw26Ybt+(hHjWD^u|Zcog2KK+S0ycFL2=UdEyxQ=S660
zz#&az5#7kLfPSaMW-URHxNNDbv0Dd{BwzbR#{Sf0(dOh2t8pzBr}GN(!Zr>Jv{GRT
zVn3>xIEfy(q@=WrX}sOR)m8}+9qOs;WuoPRd@37+cFvz`p;<iv3%Tnie^@&5yRlZm
z*A6W`n|9ZHqgPGA1&}&(EG8$|>RY4u;*3{Kek9J|^d&Csf9H8Q7e!h}ijcf8wcELZ
RD2qta7Zom~oHO|M{{T7X5Ox3n

literal 0
HcmV?d00001

diff --git a/docs/src/main/asciidoc/images/security-bearer-token-authorization-mechanism-2.png b/docs/src/main/asciidoc/images/security-bearer-token-authorization-mechanism-2.png
new file mode 100644
index 0000000000000000000000000000000000000000..ea8cfdeed41d4cd7cde4b5d383395ecf8b1b14bc
GIT binary patch
literal 72522
zcmeFZWn7eR*EKu_27)Mp2nZsIl!SDH0wN&I&>=B&Gj!Pq2&k0O-3>#Bf^>IDC>;Yx
zH}9VRbzS%KzQ5mlKVO~?&zIW|I^e`P$FYyS*IsMw(@#-eiV&XyAAvv+N<WiOMj-Ik
z5s0&;m(Id(Bop`D;U99eqy}2W)&%Wh;DACrHnufH(MVexn4*+X2F7moEhr%b;v9py
zss>s^?zw=Gtu?Cw?m4Wk)^_k}1VTvE)y}}k5{0HQM46h~2-B`r*3#0L8w=B_bIY;I
z*@>gf%%8bCpj6!DRgK&&jrfgeMMY?YTm|3_tWjtK8dqy88%F_GVcLJ*R{$R4e$7Tp
z^UqVzmcq3Ex+o1fMH+Ei2NVr2D+h}aJ3BiKFFz|c4-d-Fh})3sAq@vR2L~HFHyb-Y
z3p<|x2e$w>H_gBQ(832g7@G(vOFaGe$H7m+v}S0uod6q~i;D}Z3n#0sgDKl1etv#7
zb`CZU4i<O@i=&$j+Q5~?#_`^N-a!K8XyjmShc>shp~1bQfuXGvT9_6t_Fvz^+U~#J
z*2eMQD+O!D=4xQa_K1}o_pSc(L^-+t{Zp;2|LfU~Xl2y@y59faH+EEYvqP~dqa1CW
z9E@P^Ozz=6%1%Js0cC);bx^gnwffIODw^4%Z5_>Q?PxeSS-EH!<P40=ZE(L~{O2Wd
zastvej%WiLBb2m+FfF_ZtGT(cfCSGI{-^wWyc`@H+>ahfO7QWDKbGK?<b5O|$;11I
z>(PH+D`9KoWR0>x|L3*F|Le7U|LtpW0by+ipDclLFn2~7KXtIRrupYv3z+}+*TVhZ
zzTdxJYy96|3(tT1S~j>CHr(F+zxMh+zk&e5J^ZiWg&+Pa{82U#^9~T)2s+C_#2K<O
zX^F?GuA?jCrk<n&2d7>%ci*Z$qba_2saobnGIPUIGCq<sl6Vb4c#=dsisva^&*PEK
zPAPq2qP-o+KqFc4T5KWa+B2G%`~8Q9T~5)HH8(y;i!~2+9X{3*EHWL;{#HF7>69Z}
zlsfh93K{N%!=LY7B!*=FdRRs#fd1E`Uj$SF|9WKe{wmeK9`TC%Uj66M%cunLi~l_O
z-qD?K?w?0fCJWtX{&{4_iC*~U0iuljf8OqYw|1_nDJcbH2v;{ZQl?NgcULx@vQM$G
zo%CmqI!GUCDB4T=Y>J~gO{T=poXiOc3E`8mwtFK!`M5SVH5HM)tS!Gn#(MtZMP`>)
zqA-4!Rh=hKUT6NCKYJ8I%A}eu;YYlmEKbkD!otYN7^iySJI3PS{=q?S!Z{lKzsXK#
zX=?AXo@utVkAHDN1a|+E5BvN7+1&pNk^FI9-!=rFlxYTw)y;qLqsX)?H7#wE{GUVh
zvi8>QYWLsubq3Y+PiblMBk;e`{6;EUh7(n8O~H3;;h!8W%tGIp^-?6f_z5`){kE-^
z)+ikAVHWr@-}S{#mb#Tzf6va&{{F4R{w9@Sm(S<q=o_bLXRPqDK-xwKt)%~blMg{b
zS1(;k*C<Gw>p!~p^y60%uZp?LSFd{Sj=PLuEYoh!MPl_86p)L*${jri5H5jVVq@Vm
z)Y|P|f6<_KI9a=`gds&tPfrKm5%vD_)2}g*^6=n*Np+*(?9Y^=`mr(XF~dBhPulVb
zg-1!CCSz!ZS4vJzv|OiK+l^e)n?0TLWM>g&J94i*m5E{`oCJo-4Vr?ev`cNqD_v}5
zWc*Wo-@fh7*4(UE&SgeshRUxyJ0Jz0?zen>WJG)K-nL;^tZ<jmW_zE4XwGKqD8|yX
zBXV|nI*C)x%4$XGj#q!G93`nYw*r3&%OIB$mFoP<mxxZcmx8I!1;T@=g%6hVYF9@w
z%X@#PBh%NFF%|;{+so>isx8F9N745>V6ir4TBN0=eTnX{s-(8V8juD-vil&rpSGV?
zGWms0mYA3r&L>GsF^gOz7o%2j`h?u`=Q>3ufhNuUX-U=(b;|M$wHA9*woAogSw-8C
zZ8wzp-iSQFGGJ_vkB+w3u-b^SM#48oikD+3tE#F7bF_CC)8bgQOCE}dOmq(7dDrUG
z2nkhL4&}OxJ4MLn3Iv!X$`{B+up<2pb?KdXUoBK+4Ze)oLt44JS76TNj_yBQ7VtXQ
zf~B~3@1D>8Yy@_!ba%1OwE5HBjEoG=F$C|Q<z<hR;R5r%)Q%|LwePRaIiHEAnjZXP
zJCHdr_2bR*Kvr6kppWxs2A<W)TA%v&glEp289D7Hd|8IhsSDLY=hYl6g|ldrBy~pf
z-?({`$F%ddsHkYQ)7C;yg1B$2fRhYM#q%p#aq?znX48#<1Kk$A$<n#G87<arA#1Ta
zU*#F1c&vNrw_)uq*s2d#D^abX1=ooXh@n=@T6aOzmkHPDz?KmD<!CGxYc1MV*2^ft
z2@AO%rmkl`UV)LP7Wiz&(~;d*?#L>wppd7M)+xt3zJ)EFToTH0bKhCX*m>n&Z4s5U
zz51(sv*vJBRz{|<lZyM&vqVH`TcldH#v{X@A9A!yZ?=3ge_vKs2HX5pLV|#j=Xq1*
zYlV~c7?QiB^rR-{j^}=+c*<JSk0m~Nhp&0qk-GfuL9Cz)tEI2}tB)rUZ!Qw8PE>oG
z9PJ+;Z1<@h?(L<IZ<`hi<(bHG`1D?UWdG-<&*|ahsIF;OY>sLMaiBJ$nJCxZH%M16
z%P~KaMj$G)K$&Jb)hs4Bht$x;&jU4FVB|}|U|W0a4DrvZ6{(w%MZPqcLrF?HkgHoc
z2LG|7PhqrcWa+pPZZ%(Ghp_q4)wKq{_nP@E^(7?a`1sg5@%5MEovdlC$I=PXMJXvM
z)q8&eBC&s)?wD2?AbzHZhDEw9E-pHcU`}qH#H1=ja!Kd>ynN%qc|1JSWLijRxG5Yz
zx90cbt7+jourSfG(`OJve0=(21Ixzz&MU)gwMWWw*OnL6r^V-cmUAmvA3l8E5!&3`
zeD31a;jjW?GO{$EqD9&s{#2cEhkH^%#guvd@jc`M%eI#Ww+bAh?ay;|7}Z|kZ;Net
zQA;(#CYhV&le9m;*SwYVt<x>ijD@MA3(+FxojUEZJeX7OOC;*F6nbouWu%7PgJjvC
zt|Y#;I#y~s-x(tizO5xy`s8PnZH;CHda=gqP#|Jf+XR*8v|?#bpH`?H7d?PFzC6Bq
z7qj|;-dAb8g+zdrBEC5E_@}i~r?)I;*wlHhcV$&by|vMG{LVsC&h9Qeoy{_I#)Ckr
zqRyU3ub*~-R+>>_@=;PnD0~{8o<W<ePHo$uQGci9LCl5NLGSgc$J|%Eyu2`X;gE=)
z>`i~Te(%Baukk)b<y?%mEM3ndE}1{>BIx96ji~s|Oe8qNv1@QuG(#5Sj~z?dh>^5X
zA6^U1wJczcDyCgFo94rNS*z<CB!5oy^k{RYCB)0qbA==<GBQ(T8#3H@AxhTL?dQ**
zo{*f^sx~`&lBBq2QzG;zIE<T9o*woc37oSYEp8F8N55u7W~x4W_AE72e0gBeZF8=J
zNyQfL!UeS)Ep9HZ{_XSTlGss98z$XhwskQ&le1b&Uch=;Kjs9<d|3T#bAja;@^9X;
zvvF3R)?l7~p1?8-3o!}F&kxCBC&s>5ZQE+6nda-5?JLFvZ7D`aE%b3K16dKTU#8xt
zr)SeHS=k=aSHG>eqI^z$^CKm1u4KSXnYf2i%8~XPGt$+H42ptfh7JBa4#}xze<!^U
zJ4QS3@qYjQt@XL#yeu`z1)@75*=6=C!;c1}W+NC?QsE*S0?1r0G?b~n?5)NBdbqom
zr&(l@^fa)roO*&fs0h_|GwnRGi=$phbz=1ua-z&**9Ijr=$FLAm<y>&E$YRYPi(jB
z<o<j)wg_W1eEaU*qJD>M()F>0x=uP#O^?tm^&gMl4S(R7ZHrJJYZ)3+w{O98@d^lN
z6|`NZ@h67OwP<5R|7>c?y3HL;lD%QK`01wkXz^k+zoY6I>vxfQf-bAkeD;6p-d(A#
zuI83xK7i5^#ck=lR=uld(H|vLDx}M{TXJWIB%Snc@h+F-p^B2050ZI^>Z>o6!?#0r
z-?-4_QrSvcMn-9tVL;n4f-drOs+p?NpY{7NA57q_-`02>sIxsh(e{m8x<N{sk{7;H
z%VbVE_Yz`8);EZoF;zY$v*?}fS|+Co?5*hWmP(8V`ay|a6fE_)%cK`Xgxg9%6Z#32
zkn6f+Q{&-eqpN#kW8+l{u4kqkD4NL4{rNbbrHr&_!8mNiFIaa^C?7l8;R6zZUpr$2
zMc2QdyL<Ppb7!YkfAi;iunD4&M?ZYH6tlnbF*miBIj<^_Gp^G#GoLBre9P0F0>@ZA
zpOgLhzErtBOHvN+qrEfdF4)oYd=kyLTWQh}NhcegK5OB1^FYv|pMk0bU*_g*G#U=Q
zT;Pz$YPnR0&9S9ua90$s?Lv3LU~vq)!RsLRO4jiUd&M=>)fo5fC2C=JjeUGP_vO?m
z8|4;@r)%StyG?g|`bT$HMjVg!>`ld7-bGprWNu@}b~^>vinUOLiZcAFalX{<&jOf}
z6tz8}K={W+;MZopWa4+<GK)$ij&=QW8O7b|yrJlZeYIA5s>k0u*AZp?%N;qU{PO}K
z#V`9Nsz6HKLFMA@SC+&P_{KtxoGKx6b5XY5$J;|gdHOyO;qOAbySuMa38W{alzm>b
zxWe6AVl$rEoNqC}^zK3180j@MdeZ0gn5n5;L*WJ>mXz;?XOf}D0IH7`^*Moro|A9V
zrKTPrYgxWK;W2Qb&H8!wQ5vVl?JWJ;lZ$se*V{R}p2vxd3z!w(wb00vB)fL)6UKDO
zK`T}siJ`>~?@s#Y$9-_d$f=k0H8Ks3d+m<n4v@D?d;Qh&Xs@rE3a#m*qecf`(hY8t
zlbet8YTajNS3Fc3b6CzPwV)o5nxq|QvMG0<Xo0L=eC5MZe@0T@E0ZZ&G@|SvcVwMa
zM#*_?;&`)5bS(I?0Np}^=;^*fj7rFtFVUNUolSrL{*}34(iJ;i>*Et+bGmM-H{WSG
zKf#bzDHX6By>+zNWjj*X@U)`9elLhhaA(3}ZQN-{S3q;LoJmDVK(^uMPocf3H*r2E
z<(++!oD0v%uV4SWUQe`~Z5~lFder%@uyemRgJ^mYvHvY-aINN0{#D&oB-Ki*9Rx+#
zr%zKlHEGvEzkW?`TullVS-MXkuvB|`;?ZGprGk3<+u7GQ+&*qT6QLvUX9vKmQR7*j
z7)WT6y<l7`#B3~lxKd=)_|cw<wV!*?FL2VFtZ~_vCu(tiemCy)NGgTV&RpKQ;T(|=
zyXT%=rNZ6Pu%V^?Q1z1{hgliZ7kI%0_&KfOp`_Uw1$ErTXUh)kTl{XFoSXoDLq=Kj
zBuZM?FAn!JU8NS{gY)p?%|$6Gsmcr2sHRSj*L)7Q7L!agbabLmFcY-gW9Vig3NEv{
zx0iG6Tex5D0jlm#AICV(%LkZf>Byy$>3iD4zGybx?X;c`(#=d7)+l#CEzkC7^_QqN
zuu`03tDVhY>CLU&>=eYkyQR2Q(u!%-@!>9WdL~^4vh01O(8{MOY`u`D^1<Oo8(S7t
zr9u4#>m<isX*s!LKnxK6C!g<0S<sJtqgA;#XtPqW@a-&Oy>y|w$IlpmcR@kH;DLgI
zg1UGzR2Z^q8MXPvLR6bT@O=9@%IH1JkRD{f@ZjKJd3EP2FH^_pL|?snReQA2mTypx
zR_=1g`_yTt@4Y`;I_XV$?OMFRFp;6NS6=69fxIzBl`!>yR;L>)nJ?s23nFd0=Kok;
zoDp{}wt@Oa`!Z0oJ4uS@uz{nmT_763z#VF88_l<oMTa}sBK_LUe2ZBk$SziWseyH&
zgSi|bAt9t(TSKc0#r6!M2Mb9lvJoa&@}5wr;(+m`EY%x|`z6_ON&`1GH&q<cpH?*(
zbWCC_)sM4EH`b>!oj>=A&c4!8^YeXe@%K+dn9jSmZ-;N)8RepjgG6ie7H>+cA?5k>
zP$q-q7XU0{_v&+`lZtiZBB7d`ZpNMV8!YRfvQv9h6oj4r{JdPPO*7pq6rg1IX6Pe1
zrwMd&njWSP`Kpe0#{8eTt6$N2TcA|&Kt9@a>ies<wM*TdN{9I>Y4Y;C;e(0qN8)-m
z`X`1foR;4ZiKItb+NN)edbE&p6>WzylHdTysIF!cL1+EdmVMgt<K%3YlMdd=Xd$=4
zV}cif+E{!RvwBkV(}m*1@!4WqUCM$;vw23#Nr&{a-!Tp>P2Ea@^=>&KzJXGX8AWv{
z5l8j33drzql?!OgjwCp&6L3(qrvEeqz-Jl7+}j?^L}sNb#N`$_rApl&cC{rEJzBRe
z9ZxMyeg3V`YJ}tPSjq<z+Udh&0mw~&ikja+!W2rcT*@i{jMZP7rxv76Oa0~j2r)#i
zJ=fOOM?XI$%VA=As(k1QGPE#Dl2W1FKYLSTec!#qj#mz`UJ&~BTbcLm$=#e>pVN~;
zM#p+W-hQ|U<CZU(U5Szbp=~3&(fA?<rPgC5nnffHk2?BFZ6_(XEz)f|Y4|if9C>Vh
z?X47bjfS`nh}jP1#*A)7^4mUA8_Ok-68zEBB=sZ5e!B6-gXi5^fByV&#*T9PoOo6r
z{&MVM)Q%Uw*eq%<J*x`G8)63+&A3e?WzOc+Bus!rWb?c3ov{0sqQ}!mQhy&?4n58p
z`tjojlyju)9DsX)UeZXknPm#@nQh@LZ(hIVaFS#kP?rDz_aQU6IZ1MbmvexHiAiQT
zM=_ypR_cPaEPx!Hq2<x4DrFW0%JP*!-U&YR!l#`tfn2{5C9k|wd{={a<)+nSjjrTk
z&i3+<&qfP9#9-GJ`K+DqjKTFB2K6{q2wJBajS6&zRxSQGPf*QCrh!h1OxVK00-TcD
zBAyy_aMBMG5)z<?-G{Z|n(xn0892aPY_TNGtKQKnFl;E+E*{`XJ#+CP;;32x%@Nb!
zWV5&VR70@^_=J8<sWh<|ciXDJjQ|>ku{8qZS)?0FS$Rt&DUQh-bju6&x;h<^P}JuE
z7Y;2d=43(q?m&@-B;tG~b3#sDeo%S~SH-_Uxu@o}iM9@y8~U~vB)FPyPglIO5=VPx
zilT77icf*1V7@_ziFI+9O)2rMrHvhb{l)alxk7Rs%gQM-8RXdeFQEC|ZxTH*$aqay
z>e-W>1c6~&y{!g4XLgCR)AQ5=R}T;74i5k(Kmb@Iy~zA_vNL82q=lZmJn5Y~YXk$?
z*T^U-v%W)RaBGlGxhO-=TI31MFKYTrP!lxhwUAK#`JK%tYEO@CJ%rMAzrq?s13((v
z`;n!V(|e^ODV_^DC4eUkQw$!qzsl^_CaPVqqbUaqd2=i94yhJd_S}&F-xE?=1Oko2
z^vV8BaNzmm4yA=M<w}OW?Z+eMqX9BvzCqp4g?%HeNqVoJr&nDpZsmBegY`H)-p$i4
z?Ogrddv#?fFD_8si(l}*Z@@6Zl>aojpJBjC-}CP~+7eyOjKqF|5`)n#Dvet2V@ue}
zpEne^EC-*P`se2Z9LY3Kf%E!?usKJvI9J=IJjH6HaOYa1tnN*G#2&NDf^mgC&7((u
z6)LEt=Zn(Q)0>;0Ri-|*yi7=Vyjr;yop2sF41Y4V+>me+#kwNf$r=HtC1WNDEOktQ
zm5@<P^72q#tx?m}G_lIPk=V!62Mp&uu8BD~aGbk)Za;dwZ7Py6<4nwA1t|uNb+PsM
z)aQ4DUT3nR{c)k{i-4OfB##o4l1PJA9#;XaY1SS81E73%#C~E{H?0hdP4)I5^zO2x
zxp<^Tz|Z79OMhQ>GebQucH_Jx&(NnZZGTr%W;NAUJ5`&I3Y;KQd+u-Ge?h_)A+y3c
zJ^?D8#d@<M`2A$RU2PHlC@XM_)B+tndLxpnKK}6=^g2_0=__@BIXP+}SASzHhb)|0
z_pzgQ8d4w~4i{wm0iGTycT5W_2Q2%XN+2`8wzif+-Qw&BXFk-uRK^{K?`La8tC#(o
z`+v5YTq}SLMb1Oo&?Ne>^Yq!X=6k_HiTT+%MGyV}N^$QJ-W_J&fiE&q;gl5_8Bs3o
zQ1;<uZYgAGq$tfIUE!B==*<-%piWPYu_nxN8QP_}gb(7kGws4M$lTi&H6E@X-g>I`
zC`bjd7v;QArl*<7`7^Kf#Db{5%Ir?9)~)czvj&m^*cc%<4ji-OBOuuk&96d8Hbkyk
zb9_IxW4onubUX6;6flpK?{z}kN%p+fUwa+yAhR`kD6)45)G>=>4>h`r&HJE-<ew%p
z8;OsnVX>?Ynlr#^$@D1LOTW7#<f`~rhLiyqmTLFyowdohW16P$6k{LKkFDyFF3``l
znHEdxRyyaXqy^QD&#rLg6hne7op8^3ZSmqod`iqHi^tB2X1PO(2?HGOjkkd2bx7kC
zE|&eVXH=101e&h%g<h^bV_&o>2cMUifE8)C$mx-z<#jqbx)H@z->X!G=O<z<xX=rV
zLndDX%PsTR-2cW~D&*>ou~&SvF|YOXXR#2g$SsDB(&uU0=KAmY5?-!H4<BX&Ss~v)
z5CDY)f{X_;u&nv#uV2417s56?%N1e77L=9or6H|q=@#-FyFv+V6%+^&-3cL7F;}yY
zSvQG^4c!7dxhQ#UbSj;#fw;gXOyzE^LW3?F{_xwp{b%gs;7-P0t5SBykA9MmK4n{3
zIq}8Yz@9mgS^1j_6;KmnfqXS7_57=#i%q37)=DU{OXScB7&h$^E2Vz_4<DcjdV?9y
z+1IY|-0$vIlq?ZKFKFyTb%^9Z`5)8dIdq~licI9h#9l^3sP8<Yr+-7H5oy5q>h%)P
zplB$PTu}EM8jFgXLTWc!nKOSwtt7s21L<ZRq^lB7YTgPxeF`DDh$kPFz<1J*vYM55
zJv}{1l6J6T^IK!#%<7$gl;sD%c&Ri|liQTe50j*6KPIHF?58_qpB*KxR3>Q+x+97M
z8+>oBjZL?oehg15qQr9CwyzN4qU&o=<R9q;xGBr>WlTY)hp%t5ZPQNv4B{w95RJY`
zKtyEQpZ?haA&Wpqk_)?|p*Z#L**)DD()RZDZi`^^Ir`g#L!*!1T$uemK^HT2_S`uj
zyTVErl2b^xS4N6}5Y09JsAfDgwO|`a!JRwxfk<c&-;T_pZo+xY8amJ-y<qsltQz_8
zkPM(iC^gFf$OWpEL>lUMD#@SeU{Po9&Hl>LUk(Afx8g8GjobG0WYwlJvu2V^ik8KH
z87&7gQ!Zs#NJvRRqd64Y>A@dmBFe~X*8O6x{Tq*-#`EXx5KlP3$6!>h`m;@X7K5de
z3H{1$PzU8MltS|9Q{W57-rHk38R`6i&<7eT&rncw|ExMYD?e}5!Ur`Ya|oU3reK#K
zmFkocl88d;sZL}|V_Tc-#XQUTAmN>K^kT2P{`;$&1x8I4Eb_JQoeVVAiYAcLOnrNA
z)T4z9`bWel+fnUbA3+cm8lZ|({G&S}xhoe?Y!M?H1eY%tR40&M1$w3EW$Lhh@i{1g
z?r<)ze09$1A2|9lvlP->{*Z=7j8h{^gVSoPq+|Q=MHk~xDyomvEQ!$0_3Zb_Qt>A5
zq3ZcqkDF|IR@3VlX9@r>d8}2t{QPjeRRCSsvo$=dk#Yyf%974dAOQQVfVoz;@!{=e
z)Ja=nLT2&}-CY|iRhah>ys`Y&c!>QX9$rjWyvq3O(U+BjL%;2788HclIc$ED>90Ix
zrOZMe$N`zX3z0P(qVIG`boZAdz65|r^=T0(P5P$?5mcS>o9YI*2HNG9y>AFN|09{r
z^q#!+6!K7F1`>wbsADgrQnQU>;rS%T`A(puRi3Hxw`x#(tQ0KvrD<0<@Y_rOm<J9^
z2q;@<MzV~>XF*`m{Ob&YM((coY{>>5$LfmWB_P*u8-!(S*0O_DWvkx$LVN*l7&3#L
z5<f_vu#b@6<ygq6GV$dEa-{+(oEEz8Rt`4)Q3eE1v@^#r1+gmC7uLJ%s$OX}Qiv)t
z=_u3|bovA-vjEDIdr!L3JyIJ&o_AL}er2h%(e1k@OluiDc4Ah`{z~}6n?K2ZmMO?j
zm#`Rs0Wbr$kRW&%3RBZNEi}RzRpt`OsP*LAio_b5IR+z=g;S4(Kpd1*B{i#FkMrE{
z+j&VSd;9in9mvi?ldqzD$Kfz$Lgup|y(8i|yxNE(t(+#x|29%`znKg6_lH&~7zB~D
zyidzbOQT06V}-@l&S@;ccK@O&F-ls+X7-a_yNof4Sx?eT=?HLe7^o)QH2D~S?916n
zJisOkt_%^!e0vWiTBQwY-j^|z7@38hq$W^LRxV!$h%lrT`d~3M74uNP=BS=XwEwaP
zh!s0mp2l9}MeYk!XZXFSolke;0vsMQBrYxv$bPWQemXy&of?fdqu@Mp1l(vfw62&%
zCmLongK{;rm~mb^ny^I!Z!z>G6|9NF+W>st`uYkozTKQ52}|{3GldHCQvp~qpl<Zg
zVz=kz6)<19O%)YCac7gVs=i|05Kqs{LE>_yzhqBOk2`j4Esvz&X&?pYO&^!cojR>&
zN&k|RUL>RdeX2;r>p(S2P0swy&U@#0r}(kyUJUE1DqgOuPVaS7Q5lFF>ECtkjw=bH
z!J;Rwkl%o==L|eZGjfJ4lo=ItUP(_vUg?bFW`^o)qH-5dU%}n_elzpo{DjEoI}ekg
z-B%(to2;oGU*IzDO};@d4+O9vpqXm?YW~q;AmH_?-A6hk@Xab+*3|H#rF7^XJQ$s-
z8Bu-E#nJ_oS2{cw8ido?2>s#@JKtdi4Gj&8^R`x@3BAdxlTMK-#(fI-ExAkb&g0Z3
z+hb{TVKbIKWl=tBxV~OI?gX|bdt4bf2Cs;%ZN=~E=8%!SpFR7~M}O<qt-acrAANn)
zA0~=S6~eMP8*)k~T8YAeELiUD(UdT4HK>1|fqY~;ArwR7q+D>tY$!+D)Mzow%^>GS
zC7lNS(8g@r{9R^95%lBGaDv>KwV%kL4%pZktA&zl?MCw`TP^~l(5HEnkrvwv+4Y-D
z_`{5k&rB6#)>Th|)xgn{Jgrjzk+M`Xp7>t<WIMu83seq{^Xz|ybo|BI*z>9i=o8Ch
zQwr~8AOvyH*^xK>Y$(O?&bh)swWRZ6($AoPYMnZ_=nc}`1XAJiV@p+sl=fsOJoE~&
zs$WN8*(7~So5uzjJ8p4Xgo4=Op8aJK(%;fR7LL1o#8eulZY=xk*)3uB;+-xK#BM&+
zi1!qe{#=3rc7jLoT}g^`$b(Ta)~+)rAIpquwHD2sSPOcN6h!uo<3zj)$?wXNAHr%l
zeI1h&7>r6v!T@=WOLxY7XzmI)MItZ0BS_OXw$)iu04`^qwYRsAl*$6B?o^ho8r>(y
zdpsgsvXfpD#;h)IM#iax`o_Bl*0{8#@3lR!;!ED?*rsB;e|ShlC4gR^`Y~ERI-s=(
z7-0*F;iz35lLU9aU;OiL97Mufim$Txh7GAjGWz@b;T$s=f=vO8REhyV8yhXw%xyJ%
zH2sL_`sHgN6=4E#+_1Z{YpEV(M?61d00HY!F6=&~ZIzO>74<wmVn`yvveG@~F8Yt>
ze2fdV*OpSu3$$83v$+$~Knrm0L+{THTt=Gyg%aTjU2KeiQ)@kf*V)@0SZLdteG^iY
zXwg_-UTFO=T@up{sD~3EQ7nJG?zYf<86UsbytllvHB!@AX&EIlaO*oVUaTLyDj381
z`g#@}2K>cqY7!2s9uCxAiRU~)u!B?Le4s-j4Jo~^#Cq)Q+w+xTy7tf6LPZ(+w}3EC
zRES=LR&5{?Y5hX}SkQ7X`})17(BV>EzkXe7h?IcJ!V#1UtoVC^f(JF+lbBriNlrUr
ztkp8B_FyRsHqD%8>>O}Y`c<xfffWmt)Hth_t5a?o=QXJOphovQX|SvX+X&|Fj;ndK
z_wRRPvEB#fLurmCiRkfF(%x6*ax^SiNj0#HMomH6ySt_Lbj^LBDGHs>dhYQWV=^c~
zcj~;C^$89>=<zqpnC@N3taH9ze2lr9m}3aqByd5&0E>=&6?$4>%PDhtW`LnLRA(EV
zP*l2kT>RmzEARrCb5KdV@O%y1{eF2X4+iXxTIOM_MwH_!c?MVG3atxR?{*|H<_6bP
zz*omcvPBsNYO~b6(T9F~qiT*jztS#DzSw5m9dvR4zp4~dTvt{?K@}c^hUwM0i%Y6G
zRzG705;^@lF#?~<L?V`y`>q)O>QO8-mgatcvYqGC5i5KMYC`7+8?AuO9|8)?D|%UK
zEHRCRn(tz+a5qq#*{O31;6ioBKL*>wDbSRdvhl|qgpDsfX5}HPetTr}K5}Eyb2G5+
z9cJ&!k#{gMLpf!|{bqwdZhL-Qyb}%h_`&E`JbVgB20d1Q$CW-5UB5}vr04lpGT_PJ
zuEBUsct|LlzFxv2<VH1uV(Qxsw^NXyu}#7^z#U&nu3An32c9#n35=08pJmv%Y6I6(
z_Tyat_<>B*`Hi#5qR@6y#JUbbsWp@_>1Fh0E3;OK#emG2Bj5<~mNLBlNC+X3ju2<g
zd+Wa;3(q%cPjv;z4u0vm?mlK+N=PjPiKS6yj&0yw=9^OeT5q6=FhRgi6wuzkpRAsz
zhvSg0*;(hN-=>tEh2*M?R;J4K8M$Bz-?sJTnR5qQiz-vQ`kjT1x6>Fp;;$trz7WS}
zs^SY9qV+fNzx6HLLHGXhdxj_BQ1&4IxJ<a20xD*qJ(gxsNW1GYr0eqT{d;-9s-X94
z#T4-#9UTGc;<Xyi2a-adqpk{zql$IBluK@U4c-Afo-7?=(iu%oMTHe=&_P*jZhN^-
zy}G!SFx(Kf(_PF98vZ*nz2O?K%D#7Lt;1n*w-XR{awMwfyU4bi_pBvM1At3FNwu=B
z@P8K29?I5KX?fX6D_}p$9miv{03YqNQ+SvTtyQXHSd3+nyvwn)W}4WnD5y^QAdZ6^
zUi?(9r@R~zGenwN%OFKrKT|dXOQH<50J_=x7noWUJ?h>kISwWg<CGb0%Rxw5ndkNO
zCuPEz7&m*`f0=wdda6GjA0HnOgmu_nWEXYYF!sJ>+u-dXWH<F4R388uCNYc_<jfRY
z7X1tL1d#~<(ZDm|v(+P|E7jbK#tVU(nqgo~q-Q=-m_pc*``xg`@5!qtzQn`<m;GPK
zn0o`u1V)3*>v<3V0Ja+PFW#y4*c~lv2(O;GKd4DF3O@mH#3De-qNUn4s?j!D45vLu
zzjmU0M=DH}I`M^>ICiFL!`U?a>^NlL;@tFfhDv8K+kq@~h3(Q@h9Hia@S14g824vd
z2WJTO?^;%?>SThO=c>WGvx3o_EQyV=U)(U-TUr4^0Gy$x%+}&yy8qz8)1Fj-GI03=
z_Fg^O_nb(WM;U0WfLv!i$e;Um)sAHuO^v$YxZ*C1cWwD??<90EOs-2T)r08jEH|A9
zV63iuEqXSnwOEWyc!Gx^vJP?d7;HwiarP;L>&#-xe2wn@eUj#~KhnRo0yKy`<X^9+
zIDZIl#nR?}76q}hp4u#BXB~>>0FRo|!TWUK?0u)FZ3hfQVR>xrQ2t2QbM&);x{K80
z-WTMu+4kGp+Z!I9L5TTwHYnr@<SlHynC}OA<>sU1q#IZZ<+K<V0dbx_wo&Rr%&-bO
zvSto#O=zqis%vJEhm;?@6UWlh^T&C$7-PH{KrZGh@4eh@Z@ng<kXK}+nFrpb6M%u4
zzsJBs0McEyL930aot`#9LEC7I8;7t;S8Rpha^Zr3!dd6Uz)gm4w;KiW2;`G{3p;}_
z7yT<cvz^LC=6KY@N^2alia1jX^@g1eZyUyo&olj`qZ^K}*fd`1cH0>-1%krD=!b^*
zf^wS)zL|4rP@hmy+Jjm4xnV+;P7yRApUjsSqEV-e=K;os;|dY{tOlLhu_G&lSG>ru
zs;xlkkBPKn>BBO<92l0B_!sRM>uyz=a*oX|`GhnQgKcwzvda@mX?Z+9<F8p6D>~oD
z$scmpHjCXyLt(Yx><LAuNwa`3JG&j&f5Ihnxzseog;eI^-{)~6en^tFX!T1b$z3%X
zPZ4mpsw~Wt&Smm(qShjyIV=lh<~P5Bx^csS(owZ8<$`&QDp#Ay=d8(%_WFtDv41X0
zeB7b1QFO8LBBD%LXao=O>Eb*`{vDjHPUnUY`Z5AB#kN`%aO9}Kj6js#{>LYJ6vkg4
zbIbV>0^vjW%K;C8SdVZ5R`})1myiobRC2rGMB^4mX28rQ*8^Tto32<TL!*LCRYpWE
z3AsNBV{e(g(fr~wu-A0#+cp1WKp-|)z;^n*nh^=swV~E9W=QrUxw?WVIic6*UuIbz
z&U6ShF;qTo2TVX+)zK}AKo|p3M3g;3$v_#T0viSN)uGrepr)aPZjIO@y#4a9k)dM|
zi}eDn`0d-bWdwi-`bZAIENj>B-4!v_2=*@#sI_n~CkY(q+BHjUVmKIf2oSr0N)r<k
zP_dWBO4njsCPqMYlA?CI&&b%)7ZP{(3}Wx}cmE~CD)=-zsI`siV^Wio`R<_*F9jPJ
z6coCku7hNI@%(wS&r?$`>L?HhP5XDaOHC1g_Dy*sBs7$SjBE&)N=lou-&>1)E98h(
z$|P2uvMI3qfd#IXnwom$DFVUj&kSo4n39$T44ge!u|Q>h2;3zQ!a&`6hsEiiL*Ujf
zR|M9MrU<%dQdS)eA1v+Z=6qKi_!^*Pji3ltDKhu=APJc3Ig(K?yt=>m?T4OaNne`6
zSYG!Im;Rx8Ud(=%NpmsnPyzkQNWGR4Q2PL}a`BfZXJ%$rN}pNw%$aq{S_kp`G%0b{
zJEp&VZm+)k_jA?r-H#)EUxqMN&D@tM3wJ{qh1LbhlpyDi_`UcE)XK+6Azb9{z0!pX
z1U^bxMFmtNH?ZBb5kekEmVm^BYGtr~CM(+(%E#!TMC<?s7T|JPax#PUB|^d+<rM$0
z>11)O9Uu=MJ$mGBK*eidU;vV=$L^{wFpbKvLt5!Gz*$t*isfN?zke4qb<zq@&IX={
zaW_AKVJmkq#Slu)l2-Q8RJOWf=7ZLFU@cQ*EHrIx*Vfn9!IflYGDM+82k#X5=~F!B
zwy=A@no_yLEU=7>^9kA)%MJ?P2La8*gl15?4GNf4aa>$nkULemKy;BNlgfAV!E8-v
zq~1lyN?v9$RH|d-WMWzZ`;R)$Q_W$&;9&LN`1zUI`x~>M7!}^(qM!f4q+SU#8Mt6)
z8L@4{ag0K48$kDFZZ&e?r<`fk2EnU8N1ON9$qSvEm$wEi9?o$9g!pYi=XP&BwaA2#
z3q;hv0Fi8Mq1$d0_qTuJ)b}}dqLY{52`zXCjXn6<a0JKAeyb#@V6|9hz(bbu9X?C_
zjA8NnD$2@Mx=hXhAaMqPxNh!a;AcF+g$CxQDUvJ+6nrCy_Y%)W?;1Vur-m}Bgeqn{
z&oTfhiGs%}-3iX8e3shP)Nj~7@i-^q*GKm_IFzM7Th|aLv+7o)b3jd#Dcy@jsH>!Q
zCoud4WM<I{_LLfzH9fh@1O(aYc@v-RifffvW!&pe?7MRz8sNFm{!EDfWoL7oQPXLq
z^66z#4<J4lzT1NR-N`ts9gG_yU@TB)e>$?+hFJpg$I`L*1Ad-TQln9@aB3;*Kw3!F
zi?B`I9}$FzDd$@x<OqDek!E#$FDIbqAL>@9=6KHXw_1eKGw|~}%rwKv06cOE^n)gc
z(WaDy#MbJ#cE&R+E3416lA&a7Zf-Hc9?n4XK!3CbfNA9*<`nPOlXpVi^UKSXpqcxe
zY{o%Q%5ZW;aRf%$RAd0R4#qYWeysp}zn~!J>K_I_UgJe}D91xn^viuYr`1>|z==w@
z-{uS@bf3iefCDTa=SU9p!6`Ey@C1|$n<XzNhrFy6pvRC!&SQl$>=`nKSj(%b_5;RT
z1wSNg*}52dilTVHTeQ*X+0yn0g3q5nyUR+YU!A|>y=MTrGfqFc5p%*mHEb>8F3Uzj
zN9{KA`MDA;9UTfx4CgKoz%mkXN&b*f`rF#ba79o-=<nOQPFw(Puz2T!N#(ciomh~?
zB+toHzedVCLvn|d|FTk91Xp_ieM*gdfHR=`T^|C1m`;Y_NB-lRHs!P7Jl3NO%M73X
zX04^lMTPn^FkiZK34Zjz5TC2gA`ay=YXudH2aL?X<_cIce*LlG3vkvvP$n=mn9)T>
zR<^G~z<I??REL>=1a#j>Zp()(N{zUr0Ctj*6Qq|7a8$sbN0m>l>8K|YPe7A^bIU}f
zR!QCn!!wu6oQHO*IPky)5H)lhrDt9~4W`cV;Z9@9ZXHGmM(W#|t1~pXA1tO}^=nwZ
zBTX)rT^)c$XVt43ZY=95$iDO<hQuA`FopOZ{c+-ZrfJn*IrNsGbGFk+`Zdz5Qm!|;
zX-NzThCmOZK0j{L8@ZJdnY9jnHqGIl(0&57Ku}0fSc`&`jceH_cIxX?=MZHm{CZXd
zLRKDpL=~o8)O43yujSUB9Du89XmV1NmDL8K2GaE;oM$lQ<Pk`%Wp3x8XW>wSpxz_Y
zssY(&2iQF5Xw}{7e)`=gwHir$F78$bSrH`HTo+C!YTyGHI5-M{Mgq&Q`h~>%IUtd>
z8UrQ71p-BK@_kC9Kb31W%fHHtkhTr}q!)>(RePOIj@)uo9W#$)k4sjt*kd>ga<M|1
z1KmP0x~lV_DPSN?1APW^cYwb?lYUKAW+tP%EaM;Gvl0xkE_-7(mDb;1o?)6f1UhM}
zPXSXlp^RtJ{`K$ob3}YD8i=x1G&>W;FS~j|aA(Vax4O{SFUX846Lv`ioS|psfzQ=#
zQma+{Uhv8aJ%v*W{E4CT`J01j4`?BE<2`T&pBzq}GS!(;=O{Hm$pB+Qp}!NPfn#tL
z;WOfA^6UkL;~HE50Xdh70Oi9A_0bt^m(|F|NkM#k@sb^Z0DLty0iJ;9yHCQ#z~{)^
zcZrB7PrtT?<0ddv&Q?0_!BL;BTdBtX=GY=<zv&}+A5ge$KB1P|tK%L}4_hCBDqH{_
zB}j0_S`n>~f4TzLYHpE`pzppJOur3w2MZRh;;*7UHRF%hVIOfcc}Bzr;jDT%h4~2B
zT+3nmWlVI~PVH09hHWONrdr&vdL9TK9VTQ^Tn2I<GSxQl*s5PrJ5=w&@l(YM^~+d?
zq~ZmHiu1Q#meOCuw{Hu9)y+CUxdxUn^BVHa8Hra}3QaL}b!}|5*$W0kQ7aSGhhYDi
z1bEd$;GU3FDHp}Vf0+-TMm|(=Wn*_Yj@{r1a9P;b5g96J7Tz5hb}o=IAe{;S{doh>
zKP)Wdb8*>>YXM4K;A90;x%E*DsA<4`@X*rIF6*k76RPo#kk*x6K}-de&Eg|YB6L;L
z6(5)TraTAlKNj*gC=;tyoAN1-fXV&VOFh3|c94}VUGDE>9m<51$pg?Q45~XMHwU;B
zNQ0#$l0MKU$C&H3#>fEe(XXNa)vkT@mGbX!iHz^iFperr9(aIB9b7rgx+744fZ9er
zTDAp;b<{?*tgwsDm8VitIA_|N`q?Da`P|A?WjYLNP670oqlwTD($mvhCM6~&!XcX@
z$vw_TFDj$tMia{&=P#i0m(T8ir3EZ0&udT5l?kA4y?^_**mhFSplLNeTP<faT`39R
zmW^;5T=hu4fp{wA2UZF@5(}NAx39%_SI2?jnu9aekwkuh;MR-!yV}oiI%uG<XNqAz
zY%qyQ%&h?cr(ph5+#bqA)&uN;uCzHZaalQnJiE}Z8gSCR-0m|k&xUt_dqe75FL+Zy
zCS%dX&5l6t7|PDzt3;hbF#lPKx<Dib2nEf-WPT$fqdOiekB0gsHQyfRXS-d!&G!kj
z**t-C{*0l3UKi)HH8xHrOh1BCgma2Ib!&xkGp1#N-2%?EHA7s$#`-!Rw9YVtM0hu0
z!2IMaIRq{Nlf>oVaa4Q<zx^Kxu(Vl6sAaA!K(yP*^r0z@rSg#3CMLJ2rnGu~XB$oW
z@j%!BVo6uc=!FRq>)Tu4O^H5#n`$Um=?M-me0@R3tj18N>vOyfpIY>d+tk6KFgUm?
z%wGx2hD?2RL29Gfnw&$oQZh}d31wt;P4ZhG?3{&m5g;=&9dYaVr$M(fYFiaR@(k-@
zAYb3uDCCk}`~hPmp%=jU-_HHlPWj>CyI-k%3he`EQdIDn&QNuotx`);us!#~!oymO
zO`AY@+Ja-kpjp^1f#(dGEa-7ExrHOqj^rn7gC6cC;}ZdDjove*_OA<XW?=*sE?uze
zSZqc%JFIFIGLprxEN?wms(bI?qI+NES3YsB>PO{E4mrwKEB!XFWjoyRID@d0f<pQI
zl!5os<;(j}WYxg-0dN!A0b!3F@P7YnXc*Z<g<fcn<}Y$tn}80U1?FN<cyJ(CK+ynU
z1!o#J2cpVL>|n^|vtsM#&5Pd5mtlZslRnP#3jox&U>j6{v^iE{9VMe^4oJ(L_wcSz
z7$e^K^LzXI=9*E74V=O~zhHRha<E1E=!FXx4h|2;+A}R6PQ!9ipieRXl4;<Wc^1x{
zOGOq!2jzU-e>3mu3?K`>-J2u7qw8a@4>2V8kkX;21UVPhCt<LGv#52b;^D$E`6CP1
z!kawSr0y}>gYq7GFKpf*JB`>72pedR5qqMoXF!<H0>lloJE*fVln}cmkTl^CEMb)2
zh0rTl$biHP05>_b{=h~)nlGUgCsIk&*&v^_#eZzb{nb-gzSNxo!WMWvK$|sEzw8B$
znS(3|`PpLYF*VCB?@J2EB=~=(8BlC_>=uXgea0anfb^fKwlg#Rce-g8JI2e!rK(~z
z2M1+@Xv00BLtV|J*4FX_<XJLEEY#v5k&&$`-mfg5JO+=9l9U-VP9)kSH@93sHB?ek
z+9`IR`btQ_)hw+9M;?q(&jG-*$SknOiTZeh99UmhXLWx%g*=)v6f%u~zP`SPSwE?t
zl2+v)&RZWAk7<YToN#dE?9WAE;#+$r!Ht2UB48l;;g6fkgmSb#ly=($n0;V-Z2*=*
zq=0|n=B-;AP%44YW@BTcV<KbKQIwem?Mf&Cx@w>vA+09~C+z||2c~ifNS@qj9R4tF
z)702l1M*#~Fqb2Bg=mE{_5jRUmVx0ZB+YxDbr^vI5ze{C7=^Nq{s4)N`A*T{11N^n
z?hALV!H`Zx1>v~@cCu{kQu&M*APcC*a~27Iw}i?NEWD!uAUKRHN2A~ms7O^XHUd`a
z<on&*og4`D5JF*2<K|C3N7Hw<mj+bK4uFb*oiI`O0&p%1;0R1FSbxf13F!T?3Vp3u
zDYR8*$%&{Y!F&_+7ncx~{zT||e}k$7Ng;LllX@tuiFWFbH*B0wGk{)m(F2dKb;MxG
ztrV;U=xKUvTE)*kH;s)6_9<r){eWRuXr!i2o4mC_4d04|FS0f%3IZ_B3<9DmpnQPG
zGKoUM!Z&W*0G9hUHFa!kEcLZ(I1jJ~I&{My^brV8oD9<X85fW~VYURf*r%Xrv4Jmc
z<7=g8n3|mpTs~keXJraHbI5hwTUPHWoYK#N&Y@hf4P<jhX6A2*JbkxWQabtY8Qgql
znDQtmh<%W28F>Rfe88DQa9+H|IPZf+Xod!bWc&?{jF9o+1F>#@{OBRwyP5FY<t$ti
z0i;oTvdvbVf3N4sTiuY2ZgHY82BjwnD@20mhn;9}UMl?o#HAjp$dAtlB8F0S->bY0
zQeIUPW#upa$OXqhp@=(4s!!k;f{`0Ckd}|nDNHv&U;R8*Xyih2sVr5|)$F9^r}<}L
z?UZjhpFwCSbHS=XA$#igiIB7a)fSE$Wr7}2hImEZ7YY_G(SEs|@*HG6<+=EM>+=^`
zQpj2{#o2nyr29}`R83xeJfv|zl2g7&#5p=d{g`zZ`!hm>LwV`x(hUJ+gZ<YW3QaiD
zIazB&?AGY{6un5PF;uDFVgsb*Uyw1ZQ%y>IhagXyX==B|w$;ESNUY{n9cE_(S+E%C
zy3NP@SY_$GE`VO>hTUFpx+<%3zvr`vN&Bq;Vtfz@A`{J~Zg01=w2W6csr)K>WuE)u
zW3Ld?W6L}(OlDos39^0b@85!+)-B$L4<A~p^Wnlr{hyR=)b+;;I6fFtOnwM+94*AR
zU~*7tv>T{XIQ<~n{v;>X@auz}J_d}Y1Es9>X{fG-Rtm{8HW=HD*O`R_S9)K9(RV^w
z$&Z{%VJ89`4da-QfFMQF%SU$~9cY7303zCy;u~$0A-5@T465_Kcf5xuC-v7-jk|>o
zD2a(TW<nI?qj+)v<c=zL=wzxgb{v7(%uI6Bvm@yXrocU?>Y3Xp^!v7Dzu!k6?OdJe
ziWf&pt%5<->HZRiY8zh!*z#zwtpJ$E3b_bD3zPU0rw~Fp5>WaB#X~;ymWbybsGjP@
zW<A+m`!z?mQr4Bhasq-n&YIwSIa#s?S`G`!O7tQzC8bACb2v2CW5ZVvFDV&sQBig1
zAx`G{D+uxNTU+Q3)ai}*-8N>p&F#kee1MFlCMO3_)d`eZTaZjBgAyb*++6A2p0U^W
z5M`<qd^q1@#pWTp>v>h_Kx5-ZFI7@M&Xro82nz|Rrpl;IBr-B(0wUd6K1f+gk^}@y
zdgF#smo=kiVe-wEt-jqmH?snJwQ=$suxTg9hnTVxaHVy^4uF?DcM0WQQ9d^bzzG^i
zumD<@>M~4P4(I;{_p|96VaKYeB^b<Aw6n`Une%PEZ(8=?T;W1IwW#+IEaLVPUt>u1
z^Bqz1^YdwMRGVsoT5+0#7~}h~m{|Ug1i35UyGZCren#?GgSA$Y{=>2KBN-+2JYL(0
zY<%G6nOMyo>+0%ovIUS(x)vGH7qf(Z>P;yJ(s}uuJ$rVT6aho1Kw{SbiLG@yN-A?N
zrdT2m8Mn2yB}<2h{K0xyO1||(Wd%HFg5}RHjBy=fl)_KhBZ_`YB2$G~n3qi>LJTpI
zGTzZF%HPry;%fRG-{ly!Ihj-s&aD^mEOfVkILv9%&Y)eAEj%+8bdc@E>UN2*+@Ba2
zDRa$^sn8@dqg~}=gJVbH?2VfquL5|&;fg*@vNLcXj!qfwH1E@pG&bfpdsCwr(>P}`
zXR=3>Cj2`FGP{hYq7XCM{`@18M_+;V^F=tN7=~_3&nBGkUsiJqz@b>Y#{ci_1ZMPi
zZrNTGJdZ%!f;<f*FB_$1<8bZD4Fp2*<)eRolT%z=4B3_2to!>@)7^~?{7aXb53bn*
zqs%LTyK{k<2=uA@z}11}m7mD`&u2#<mH)Ya!6%=;Q~bc?Dt-K)yBXlfdRYJelUq07
zn196d@89-dga<ytG!n=^n16K7aZ!j9$r&m9cFKgCXt!_zHr=vt=?eK?9em^zMIzi)
zf;HpCkJr@XE0h1`og=sOb@24`^q@5WA{{C&KwPI(GDwxrKGOnJ90h(ET4-6Ifm38i
z<!}?ilJm6`X{-tgUijwb=3pI!Nmq5#6o5eMopwN6VlR5}@`=F*+7aRe1+oORZbqdZ
z4pcWarKO~}xw@V|e;(S))}|(UZtm@kJi-F+L`#Q2X*EfIl5cQ4A=PR?0VdOPeH>-(
z#r2M(3dWaVHX|@FP}u7L?drM*U;%&~ID*5RPDH2QbO-h7IplumsRj24Fuya<hF-XO
zdl+Wh2bP#tXxZ5Epc`e=t=Iw_3d(DiPWi@wCO}~bNT?}dCO~AsM}wv?j-v{p52xaH
z`0394`pp|~BMw0O4fII|FhJbg+_tl@G|fXpyZ}b&KrPeR#3H?Lhr*!lEv}K%tFG`q
zK7jd*eCxu}(p_9H?!L7ECEc<VhJVew%nnlKYF~qX@Ir7NxaW7A8gW6HTVRV^O8UF8
zA@l4Rn2)@mnCI2eJ<0rD<+dpT6NcEgP!~c$V1O&O#;xhM%^eU0YPScqamx}MT<QlR
z0vqH?2Zs$%(`#VP0Q3rjndZ+>V}u;%p4+tTLjMTHJ1~kA0KM@*F7gO0l+R^lD@&q0
zA&h`j>CaNPg?<I9Ab|9e<@fkEAEsAy#0aXh0pdXpfI^*`ntA}83mYotv{g9_>`Z$D
z>iUvWQo-b$IGxj3vK_i$X7ya13beT#a5mmzV&9RKt<u`M#b!!(?%Z*Qgn+Q?z<q<$
zrqxw9&~0n?{#*eBjaq|d!ves-Hx3jyTx$T;K+o0C*mweCY~Uk_;&(IwNyyP-GB7R8
z6g;3nbptN8Vvn?}8Q}T31_Qy7ytaD4Isu`nbthyg9EgxlpX@;Bg4%NR7P}Z5R~nC|
z2jlXQx*B}ld$hF0A>vP-bjFFUZ6ze9rGW;&UeqNrR_);eV14_u?(B6>xY(CRFaPP5
z;AlWc0?wfdJrXuOPcUHueK@cTGR}xyGpIMWA&<Yty8@)B28`rn>t2R&5!_t~HpS9`
zAS%-nHRN^l%gcj%M?^+MMCgqn9z}BYy$RXMm8o3NW@=JPz%L88?Mf_^r>zb%e;k&|
z0VBV^l3b7q$CgP~mM1|z#|>)+K-scj3{wF(u(#*BT+l1u-7f#?+gw-i4OL-Mn}K{M
zRK<s<wj&QTc;!;5P=|_HeKN?4c?8Z`LnD(Ivz|l<Z9q$zRm<BPCE55xOsd%((H-*L
z(Fa2!lh5y{T^-r$#^X3>&~b6)iF>#CSCb0H<FO&xlBi>4xcAIIOQEe|2*U<JfCLua
zeOUqrLK0v|KR-XnADu$bsonu|HqMTSUWj+&Kur(gL3xjb?f~vskO`C@gw|C8f__W7
zO?PHi)>Sx=KydcgIv)qjJqJR)LJxq{F(!JFy15!Oh~oh*uzDB;w>mqVBqt|-{d!A|
zG4==R3r4sFL~HQJkNr%bR#|`wlA%nuER)Xx>CX$ipkXjbm{wt40+-|A;ZbVV^JMdm
zu)As)-04G64kXRQL@q}wtL$xevm3>Z(V3ZQxto^tF_Bpm07$_J4wQCWsw!AMpalYY
zvs1piLiGkq4X{oN3ua-82~XZZfg8z}h<t1*<S_F=Euo{BaEMwZthcwfxBw_ySp@~4
zh@*HU0-(DP^k}T;Rb7FUq`LX((>3f{cvEwy9qIDb^DLAU6q&&<W?REx!LD4nQn^|I
zW=<CMYJROs5&PxHp7$Cq&tW5ODviSpFjT+6D1eu6^n9whzlq{8GPRWvfCIJ*T6G)T
zV3N70B`I#Yd)@zIJ0XNFuG`A%PS}Ja%2=w7Gq<h5uq?xJC))fYq0ukc763BOtN9_c
zrGjp|!AL5QhM}*<zH@<1WgKQNyE9biJM!9(U<3|lv&+lNOG`^@-G?zANcHKrMIJu1
zg5w4JyEAL6A_|zFa@W6x9YSCi0v1ouh&?MB8h$UZEJd0E6#~Cj`t2?Z4lhs=u)_uQ
z)R|Po#J#}z;KmQwtlq<c+FtCN2i6>v0v{kIRUgSQs$~yD4z%Km15d?6K0epRkK`aP
zc>~XolL=WH1V)%Rg53yH835b?;uPN|%<^bw<xlwHCRPW!k23R}U#9|?HiZ^>^s+Ny
z8#J-|lcy)U@NZ9U$q&EcBzXNcpm`u1cYqRwc}qw*g0AcF&KcV$1k^$rZ4kRlxT$Rz
zt%8=<l#&C?fml1a(&N0d;L9Bc7h1;ou%yTc7VQ!sM@N;zl8~mOm*ER}&3!Y)4J8XK
z<UlK41&*~$>8pomD?3Z%6o}PIbeNlAChC*Mo0?`BKpKp(_rf;C@!2PCwq$;R43C==
z-x>t<S(O}n2aAO}NUZ!SSCKT=v^If!xi#A#kq_>Ttwq>w9M1BwlnDdP5DakU<z7(D
zLS-xUNQ_F4_*V2gLSkcWPQkTf25!XGfiMTS|B5tjl@EXchklZukud`j_RjEw%2-L2
z;_SJ<+uOoWIKZj9>?J-(j&7oId8k*V;fOQ$Lv}t57>$hu#UU~``V@D6m*4Lx!7~>P
zUP<s%34q!ThALp~+zVh_31|=a`xxeLn80AIQdlwzn+)S~qOR*NTwTkGCa%;nuOHq>
zT~Ve&erF|7rqj(@5~%G<*#@s<4LE~GLo!W)>HrG>P*%`nq#Un<e~yrxLqc2FsF7em
z6x@=)B3b$c1Ox;Ij>FumIFT?HAO-7C-HI<Kf=G?iQRI`z$&7^MQH(5b%c?bM$@`ck
zus}cs2R5w=xE~<Iz2G(i(F)zUK0Oo|BV-)t1m+PIoXD;w@UR1?+P!pQr$e118HOVa
zLD90tS|d+@;8ASJl-`Mxw6n7V3T2yc1VS1dH@j<-dB^comg+=an;pDb7@1Y@Y6E?Q
zo6H5j>e6^CIUMR@NjMNA#pWt+E)cecv&jB)127!tR5}On4s;Aq%x7m>L%^B7pz|=P
z6lxwwX}r~Tx)SARfC<o|!L3o;s$t@D1`71+*RNyUmongfDKKe=BSk=wYpvGzz~Tn^
zp?+pb1yjrPgSL<R3YqPY531JduD~5@n92ch<#x3L7i0<Zyf;Unordd$wE_?nwnWCL
zYz&DFD&zmd-h2P`*#BYUq@~i*UK%9rLQ>jOLZzjWwiGQD4bt8znnFuxFHJ-{l{BQJ
zw5f<hXy86h*X8<rzdzmo!0qw)%!|C==lOa)$8j9b<N4()WE&NCF@$CO2;m%4MTb5S
zPBIepKWv}`$LUi9Jsj}!{Yl^VIN=yGxj#C14CQH3DWZdsA1YEzKq3i2$NDnM>dZpE
z6GW`{)eHv!2;FxYnE&~G?0kN{S8cZ|1lRs&=ZM-fQHU5!e;v^>?3%BP>}?cu;?7rK
zEvFx$VgUMhJt`_L?iYT`sjgIpZQFk1uI_UgG2ObirL)r+6S0VOFOOj0(E<;_NCY-I
z5Byub7FG+2`nw8DN~+%9{Rsbvg<>Ed1h@q0DKrLsioK^M4m>JAxJSp`w-dQU;-bOu
zQv{+9;Q5ymPX9u@7Fna^e*diZ<3M=vs-vw|3|p4mz3%-hqUc1u@Y+8Om8oqjP&{08
zWbI@|bUrFCxuh{r)CdNS4ftjR*YOtd5S}6VrefI_vyVQ;-5Ok9am0<r9PEZ-g$LWU
zpb|_hmKR7D>W_<w`7rvRT5vcK#l|q1fX*=CYoLJ(zk=r`@{C8;Z5+oxF$#*3ZaEda
zbg%Iz8+S~UJY0&xE2DzSp}IG2Sq|nTt+P*G1ZTG3*}AVSREs<voJ1af1hM<s%w&Qk
zfz}1t1oM0q^1j3?Mfnb>p&q}1U<i*Kp@n-D^t5|EBR!bbxJ@7qnmqFL5;-32*o`QF
zQ6}-ddk4b2y=7kBbIEsldUeOm-q1%6ABr0pwILi=YM%Yq-oiEbEg|g(`krrxCgaRk
z`-NnLVyBW}tEbl|(oWsN(AGd44UUYA?iD1V6IX1jMU%wLU*0NCniG^=yA14}n}H#V
z%oW5oaUQ)C&%KS2aa;fK8Bp#ha9BmbM?FU>H2V7cQK_v%u={#h3zg7C1Xrjt3dz7=
z-}?Ez`J-q$Cb$*#-VJlTf6+g7!=DBCVGU~R$_MwA0)9+TTr4M(Cg0F!qCK`{APYBX
z_}kFX5NeX2&glW-!QN9SW{iH1C|VNPm%yq{UXwocU{>w4x090-1n=jRqEWj79_!CK
z#%n8iQ<Yt`2`bB*9)1A*a3ao()(zBpszw_YnJp6zQG+EWWiNZjJtKy;MvD(9Wmf}D
zTSQ2_CF^d3OF-P0;#}1Cv!ghV7~I}fa3wD84YZ&-#hCmH4{rl)H(6+wgkotHF$r}I
zu%okg3+~~-q2_>JQ%AjDXQhkG`m@}8GrU4TU}uL)RVq&BVlLvKwsz?e{((}UqGZy=
ztL_dj#}FxpQrplU47(0Ls)~Z71#mj2($JhkdAL!nWkcdzusQAu`lb5;t1yqD>zun_
zFo7|!Ud70$sJ<ija8oN1Ury2_7ak?(-~2G|%2BnHEd#%i8m=q&RS829s{BBv?G}eO
z7(~2)d`(<%V!YL+h3Z*F!0$^7*_cL!8A=jpyBXwSC`*ol&?1JTKx|u@6O%oUa`$6?
zWqD@Wdf}fJvEkRrrEQFi2Kk10P=X><+M&miDUV!M$4I*~CPQ9c%(?H66N))MVWhXW
zWi3EvZj)Lb`-s_#2N$32dc|`**HB4Ou^!oWe@P#1Zqjpb`%48S^#p~2;|i2%6`(uR
zufhY5r{d%d3%5k%T*crnFm`W1Ob?Q+1~=y3xq}IUu}U59{ZE-k{D!@a1o-$=mcdBp
zE6jHI3|0!<LDLPm>^H(Qj&;$`!WHzn@TZ_>Wj%FN>U`0uZrIA`aT>vh2_dGo_((b)
zguTcy`35hBL8+@}j-0w{U%~Gu^9onY=rsiKipwvK{nOohbDGd9Q5Ovl4t_@oS50w7
z3=J_1-}+O8p$Ymz=w5`6%j=OTt}ixWQ050fI)H1{Rt+Qz3e4aKmN9$-^5Az*SDJVc
zWKmDXD2PP$dq}n!bUM<9hOh7H`pOqThPDT5a>o#BEB0f2@b2MshtZ9w+PqhHow+v(
z?I)P7I`5PrN(mI#zJomTiC=^P3J{(zh`UkI(QA;kfG#c=MCX75nKf_wym+b0ZT0JE
zqqnV`u3erx;}kYOK${&f&n;(c<QH~c#w2b??GAeWdykP<2#Lk<^681D@PO61ot#?x
zpELLTsup`z=e;KSp}&^j-06fcC;|e#2apH_!PJ2#is2cdUMrPA0#UVqS3(j1Uf;XZ
z52fq)_&7TJ<EPCYq9lN3rv)Oc3P`wd0|^8?7b*Ps<4YHvoaS+D7dD^7sr$i6U@gD2
zPJ2T#LimDY9Psgg2L&p`b&Sm?+_-VZHfPATcGIR!DWb=vF+cX;z+KdlW;!eW7+czN
zR7Xb#SIJP@#wPn(lSoswij!ebl*dBVkEQ~BqR)tecv~dnB&OE;*3ez~`uKQ#dNW!a
zR7M?*A^`L`8lzi2Z`nCd&jj!(+Me*P=*#_RQpbN^(?~#8_6NQ<3g;+@-j;9d_4V_6
zU3E_pjp_*6UtBE076T(Luf{tlXt~&A-K^~FrZuRaKed<lX72`hf}?MMSbuk?hO@=v
zOOKZKVH#j&srrTZyw6;23dCvju##zEJ^62|{PJ2-!E=82>w)D)Dn^J}!+2H=*pB!7
zAhL?jy-rE;K_UI>$x{M<-!}pKg&{PGpw=;lUtm+K4Kvj7PkHnYHf)GFL2vzCcUR6O
z)Z&B{6PNt>Z`)4_Pjd3BzW=t<aS*(AOV@WNAE~M<Kd(k!pW(x(Af`Fth#*!CQbVRQ
zyxI~5x5*hub91ymi5c=e`fk_v{<qh+=PTVx_H2tbj2D!iUwpeCwiOu9_{P_5c0S|L
z*)uPk_9`an%z&{1YLa;KW~?sfRWwaDM%pRjCoC*1dYtiM!CkSiuxMAbkYpe{Q7YH|
zBHQ-U=e48y+mb$g`)4FNA3l6QI^L0_lkg3k#2_0#FK;F=e49fY`Ue@JBf)2VMhcJi
z5}J*OhL#h$)3T;cwJkUA$v>gNw7wURC?l#+)elZFHQfIo;5HQ5NIpM4&dd<qOVmyG
zo`@3q;&ql(MV-ZN0}2vzA5YH^88pBaqA)t-<7;^NlI2=x&j}n=P{TdJnR_v-98j*i
zSw>z~)*sah0RBL0Hg}YjsVdDY^>0aR5H2+{7iBThWP$-Gdcs>`aTizHZ9wh_q2?Aj
zqfJe=Xedx7i2O>Y@KcMWSEb|&IY8nTO3N3rzKx8G3`JF3M1*Oz3-{G|WCoYlRYjQI
z{P^+X@#Du+Bu=tOQ1I;xz|TjKx_A0@_9Q(BKd?so&%MR#CuhZIE9PlcXdfdMpf@5Q
zFO<rR%iQ{W<@fK0Gy;_=Iq~3SOAFZ`I?S?)iUNxlmzNM5ijG$ZDkyM=@r8p0evqD?
ze(4$qC8#l)O`+l8gnsGA2Mh-5<RX$XK768F+VT4JnsqpB7$2{jjG*9K!UhnX5!lvU
zDV=~79)ad4FE7UxMU&b#Hnz?EasmojD40^Tw=d#Fo^U&yrDxc)tBOlC9tc=kLc+!r
zI4eRTZK6^L8wki-P=$4%Zi9wR7L=y$#yd1Qg=Uph->jPTb2L?6|IRNBeb<bN70I1V
zNKS4Q*`@JD9GetLa;h}z>c0Hps<Y9TpPWyPr6;4HAZ%R%#2*+6YY^ZjV6^BSAi{yI
z_(VYeK3#|cXm|GPSs#!6d?9!#)N=Uuu4bNnAT{&S(_cfj-QU+2H%~87m6)8&pQAai
z2zD5#PJ}?gSN2~Jtifgqo^%1A*?|;`B<V~qWUs;kE*bYgZvXzseJ(K4MDimZ45A=P
zKGmWJ57vPEWR`XW#bsoi1b7S=n0tCc@lD^~4?ZuI+!(5;s0jJ%G9E4}wlbs^Q(B{y
zm6g!Y(Al8%-^e(u>A#dYISLA$GxfQ`&ej-}&XNc}E;CZG9NN754N6Q1G%)GWC=f!O
z5O`TLhoSR20NdYaioc*3K>PLvVX>&F2+DK!Lo{}>R5a+iIxzy<6R`m&Pi*JTcerGq
z(B<1}@uHOdWK|EXi6<}$5MfVeJhFQF`aIwy0!c0-iH)_j{t5aRio4~V(3qm^A$olb
zQB6%w0%Qzh4?u`JoJK80s)#56CLbrspwev1CtUN;aP`Fb9+BO<&*7RtdWt8gRY<Sa
zO!}OL6xkf4A8Gv=4crv^C0PN&EFwplQa{hoAn$&1qG5A+3df!eS+n<=`uZ4s<PDsg
z+d4WrnwoN;r3O9NizK6=>S9V8|I|*q8x;nQC6Z<@HM=6C>-I%ROS5uva_UWk%~9iO
z)ZI!>7EI~P8W|gVjQ*ajxPysX`sK@)2wml6Ww1=8)-2Jp4BUZi-6ZCzRV5MA5JAlA
zg1AJtXKrXnde>?Q_x6R87lOvb&8(mCkKHCz;TfBrZVt2!gU-ziX1M2o-uLX=2ZI5E
zNBnvsKe25TBJa<W%#&f35rkU;EH#KbjGr|!VzG1QT@<ZT#l{7Pb#zooIrg~_?uK@!
zPUT1;E<$lLc~e0DooW|w+VK?CtjlYQl&yE~+%a}j|KJnz0LMsg$2VaB?5_QHwgf4`
zh~j?4P0xIqpwHum@1%o*Bh{vXIK&=&=su;1nxZG})RP|;>tg}IxdsPJkXIW+hKGkQ
zEjCc_Uv&uh)Hhmt?v(llF*fSq9+RA2LQ?=v7OZLAyUp*tI6mJxA?9;eH*xPu5GUW2
z{Xggq&$QeQp*OhpI0ZT<b~06-bMbQgv4tMzuLf+}-Ul`$ELz=(YTfag_I7r5cHl{+
zR7z78Cr%`!rO&<joY$w?p2O<l>e=g5S@R7Fsj@N^Vbd&S-fZrzTQ{9b(#b`z(#e&c
z+$$Y$@u2EsvZG{~Tgjn96x_Z&F)0aN__YrnL}$lLd{b~3aBa1iIdO5U<57MhtHbTw
z+y)x|<*#4wS5ySwu3z1-(Gy)$;HRppDsgdf8@{76`sxRTcJJOA7_@dlXD>(WuV<AV
zYSH{=mX<tW-5ni`cGew|H>^oxNE<G=<zEZ@H92YX^Wb7Ohkb`d>Ks)bN*TYIBonIz
zOu{9L9yhQKO|+o!RiWe2=&G-%*v(IVlWuvae0W1+DEpqDhBe_jakMO+ls;VnqLHx^
zY*haQAr?<3KNYPEqYgW1eRcY_6Qlhy?&V3pXg<xqiI&pu(yLbu&DCMIE=_YOu+rZo
zt$)y~`eXG8-T^+r`{mA!M<^rYDEF}S-pL?QyAmVMPhxIQ$}^O+w&3V5KJBspSIY$Q
z*w{#^^`>St#jnua3t!<I^t*lK)WQnIlHTvRvP?C~JR_xK(;mK%7cw>BNK<T68<SPX
z_hsxl6_PIGAmkbqGok<Ld+zNz^Y5?4Ywof$lg2m}cu>X2+Z-sRd)xcddyh1$LEcwz
z<(oHe#xq$1-0<w#Ge}lOP}$6T%hr!+g*sAq7BU}byGG>0E3%@q#DD%4rV6z|K!Dbg
zUA$TK7Rt!}*48^6GyA7EvegTgmlb&ENSGX=PWJi}8QL3z@agE6Tyu;I7CwA16i(92
zfhmqIKszUIiAAlL=EBKsbUR%ir>^{}D3+-9wo?A{=d}O*b0r3PdW)b>l%N+i$b0en
z_3Q5L;zoz3)7$t{uBYeSHpxCmA@=COFT-K2izBaB^VnJb<Zhc%JR&6T0vxtiuU|Xw
z;jmz3Wj%McyGd1CN@U;Kvc=m8&S9yWdp<3DdQ~Uw7ADe*kKOo#8T^;_$A`fQX2tp4
za?$+7@YcaW=b(!FtLn#s_tP)hPE1TUG8TvM6TeS@<WEMT^tm7KAvJwhZtrQ0tuHma
zZup%WOcD(vek9+OMpv$|%YXixqV&1lq0=93-nc~l%m32TQ4x3l{y(LL*ZSZVHGFN7
z+7}i!-IDYMBJtY4<a&N?T;o^?Kl6F8RZi)qj=ZPBTC8~Yr*CdvhKJbC65sNL25|u5
zAIIx-8Js&*@ujn?>-Y=4+i#`z?W>m9b)oe75lj8Fw1j}RfU|`H&%}j(`fH86teERx
ztE0QrsNb=pllX*r=l&M~IyyVKxws%!aSE1#O%8&<?<IzAk31iL<AaZrb}>Y@IIIV}
z-<<beyX%>*XjgLLRKPQm7txlVFO}ai@-o;j*L8eh$Mol4Wp;Rewzf@r^r}vD7Fl=`
zKa#$g9BzB2X=Y*AjRR3h@`WN`M)<h7ft7zk_wTh7R|jJ=m*V&r{X%Dq)>Dq+%f-u)
z6A#zM*ueOs)vlE}ufw~p#0%c`=1tJ%;^y8~c&C3k{k2xHL)xyGZ(`!RMRvbuJEP!y
zSu2ItnfwOvyuFBf%Qr32(eZoufL80pJ(PLe+S}^_uF!qG+OHs&l$_3-yyBa$IJ+S8
z@KH{TU)EOqq1!Hh&fU6FN9VH+L`A1grS``ig}<k4sDY9u<`>#e`PLkno0xPGIF-5?
z2ixGhwMzJ(*Sj&)-ofC@@B8Oh$B$Rvxh32h{O40}6Q2SXK>N#}zOjALd-H%7gO84G
zHUH-yUm^eJR!uYHekfV+u(-+m>AN@QK<~jF@5GN2ugAyJ>ffKwRkz?FDw-?sfcX38
z-#a$M6F+~NA()JtI1C32rdd<cm{XQr-Y@DaeXqLYME=hK-2U(1kdR%QGV|le^}*r&
z(oBDTbjaV2&UDCf*@6Dg$82vJ-AH^d;z!b}&a?gVhyVHCFQka`_U}KU%(MOHj{Wn$
z4ch+woPYlL?YM?N*Z!ZMqRsv9XZ-V9|9!Fl{3E<3ntvY9|N9GZ7ymDhv^&_=#l_`<
zSdtF=HQ^jPwtE2qUjw8i_B#Gk9^>8Egj^S$jj-d?-ac?W(7ct*iPw%X(yR!{^W~|v
zQa!<INr{O<OjL>nzSADHkRs^h3PV`Hu!-k_rSMUyzc1IIAbwzc$ll&wyGo<m;>1&O
zlF4ibR$sQ4lql1nC%g+G!rIyzrb^zIO3KR<csSrk@G`SVs#Mg}+w!;Y8%J24y;Mqn
zk8tVR@39>`8^$EjocY|dZm0+><rQ3=WT3fF>XUb%h0ag)?~#jN%Wb8SLlcVX=_VXO
zjSJ4cdANc)j+%;!hAciKhl~V1!FPcR!iwa^jT>K=Z*oMZ=qAU<O9G-p%L!JZ!;^RA
zBxIZx;#%N%xsi2vuHLkn(FTHa>5?LeY5F$NP*rz8%DN|gd{*Fu5hA2;yPWc?xtSTi
zbXr=PjY5i}iEt8~j6~Ai)PF7)ad0bRIYeet)6-d*m~O~<3Gdy@yzBf7vmCv0@g+2y
zn3Q}`a`NQk<h!kb?2@Lr2D_N3OihiA-(tdYdYV)V1+$gC{c`-vZtdK@n3x#!U^n-l
zyMw-iuze0?G(EfNT$E5`<!-u9MIzMH(f>Hc%VS&zxQvR5iiU=UqlB2)#c`iJ$(Hrq
zDu1pg;#HOYwGs=yv&O<n+Uc>PGAf!|*!^GTkLuFI?h+Dm9IZo1T!1PPU8ifUg{6hX
zy51cfL7=8)U^6r|!%+Vg4V$zlDl2SXT>OB(1M~++Y-{QKce;0>58nNE*Ppe|XZLDX
zwLCadBP1dsA||FGc+zJ_Xcn7Y{PXmBO*Q_6_8E`Qzm7!G3S7)u2i`pggx|P8Oi1XS
z+iH?KXUOFmYRTfzP%=dk$|lD9P1`HYV);ZpDN72zj;d=l-+7@LnN}<tRMH~%abK8C
zw6peg_7DDs+^Pmjp7yLXTbk}#g#R#WkhvdSo~fEeZylI=VS9c$>!ZAEA&1opYe(<7
zvBfL@K9Z35fQ&km9)_7ns3*V|znz|T+`|Fk#=d>~ria2xcvWa>_ci0lUQ17ZKR3tD
z#Dr{>mXQ(gJjKya*vQ&?0umT3MEG0@ypT=xYf*W;zJ&#iE!r1ej6mcJ1{~#7CuZor
zwq&9rt?|P27p5_Ajlf+A<E@iO6&a@|CzBuaY#x00@W8!LNmXlCR|y@O?=ulS*V589
z8!<*UKYe;I&(N~YbC;YP$JFZTYI1V&bsjZ+w}ZO6F;P)LGM;V9Mz>hwRIHgtYA^lt
z1<`L-gkd?wJtp_~**P5S?a9{AqBvPwZ+s0(aXe9I8n|pW!_`SLh3047-LzK%D=YW<
zGBY#dr&vVCEix^!HKKSz&u?tB|FLh6l)OBrLt9Hr!*N;4iY%5#rZ4|q{>Gp<srX0G
zI1!W|h(2oZ_yU1SZ+CadYx}VR0vFl^2E8U(dJr@CgLXj}5HUF4+lMhb0FjDcx^`>-
zC@7eV@Mwb2nLv*5tnnNYp6)}JN{rls?phb5)vZIjiZ-ynzaKj0B&ax}Ebk0uexg1J
z7Jf4;a53M{lN!56Z`A`6N!#me4D|N4!5jwuv)Gd}Q_PCsAM_j~A^1`-GU$M(=jY8P
zE@u1585kIl1Y#k9%ScV{)2F8)mLfdz(Lf`5S)y~t>|x#g`!AZ=8VxBkB?>Vq)_nU3
zPXsdyOVqWyG(|y+5Uun1|6KLbFYq{b?)}(frD>E!&EJ|DB~zzAe0T_!2P^`70Hp;4
zHk~W#b;Q`;7HU2s2*G+1a8{abSSk}UGhdivcm;u*!t_T$)<sq#d#T)cP&|aTx`$hZ
zp7SSkzIGV0ChUB?UNbhFIpBdPf^Lu8PEufY08>Eqasb?%R<dmWCSB8>JgIm;0TTeR
z(jFe>=C9Gi^XJ9EH#s&|qcP+9^*a9*5B(iDM3~+E0Fcvt;q6;NClPo>*1JtK5;I?o
z)DjUST1h@@_@e|${^7$Jnp3W>S0JSD{Q46bE>MFN_>(3dLscN>NO<@D<X-7f@?O>q
z$MBP8MK3!$ar?KNr{g)0nvhV2qiJGdqOWq9QU72<=Zv1nwWs;7Pt4wmi(!*$)cx+l
z#58H_=s1g`!7KQtIA{s5;;|3mI~=u4A%8eO+fd`}?G3#OCLTc5x0p2PHHAVlg&-ud
zb0<O4ynfAD-`3nrj5i=S5r!-U1N>n>n#KIPQ>CT=fpm9wH(ti|yRZBl1U{{NZ-g`H
z?V1`>e`Zd}=oS^`w;JacAMNK!g2T&}O{e#8q=x^nv$yAlcpt4#gegImP;6BLANd`4
zZTqulq0bhnA6dy*D0<BsDl034)^%DTANc=0|Ki`6cmpm}URn7Q4!H1!Y3b`TC^Gg#
zAiy}}(Nswl@s#MTaS*-r!+UG!)vHIK<^lMXS5?&mn1}TXagzbK$H&J5XW9IeYE|N7
zJrr(TxF&vnYq&NL5}y!G%67*{uXI`=0IPuoT7h0ZCy~j1CeE)2v3MFl4GGM#sIX9S
z5~B_DJUo{Gx&b<)W0$srP=p|PfvS%?;1}AhHyG+(U-$P^-y>{lpDjR{GIUsQ-#%h<
z2H`P`j_%nn#mikxYZ~lin;;!j&ocxg#A2JJAR^+71`$YmzMd^KBrl*Lp`8I(nyz?J
zE)gjgI&&Ma^g!7$j;Lrj7cEh`8yBOo^svNcH)qID@R82DxzXRfs`d`Znw9V#QgZU_
z=nJ3o8y})Q%Nv+S*l^l&9hU!)8mXySSa2m~`hnO(JjMQ)f)3}KR*ahJL(qqpJNEL!
z2E83v9VF{yIp=440^eOH3U}fSS*x_MX+Os7Xkk$i8rhhKa{KlT_Vq2*zPt7QRmILe
zujv7u+$C_r07Mg>+7ZiX@GhF8Wsn`KD=Re)VHz8U6*5J`+RWgt0DMQZKs}oSAptsZ
zhNT~;n7D6c1U@ulX~c3%_rA(Wc_AU8%dFt-6b}U10YSYBKP(97QauqrY8){3KQXaU
z!DgGIIu-_QXmqG+5oLbEySs(qJ`$#WX?u5fs~Zs_tjQAv!a&FFZMj6_2}KfEUlk)f
zb7cQb@>0|Q)$sq+JiuCji^oaH$3+U4zJ0p|u^?Ol@0*Enf!jXn;o(6{fFY`)2%0RO
zB{@X@6coh|U{WEWM~)nsym%kSar=%P69*}&sDet(iozHvZ7D<UA<s!}cxk*sYlspF
zm>Ss1I|g~pn)q<tK;kA=zPuxVD7_}ek$igHJyE0HKuzhrJ=MDyn!tuc&L|xi{?l^d
zCA3eO_Usz8jxr@oT61?We!$!@Ynl(_?^mwSmHXPQO&SX5+bF+rv9}+<$AoVG=aK5-
z;^KHjFa<*6>EaT)aKcXdxT-3N%S0XK{Sj)ry1QA@M^P1K3y5dxWa*9cAL&1<C!Dlu
zDI+7Z8XMR<`20DY7<$fZ3DI4`!hI#pfipkMX7-N=%4Mg73sX>pV}65amYzfR{>dU^
z0Dc^-v(nfk0a~HRxPUIGqN3uG8A>)^sGYX3mQq~>3PN8knZ;%g<0Hrd|8ao`%asbD
z%%KjjJ_<!BBII&l<IdsbFA+bO=IAXA_siQHTY#XkY_5EC?1`bLI;qu_tOJR*{Dj*Z
z?j^nkw&mSNbh{)+zlGA|`zp`hjJrh1;u)`GK1VoH^ko_33EyD3J;tqR=#NsGp!i@P
zfcexLy@8$_`yYdSM^TINH<+4IOGAUtR;ySML%M3AljCQn-)X<yEiJu=<8bJvht>xj
z90Z$Dck*^<u0FUU+9lPj&Kc6M+8AhUbZG1lSJ7EHy77n$1?_I0TNkRUsvyf~HUV+~
z3z4RMSDG8%gc%bhMYLHFIL6eW`e8jWn$G9XuS7)9JNtaqp?P;tH~iJugNXxAj)mVP
zQyX6)#y53!X%c^|t$|x(ys}NS(4gqTH$qs0+X#;BA~G@Ph6~0Meu%r4u=5Ah)Obw1
z@4pA(YG6yo{rL@jpWp2sqy^kQprm0tHXxz4f=r532b|5<p`e{kI8*?8#ndz5R{?Yq
z7$rp4>g5+PPJzq#1~!D^DQYyMFkO(aZ0$Yu*2XBVs7UOi@ueMF8P9)zId*T`P}uLy
zzegDQ7usG#`1UBYU7Z&a7pL94`80+d_4N}Z4Y)FCD+yOcKGJ-1i!XEx@(OgEGC)VV
z8XB^2QaEA-|Cy#|Gkkd2cn9$RQk3)0fIIhNT)MHT>DaMjpeG=8sz#`O_x5f5w_#_C
zy96#p)Ya2tx6$eVX2I2j{v1aROL$<|-UD@WV4`KAC;eR)LX}n%TGIaI=FOWe$x`j#
z9)Na&SP|?fnji28(Ax>@BnTda(0DVoQ-8GVztDvtuO!{PS#;7nu-+yxa>${jhsVE#
zzWoabk@&?NpwT^#`?tTjFMaXTYl?~n&zQoaD;csj**|}T+!lIzqQ)%?RL?52GAh+l
z^`JQxV{29LKuRmqTgyUYYe1y5*l>NO8VF|g{8)R2!U^x&1M%+s`R{lF6T27-vSD9~
zT`l(@NMoO)ZbFIr#`nFL`x#?|bqEh&tneCAM_~JpAl-5c+?nz>hOZ39zZf6VevE7q
zq05#=%#mS|)ET{K&L&oX-ew?+hd$p%JmNRkJi^1unv#^XqkF;I(-YmxdvG#hGUdQA
zH70@4?>u$tl-(#a%n?_vgs0w1x03a5sgxCb7({?uDBZc`y_@%X{K6wuxocL`y7R;S
zlAK2GT1_2cI)^5OURN2?ebzAugr`E!m;b62xbyl-G{$24z(5YB7Q&NEUS8fbbgs!C
zT-<vR(Re1~tQk<!IO~Q&OsbpS?g2=BF6#X}EyIITrs}%%R7tdK7P;F+Ll6p|1DhAq
zZ0l!cV~c2K+f}S0wjLW5#dyl~xS84N+8VUz<R2rZ1{#7Nk!b$yYYwpOt=;8u>C&&=
z&kyuNm=0?SyFr{RSPY*>b>a3NidEF>hX91z5r%cQ$G~W`=VA~sL0jM_kIWfUoK9vc
z4an;elMwR~THzU_Ov7ObYLrk*;lpFg31qUKxTt(pc*Zco@WECQIGWt3r?S#^cmLdz
zrAD;oiHTpqcH)a;f6lQF^eBnVDB%P{nLN@jar?XAu-jvMYG-HXnq5gcM{ga7%&e`c
zv2!3sqM0^IS@76I37}B={qCDuIY`6bE6)Rx#ZUO665*5ULF+XIF>Q!s;lSf)(gL_x
z)`M|DD~DsFrK$OCu3rm{6Z9e|5}hi2kt&fr==A#CJw5mIFKmAVb=m<*@C%fNpn60O
zt^W9dp51m9_jSTrE!wz%=!6Xo4ZZgA?jEIfEOkTWf`=FMjPijxwgE%;8Flb8EEFp%
zAB~+z{`=_T>&$u>ILm=xY&uAcfF&#n@TKVFI@FPIw`YIGyueXPWf~tvgO6Z(Zz%Y&
z47TSgC@2g#d7<<IxqkfkD^PB@3nxrXDJLL+#Sn=rdUF^E%X`f;HOIT!GWo;saf$FN
zb=;FgO;N)MpH$3*9=UaZeH2y21FWrb?0oi&`9bUU?c2vix>)Xt&JB7Rx&*S{8Pc;K
zoA;a??(8hU?St?pyb}`;!7&8|?~(o;U0q#Gd!%|97*0v)gf1mVeoL86mA2P`wSFP;
z3$Y&nY>n&&k?q^3QB?ZQ%(BtbZzzCDfOHLI-vhg+jJoF$qHwCjF&Q9>v?(Pqz;0a2
z&4XI-G@uX16-ZsicWH(n#7ixqS981sP7$J&yD0XDE|>B$f#pR<!c^e(^-74fR@u$n
z4<CR91T#J^Zxg42p1PvEeEsLoF+_-p{Q2O&#ddp>TGWll<l$P4XKZczA?k?LyawSy
zjG1@}0?-~AxM_ps#Oz3AMa9<6ZEpJ{C5ZrxUtl_c;~;zV&@(Z81w$IMP3g^tPZik+
z-h`e6NWkq$T#m^{JW5KBv04Y*_-IQ@ZryihNzzv6x^1nkvy2NuWv0LMz?h>1FBo<5
zmSn3Dyx%9?aDnoif3aDb*$mU$cZN31B&}Va`<9qj&ds5!s(SV6)y!l33CdlsU;DwW
z#Hq5bkzD+{r+VQ9EL-$Eb4D}>s}ciH#Wpb}MM{M@B<T!*Ue`TtY|K(G%oGJ_Fve8|
z`}@D3(*?(=7w4R6XkiiaG{{Jg(po=7r452t<(*s%as|5!JG{rCZ=9a?eAmtG?xH|*
z0Z$#r?B><0Hf(AkjjvwSBE+)GVK;)UjSU_#q@{dsRvNuf?e}s&PpTIv)R?v63kwdr
zaf54wIr_5i_m4kcoyxG*)E%?PlM!GE7$85i$Tair-ItQx1ZxQ2_gs51pR7u4im~Dy
z(^3>lv@Mqsfr6V~l7NTsOMjz-!Y$jhwm)qjND#|uK?8^GzM~_*vAe;hVj8;N`}g<Q
zP5tl+eK_3K*7ovcRc7Xs(tCl;mU)H_r%s`qnb<m5Utiz;w55Z3>RZI)7ZJMX2E-p?
zPa4OTuvU790EsbrwTJ~jk?K?zHLr^W&aAIrsjI8=l29TRg~!Go_Ucpvqc*R|@A%`>
zv6->FJ8gPhR>sE01_q3xo?c!pCS|z^L+4xFa<-NE9l_i3_dkGxD@jBCMEH>aj<vnK
zxRp6{OLlhKgEmo*j*K+(StQv;^zsGwGAJY9yNh1G=QFp@qnOKIHk3Mo@9J!X^N)yn
zw$<KyZ=cw&=j>j3^Xl<t2lfDpn%T(sHm-HD*0C>CYs~{p`{jV1PrH*p))f^K``nbC
z#T!zZd2IRUzKd_Kd@uuKWqto+qBG@GW6f>Loxez_rM6b6J0|Po@~5%BlVbM{QKgIs
zPRn<e8V#FYH6D!9thFdMaa_MwxaKvT(X1!R!B`?OM<=jv&F__=mvQ9zo4>4e)%6b^
zU<{)wNMy~4K9?7Ad)HRsBfWh}+5AgabbA8{Xp>rw0Qmp#h+=k?ZA^CEf*(aibja`A
zSUFqQ-Juq-#U}rl-*cA!v-gT!y%tKJdEWgvm=M6&B+boyXKrJm?_~sLDz&8W0)zUc
z**m)TWNl*7xBX4#d0VvENd9fk!06OrwrE<Sc}+cL)8C5EU}wA(>6QH+wHCPsfTpKs
zW~4a&-hb_zm&tCnapW2Lg2YE3BLEB;ofnG9;^<Q{bJdo=GN}LlO?;JmSRE*NPBBrn
zpr#~RT~tP=?CjWXU9sH9b273SRC#kn)2BnJ|3R7q>{4orsQ}cA4TT4sDrHk2(jFI2
z(%HRxH-T$IcZXR!Cd>7bkpHl0Guo52z9V@LUh{R@l>_`ju(7wZla-f`KA-n%XXAgL
z`|Qyu=U@iJA%i@oUHkez0Cr;JX13$yz3S%P+1N-T)*>hDytRZ@#pv|uUA~*2)o6|h
zvu06lBBiIlnpAz9L6akaL2Z)-r53NC<_q&smWvYooX<R6X(D@Dism&3<>Q>yH|GF`
zo_+MvPdM?wlRfMl8?H5*T(tVM|8Vx9B)<Fuy^bmGpOEcgQ)G^3sD|{5t6ACiDHYYH
zLqBe*2>$(?rm)-2ERe@IR#<pA@V?V~u4CmbL=BCNsux=}J`F%bGH|z$m6g3`m=DAs
zI1Ku8^h}&Ag1ncvbNR-HtI-StA<Nn?FaLUAV4%OhVu?i<NG81|tB@`v5ju1?ahqpv
zWn{PtC11OC4)q5*q*@DFb~-vbXXp0>D)=QwUpT3?rNvrS+s3gS!q~)=6x(KK|4{Eo
zyc!w;TcNM6+y=aL$o15zo%7U^bSF_*yHj^q2gf(hO1_0{5D?SGK~%geKYsAKL>#nl
zOVZh)8GaRlm8m+sr0jA5)mR4TNhSpMV2yTKjd8BW$u50t!8I;uF)=qc*FTi+a=lsE
zu|b{pvR)9qN-JQ}FWDLIskWX4(E1ei@ibd@K<!mSM&Zude;p9+HjN(o8}QBOBD=Gp
zl}*mRZc!mv_iwdOn)!v5DwHJc8>FiMKhsiEg<d9Ml@NBc&BB-bTIY<7ewa=!X8K+N
zPXL=qc;_M`!o*SF%QpCd0jIOS@J6QZ6Qtgmu27_+>O$pD9*9rkSXEvQIcGn_O3+<u
z<Z2ooC8ocD4uDS}KUi<-m2D`Dr7|)wg8+aNWyd2%*cU<>4KZR5Kcsu>*pp1yRwK|?
zR#q~b-|xy$+ExXt7JxAgSjw6L*8n;$*;2Hsn2iAu5q3onv#XzQpjF=i3$Pac@Ec<a
z04u~eaM8X4u4;_IZ}$2y#L(366EiWylqv=<N&yp$w6?yD+<6Ob!K&z`LnVCM&=L_K
zY>K7tX{2wgK@2~O%WdoCCdo9(qPhi0h^XhebDZ+tXWZS(Oxf)1u3H%;U7T3L2o+qz
zU<N-3OC-{)y3;{Js5gkMkx=I~3SSU59>Z09jDA9r`J1hHvpTjZ>F4yqWsAkK#I%g$
zSma%jtMGM((H$F27~3#WDqH-;kx|pRclP&hReMlZH$O<4#vkLeZ%6yzn}RSIAa?rT
zp+kOv#G$IT14>b#1|)JKL&~-lLlp@j0@qlb_eDiT;W}`0bHfg}3IZcOi<z}!j_Rwi
zmX9H4gY(RnrKKL~3}Qg9+C|~qTbjN#)L9YsyzwU?Y=>CS;q>Xb>FL{s!q&>Te5;Ky
zNZ*jj9m+MB{*9WhNeok_+qPu@6~;(S>P0NBMEwH51}Ge0Cwl+`07NiUWsqkGuOp}(
z^-ww2VBcT_<Tgn9oa7N^n=Itfs5?33tMfOw;braXf3$QCt8_xhrpQT2BPPkZQf1C^
z6qc8kVi@RhF#QiGL-_W?M(=LMC9}l)Aya5{d-kLD!;CDh>yry1s)d1!S*`Rq^1Z=6
zST-B?__5MM8PO=CTY^G`<(PJmNQ_<zr!RK7ZuJC*P_ih#cb2{&8&%1>t~3xLE0_m}
z%4Xc7%*U01I{|SOZ=_G)MhH_dJr<sa6Uah+w)uhn<Y)R4oh)v#q-xT-yQOpgi)1|S
zgW`sw&!ZOr(5;yav-eNL6rH?0jB1GO<S^%>+p+~(sOy+Y)4r|27-txOSVUNkz}htA
zmhj1NhDNkCp=Q&+(bZ#D2w{`~!v`24f_roqOX+MWzljY!U{HvqB3n3R)CK7_B?GmE
zXcFji#6=j-x3mzGOr7oRvm>>;&z$r06y3EekjFG=`Y~n_*ggZS1{hIYRu-s5%o#yB
z>h1jv-xYlpEo*bD9DEU*(ZvHdfHsfdbUGnNylt>cv=;g=utL?<=k@h_5hJqbTWe}-
zlTuPL;24SXOc{iJGGz1COww3%&8818NQuG=#23Kpi4!N5;|dJ(@dPpQ3>szg34n#I
zK@C6+8M81!y;qeR>p+u|DhVrT^J<P)OviQmiBZNACnMvi5=ssnjtB1k9^nV=3|bY^
zFIJ2WKHzf}N%XOZj*_d_S^2*8{zNPclHIwJVt2XkvQrnUU^ZIEMKG*^pllkMY!kb>
zx^Tgc-jrjW$}WMjal%FZf@%!4EtM{f$IO=Wzi~6ZtspZ;PYB_s8dfaZ2Qa{~g1D2Y
zV-G32^gAfn0ZQQXK~9gM9ZNTN_g+?3Bv)uEPuLO1a+QqRXkLqB3;_X<dE{Xq3`Y-F
zyDDL1oEYAP92eiDeg2E*0bn!)=nL^Jn`hm84eagF>h7{EB>~!JGnI-V)fiI)1CTRY
zXG7R)k~?Rhe{=*$1~xWrs79;Em<W(KF*bDEo`if)6GKUlu`t5QikB<o5(NcC*_UqM
zG?`q%V5nHdN{!D<uS2wnibVMfM$a-JLPp8moQ3Q}ISx>PWCam}7+hLqB!B33{`^Up
z-s9ml3vYJ}?gYFOcoRlAX4n;f?b=oszNMoI%S;@Y(mZQ-y@$1*v<!h>wOn-!DB+WS
zs=b*V{UOwzE0fU@yfhp2*@;C>B!s@JsR3cf`b{W#SvJKRtee@Gzqmm+U1kA|2853x
z2W&#aN!>9U7s69kTOJ#`g+nTR*4+BN^T=Lt8uqQhUH?fs;>}cJx!;H;XdlT?jO{uu
zo`RTYm}@Ze_AS5lOQ%XiN3_(cn%r=6S)MndoZWp6R25KWFl;PLOiXk4jwpF}fj3Ii
zC9kA!Qr7Nni{;#z>`M6EO6;ON074E{l$hO7wz;xC_T~)_hq{(0n)2{zoFanCg4rYh
zKm~q&5*eW+9cy6CycU-i;Y2_fl;9|12yDmBowj;E_v^t`Yw_#XuIJB{0)9OV4Q+wU
zc)|+DA6(6*D_|qYogt*%%F0Ty38VLMluv{svixw1k!_Qa=CASIxOr0n7VjvG*dpUr
z2iuyJi6+;igvTyKl7qpid7~7DvhSm|sKJG#uvX9O*f;pK-}7x3`%p|YGNbWF^V&m6
z{iI(cqky-wm&w7Fm~VVxA=X={?ICA3H%at`s4aK-!X)_{CksXNQ+A1og_>OqC9|>N
zy>IB<79r{IZe!4YmBkCuy|v*-V6tb*5Nt78x+nN6=m%}lJJ^FF`GH^BM}RDX>h!}2
z%g1bu$F$JJfHro#Us@Uw6@{S>X6bL>CL`4+KYbd@Hxk+Y#U_|pKavePd<10#gG&4h
zqaF7Qg*iFXK}``e#;6fO-=g0Iok!w(WUjQl+(3wFayc8Y4Kj)vc?McMAeXp6{PhIJ
z{>Rr56*_FRR!}M+*CRWjqN9)k0Y4I&hn~Dt=Z0bK6@!BZBe820B5tJ5P?|)}Rm+Ky
z^9)YysD*kK<0XDFG7Io3W=j-Gm$}ZIW^{GH&H;QrW(I(sZr<K7cgi!!Q_mbX32mzC
z8Fc&D;hFmLC)LpJMZRXybRN6URouUw{wwv}oys!>XzO0Sn`d6~xyYAUXHIvyUYGYp
z$IKEo6{6HXS?kdPT_Liq_Bf)is+w9$v|+XhaDS|nLTX+DFKYSlf<9LXE%xzVAm+Mm
z+(4DaERCYZ8Dqh?<-|F{gG)>ELF7eR$m#^jmbEQd5z0l7u@Nyb>H;o#hWTjlBd5xG
zsU5IdyrCWTACbd>hT)&f56y6B&Cv6`n6x<8B=F{N#vO`T^9J%zRcyj}h=hTeF<Gc7
zfMeAtlR~naHP)_E5D-W~E&X3F75u_Z1*-m&{0Sg=Mj!fAV1i(^kca&j4t-0yETkZQ
zZeyMloO6$blRA*SG3S*HrScP9lOCX8hfGa@l)WbW?GQi9%cW!dfd8Pr8L9I+G*(?x
zGXzyXA|h}TsNGS+;IdiPxLK>KH-kz=MB6_bQi*9Ie_#-NIRj4a1oekZ95#)tb_+nF
z5d1Q8A3ajAcvE$jlhlfw%hTQcG#WZXL#7y&oFPSa2Z;Ec_Hcl%0lx<-JR<gjx=Kf5
zBR|HW<m84&Mz}^%Tg94~(>rN5eu!q300gAG&8cit*=I@Qw}}dmlVvw6c5U70tg**x
zyUjB2Gc$AZrUW1|NSgtu-F~khuPbqi&RV=kmezUhZ{B&q=yZmTdwU=FzOC}Zpfma5
zv)<aO$rZ`X!&8qCy|m<kIt$-YX=rK7?HP<!nH8}(p~+ALas?+m^ZV^~<$z@(c5IJt
z2!%riAnRwIouO{~goG%URv9-NHiY5oZU5#`JJQi13|D>3brLZ=Mgr`isHnOh2A#aU
ztDuj0*yFed0tr7<Ek?r3d(eMplJZ~$&y)?K5^yaXQ7?D*z+vPJ#;K35DkySl>gwPh
zYUL@^Hj429wQ(TkzyPa(iKTa%nwhzPzmS$@td=|fF-9d;)S@q(LmJ3vbX**Z?>MCy
z8m$;ZwVrB3%}F-buPqU?)SEz`PAnrm9?rWBu@VgHy1I1L%aQHS0!@aBYH77$=)B{7
zg)US%X&;w`OhenJDwgua1sd6Y1~A(FZTJa-!+4g7g+&G{F_5nbI~)SU1s9FU5kigg
z9D#ZZ9i7%v42y{gp_Q5L`(ChZZk1RXg6Sn<ITyTqApZuYu1<Y*1+Bd|fH!hp*YDrH
zY1Z*DGcSYm|298BJy=^?JL!2&>YmUf#&8{QoH3`OgP|FX&2P~up#Wqx+KGdOf)%F`
zU;r(r4DlOhA=C-8eD&&;aFR}<7zW32z}#WirhB6W6JCC0qg`8%9tf;=6crYx+PoPx
zHG{qANRa9fXcTGZm!dJSe$b+U&GIe44Qh8Vz!|~kFJ%#JxBUg8qOxun4SOGq51{wL
zS7OMAgk)fus9qqWk=ivI9hb@k*$}EDB!4g>t~Tb5Q<QCI&zzC$fCOb?FMn7o=0;J0
z9TL2z@FdzQTiF)<=+wj-%m^U3i^~hNrsQqS*V`%0AEVXM%=_gN*}uUczU@(_z|uM#
zA|AJA1Am1Legmiik)#gHVFv|~Kw(DsT3~rv%}Z)%6?83j1p2>u{`?b)6J*#bu;DV|
zI@>XX_yb1EGaj|F7yVJswJ%_p9)oqn*qe3~w_9@ref*#K0ML5)K$>lcG!L+8#Roj#
z@WqQ4v25osw01B*1x%aOiF}Bbu&}Vuja53HOVR%V2yXTL8(Ina2yi~zC}J?K8ym?H
zBn7&Bqz=**gi9y{P%P;mMZZW?(Wq5!Bqr{GQznE9v^s9AS7(<|-2j{uaI|4%W617U
zW?+~HU=Xs3$_6ofQdis`?&gcQz?vk{=4=X5QVbV+-C@eIXi_lH_zO+AB{q#VDkt4N
zD0<iz9VOP65)C=XSA>`iIY<v0>TDH-C65jF^(MV`2Nkx36GkHdG*N#CYocey8-&i>
zL}-?cA#95vd0K$P-{=A~U@%<*5F|Pd=U3%BmYi<CYOljfM*lBk*G@nEdsQLEJ<uEV
z(Dr%hw64VKNAQ`^%As~zhSMRIyrTcxFDr|lomiY$LqC&*TZ?WIU9Ang%2*{VvAgdE
z=nEGmv}I^c#tU+C1ZXZNfcm-|iq{#I0F)T*yQ4p>JX)`8Bc}KNsmTF;V7z|{gH*7-
zu_-xukJz9EGaJ#Ww+!O&oXN(7Xnf!x_{mb03xk+25d!UjQz2Q{4y;ZAQX%kYz=o7C
ztuFKxMic<XiMAfOW@{+9P(uVH1Rk|q!@?oj+ni`HiT4rR(jNY9EX_tjTnD|0@vZ{D
z+;+F?<5s|8$%87ff%zp$2kZ~K{6Mv@eUG)nn9n<IdHDxuP;7{Wk!9Bpey|L&Oy%V}
znHwg&cWUd_&zKbx2rDI3<Lyoz5k5~QEq=x({(rDtkPj?3o|*9`>45z*HcmGEGC4iH
z-MEIWc$l7fqyF2=r3n|!-M)kUAUvYY%!ttQ4c?2`gRv8vX;@hJPgGY|hu@+ye~mD)
zrxgxhckZY@X=>V}Q(jRag(u%ondTB;VfV{1Btefd9c@?3d$VjA(u1>5BLrQA;f_!U
zHIOhp(*}lKvW^*#{V(Q^PH9pPyX(&!(sc~k&c%=}C!mgJ1+{1xC(T5G<ej>OD2;mz
zcDi!nBO@c3GU%>!B*kO$T)wmK9;NNKv8EkqBU{H`pN@%FTv`a!WL)2HF){}A#_Dd>
zY@?s0WgVxUEbMipzk$H|*)sitbD`XpfyyZnmr=ANyNeC-;8JRB>a{~@s__o#iawc(
z4bQgm(bn*dzd|SXPsC}29C$mfbTBS1PV-mOSJ$gK!EM}(OR~Wy1%dDZW}qSCyZw!~
zz@0iiS0GnQd^A&Kllv3;zS<7+y4n5<Kb=^Q{rd3s-MbuC>2vy05To83VU4Yc9(e<+
z;18a`EJMMXKN<OMe?`}<eICmyny(!COdfB^*{p8eh~i>kz$nHtSHO`~e#iTyXy-gb
z;p95QxlGAE{C;rzT$gtwe>42CP+(jj;#kb(w0>6z%jSes{OzREw5MVzSn8E&es5`_
zj}MV@`;Duzx|%TSY<IocZBc6bc6A}9PyI%Vb;RQUF5di*@@~ux4SS2BMBe}KWYO96
z-{lvl<fjxDk89h@#dJoDo{FK{*{v;IZ>q-R{?Vt#E9q7gRil#rrK4Mn!iEzqb#gr*
z^MDiqLS$^6fX!gn)2CQ}t>8IJPr}T__2J#Sog^2Y>zUk|r8-&AZ>7H5C9OW9wWc(3
zxAxyy@j|p*>-mm^YbLe(Bz-nadtmsL0MbyB;^lro13WvMnwXe){kkx%G2yT?^z3>W
zF^Tf$&;R1)sRRzfX`0iEwB6yi=^BOd8EOUKfIxZ19{L<B7yuo~-wwVM(FzhcPfV4W
zKKolfs{T6cbm`di@BKEeR{F2<JY20j9&2xBOwvih_JylgVa+L0<zI}Y*}=h^ikG!I
zugU!^2}|eSs_OJQz_(_XG~aFGpQe*{+C$=pTLpe}B;kXs&kKu**_)ZNpX0VM;XO9p
z+0g-fjKQ?bx>Q#XaxTKa8&i&`2o~PIH@BwX|64kQ95Cc*2s(27c$#WfyiP7;hq@+X
z6MNn>oI0am>el?N4+K6=A)x|+9}M6ySYUKf{`c~JOJA`PcCog0hj$#|_Q|nVSWd1k
z`Ju*A1eq3p0(wShn2VKm{`cfA@-#3Ls&hiSfv}9?9>a*o-7l~;Fi4!0y7l+>X~*h`
zP{|R%KDR^NPrXBj4((vvT%U}&z&E56)i`=JA|YGI?BtlJLUnQtgp)kDp<AGDI^{(k
zF|k3s*<54bY<<qQ6RuA7m3P`HQ~1KDDU}O#zI@EnDWSNU8*ps2TUL;~O>gJ$VWkb0
zo=gwEJTcpPS9k1?DT%ddD2s)yqd>*~)Bsg4{8cFO>O(^{(C8uGUiAUfi`opu2C}7p
zWmQ$!<@VnRUx5E0=^~W@WQV$d9KHp$wS?AnX=5{n@Ov1<vJ2x;X5F}9p{KXO`fHKJ
z++~mZ&XvPpI1stMdbznRe))3F+dJ$kRVa-%3o9#_HiD`vfEf!S<Q~jXzu%kAFAz5d
z=f4`i@8Tn{D8nue`ZjGNHrn$<U$ku-osT+sx7qRIS^A0lLwH7FBO)%(Kxp3CNuAtu
zhV5j-v8}-ZcQ*ARDTEyGjOs5G*2*F2iCn?vW#+xSaG1H*=chlKn8hkCIcoDx;A>+M
zO2>u`%@CMV#wK0-?+imAdoaHEl!HSt{G-vp0+!J-{`B#qB6?Ifg(0s1!o#e!jI6Bb
z3*JPX86XPqF7QCULRA#0PBH;?<0Tv$1USTEl%BxO;$mY%p_UUD7H$-?csDbHtraWS
ztJfGhF$;#Lk!|%~BLEi{ahmwf8DvC=y|CHmJ|L-kHp-E?xif^B43yAt7{|NWgXaJv
zJDZ_WYrs;iro>s87=^kJ!s4W>SA!UggaM})wZ?I;VKqU6guZED1#+?lnl1EbZY(^Q
zd9T47ESjy5$C8TBXF?|Gt5C|4e12hg8I`spHe?G;QXZX1+|>|xwkL89jJ6hXAbM_H
z!7rab`xsFaZy6jly!X}={n2N1mn1I<kE(6{iyO~`9n`!-BcnWy3KY2I;X{Ww!AKC6
zlF;Je<I*MzkPzZeDO++HtHXarpNQ*`Cq~9yYk_0*>!rCX>^*wWt<@@AT}OWnmBZ`j
z&r8t1?%b*MyEPV%0}4Y$Yz#(UfvOGF6Y3erfq>6h0QAD*kcz6R;)ffw?i-$0tX9oZ
z9>ZTfF^sGLEU2mBHXr~n^0t|%-?KEBSkbL3{TSaglBB)8bZZ6_P{7Of`~Q#(3E#p=
zzT<l$AeF-h53&R2fG|w_+S75ehhghz*q`6nzZ<<Znq<6b>l%F7SoYn5pt43s9|7N}
zfocd${clw66LWLK5(p$>I4ik=jdUaalyH*ppT^V|hFA#uaJRZQzNCO-YzxT@4!{$W
zd*D}En0VC*5hZr4zU{s#V%eB)@vN-8d>9T#0MxH1BoLhr-)$B-%&EKDby!uTeOweR
zb0OR|35EhT<*4QAo~Zb1Y=91g+BUyn2gBbmi6rG0vCormHo`H5c;FwThF?;WK5ZS~
z7GOcaZ<P#<P`v`irq{eWhEf;La_{LrEG0RG!D%9b5^{LhsiHM|{pu9}AYH+01e^`-
zsd*5xAVJJBgQoB8WyoMYqkIS-0%!39o(Ke10Rg{J1EaCX@q_vl+F4BdQ(fa_XJH}#
zi56LouwI2YW{7b1Mho85jeu|4gR9H_2k08a5a}y41!vBlMGlC~0yIpNeQ{_deqjR*
zT)UuH#!w>u&UBnCTm~_V8oiv}C#5(7#FU0HO3}*)0aLuje%IL8XMnEP`wmGYB_$#7
zVkDhd_yNspV&_a)ff>T&M|Q4}ptHogp@#zei6`1YKn;X&$w>-=-DQyy55@tmu0|No
zNS#O43}-B}?Z#RAwBO!lBU6Z&s3=rA($Hh_sfF<hMsR-A)Y7tj1D7-<#~$AQ&9TK_
zmzV`_xqTgiwX2;oC|otKmh?KRAJ2j~SNjuo73UfkXguAJ@#FgS>+^GS`*94>=bWxI
zgZdk{0Hrk+J6^(v$7{uOH5RE<1LrO)+a)5RriHzfFj|WEc~aPQqkv^86w)QlpI=YD
zxQiz#xO1o4IZe%0{FOc2SAjyc%nBzt!3iD2S70N45{?8)2@C#&J<y-uzCC?Qn(asp
z&9;-ibGd|+x5$nFMo*$|1;n(KgJZQ<Yn#eZXmNcTZo(XOv(zlgiO5S5=~%jvoy`x4
zm-_QpulDcT$7-p376g-&OX&H;o*<Q2Qi}6<mBeP6sciIq0Bfr5-)}C0xRi|;lE5b;
z7V3bzJ<uv$_|_^8CJVA?UeFst6&&S6%Maxkp1NBtVB^(EGh*((D>We_gU%0<ue6&t
zf5JnDmy+%JZ@vH3`T9L7*_RMvF`8d%p$MT;tY$DN&jLoLoGOP$M}Pj-O?(Ou{1S`W
zAaS_;JSoBvkKiZUp5gO04XYfnvJd<!fF7hvP~bnERZwec$mQ?eq|+?Z1il7E2URHC
zwj0~pC>Gdg1+BkAmImia)f$*lp>-%XE@0k~ggkPeG9AcgOs5qkN`wh%&5&26$3Fz2
zX`O!m{x#-0&?kY}QhNd=VZFt}3-0)K5Eh*o$Y&<CO2RzLkS!Z+)Wt+TENYtu=n2Hl
z2eiA757A-zh%+Bh_48^7oMMwhQ}7XzRGK?c3YU3doFRoLi)$=E3u<5i26vV_Lojpm
z6_!p<5&}0-bl*}iH$1lpKKjD*UBNP`MS~FCgzuvN_M{Ci2b`Roq*aaAdH)8NkQdWD
za&UxcUqnB{DRaj0hoWJqT1l?KX<Q_XjwK}#OJ;zY7mv|u-gpU3U1CPYHU<X1mrJQ}
z>TQta!c@u^tR)6ZAjF)lE-lp)V$u__TtiZS*3}iVgu_s2CML{Ha&a%tp>Imd#4L`f
zRAFr<nGNnQ=t~51q!j!NOroseEa7_*+uLXFmz5D<0H7845^tP9*n_tEE0z=xR1d%r
z2CiI#xtSTl^%$3eKVP%M)F@~};|5O}8k#*HqHFP-0%eW4q{C$J$*|&qvRd*ZBBb>u
zF4neqr6-Az3sE#}19Z&+_x_fC5qx`(_h4usTUXB~W0XqUi?@l6mX=th0han#@=)|$
zWI7~;u!TFBdP2l@3=A|8igiCch0J$|=4h}>51)J?IcRM>P~RBlFmg<@M)b|4MhpoW
zGds!E*gHE%KLD}{AcXL|!bOG03L6iPcpTdp0wTUgJ^WF?fHl0uJI4P*Yz6_e6N$Lj
z(NPEa1HhMFdzhl3c4?*KC^?gUJU3s*e&6yS{V_-;EiJ*7?>qx*SoRNrj6bVn>1;dx
z_8l0rt{~%vr=ULq2)0m5fmJxEoPd_5)<Oc>sq9`yaPM0g89|2-S*a{lL&Cz+GOlE`
z+KYyoLi6PZQ&UrQP0eESYFcgz8nz9UlON6r9mhIrcxj2m+)7OJTo~S4WK8|~YqS;<
z6`3OL#iv~YGL@M633XFZX&^Q-K;fr7e>ha2hD^(9gSZt+x96aAzTnr=5`8X$2<|MU
z3?V(hKnW}JHP}+K`0_#$NT9TM^eBgJz#STEZ4g!-CZr@m_}|Z$pgrD*Xh_342aFa-
zMfCX|2;r8O90NC^b6yAPCN+r`3sa(m<nhzjjkROD1pa&LyIu@+ing!72pG-R<>pHO
z7NLp2I4uzLjt(6zmm-OMybI@XQpf5Q%%C3S;NYMt177TiLU6yFx|ec^#S2<OcEML@
zD2)6e%$6A-rp=##DU`PU{$rv?dL8#*ymNJalO{t>`doJ%*2W8nqInE41DODj-lE>0
z9cP7nu=Fk-0e<0#02|jmazs<B>=s#Z1DpOchTN?dSoSk_^j!Esz$YwqY6tN%A(dYh
z6cmh_WZ(+fNIV>Dx0a>0I4PX3o751<jv}r}*%3?i$Qpy3LsbJ0GTe1;5JqxAj^<3Z
za*M5bmZ7ACp%tv?TYZo6Cx5`{VvlZy^nU>&HI6Wy*()vS;Roe6!Y2muumOs9L2D@k
zGziKIVx<=fYGWZL?O({cvmZXhOpmp-okGCF)dqneE-K2TWpfi|fQZ{bs$AgPiR^vB
zgz{157u-lTRpF%J*RRoW*iz0)`KRH@DL)56e9pte4KTSg&Jm@$h6c#ddDN>lP@VgM
zu|a@>WDwG1&=6Vs6%~2Z#=oF6xPh8gH#7!<1pGXA_M=CS!V{u~aC<L%RuLQ=3=MdM
z5=P<x45OuN7Hq)%1@esNrUR82nAdt1X6A;^sN}GJ6}u}w=B8Mp^CCv=5M6<q1IwB?
z<LfI&O24)J3ddfmCZpn1LsqVs$@zJzV63Q>s1gYq#tc>})f)8Mal0;Hxjk@sQKy5c
z)I(PymOqU>Ms<dw5*1d+C*YjTHN+^KxVVgc2ffb)EF_YNAyc5Nxv&|4u+gg{JUqfl
zR9Do`mXgw?4@umB4^Qw(vL7W~KR?EOkEcIH`GV1wl5a2BrA^Vf-~T7ld@-aweD2&i
zplUb4CPki)Tij_-Fc3wy3j-8}1q0|5S>Ab1nT+CD!Yt?no2W3uj~DaGV<=2wcofXG
z2cn!rLjj7HQR(60UL+xI3_aQWpkn-JQ-dM`H5z>~hM|>YW!bJ0?pSRhYCo`%4pV8A
z;_>fsm`aG5XDpAAEimU#h{!?GFC?Z8O)P!L7QQDkywfE*EL6v;FP(BXJ!XI;ulEf?
zBFgB7XV1hG6u7@(hR3Y%rwVllnAhHq3kzr)=0S;gz~2@19+M9E6iKc`oQwvKkV%kt
zET7IAMbsvYKcV^QnVDm1O*+P4luA_IDtEQ3+zDC>6^WOJ2Nh%@aO&CsLYvSum^wN;
zuK@{Mp6%VFHgc{b6F2w+JmKK-jmmQtlB8xXYp47(JLxue)dUBt&4ixWOLEKlfOczj
z4u8mjrSZpEz|Sh}PWqQsB|>k>^JUwiA6sG$ghKrJg2(AhXk7iC#jf4Yc?X_@7ZMX|
z8ARF)K=JLk|H2|~eH61?jS&Q}TwLpz@0w&a0)C^SveArpv3cuJg1N_J+iw4ZsF0}x
z&O%Tg+NF19xer$rM39N;OrSX=9~hX7l;fp)M(`ncYVe9LF~~#z^%4yTBR9?(;y@>U
zVZ_RJ566}mVzDBS=N(SU-xC`mpy_eCdE>^_Yu8%%-aCH%_Kig=7yy5kfZaH&Mf>yT
z;pmVL{s>V3TSTZ)04ULifGej7uQw}_!KQ&7JIJI|rbxMekXg(a_iF|T<U82N#UHVC
zq!dc(KtXvpO`6y|$s}(YtuulqnO{HvNG8_WUEVgr#!)f#@#CeHCHwaAt%1zcaWO~P
zHQP*6oh_b}AOu7kX|QE?crPuEQ*o<m7X^vHXQOgUF=2^QH+E=mjjGn=7u*5tVCdqX
zOf`b1e)HxMY%&p}T9+{?0cl8c9Om(ucjV^gmdV90L&UhYvXWIsNRlrFW>`4tYHMR_
zWB5bR)bI=k&NB1+`8IaZVW<y7RUu%U4XHw<Sr)M6m)m>4$lj@`DTu7QJmt9_z}-_V
z?<>{e1P12>X=!ON1psP$TR_d`^k(K<3g@8NA{9dB3-l$k0lG<)ld+Q#=OfjFXt)MZ
zCcwE7l_$!Ah%oeijrP<2B2x{$uUWXcZ>FV1K7ef>bm3tPVdOM{457lG12QH#G@UBV
zA|kIR4()q)>sZ)P3pIoFeFobW=7*m)UH<<(n5u1u2s;*QmAg@^B+>!vHd{{}h}@S&
z*q(!0i`A^axgZSMRkTjZ0(YxXW}Ut?aMM@3-~FhRdsLO|{Rf8OKe$gD53s*k?bR4Q
zKI44&PJ2Y(=H}+pGe%LHo0?A>+h|#r-MQ2F>4fz|Q$>NVsf^ylXE#1E>vm|pcrQ(Y
zq^X68<34HoRm;iQ0>7$j;a@pJaWn7&iGM%4R@Mxe$?Yn>f>#spD+DMq`G44Z&$yod
z{%_dNC?)N!K_xAkQmJSsNn4aOL?YTt$!aeew4|Y3s7O0$59&*)NVF%~q}2KR;D0`@
z$9dzraoxIZobDWt<2b1A_w#v=*Xy}nLqkNHh*bqBG9jTH*d@9mo`5T;;Xt*H{CE`X
z8XL(RKbI7q6=Rrn%kTuVxQz?L-aPp%L4TuU?Z!<N;b-M#GD1xs)cn{%%Uh`}qVvBy
z=!hLeS@%cY19LG-DFkodN((>BiCUjM>>L_-p_t(E3;&}eK+ckW)E3SH!8x2~%WxY7
zZ4bh7u#t#UpI<L<=l-I{^!4M*BA=*Zdv?WarbyBJZWMhk<p+QA&W%ragtlrHr0krd
z4Bi>&q8IG4d*j=y+jeihv4MhO!qq_9)xGGm{pk9)=V$1ZAH|CFRksRv_ZB&yONuL^
zI2bY3=6HpaT92u`Gf}-9SWv{DR4XBm?VJULS5Ote^A6RF`I8d@jEZV)x$E?#p@#h~
zfmwwE>~gAxy;UNP+c|l1F5w?wdgm*czP(S+FD*Sb&S$R@iaW8sw_QjUI{H6<j_>lc
z*{Ym3-AY9brknVq=cy^X`QQJm`reO%^Y8EH;SsLA{Xc)_Zj7aJ0CXrx0{+U1{BQ{d
zCV6X*BSVwKVAFP7?<mb4M-Kdt<IN3!{)vL#EBd+5=3FG3n%A|KCpos`M|$atr>Nl9
z9A|v4Y?T(tN%eZXVrKN>#czGuEn`F+Cn+l6&+qmc#NcE@eS?&V%-ZI!W1nK@HN1_@
zcWL+$zm@OrZ;kr3U&G2;_~@I?_75Dt`zoePMQvsI@Y5HDz26Pc{`qOz`~`Zg%BfCd
z*SOc_QcW{oxpL4GpJSug-_P-1dZ+rnUU$8fSKXH1FO}`c-}~hb{^4Dts1t^@`V?zX
zGn;9R$oQkel#Neb;~tR+G80nLR9%pYYT?tL*tB-KZ0yIj=@YFBWbYym(HE0v9{21W
zIwWdn)Vyqe8y_`Kzn;%!rmNYukTl9}udOB;n57)2ouQnrl#<7If0}JOnSD5^E|i+|
z?(6r8$8UGuRc!jayOLz+)+JqBC}Ur<GL<HsbY!LEzWWb<9S#S4@<O>tlwrQrMhE@Q
zzP<9{%$u_(`k0he4W}cNc9)$E$I9`FJ#^I5%fM20J(Q90gXSf3yWv$M-_Pn*#Xp47
zg?R>I>Q#@6d&?q&5(36yU0S^nJ*5-lnwKcI*+2SOSpQvJHO6MpFs@2+)|-~3vU>X0
z%1fs;&gGSO%Y<p~w3?<v@_58&?a$m38m8p*_7Rfm9iQ9gS<R$pV<FKC2vC@@rG++>
zWZPl)yh1ZzTyRf}*6Gt`+|&1RxsG0b_*3|uy3uHXdQ@1|(`&A;+rF8roGQC_de@VV
zT|DM^Co#J9W+}IV;<fFDto961?9Ac&tY^00DLc<;Rcnw&H7S&WGc_~OP{{Rt6ZfU`
z%9Xr1bKAmZQ5Q#}s?S|Rm2bGH?G$ID{yciWe9K!`4Ez$G(iu_nM>ShW2?}c{lHX;W
z>AvC19hh`ke}{o(%0vy9i_!bf5v$5U`Vtk^U2&h}FJ8@(eM5Z5$`S!_><xu23x3jm
z((T>OtB>xxH-4bzpdns_+rPE{+O|+oAaCO0!J_gXO~sG(_xb%<;hXtgh|NG@Q&`Y^
zKu$)e|J&%I`TZQOa7t<l;)jaI;v4g%?$J|92{V*P&i|PA%{<K8UY3hkz_<Trr)}}C
zerVlQR`ss2vcmkrm%9J{{2O`(IpS}rW{>8?uE(#JpH_&LfEO13+i{V<zc#4w*Yim?
zEy2bc#D=-FTK0F>opUBW(}kB;h<EtskFo#%>t4rS4{U1ryIF|8f7a&D$Hw=^6Oj1x
z1n_0(=uWcz`Mtzn56q+b^YQ-gkH<ms=g<F_hr`7dr20x}=bs17^NXcPSbocf3?3Te
z>q48-^&yO-B2$51ubuJlZy*gB*HCbRLY>>Mo;F)U*^wqk2Wo=GEl-<&1p*rAEEw6?
zWUcD90s*KrZ{M~1?+^C!77|H;AQ$L7#w5i)c!1R1-$d^E*qA9Z%7Y$aEDK^M(a17v
zK{VucvQ6#1yr98==Z-jeB3{3kdpZd~-Xh$t80ZOJHychn8AlG2zrP^0G3V82f9%qf
zOBrDSfaU=`PjqWY<~=_8BM9OF<^lhNCxj;e)%KC*ngkhxQNIDlf~Wd3Dr;lJG?~Sm
z%6D^cu#hHhAN(0VqkH$=740>2^!OZIc8itF=6WnjZ0DT0$YZpgqrn0T#Eo?ALx<LH
zke?KBt()ch_aNPy^2Kd~RMD+N@lq1pXe%{%K3i~CoHl=ON@$IRz?fI1fT-|I<Ir^j
z^&^g+bdwqdSN(PcifNtB&yY{y;nHibj2B*S3S`zZ$u|7JEKYuM?#^7D?~`|Y#e2zV
zSLk-xsR*aCq;vVXlW5Hm6~rjbI1t?WXDg_xO23cosOd9L*M}1WSjYho5il}?t^$i(
z^c#+Et9ochp}zsr4uldqo~M#f4^6kA>(o=v?P{p28+Va|jtY}tP|I4MFHj|$JP@Z1
z(GnmFkBRT!5k+x>9RzHMA7H&3wty%RCVx{51{7c{uY*FJ{Bw+R7rhiFl|q1Xc6WDw
z`ou||DobY~tD$~)Sm4&CSqT2g7L%*DQpF^Ezs}&Ak(rqm!LtUPBR=MRjxa0LoNY|0
zyPk!s=<X>dZF?r*WeI@sgYF(X$q2HX`kjFpDDE8y<Q_FOW)JJKt{hz=E^XqqU9h&H
zASk4S1ft`D2@|pMHMUYf9T1`c2P`o&8y&+SB{i1#y9s7d^9l&A8HGhekQ9n}AFt7q
zqIbO<=TN{G)eOzwKcyxx6j+Z_uNnIN3ZP<>z$$OmP=eP9EJQvmw}6-gf)r3e0bTNd
zk;e47-EJpwO25?P<S&3O){y6mFep3~J3J(nEI6Z!Uc6{57mCS|Pf1N6G?0*L!?_Rn
zo~9dm#uBV>0)Hy0%8=*f-T4&!0yLCBXLboa3)Gy^H<SQGIXl#7y@@n92J#w{b=Y_8
z2#J&t1Jt5ILfh<Eqm#`mcvq9Q9~rh%zH8o{*LOnf6hu-ve;fhZKyxj|pK@Qtzm<kE
z8S2%vZC2hW>iQ9X4d4iy#wwb~o&j9MMn$$cC<!X<Pw(DE$^I+btdtw=EY>38RuQ2F
zSyZxdE&}dnCE<F&i^NnUh`T;uN=DsRd4wvUo9-)j7o~P|b5kz>g9<1Ovn##9=Kwok
z>b}mHrk@R-h5!npnuo{7vq-kOJ91tX0N*|ii0U0rt<}YgI~W<I0Pe#t6^+6|MFr~-
zE6^6BWlO=j?PsNe08gL@Z__X^%fS%Nm-xfa2*R`YQe1g?xp8jgm8>35WH=*hltKK<
z9kc=ubOJKmr+aQ}BAR8KUpt?!gooPbkbfLMh3RBqWv>K1V~j^z%TOC=%zr$o0=Y}G
zVj?e-aC{J{TQEBl4*W&SF`4%u6$^-=_kotM>jGogHK?RA&Y~`X-qkvU?)}sv#BIRg
zl<Wb!F}ep^_UUdYNQnWUhNM(eGcLaypjQ}#Fd}+4&w%xG(BI`u!8w&|C<Ka;_*!6f
z0NDalU_2<^4j%F+x_n3y(TI!9-)}w(VHo%;(cmyvaVt>IIM={vtswLi)VU-Oae(uH
z<swgb4v&rDOBY~;p$F_aEFLWj_#3%aXe99>!K>_a%!Z7&2dOsb2LKy9osT(Tj`jxK
zF9_vGO+L(;!pR@#hDI1E7b=Fp3a&vH>v#!f2Y?22rWo;|o(AA|go3Fc-@H;zT)Y61
zQ+#t(kFERV<;@;lfuSN|BQ$3f-<x8u+KI73ECFiUe?t{KV(1;upC1GA&7;f+BLU+9
zB3gjRDpuA2Tp|Wa1}7Gh6C8cE4=S;AWLss6-+kQ+7zKhfU<}xwg~-z`$Z*xvY$5==
zq@;e(B|!0!96-b=h$oAwXG1cLyeM(@FrNFjuUX2I=%@r6Hh*M|0;_^6<SRH^To~yY
z!+&2yU~EUWi&z&L62KKtFbD+C7OWx~a?l!Z&;hO9$@~B)36{}^DxZVqcsK6I!nfl5
z3}g6E7B+9PKf#J(Ozv4_jlPU$7y$(LHpk=cDUubyMhQtt$OZ32MiL1a&-@~x(>)67
z!T^LP#K=d13leceYEr7&HjW-3md^rT*=lAR;$efVe~#f1TaTycx=i;tf;~fGcO+0G
z2rhh7nC?GQ)zIK&HSB^kyYrS6cn~Yo&Ay-S7EBAKs`0_s0Hv^uYMw%9O96RIvJ<3V
z^o6cd#-(QcAbH^gf&Iz44q_Jn|Jd;Cv2PJ2^bTa~GpmzDm6gANpy09%jV0gC&Q~Za
zLwg8IJV;5Ur>7UX*9SU~IXs7ht<L}Q<^BpbPL|x^4Q>df@`2t^hPn2p`7q*4K!zhi
z7}`O|9fqIm`&(=%ynYn3E6_=?Y->GXwMWk$6(tEt6e3ZGfJi)DSo1M=XR!Bp><lm?
zX<^}`X(Yhm8kz5cR@}kQK@|D{ZyhHZPB3^%?){3jmm0urF2;%r5RB2J(lU;KX^q!e
z<oR%~VwB8AzbOo>0-R@a{yZ<2VJy}SATH2CU((I?9r9Wbh*uXL{J>F>aQ}V)C2n^F
zq=1E(6gi%i^%{p!cQ?y_9GE(U=yig6!AGU_*Gy()F8$sVJ&oa@RU>wF1PQ06syv2I
zD#O9)ITUt4j6aZJgpP}y9frbROl)kPBP~oWjb?i`;v#CqwW5~?xg(M7R6i-7wV8xt
zhvKv?1fUJueN@>NScu@7?)UGJ)6Xv@#aL_g_%*KEf?Zsd<`GH_daUFH_auF<{5?&^
z1y5L>7`Hh0STGWVF)*NsO2|=`H($K#CeBndTn)`EAd!9`dRVeF+=@W2MUtXHVrSxZ
z2+37Lc~d7@j0iOQRwnaD`q?^}wd$~jcvwWCsCl2LoC2@gXKdof=9R$`SZKC%E69W}
zf5LKnGY)Y$dU{S)U-Ka+C)dlo121oXmGc;Ni;S#nO6<rMiSe{$x0Jct!KgE4*^u*t
zyAY~105@W`wk$qZ-aevGPs1rc!p2s&9-%{PrJ{+Mci0dG(=24$73d?>G}u~WfzqMG
z43tD^`2(_j9<l{x`ENpkf)qm+u3Yg2H-I%AZ{U&2Rp&3RWPk5uu@#NYfkR=fs{$_n
zO36%PzuhikVMNf_HX4i`$2iQDpFd6bU63WEuC5Nhqh=bcEd?)ISk8Epz^>r{w^-wb
znrTxzqb&5ZCg)g3>Urw0)t^DOp&gy9Q!z3)sDH`NLMh)EQrkiBkKGe4m|%fvTzAc%
ztOHiAv)Mm-JFsbA&{<VBPO1BXX(qBNDBA2Xa1{_EB;c&rl}t>2<`_V~M_%3=dmKk8
zW;R>_Khw*5D`ib%8%0P3#kG5(pA+>9s8~sZ9G0u#^+Fheb&2h19w=eOK}ELd%^c=>
zUW_|UA2Nzd0NJZ7M+^S$H#)s+RO!}I?8quWN#F*u6s$C^ZK&Q_oKEk6a29J~aPK9E
zC_X|tY1WgfD*(A1ZuReZc_N6d!+{0OFfno#?l@dasExD0<O;R7w{ydVi>mzfi4G_M
zXASus3yv2|ljRUPUTB_T@85?V_XW!7kb0YraqJxET*zCWBCH7dcx2q|OWJw)u~wfi
zpVtks8A$~NPEHt|Q<iyH>aJUjN{mo3ePq2&%tXY=UJsZLNin4;UNMgfE>Mh_5FVUM
zl~5;JX*Jg@F&QLG*${8?;npq36)<YRd%qR=NTQB3r{H*P8>ugoCuZGa;h}_?0jP`x
z8ioPkVe#a9#l`8mti(t*&JvoB0vt+eES^>{{<|ImzoozWW=_X;1CxOQw@DGqEozs8
zva-D_H4WIv$cX3RviX#6dcZMSoBy5Nb7aeCrN1SS3P3r4h+KzI1$~CvQk|`o+jvI}
zhIrV(7@CA#8fis3Gs|(AQFw8bx8O}k$<8c@I`GvPe^7$N+Yh5tVj*2F9SCCfk2rmM
zVT*aCo7)9WX9xBpj3*f-?o^gI$I}uZ);OZ0(@-9$nnwEa66a!&i@K~zJ(ppiRvqu#
zPoF;F(3C@|fK%PN+N6#=AX-7fCUI**s%lIL6(!C(^WqEd$o6dfFVDP^y~bk43JP&3
zcW~0)PQ$9fbjD4sHE_u_mJApU?q!UHG6D<OaVOd9*4Cp`A5gCn5?z_(qAZ5}aPV0q
z9Ov2dcjF1|=|%XUuAaU1Ms8%*5cVN3m<SdG#|JDM^Z>E&u-|aY&q$!>0)65Q*SMaE
z$WeLB8;0-!Q%Zq%*PoRD=?~q@8qQBjzd__N&frLynZbdwm6{syWcUf_I5H7t;_Xe0
zq&nB0^!3{}E?Qa(&nI`Tw}2BQ-1ZM1*q=Y&jhlA%sXa#t<P#8eJoD4UDII8CSy_qi
zp}PjbG@NJx5xNEEake0h$`n2>x=kO#Aa-W;m;!0d9;W`JJFN(WM!e*Cgx{FMGm~qS
z>;J2j+NiJP_J48kNXI|M%&U?W5k9`NVBO&y#g@nBu|)~m%WE*X{g}tL(}z8>I#6K#
zhc>|C4mJj&O3_a5J5$AhqQ3`<G6xy<-ynCMGK`SS@TBTDy+KxKJDL^?4y3Vs0vAa{
zJzko0DZ^V&*#@6UV*#Y((70jr0@?y-5^T4{Kt(c(>5ei;f<vJv_C;nJ)N*ip){mt?
z%Esz&SB(BBOHAMK2-=3~&c&j2pPz|Cs`H_=3L|yvwE`>OMtzSd-PNL}qBCOjo~Zxf
z5Wb1dh>K~t$4UF+%mGIjt7C_WyIN3i0>C$2yX-5M(`My2JQXQH<ABigE<geM9rhgE
zFX(;p^wRtx5)Q{ym2>9i{TOSE5i4QawY4DAyM@1(I)h~z!67>cI`}s}XY6id^h#kn
zKzL{3w#mK=UmBksf;tpT!jpMts;hJ|5Bjdj$AeV=$-igcIVGb0`HAO5h=StdgJU5K
zK`J)FX7nh$T<|h*U8Js|0>fjU{#?C|s}L2d>NDHZ^0G(eRkZSrKOZoJmwxk8oHu9$
z(aYFlbQ+$km6Fvg;|wP7ZQ~{Eb1UK6%?8)GP$vHwL>Y;E)j8NAcO&!~{Rp%_>SsD?
zP<Y~q{RX4-%s?&t<GEYaJvx$=u2jtWFH;LT`h=C#k=<JAb8i3rqk0|VSKQHgLu_z+
z<|+BmGQlQd@-||C_xl3XU^QYqoVYa&%ND9SmLO?8qvl5+E0-Al6<78`bCjG3>wAyP
z!`%xFLT9I8rMc*37i5tx&d=|_8IGlmHKsba!LLB_k8*D(=9of~DkmqWpzx`?+nvZv
z%Fxz>jgze(>8mhV*R<mswDHK))z+q=w}3mAFezrc|45#|e-2<$wf5PwXR!;VapZO3
z@c%n!rj95IHV4&$BJacSPlO($sY^%*d4OgbiD4WY(XhWT;cdY34@efpL4cE!r`HhC
ze>fz5<37vPPp1q<Ctj$67I2&;9x4^6tg<L8)h)9PgGcL>o6r}cWBI`ur{BnZ45G0o
zXEa!7Y3#-U4mAAt5mjX1_Dp_RS+-+o34s`(Is@RKzEQm|&c<NjkZ?GMEIl)`KixPC
zyXEBvy&$<%0XzaJTIvwmT-)x)oc;M&IQYK$A%XSRJ6urB(+;3EycB#no1t4SrMoBM
z{p%Cs(Pa<0cKv~$DFH;Mw)meIr`1besfxaHN0)6)Mj3#Ns_N#^uRTMfqsD3K+uhyW
zedwHzXv-j0Mkf<`t`I~kz7U4}44oWS-6d0V7hGO?=dG*;p^~bXB<Zyw4rz4Vx5Pty
zjweeVX0xIeJ2f#xw><ag#`9Z@<&N;95X%V`x_N(V56aaoy8UMAw{JZ5Lvl+-Mykf{
z6{95G0)|6+G+tr5UhP7ADB$mFSl9VtmDeB?<CS(pD5Nwcz|T|XZcExCg@lROT}uB^
z-Sjx|D7Ec~xOa_OIn0GwEl_y|d@(7Yr`^~f7HlEr)f1tla-`D@0V1;|3-AyR2rMY)
zao=V|(^C-kEl@?3A^lsX#+IRp$w?vO#m5dZ-OzQ&gF}#AO}OcMxvkwO&!mh8NU*}l
znR_$a**>3=WmK)ZtrH{@ysr(7>0s`T(XX+cY+()hdt3*VMg=0$S_Cef%=8GP?{mK=
zAVD{%zr`>_MO9(YreMmf?QZP0`xUeeu%@b+Ch3O6C>eQGu9?r`vP*Y6nRjUKoanu-
zQ^mrUy@cYpl>c)a6scwI3bt=eDWcNvJm*;xy_{v$%J=!=A%&dp0{BpR>90UW85N5j
zCH{*I?-M@9*do>uL6J!6h+>`AwBXase1&^xIF5L}@-Vb%k(K!Ib?%UTcg1y`X1nzZ
zcYerCny>up_mh<MssH;|k==Fu3(yl4#{UVAd%`zonB(E0|F8Vu3Qbg*kph^Cv1szg
zDnc`h*SFDL|KlFO3kke^;U8#|O0Ij7UM{xBwACP3jrvt^QnpBp77!^GWRanOgG~#D
z{(=9JZZBr}>pba3t&XvJNAis!Lz%4MGP6;8$o#KRZcMq!AQyYj+Ukj}0KmZQWGcI>
z%~c??>Fu3Z{1sf;H1hD(R`M-d2n}#g6$oMUDKNYpRkT_C{PS7!2rhM8mgP7Kwux4V
z0r2vT?kISCeB0kIPqI$5I&o<}HW8nI8^HrSJXR1_pv|RmYi_7MEEI$2a(hJI!N+&w
z#tn#-?md6x3dJ%0;C9r>gfPWGD2C~(=eAQCRDoj;{Vo3=pF9Vj9CB7*aHxkIU0r=}
zV8ZEAu34m<5*QMK)Ei^Cx6nIcxWRKi7sy=!R;=StfO#B-&o%^(rCu(j=lUsPO3M5n
z+_501>2~<DK;@LDDEo_wqJAGo_}j?y9rQt)501=Lt8`5**7xsCkYUbe4O4gASzJ#k
z;&C$XsqL2UsZY^9v2E&MMuJfmx#-dS#yJ5)fnc_fX!cSY@n@!U=LA|~3-<0SpgY2L
zw^P7XJ9yCrK1}F}+hO%WkhWV9y%x`gRn;S#b?qWrSQF<S-jui;Nl!CCe=GF96^Dqa
zV0-3BRm?x8K!FW~{;dneO(L=LEFN)qVh<mR7VfYjvMWOspyZI2W)=mMhXNp2VWhNS
zb7N`@+;;iKQ#h8=wU{b8CtQABctaak#Do&F9%Tq#Kkf=|A0K4jD${R4pJ64Lsa$vT
z<xxLnJ-eih`DrFFmfX}}gL&VvoFTkWTRfRn{V-$E^XI^Z%0fc6u}jcwqvYkgOL_`W
z)D2feDn{02XwnCbsWX}GVHFiu<#}+!eO7Y!?)t?01#OW#uS4rIGvnaGtzwveYX7sF
zMHbXws%{yq8GM<T2%-~s&MJhk-v$}T)2(;Z`n?)G?-Vok&grw(zwHv+;VA%3O4KSU
zb0RdV5b5ibl$0~{lJlsg-1|MrKlVH=Dk?{y2O1O)#M;~qgpSk`c_HvUp26XKceI3s
z<0@bb-06cR+H<poxXqwtLYeml!3F4yh#_8q?5dGA5c?6v{fG!rShNRF!t(gz+D;Bd
zj;s|Cv!cbLqgswa9c6&kM~FDC7(s{DW3|uj`7bPQ=m|=_mnBYVRC920>Y1XcBRukV
zM`@Lkkj{dbTHHa0RWQ>C*~Lm&o!aU8DLT(sabvAzq^ED^R$K+ULQL}(<Hv=Hma%c%
zGA~r!8un=z2`+NcI=c4|s;V73J_73i;FC=6qLJH0%_{b?&yi7ufi;zwQin<_Ro2(n
zce5<4rjGiw>b<w-BXpEd@?f}agxg+*<5`5x4rpuL9f;Y7=C3;*p2F8q{*I8TThx$)
z-k-gIww_~Bw48pFAT5bM6c02uy!#1fcwL<;0GY@8kd0K^4r`0{n*#Frb+p#n2(GlL
zs~7Y*AR$4xYtUD&Bg^H~Gh4?ew{Ob0;ZQ*3=Wzj|S2>I&4giFNz9RWmXegEA$uQ-V
zrnWY3e0R_uPaB(?kL<h8`;@4z(T@Uph7CnsoFhC<iaku5U!?&4#%a>j;^4+qt9<J*
zpdLWNk8uF%V*;NAr1&d(`sx1475ITL!+^o=usxn8p(90?O8XR*s!)a5Ff^dB%hKAj
zQNc~WIo~*h{ajn@jeT$k1Ww(Gm%4B>jo=^vN`~$@@TR-_gjorI6k2&9;E+&RDUI|*
zXmyA>H|ojS#iEnMV$r3lY!HBjG_41CXh#cvK05TLnbS2&yGIUfK|ArW+PAtyS&OkY
zPK_L*+E%1444TQv$qnuyBX>jrxHwoJ!ipBdF6Q?Ix&t9Gr;p${mfn>3d(euf%<GB;
zxH~!hg85aP34t*b=hk9x6N&Jc`214757GI~i;!+!#EXn=xa#2n@!l^8#%gt<SBWr~
z+FFnoRmc{C1lrIj&k62W=>2QRxq+Od0SR5HT6lYOX=y382YxB$C~rowJ&aGqkpl&g
zmys2CGa^mtdSH$q#x_FyjHzCPpBFVWj1)v<5az9-kVmCJjCUZmW(p{;=og_%kB*|O
zWa8%jjCBk138EnPpfAKVgQpMz6(xKRv-IKs)YU`^`k?Vf9S^qxRRLb(rK5KNX{K%)
z9O$#%GQg?m&HDRvmAB{N!yBx!^wVM5YlXF*NR@)d9j<eLx5TRQzI^!`icxVh?0HB;
z%X_i~tiH)?jD_G4U2cJ1rVb}ZNR5U9+EhYi4tSVW=*=4dUVC!Srm8OJByQw*n|YkO
z)nKQDOX?$%t&4*LD{;4}79gS?Zn~5?Y(E&jq>xCHx#RVK{Jq%=Sly*pc7s5Y{U5%&
z?)DoM@i=WzOO8Vg5EtPVjqS32Yz|Tteh$DoA^Y7?jy||^=lVth$-wiiua|+&@MY(3
zY;=sYZNaiaj&gn^1*f53oVS%#>VpTLz~bO&6E#--hAsy%05~!~yVsrpNN~XegXkF!
z3MhHG>vcU~I5WyIWW%9`vUB!Zw4ecGvcSM`z1I&`A+`r-4s-4R9vP!)`2k7Ec|0`w
zphx%tw&J3qG)k#t96awI&|Q?|Z9<M84Nb(BZOqAM<Q}|fY#f6as(x$oMb>*zs3Wf;
z!N9_))Eg3DjQpX?ZBAxw7zVC~+}_=CMEEOV^4J}PoH!TE_=ujs<kd-${R2(_uW)EF
z`Av0Zqbg@#&>7BzKDGk+3iu=k<>ZhzGEj9(66j&%A}>{^;Jz&M;U9?9=l7@fc~Wku
z9LIXZ0STFUeQGyGu2XK^Iu1er<@v8jWXE1_{rT*rkFe4Wt5&Li#oEaylvigYGv3FB
znLb`K)z!UoV)IAzDr4;r8`bfKRu(3r(AJm|ekqvm+vVq}s1G>}2bL_=6`lfHiEO{O
zY(yT|z%-8xu<TY8@_6;$Q2>h$BH?Wbo~rGvVjFD0(O@e;LXQpIRpMwJ4Rgn%t@MXp
z3yX)`zrK&LmF^2IY9=YZ7%gN=VX7lHn4Td77+A%bSNLrl-C01s9UEH!YG%u1*UnH)
z46}4`aj~_{@+@VmG+)PDkL0t^9)D2F$|66Amx?nkf>k*fW>-TlM#e{7cBFThdU{XW
zBPbk^MTUJ;`*FZwGX>kxZHniDHur<t13c);?_UB{k2D+5a&UzH-s%B9$|iB6vs*hl
zgY#^b$yAhAy}W|e^6HPUP~_<!+M9aoN4{!bT>Tl3zvZQuM3b<kwnQAV&jc|dNpc3A
zI4Il)I_HxbtnYoBnz{;>q(A`S#JM(alsOQ;!SA#idiqgo`?VjP&aK7BKdZm>5aXA1
zr<D@`P+mex4aAMl^xu5Z12s=9UiciKv}6`Bu>dm+Bhug?Zj&fjvLKLVjtSYhpZztK
z0jj}s%U|qgr*ptiA&R)wEXd??##vJ&B_at<`56!tPmBT<6M^i!!4xZBJp`y+x}u4e
z;kW5&OkY%K9Wx5bSfBV3Ex%=OVHX*Y)WYNcy;2z<&{Ax6q^f9i{fTD2w^c<xry?}q
z!J!ZTQ>f(mRXF+Y7PP{XcvxV6?WmcZrI3C@!AL33CL2{@Yzo2RSK@Ai>6#;}X{N43
zrTXkb5paBf3xF?#Apr&X`WFQpg%BIHf(+<AI=;yt3k!%ebSp6O=x_lu0Wtf?n!Yuy
zJrXm%1GmCOj;68au!>fCAr2GZXy)ziEDB7P@^dwU>w<@GBUKN(3|Vf`TItFf5CG6K
zFgPPf(B|$O)lc4RLYIa=O~Hn#x5H(NETq`Qce%T{>1b<LcrO=%5{M8lT>d=&2C2<@
zJ-{6yU-hQZDX`WPK~Cs_11I>S;#!+V=BxzCaQAj5K76<iKd1sAEu0b@{<fWGC3bC?
z<;aRm=|2hx91?!w_COW|%0gVVfUSwV#vRC9CIaMdvTy=RY5+iq2P7i;wm`5YGMTiZ
zcxeY6;0#286TTXBwz3$44kNFgDP-W_+6)^8tXz}egN7Uc_f&@&eSR()-ojO)&b)5l
zYH*!_hy?}A3n}yKB!zN3sKFX@pl??JOk!H=x0MT?vH$x`8rDA%;-P1=vH_WuZYU(a
z<Hy{bU0;c~G_=&!S3WD^{+w<s2N;1J2U&2VDR@12?d$i^)JSnPO5^6*0z~>L#QUHP
z5x5ck?8S@YM~)P<X|aYij3r&Aju{&sUi~=~;j!(QMWzRTv<YWM&whzfTfJQ^$==Pw
z;U)H3ea^Uc5DJL;X%^FG+$Y{{Ss?|RXk{ShPQV*!LO^ABr1kbrs<IV`xD=>1SK<r@
zzs^?KumnV$$Z6Yv+twIok3LI>xVu@N4ROFyZ6jmmy#$R$Y<rS|a9J;I{W-i%gPl4L
zml-WebPttb1hl0m<xUY1s@GdKZ^l&F4d=D^qf%Ja^Lieb{rL4P(8hmFZ}&e5i}tv@
z2)x>>b$q^fn83Bm0HNWk5g+jV`n(%K=wMv|SuTS)QCC&9SSN5GLjBFi*qL{d!QhAf
z_dT!b2*m}<ajEsZCL#sIyrKkYZ>aWRxrlx8yoT6(#LR1wZ69_AQV$_MKpTwex*Yc-
z?jGEiO{<Al3@@HPpQ)dX{6rynfTA#`d5{?t<X+P~2T&EordiRsW6H`m&7WvIz$Yqo
z7}zK@yR-xy(aSf;d4xlAKQFH}5@N=aHKiY5O+jx&l<nuvWt2{=@Vji>xDmsWgUtb^
z@hU3z1Gt2N)rL<(wGrBRKQY=a3~`{t8vwNr91qEdu4w#Nhj9|YU31^rK`UuvqM{?E
zA~pt&D(hqiCtzC<{U?()zT9cC0eKG{?w10i-$Tpsw6TKUrS~B-$6|yK<bA}SLO1$W
za?SM>&<+^GBm+fD+stnIAmHLil*A)}-XYW-Icj2<D1;NVt+{?E7|iK*vRj#%V}u(!
z{V2=)T;=Xu0;vyYV!0J~RF9aMwP};12QpYr5oMgC%m;Y%ykSsT`u;g$6S#8Bhep4M
zl37)K(_%?^`H(<?8!>Zf4JsL=cExD<S);(cwziCEQdj2F%55ar*g2(aJMb2PgCQ#b
zIiRPoKQzh(su2@8E8>g;6~`_(qX2k?pQjjPi9O%yB?m7o=!T(}C|$Qbw;V$i1bSW9
z?mp==;WIXnR?D4SnC^8(12sC9oi-O4W1&glsXB=$_;%^tV)YIsW4DJ^8q1xQo?5W|
zOEeWlW$grESf6Cf6-|R#%MlkTZDumm0{A7lB-;us9TcpNZooZJ`CgTxgY$=-UFe%k
zE(SFPr$|>+bZ2hKM`C?OV$6(tmEq5<FRR9pi~chdH33oWv3tB)20ojuzB_Y-OE*jS
z)#74M(wykgpAtdeA97Ig<j9|ev0iD5bOc2)c(tlsIKGcP>Bc}1t6#ryZ9hYq@)077
zdP9yP7c?HC`X1YSRd7NRBNm?HO54(sWy}$B!4i%DC8ZltQSacgmII{@>IC#RoU=ax
zA~PO0!{`9~XrtUN&?bW^-C4a@mN?oZ&$S))7!}!&Q4a2jYTLG>(B(V;78|<>fy7OK
z3Y}^!{FF(cfJ)86KXe!a>qSca+V;b3SU>Q!ReIzwp34Wvrpza(*73MRi2UFlTwo4g
z4&UW^Wm>(yc2HTZ85*2eNsW7TgDudSjBmVIC!24Sd#{v_NAP5ji8ndtiEP8I^tHlC
z)F>tw5zg9{q_Bhcx(w;L6SYpWtgMa_<^^SOj8XecVBA_bias+tJ0bN#5N5Wp+h*cl
zfv3lt!}qClnTX8K|BC8Wmn;mU^HO6yLVr~%?nQt21jUuC@WA)g%0SaDAr-!#4)<n1
z9#cI|vHHBRFFSHrmogY?)rDw=sl5&yfm!rEXL5RkT`mQ$u_WqehXw|gc+T^mn?}r8
z>|_WdMU|{&Bw!Zc0}n8#s7)F^VK%hVtK!eS-@37#*^ChyB&Ai==a^9w`|-!ukH`(1
zM!s`V#Rs*0_tSJL2xb-i?DJEn0m*=9NQt!CK7esudAQziob8mZyJc6;@F19}wjF)6
z>b`Gc80w_{K;}`8w$U^N4NdjcACH$)PN4g@Jt1OZEyjxQ)_!^xQlIed8#T>sZHzyB
zgVxh8l(x)O3ej;k((bwrIv`XZ5+3;5s+taQCPvl?zTCM}8kjSOUj~Vz%-@$9D4QDJ
z;KW?uE>N6ZT}<LTH5qGPoR<o-x)&mTfAtw=C3YIDX=U;K0lc^W0lb%Nf&h8bG03Iw
zIU_d0Je7k?B<8CQktXzN{82#{rNnxRDmXGi<?4BJ9W^cKRw)#THc{!;vr}K;#vFT{
zaNctz(!->r<UaX!w%};FbXC4UjkDUi%auvn!o76guA1$QX6&wy{`J7f<!R@)ke7AJ
ztu~*<`99Fsu!K~EYKaV~PRTHD(Nd_8zhyA#5SPHLky12x_v^hMb}^wfb2hSv_KrNc
zt#wU<z+HuyAU4h_^f_ro{Fel+*&e4=A4V3*`@bH0I4vE@p=DSDL5>=d2x*304cy32
zdS-fh2`KHnch$bAMRQ90)WT?qz5@kTk9GMJznK<JQwP6nk==gnx>gIr`DOA<`C218
zh20^agda&L62JUk*_6}#u*qC7rUjQC5rPd5TMjrvlY78Hm2<nS{69l~2L5xl>cv02
zl#b3w=lD70Ohhc;t^}V<LqP$im-$5ubhGfHW8wcEJG5T2bnEmL<$u?#;XqQ)?KhzN
zFw=g|?44{3RY*w9yxg6oSBs|qyF>yZ=O+HVpK8_~*W`<YO)1-O5*c7$zwW(fh#?pN
zPI}twjsIcSP59Jbs)7PcXRSC=8~GHv$CK|h|LkP>bJ?W&K8RL1tV(lkEPa7%TkRW-
zbIt;PzwDX~P;=5IiQb-Rg(vpwU11bEzN=r{CbRSJFJEWJdl>)k2%ogH-N_p@3%|K3
z?5isZh8^^)ZfrCB+kO4s0l|1`z^X7$K|xggBj$=C>AB_Q12>f=W%&O7ln5W8hFv>T
zH4g8CRpU*6=c0+r#hJOlJF#Yeg!1r&3=tj_1v#PYFvGd2=IEs}pJJ<crB9y!W7WW~
zQJ^M1Chu-Ubi_<Jh0VLw6(?QwSqx(2?e6+}p?Y-=Gj%=Hwo8jX;;}JMXj4?PdiHAL
z#Od_a{_0mhzZS=+@eNlN%)M#PG&uD2>${YD3XO4p9>KU?cI@qNL#wDHQxC~ri^27>
zJvo~JW?KjAr06m#gj6I}*GFEQ^^~?bZ^NYD=?-gV+6$K_#cmHspK`+k;?s`(`H~AW
zLi{P#xpzW)6W2@~io<SZUeBVxqj^dD$oi_lj)WESZr<gqmJePjCoBd;`6@h=E{8Mv
zags#;)RDjc-U0vKz_#$hbXus^+oMbsQ^8q-aWgLt?~BrUG*W#|hri%Rn?&D{7SV1k
zvj*iIrH@7=m$rLfN?%R?OX7RkGDUSXcO~?H{W5cIM_8S|^TE{M^Ad5W*bKF7mKo&e
zgI<@t%eFS|TV824wh@cJL`ivZrT6vp!2Sv&CJNu7zYB@WkJ6N}SJzg*RrUpM4x={z
zj_1lkD*;o{!Y%u*5JrbG8R5@gjTS2(bLkXIgiHQe1Ee&4OA1cyoy%g@sak{IKQ}7B
zJM_AQ@!qU(;u+htJ5-myFC97ly)4OW>%V7C7v;P)a9mGf^+BHf>5psg%oRnuoQFOB
zg5>{Rwm#wd$Q!UexX9E_`r5}R(QokYQI+8QSEb3fE#(NSv@$!<e&LCSvFjJ^zvM`2
zW61nI9xs_Ke$o<09vVO9UYxl+dA@P>uh9M%%b$O%c}1#sm_4D(J)TsXdxqgW_13@N
zqnhwacpc`Vo-5`3y{B?GJJPxIuTv}4mkAiq!gVicr*B<>ETexvs?i3)fa`%=RHCha
zS78ppNd4Uw|JN`<tn2?jxJkgy9add%fpV5VD!Y@2_%al#FNcf5+~&^-khPJptQp?r
zqYvs4ICw?>jnxPM93;a^W401zR<Bk2G7UTVDc?m}SyEEC1hUsgGq|q<wch;`rNymc
zkFq~|hl{wh0)-ZyJT==Fv*z<7*ZfKKi584iMvRQ3(y@Zo)=h_<Z7)K6MyQ44JscoR
zX>(0w$~VS<rbws{prA<ZAp$U<2nG{Eeo+7pMjYV#_B{sR0ca1Z-t&M#AhaiG@0QuD
zs>-CyA7yj)tcYo`h=RiD6y1u&_ok?1yeg|q#Q%68z!9)>afPcO;?e*GOu&(;tgcD?
zFrNjIhI*Q~l#~lVZ1ym+kGAy|V&16YAsSMZ7l=zpNQjK&nL9@FzJun_Dijt%rDn*<
z--jxM_>%bZ@7t;)=Q2jfh|nQj?i0AHi4ti)I(eX*e#&&nbig-*n+-&x4}Lg}=l96w
zvlwiU_1;1ZGgX_<N;vLdaYN{|3siONVVD;z2Wf$_Ap`@!acKJP>0}BE2p}t3`o-Ui
zGh#D=#4^>Mm1sU&2%#kArk!}w{k^wn40SeI`}(>4aJB<K2J!-71UR9&g#~bCH194$
z#R6RT5ULuWs_0rzr;!4ud|*;R6gP5xHeiy#60{#E2<dui&9?IizjFR_v@bOMSss>i
z^Yg$W%<=C2COXJM@hOT}i?%I~^e-42zX!sD1`g;orjehmx~<U{y!(DD7LXcqhRI0%
zdp-3daoXnuZf?>DV^0Tb>*UmtIP42Jv0e|gDnt?<-Gy8UZ||L5)5zVQ_O!&1oODl*
zYapoc(yq>{pVD`4RL`7Yc%E{$w;;$h@Tq;=L$5F5B18S+Bn{Fr>$?(Ub%`^|4}O%*
z<jC8!NJ5#%lcOJSG?c8LeyBMlhj?K^l7E&b)o2&0C4e@_?u*pP1m1B5CGOsBm=6PS
z(rE;|e*_njeY(83NyFmMHGV8Xetv}QqDaSlSI{)A6xE)};U~*Z<%fras91tl1YE#~
zSU`zPwM)U@*6ELIcg$<z+|bX|Iu+QaT)?Kd6xg{z>z>bUYCF(+Dz^hqW*e53ms>~J
zOtzR&rC1T(By^<;!O7QJKUV3IomRgsz|6*mtu+J@?8u1UgRBk-<#}6+k_9hfBoGtj
zmIf`Cv4O^?CNo*Ix325zokyQRJqu6`d{MJTP%q<Y55HFe{&KVQ`9o3HBkw8fJs#&2
z9$QM~-->G4#zBrYM)r^`*LFyeSdWJay}4HK*Dggopz$lQhER38qBn&M0)ZDl+kMxD
z5TYl>+Qt?|2u|t4!|<-HGs1%8G6s>2V2(^=&_lpQX5VA1pXAx5JHTL4ugk#Uy+nkf
z6j%pfSwLE;OQcHzSw_>Bh@}L9JaUa8cyeq4$%1URe#AL|xRScP$?+%j{}}pXP6)KI
z^SON%=*}%}wSdxXu#l5f2khOU1c5H^^LMl)i>B+Wsr8S6*CI4LR#rUbL=pqK`d?u8
zE#gEG*^^}nL=t+eu&}WDT_A*jun;o>u?*^?im`qXH-+y6*>R{6T%BH(urOf*Rw9>b
zJiJK-#W4PDkRmlEkpe)6^hoyVQXZOE^yk>{emA^g#S;~-7JG82np0J7-M(GTaF0$R
zasU~-6=Y>(5VLU^@K#ozMD0z<z?t{J=!To<R09=kQ&GML5*n@4%n?C@BszxsjFvNM
zYy}Sb0J(_aqKK2IhcoT&kQuMXf;iwwVc~7OUjXgmfq|lvLR@OTSSC>`*AbRvrsLzC
zk5BJ-w+5Z`UU~UdfT^+PLT+yyCE95MBX+Z}umClsCVd`g6VcJba1E3d5pPm!cozhl
zh8f!c3F?I8>4W&7m4nDXwhS{$ufXVHyA>$NDaMyeATI&7=&Eb~oSg%!k!99*|8|R>
zJ-R&XYqXkBKp@ltGDU*L)LwkOoPlN{z|U{j8%Q4eFZNnHZs{PRE*8f148vd9DgcK5
z9gl1ds3z6=|63^#2Ri~-C6%k-l(U`PB*0T@@Cg_`fqsX1OQ+o;GSbA)wXxP+uL_yc
z(xuwuieUw--jJo~QH2F7f_t_c!xMrD$mYtGC*4!x{yhYPSsQ9upqMJ3^BX`Vw0k$7
z){CWzQ4`X009XL8u3Wp#77uW~2T;7&R%x~S1IZ~ky%DRiOY<4Qo*A0B#bIspM6QI#
zmXJ+C|5dBg`32E?<KuzO><~%ol0Ks=<K^<66ni97@6lab%Zo?`(1P&aWD#*7ATkY_
zFJ==5QXp!r)XaDj_EL~ZkQ6pBDhLRSgJEL6f{1;>v{dR${t;*hW|AUf9lrSnjC4WY
zXM%~|7)ksBxG9c#NdM{wVy~ieA~O48?}RW0K}^wrYwP;2mBpz&g%pE>bm{s*zv{aL
z@PZ&6YbYnaBMd*%=iVgtLTUoi8<+ry2p}L(HzRAE$l3$Q@oJY0#|>oA(eDuG1xs*M
zf$FHpYw$leUjpjCr2tv=M<|(fG7}EE@AD#IQ=&^l+CR`p&~~`s7BQj;Xaa&au~-+d
z8o_yhOew|_$2(1BibimA8j?8ih3XV+k+gTJ(rf>zn&Y>T$GPW&+9lYCfJxRj+}yGa
z$evz9clQA)sfArQ`Ob%_^ENoZ?8GX*xdT*GqDW{vek7y<?x1dQN+N!}5&JmwBi<#Z
z^pM_NR_mY)w(l#U<0b<~MOBX#*}Cu6!x1)ds(SG44vb#naJ3E81{_U)i&;cCqo(l!
zz#R?V%mX!w9G3l8`d4wD)$RIu8*>kS&$WtXv1LwM8rSm^T_$mOCYj*Wzz?ROqCz6y
zSqHJ~hT+c^VnjlddKw+WBFL-3-RBl#uYRt)N;nhemoP#~@ZiB62LVA{ji#ZbJcUTi
z(It=WL~RgwH5I=BlhNl6oZ1&{{YC)YblXP|Ls((;<v_29NK74_@U3ZBKRBP%5{Y=C
zuH5^_Nc(y5YT)2`Ibcgd3b9Cwfn5Wor8lgB&>b;k-@sXSz^>C4r>We7Z#XwEVRA;v
z$a#<|5^>Y8Tb+DndpEEcefxMTuvn<z!#DI_{jR_<_~pw}?`5ZFS-JwWTw28!yQz0z
zJ%LzJZD!wZXR?oMGpm$~?%6`!Yj7XY$olUtI>DNY<1OVPI9oblS|aolh&sxWV1P>0
z)D63=EJwi;BVrnIv6M3)D;YxMh7PL+ij}!c+@veN!X~AcL|3~LG`lbY`t(3UCZk9i
z&wKIWfE7YLZ$roOW@|s9SYHmvOyK1=2&BxxSmUU|5ifl8^m*dN<OmS5Hof{+t87s-
zSjATS5AWP@nC=m`x%>3#Qw&&3JB%U_`5Y(PasdrLC4aX<IGcdP?%liH;2VKHw`qiP
zWE<zgxGL7p^5R%8V?O0HwtV)%VploNjBn}Y8n@i^X!`ey-VL!TRioW8x(X~b-yoBE
z=^=IoCNdWc<U?}M`5m`;(|1?T@GP@5QYZ4^1J1H2y~I12f=f;gJ_~vjt3RP%eUOxN
z8I*=CL`|t`ny2!YfR3t8*>0`9X{`ETW38XHT7)juK@=__{!ed+7hK|0z`?>mMr)KJ
z_Uk6yH4f`QD=2Hby7p%VvbN)j+GV)eUqOc1b&x9f>bPC^V})z09=8L2dtg%Srdk0f
zfggK$nSTqm2U<pejFUM-Q1_r!JKPhMTo6}utncLCDeyNaVF0`hlxcYkIwM`lvZ3MO
zx=Xlt==9R-g^B84O(zosEE4}4AK^5!ML0iu*eL4JLCYf^+nk-EF+{bFtL-H?5yD6|
ze+w?@pc0|Y2EQSwDp3Ev{yRq0i*m76yVda$%4+Zv?DX_bpgW*!s=#dw2~ITxNp|0`
z^nnqMP}Zc6x`=ciWws>p_wo0}aRU`1nAvAV`WnJSk)vnY5b*#+ZciX4YaTu7?CQ!?
z8j5Qda=JkWIQf8-rCj3>PHHk={am`f*Ga_gs<w3?1Lnx>elJGM6CZ$lP>oxyilT0)
z4a=ir+a+ursCrLkzKgp^JJpH8apfKzYEB@#__<$6Y1n%QuYrX_v4kO4C;+}h58MU?
z@%hag>H_4mlBLlxG3~#)bP0u{RInAH36gQJz}jzZdjF?+CTjfS``hA(%ox~25Jfxl
zcM5<<DY&|}w?x<@Ms*}#H*qzQ=jAB6jMLjW=~ag9>3(z?DX~xrFC}pET)sB5RD0MD
zj=Z;^W1pY;O5B>>KWD(R!Gi$1GoIJVf0K>7tQ4$UXX<uKL-*p*I+yYVQb&(mtr(#}
zPi-rOcmT2(sgC7<{%ofhtX(fe$m<I8twgz(S&;)@CkY1x%uy+kPzECh7x&R`$a&Cx
zU`sPHv|lH`^ySXgF5@JL5f1UrTjr|}klVvTrgIY1Kc<($Y2e}U^TsA}%n4owMK#z1
zGUgig1QBEna?MWyZx6s1#DT=@>}R%gI+Z3R@x%rC2PO>^N-}B6z%_yT=1p6hywmX3
zj6p!`^`<xuQ0l#(aETqT4*oVgjMQ;Mv@c+pt>f)=qyhtu1R45yu)gP|qG3v{$AgCN
zave{KAgZse%6zbc)&wWR_p4h1N@VJtXw3cn{Zk`Qjq-f|GBp*_w4JOLRVu6vd*1U&
zbMGs|`HZRuBK^d>cS*QX5T{Acd&_#(3AHq~YWWq7j=CXMmBjMD9*d^>dK>hmxUN*l
z(Pr08whkUKl3p)=Pmzy>5t43SckKB3kM9L$`y>>xKfi?vw+E(3lkTDp0D-8T+Xeg`
z+}$Qp(jnh#c$ENNzvJLCH#f&pN|3q``KMp!0yU1aE*k!BbfDbk9s^riS&4_275N3R
zI;t@n`TH?MeBsBB#w9eAFhiZt)kQ|TK$4J+!849f1cQTReM-#f(=HYN%Hqz75C)_P
zT>k3GQ4r+)PWVX$&;3>deSN|^i|#o&AMI=ptn><9_ci&T|3w!8BTC-(;pu5_98y?(
zgP(9&7(OxQ^tl54x?JwN36#VkNx@U@9fGrW1fPW%&qyNwQCysEg$Uop0JBbne4fCo
zBVg^Z;=;xQ{@`Y71-6ipg=46bD>SLFWquhQJy*4L>yA{{(B{AM<;57SwBaCzEemxA
zZLLphvXe`(JnuP!=q*H6*ac3=e;`|esLTu1tw+#x=uy=Q`5|%HVY@AJ2nw@@=$8Rf
z3oL=&4m4yTcITgbpL)yU?_a-uLL~Ji&^stheH%r}@M2<bn3`{tgv14tF!GHLB4`$`
z%0e+>6Qa66X|7@xl|ogiJJKSZ+ZD!!hHj0np%z8egcM>(`%2~Sk9`3mo{4Kp8dn!|
zhq#kb3L>n{NPrO|9paIuWp@$P7ZgIF>b!E{k3oQ{JlX*X(E>tr!S9|rD}e7@=O>9e
zoMGFK;23|s<Q}!dHXgVXD3N>$!9Jc2ZDh%7N+qiZPam5BkkuOZ#rYq4&o#rH?u>F3
z@9`3pqbPo008uwFVQu;Rf{H9tp4VTzrf2XIjNoU`D1TD*4E>0r51k+Bj){aP+)~)K
zP;v@4sLGRXPoraJ52gg_;`KR^lX!AQTl+DC#PFoWhdxjU*aX)6qK^|^9zA&Q;Cx{T
zmI{IbS71fMPGsWZQbaX|o6GW4lF8<I2Nb7ZR704KYp)yFnWk5ns(V(NBM#y-<YYJ`
zjM7LuAEA2vxx9R`f5N~{czjD)a+e()Ybw*xrPNzJ#OzLdJlL!1B5Mb~J;Ebhh4ltI
z21W;s5gadYZ9rB6?HR}pJ9J4XNp&so@bS3`+At0RSyW9Y()F246G}T36<>)<)#?FB
z`UGpUwssq;bJ~=U5W=~RMx!l+`(&{qylm(z(hP`W9MVa>owBkgMLeK%a4d+|@3onH
zpMOz|_1i%!8JnLn(33N9XClg)Qv(;qqx5vY+qb_^S<N7|^LiwaOaMbQJiTHSGMO?q
zTNUB1sAN6pmS<ugU!6n%jRfwhHzBr+fuW9okWdE)P^_XGe}_+Fb^j%-&cseJ__6!w
zz1uj(0s=x-QqawIR0oz;4Et)?=XScc3W)Z9{Z#$~YcEtiO+9S_sFIIpAMJB=BTuS+
zO%g$vSn2hCyP)CRf$Zr!yHpmuDmC3KHa++SK?e@LP<}YzaY;Iq;89?U;wGG$oP@!C
z*l8L4n68ShZU=M_)abKY2$8`{;?U49Hz?GIu%p_09D;_|Re~_QAW%Zi&;$(#?r$PM
zKt`sg&>z^#!Y2$Qhak^Z0l@}-2o1q8Ct=r_g$*2NhDWMPvDD{YC-&jzR!Cw{6@P*{
zQr>ZJbGR}wtvB@Ly7hOR<g~}%sw3Lt<3ysiX!iW@k##c5jz|p%E;g<|m7A|0UCgy!
zEVOS-kEE~g+-hoLiDAB07o}HU&d={@>y#zed6<Qa@4gP)e1mr9ibV5tdt>SGu{Oyg
z{84u-uKl|9AStm~^oRTX@1hxf-%G2n0)+4is7={GC>{~qx(*sF`wdbKyW|TQbYv`1
zC4<?v&^Wtc!}b1Vb3HvJ#_LyPU(ZVYIGR{Lzxei1Wm(y;8Jcs20!7!;tE$W&?!Un;
zW^s7xQ4s&|ue&XmKy2sbX>T#S1eHg8Kl#T0iei;*a&mHz;3{R^eSFa&>ctu)6TgP8
z^jk<|YQ#;sy1F9K@K>H`h53~hgAS(GOQI!THYy|=V3HRmm=^yYqncYPlnqj(;#TbY
z>URI$J+${H!ot}kGjPtq7A*K8H<X8%D}+)fThh)EEhjX;?-x~1DLpir$FhSKYTGA8
ztGYm(hReU#utO%wa^S!$s{c%PQK8{muw?=;0>d@*&IcX7TtCHe=vswbT0zzrSA@oX
zzPEB2u3Z%nHK6UCXhD&;zYW&BB6Go7i8$4^5vPe%xeQAoE6R|KL<9+Jffr(by_aGP
zQiZ)QEeqy+%@<T$@+KrPd!N(mdj+N`t!eDHb)5`zoZh|JyLG+bQT6<<T1|lscRKz%
ztQ>G#=c5$UfhdzLO7mZ(vbhcPquM|nQ~K%mhlrbI#dfMsx%hkb#W(EvoIW?2b*bxK
zqMc&{y8TbrR=%R|c^{(|!u&c;a?k8OldF*{79kJG(y4PL2TGRS9%jEU`=+@fIOc7f
zDqGj3a6gGm#khRCHfiw-4LzsDFI}myYOu94;BGs7>QIa7RFF<_f46KDzM}|9+(3Pi
z@4b5Z?M|0|Ro*C{j3eV4cBX9FaE8UabmR5@`bT@@7=w-)>^$~XbzR8bS#n5vsxy?B
zu3Td=6LnniBmzf9pTVE;5K52U_T81yiY_I$3cnt@kS7%<VtO$9adgYa9oFvkVzqM@
z$lh8`vE6Itv*M)Y^I4+Zuwg?bEd}R>!*b?N+z~_S`|I7qwsOrBU0Ym_o5-j%t2rg`
zcdm1(DU)xw6aMM)6%79t6>a|$y-7%|3Dt7*90&f+28Dpz)Ejm_Kn+s#M(!f4gqL4j
z1qg;?^s@6F7UFMc(Es^WcQwzp#flRl6g$41D^U=`|MT}3cnQAvXdm8!dTY(gSs<l^
zx8u&ci3JaNxAMxxpwXQ&_=}qA_#j>r)7S-s#~byb+*qPBuJq3Ap?i5v0}dRZ83_2L
z*#6*9sHA!Xm(STk&CTTar^c$pKRx>kS^`dFtk+m{7bnbm$fJ5CxB(x<&j?9C_3<n0
z__#-9KU@rpXyWmGF`~EyNZHkW=N*62G@Ys`==1n*!-kGs^l}?Iem8Hd{#=bq3(XPg
z^9Aho(sQKKSsIc{=prAsXHr)0PBBQHb_1mO_}#>G>5I0qssB#ymSN@;#YcL}i`V?A
z?W-G5{U7lcA7|&~B_4EtT=n(C>dASBV_&L`Qk?5fj{KkhpqcA@NVQ}Pz6eGJ?3=te
zWyBQ!u-xp-Z%*of+PEvu2~Bg446~+kj-BCkocJzrY^o^!jYDaGUB_vi%%V!_OsSM#
zMl!$I#>(pR4orNQS?vAlHl@<CqH#f)G_XmFp+9=+Lc`Ucq;G}}ZO)_<lKsQ{66=22
z1{C<jUVpzfebM-mt$BVknk!c|HNPrOiL;u}b)H+{yc{~{R{r|zK~}2xi5GFfS1Zl&
zfN*+X{!FBdbDc+m&%3&+?Cc357u_Dk!@Ej2Juk2?ddS-yeQpG?kdaY#>3^HZ@G>%A
zQ|DgEc|YQWJL<%yY3@ub!K)kM6v;Q<K=YA(6z1z+((_D5GMK_<akdzkf>4tFagH^Z
znp^ig_Y3x}G;~o2RoR4BJD_@S{!6SC$<}ZY)QLvgJ^_J_H1T84;@)3)lCLd<_j&k<
zGL}bKSjIOTjGfT>JwD<D0KB>RB!F4>>Xp+z@8#EVd7;rgBg6525fwB>A2XoJhbZ`6
z;z`M+cRB~ZvQ+={<9~bM+=}AE@8D+;&2e@AR1yUJdtdYoI+eCX1_K10Ljv;$jDAqe
z?GemOO#J|H9j0_#l3Qv#w5In1Y0U}?9V&o#e1`98Ag?=7XAFqlV?+zYNuH07%r{_~
z><6fdV3c`yQzn_2-qj;kD@sRhB3Sq_EDk0+X`BA!@>YH;o3gujQM6*_6_D0Gcz6lt
zT0`oaL^S)|=2!DCA35vWX}>rRf5lb!=0F0Z3uo+@jJQzndSK5Br<yG+tJCKXC7>dP
zHv$cdl=pUNa8@*G0W?IPk5CB1WH5#pMI+%hZ4yNx@t^ld%n9VOW>0yAUw&~=_R;#U
z?rLOSc|%8dbYH1z_m%Rm#rsst4QfcVlT%aZ*@yvxzSw?H<WfFq9AZ=S{s}Me`PcF3
zTDY)&&EAWS9&cEPx$_RMh&U5JJH$($FgC^)$VB-F5-I)$;z*1Q4Q(U)dU{x?1NQIg
ze&hu$E56@X++_B%^`gJZeAm}dd{%=iMBToQl#`Eb80Y)C3~{LEK4r-+!=rB)!~gNd
zVGCHS@Vsu0_GjohS3S@822gbdEuS_e0cn&$&74fm<#E_Ajg-|oqJQ7;C(hsH`G@Po
z_|O+`By3f4d@<FAm?my#{JZREEh!n*>Jnt}#O&rAgGKUNHE-YQhy6et7BMsiY(iUn
zT6{dat2NMh8pWT<-;ByfEBU(M!E&0Hxcl+z8fsRoIK(e`Jn8;uUdT(*a&=t<B7JS;
z<L9-nS9}d<8TYyB$8>ggXVUoDX|7*)so$Ifd)GOJLDhGoWuEpeA|52BEtc?=5G-Da
zLrPhSm!WTJ<Qw&m%!eK;)_xhE$K*ISy#EBo(5n4Y#f))yNN1|`PMmf%3aGwQHU%r<
zu`@^F`xuDxcYMRk12-}jP`Ak~^;jdVd_LgNYD!fVF~Z{hX}7q?7jvMWenR1fq3~!k
zo=`Z0==7b7dYI@nnH~QE6wMSY@*Rd?C701^w<34s!D}LzhFIX}pXU%P?LD3nfQcSy
zcCTCRVrlNf1fFBWtPg}h#Rq@B`n{5{?awyscnDYuSYz+tl%iqJ_aD{RZSJ33yYarH
zUieNIG#cjb%XvlIke`nBJ_c0@$?od7#vwafTNzv$;TYxv78i4b27~q_{e-g$h*BY}
z^6-bmas)IE%`SUmd$08WsCof9cyag^jiSjjTfJk)!pJ;8TxAE?VIbEOz>P}(Y#JO%
zMzm=7%#4f{ffG-eyGk6peN1@rEzpAfJloHrN)ImbO6T5tvXIY509o&E5AEEp+T}H<
z->>&}F|VY~l|kQUrHMDfwuwFYNY9pyHy*2fWIp2;ZRyb2f@4C$=a<X&$!G6$b|A=1
zj1{SA2Z+rzX}K4Qt?8n6E)1spH7kt>3zML-8vYi%D?XPEUlK&<gF-oE=d#kmKVY_Q
z#?*j=2hPOL>uWy};^W)&*-v}p+vAjx`dYm_n((A#kn;4ik6+Ixd7i`E_Ou8^qQ?ao
zzB+fmTKii2Zc)+i58V4pCv$S8_MWg0x)k0xgtoC2eaDcCT)WIrD7MGTiu^Qc+iQxb
z#D6c~tb0ptkg)94ecJuPz5bq_akp{|&L(E1FB+dQT87ll^!TUW*VfT{`@-44%)*jT
zc_%_)sRsrsGminkvZI{R%OR>-7qP(D1If}~O$M=dX)b;R;(@jivHQ;f*I}xH@rx{3
zHEVb(GW@yMe>URReF9SP)-utk=+`oyYa*ImJ5oj90vea|^uY@>Sw&A+;&vZGV_Jnp
z*7?kHtaX~X)6dpjNXCwcS;XJ#7QNN0qxnE~B-&s>se0Erims*-sUahBiR{~`bv7Ip
z9p1TlLr0j@`K6WLqYng~TOzCMFJFGobnNH;Wy~o0;pzkYgXOe~o{vxEwVdAP{B77G
zy+}MtC5<DtP9;UxiY>5l$P<p>CuNg4@Cy)SIgSgdUJg@lzd*a(?Cj<@Z;}qWU&aJT
zyLTd$j~{;{KlHPvpph&018#sQ4_8g+pFk6iO<)p=k@gwzKbc9frIpR0&$#Xi&3aV|
z^>So>Fw{T2S5S}?Hd!%wgd;OwSjC@;^rGysT-QTfbc%-#o$21+Gpsl@|K!?YE}}BK
z-oMZJ;O|fNoG7`q!^`!(akV|eOj*6far5V?%s7x99ua6`xG?{pt7Q?ZQ7-8;c4v;3
zqgWWfGO5?rU0P<cBI#zsW%Wm-iK1`%48L@ZjAGVU-f}S9JF*)qbKK7aXSqh;yNNt_
z@bdCHMShhGg|{|0llVTbYD%sGmWp5%Pem>uG9$~%ys%=6e=<u8IX7~;XT5}G0awo3
zYG2>eNBC@^Mt3$!h>3B<8N$yUV_zIWVsh?`7COEvu>4GLJ|}wbS3%93itOwQSg1Ie
ziTQkGQutzM$CRRcHOyMVn)k#fjM8g3#)Yt_J-#0u%>gRuTJ<4W1=7H-GtH$D!}Cp&
zG-`0S99Uns^>)=y&?s`>_2B_!c=r^Nw`;)=5$@aA&vA(9oG2~%^i8$rVCUW#e9<pW
zM1`lJBl3pB=0PD>9iK*9r-JzW3AX#KNCh_q1Yv5rGMaD&sSo<~^gq<o^ok-=VSmQK
z;<=^qf3<hz@ldXPe|XxosDtQasOO37Qy3Xpk|kxCWE<HVHK8!pBeI;t9F)pf$C91M
zmYD20qGK7<AaW40hf1~)^ZxGXyyuVi^L{?h=l%PAuD@nJ_uO;e*LD4_-}3!!h`C(>
zygb*ChRNx&fXr1Js7wcOxP5dm!JxAn>qF>%ESpf$LlnB>z#8|hfsCbui^d9%ZrZw1
zGNv=G({7C}?2Zl!O9M^`Yz+<OlD05FaUerL1l{DN>#K;>>&bv{efjPVko33ok70*s
zg{z=^m6mp+eXg#^$Wwh2+Rb5Hx|AV9BNQfH{*v+7#V&9Tn#qAr5*&+bLyJLEOY0b5
zq_5tlK}J))l~JvG)kHi{jQlMly-d&YGJ|)l$8m8vJZx~;MMg%tRnO#t254`)ZyWb4
z+dXJ089GH_dQ`lpjlp<s3|bku4l~5ds$HTWQ_@boBH3}t!c`+(K&m;q!zylXC`|U?
zcL*J7sI2q_OcgRUr#>`>F2^$Z+QIDZ`Y2@b;299l9%L8Nl^vv%P~Hu%3ibtpqB$8N
zW)ue%<gmBCUNtI!l!H=m8za4w&Qq5_lR`A3=g-Z~usVOKr`87L<>Xw0Qw)jGGmydI
zVp;0Y2>AmGOY4UIW7$;v+o_h87Vyg^G2F~TRfw&l<owB|Bkf2GZ6_o-lE99FR!*cd
zA`JF&#U2@4Pb(0~lYqnRfDiR90m9)`8mnbyZ9Q0l_dO-xs&SP1sk@E^jh#vX`1krP
zE~wxzXiChh!PUBxjUJ~{!59UnUpECX$~8DMOh0o!fC41a{D^Z?Zzuh99Xo3IV9MX5
zf%~T?CtXvb$*H2FgV`G+2+{>ciJY8Lz-nib;_Im;B`mh%F{ic>Xv*oN9$FpXPD70j
zWKb4_Y{+N7W@wS<Lx_q4zQA5H`^WCEZLsGA{zc8B<PQ1QDL#FdX>6p-Sh%p;NvVv2
z0_on{t>Ou=q@(1%+Cwn&*~-i2AAM_##>Ro*%;@|S>udNxq>Uc9jDO~(04oV@K1cwl
zC^s{c2o@b=dTf9|5vay^KQqm6TI5nvR-S81ly~e%z6{}G&}b&BrN5^K>KTqfOA~*!
zG|^2)s~T?h3K&@H7G0Ue#rQxb^9@+p-&R@*N5nU!NtPVLMHn%r-Es%k;KU-qVRm-K
z&Px}AS*8ps#4NEvzCki8IN~;QlijMvqg9a_zM#!Q7=rPVYuw%)p-@YYKIEJ1cGJa0
zK}Mf%j|_HIWA15rL17`Nk&}SM+j}vTz?xK_&ClxT1J^f12mw033Ju`uKv{vXqUu0M
zSXy3Q26HG7L>(ml^7C(;qF=jEzQ<6EZ+&!sFr<~8C@27iavP)_tR9>$%Z8vp1B0mc
z3H^F`DvN<>hB7~Mpa3En6c2*GkAsbY*dzdrL4zu&S_ELw+eHy3Nv4|b{y9Y+U0iY9
z&g?hNwTKx2%4j8c&Av1X&2fRP<&q6XI3UZW`b=l7cVSM~MN^C=u@ET$bgKpdHIO%Y
z@0>cMrtPzsK#YS?u?CNLQY}EK9i<#1JN2}iE5uFk{yC+e>p`(ovhK4%a0v(%*R{1x
z9q7Ov*kuDTEr`-B{~GN`AB1-7n-K2+<ur_7rGaUtK=livpvcDlrOS%*V5I;(o&j~w
zYZ2VwR=u+<sB0q{@JYURpdpwI_FWM8_yMXmO9C)`wNrJ`a5y@z&g?u*Ak;qqE<sZ)
zC(r-@<W-i5K!^;&4vZ2{Hlo9au9!=`V`zyjuS4#NECyr29~sg$Wy%2Q4{$@LSO&A&
zP*R}nq=2*N!+LXZ|I>#nRGtSwBGl|hP=b(Bn6X(5=H22OZ#va*lXDQBfT{Wz1JPQ5
zpD(2aEWBaDnst-}Z{8S+`%|Cxg=F`G=mK<gw_iflPhhVzZRj^71btMEa9}Vta52v_
z9x8baKX<0q&z2u=1prJ*MWkjZjY@^q4CMf#J$t5*$3#k{f&vDIUi_KLq?`n!dYK97
zV$ND_(d4&vfPO^k{EM~@t^Dlw<C#8Qk};$iKt2kKip;&BS+%j3e=Z<+^S$wtEcPm!
z|BGT3cK5PHSZ}5@f$4&e1LJ%sf6&^>3VN~hmO<45Xqday7qb9Nxu|4tY*22lQ2Np~
zvk3n}e{g1&gnK7w$mmE>Omd#cWi%OI{TkBq7?9;3-b~G7snBr<%3p(1<B8@I(PhSj
z=M%;Gumy7F(31~|*KD9+iS!e9y?ci;8fOVka1f*|Y;2xNifi>u`k6m9jYD79O#o9N
zptWk|zK42U1Yd~V)&ud)c}7>4gaBf99L-qTcX7IZEN@qm$aO55dgp>@0%@6Mki1@S
zyd%R{azeJ?)j)5nazW**mAdM*MCatBstee}NwX_o)oK~<-`cpV3&vsNlIih=Q@wWw
zzDT^0XL@@I<}&6YG?MGA%rb&zBMpAGYLkQYGI6DG=2!UYfw%1$SCM>dhH3|#4>bP)
z(~f)CM_JCB!o9<Os^&a^XaT1U0oloSdgSw6-Vh8({B-)JV+4G*TU`{_0&Wb$K@NV#
z8M5Js?g%5K89+(Sr_w_JCi&~wdfh#WeAnFX@e?;{sIV6E{PW_(sl4%wsBpf0$dzdx
zIC0&s+@t-+ZtxmeznC9wSS(qh@a#e^emh_>jhYsfq4%*D8rnxjh8?{6T?g<9OuQj-
zIh_KJBfqGecduGn-t2l>5*g-LDNA9vm2W5B-H!aipBH9hOPGHkYjyd{hvc2Yvs$N0
zn3Gq`Iq!?+ff;z~VoBCpT?Jt!^X!{+cA>e-0G`N=+^n}3Zcbg<>dYOff3{e3ajyP7
zA=T{1ogT=Yzjtc?TEos8Yh9JrZk%QhV)8`rdP4RMo>iYj6VzLdt7$GCh;I4UrQhMt
zy650sA3kEmPlvi6v8?^7>0{nK>2Z6x0sE=4Aouf1Wc>N(%!s7(VkQKkdyn35`EzYj
zaM|5)ixqn7CxA7jC;St3!LekkW+hx`HGbjC;GapZ3Dk+Tjn@_IC1=}rZx!r^npfI1
z-48^jV*56}=WL>Vg;hjgQ|!WE<Dw5v;x>d{7_1H|GAdr(yfx7I>-Ghwgxruv=kF%|
zqwcIMTBg&hfBCUS8NBTDHK5Mv{wL$NZ@3>~e+r*fwUZgK6Fk$`mUOC!|6ZDUQJ3Qx
zVbS^Te5qs{q%<-<{WQIgSY~M#-$d$T00pEg!`mJ`=3C>s@?2xeP|nX`xp9MVB>yST
zd$mq%l#d!Fz>O8?`#$yTd!ihErJKwDb?|zn6Sk$@0v^u+a8n;H`e1MYA9R_lKevKc
zPFUL?+@mu%C{op~_>wFp7~KM|2t)HQuNEr3{G3q07HjDznUW*Fe9gXXeU!L|dK;m{
zkYkYu1=Ca-S6A4gt5f#((B@-hN_seM1VBYaBV=0LIZ?`fC)F%0XjnT@+qm5>uSop&
z%Lq1$B5&hR7;CaxFiqKyVZ<Nwy@3^2ftNTWejK^porNrvs43-Y!<v28R={xoc+1BD
z+Oe~z`Z!M)ZIU9Os+lT!2Rl-xH<+`bO26)UgWMP*3gDcka=Wjp8_r8p^7q}aQLye(
zwVvD4^<Jd<-a)>i)Hy~OeE1&+i*r#>8{j=;yd?fu3KYr`p;*p{g7xQoaFG9Zr<C)v
z|NI#W^?zQo@yKSP4%b@zoNMq-qKBGLNQ1$*ov7e#sC4xeV@VwW)Yg4~NC7H8F$3Dr
zXa=f#B**S86^iLM7}R}yAQn<GHzEN5_l!3m)XboyURC7mMMy;{<$vX;|4(<y<}PRA
zC`(;2KAs(+Z=8BY$uDd$;8`htO)N8(>>0N8tx>PacG*Q~Vm&<!cGov%r>{1>P{jw9
zwqS?P@j!z4IdR1!c*^!qhj%n^<PI>@sB>9h6Cc>sKkrLv`YEazdf>gA1MQ+Wj*PQ`
zO7Fw>!MOn4Qk%UEw6#O)XCtc&j@;I;PacS0SsO=t6xa}Yc0PDbHOZ~2x@?qBin|o0
z;_)+YUK2M+v>#j5-O~d-=m7-jpwTR41$S+O76T%@dJyo~J|QhDdoz%LJzP{$vg)T+
z-F&-`0^K#@=*{mM^24jEPusSh%yWFEGJ7tw6M{m_GrMLJrLtsZ0gZ8kxFk=)a+VHW
zVv~GY^h5*V^a7r{s^}c8^S&9JRCU8-9D3I_!{KbkY8nJ5eKQwlOgUk#plx}+&JoCh
zfQG@FK@D9~bEW%T@Zu2aY!sGxZrN3g&)LPrvt}ql;K6P&PvzXgGE2j2u%3pPCrzW-
zCtl|M!Fke4?i3FxAx6#l`FRQc2pw8-a)W;GD=+m?a{q*9jv0|YXnyq2-U2cu(Ac%w
zcEYq6B2N+-Za2RuosIcpO>7!7bc4?@X|F^e7jR!>ye!bl0LR!(FV|?fE&te{*guM%
zC#=es=qI_xFuUianf@ch!Qhw^B*G+?=lD>ef^(%J{!Ge8?!S0jh&Z5&KnVVI_pS`%
z+n`VtnmFNGbL`P?11-3m>;X?)pciSzDA{^GQK;T<-|;F(i#ah<{@j@rzSA=lstKa(
zAfq&mj04a;5dr}EBXMCPi^_R162*x*rzc}&yqZ7#k`<GbV&fJ+{G6ar=G5|($D{&W
zJrREzNebw@(f2f6kotRth(Js#HPY)xKVJn!?$BP=?fQ@3qnbvc_`N&SiYY4csj`{u
z_YC|4$gP>z>-5SC!|FV{B)Nx-G*y!G1I%opN_cH~le6vLuLikKCIrHiZw=(Dyq9t8
zO!?}k1_r>)WQ5#9NO&=qMf1{EG3E-?Zs*Mwi%deR5(G>XEE`K^e`Tdxpm`}5gmc8a
zPowe4+y7f!wExyjghq?_JVm2Z5(jqOZ5joQ`BbnAebAIoz0tu~h~Yfuj6+Ai>U=HL
zaX2NGo@3+Ddd=ItZH6Gin^(vE=`R^0n+1M-dno@f7_cEF7`46`R4#d(x;yKQ6PS5z
z*F8OBBg4i`iov&EG3bBRSfM-zub;$AVcPw@|J)r`2Lp|$TcyoQ#~+=~t}D+p!6&|@
zL#jjNTCsA{x5n`=xK#X5jLk(H8jwl566N){!r1UTjp=Rqga`!@UZAA_T2t4LbLStC
z`y#eB;?avk5jx;5QWw3L?0!<*M2w^-e2{k=cjX!@fp>(ie{zF=aI96t6pE%rNt=mB
zC_p{xvNHLySqXtWJb3p=8Y$nl_iO(UvX+`-fjP0tX)z;?V4+|V3hO3RNUJHDDGQ!B
zG|M7P@z#KJ<BYeUfWX@3mX0{&^-HOa=kJdYdBj*y(|CO18YPvNLaj&1{Lq<S(xWbf
zU-jE@i>7a=m6s>%!vB}#4k<|-B3n(_6U!2rGvKV7iRdwW_qpvLhdy5t(7bv9$urY>
xbrQ*rj$waEi3##e70&hls0sg88)6eexKJ{@F5X2!J4cX3yP%8LDb{kh^IyZ*YPA3W

literal 0
HcmV?d00001

diff --git a/docs/src/main/asciidoc/security-openid-connect.adoc b/docs/src/main/asciidoc/security-openid-connect.adoc
index ddb149202842e..da213cac4dece 100644
--- a/docs/src/main/asciidoc/security-openid-connect.adoc
+++ b/docs/src/main/asciidoc/security-openid-connect.adoc
@@ -11,10 +11,16 @@ include::./attributes.adoc[]
 You can use the Quarkus OpenID Connect (OIDC) extension to secure your JAX-RS applications using Bearer Token Authorization. 
 The Bearer Tokens are issued by OIDC and OAuth 2.0 compliant authorization servers, such as https://www.keycloak.org[Keycloak]. 
 
-Bearer Token authorization authorizes HTTP requests based on the existence and validity of a Bearer Token. 
-The Bearer Token provides information about determining the subject of the call and whether or not an HTTP resource is accessible. 
+Bearer Token authorization is the process of authorizing HTTP requests based on the existence and validity of a Bearer Token. 
+The Bearer Token provides information about the subject of the call which is used to determine whether or not an HTTP resource can be accessed.
 
-If you want to authenticate and authorize the users using OpenID Connect Authorization Code Flow, see xref:security-openid-connect-web-authentication.adoc[Using OpenID Connect to Protect Web Applications].
+.Bearer Token Authorization mechanism in Quarkus
+image::security-bearer-token-authorization-mechanism-1.png[alt=Bearer Token Authorization, align=center]
+
+.Bearer Token Authorization mechanism with Client in Quarkus
+image::security-bearer-token-authorization-mechanism-2.png[alt=Bearer Token Authorization, align=center]
+
+If you need to authenticate and authorize the users using OpenID Connect Authorization Code Flow, see xref:security-openid-connect-web-authentication.adoc[Using OpenID Connect to Protect Web Applications].
 Also, if you use Keycloak and Bearer Tokens, see xref:security-keycloak-authorization.adoc[Using Keycloak to Centralize Authorization].
 
 For information about how to support multiple tenants, see xref:security-openid-connect-multitenancy.adoc[Using OpenID Connect Multi-Tenancy].

From 8223153226a0c646bec655e006a0f26f64013416 Mon Sep 17 00:00:00 2001
From: hmanwani-rh <hmanwani@redhat.com>
Date: Fri, 9 Sep 2022 20:16:10 +0530
Subject: [PATCH 18/36] Added descriptions for diagrams

---
 .../asciidoc/security-openid-connect.adoc     | 20 ++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/docs/src/main/asciidoc/security-openid-connect.adoc b/docs/src/main/asciidoc/security-openid-connect.adoc
index da213cac4dece..1d4f1adbca9e1 100644
--- a/docs/src/main/asciidoc/security-openid-connect.adoc
+++ b/docs/src/main/asciidoc/security-openid-connect.adoc
@@ -11,15 +11,33 @@ include::./attributes.adoc[]
 You can use the Quarkus OpenID Connect (OIDC) extension to secure your JAX-RS applications using Bearer Token Authorization. 
 The Bearer Tokens are issued by OIDC and OAuth 2.0 compliant authorization servers, such as https://www.keycloak.org[Keycloak]. 
 
-Bearer Token authorization is the process of authorizing HTTP requests based on the existence and validity of a Bearer Token. 
+Bearer Token Authorization is the process of authorizing HTTP requests based on the existence and validity of a Bearer Token. 
 The Bearer Token provides information about the subject of the call which is used to determine whether or not an HTTP resource can be accessed.
 
+The following figures outline the Bearer Token Authorization mechanism in Quarkus:
+
 .Bearer Token Authorization mechanism in Quarkus
 image::security-bearer-token-authorization-mechanism-1.png[alt=Bearer Token Authorization, align=center]
 
+In the previous figure:
+
+. First, the Quarkus service retrieves verification keys from the OpenID Connect provider.
+. The Quarkus user accesses the single-page application.
+. The single-page application uses Authorization Code Flow to authenticate the user and retrieve tokens from the OpenID Connect provider.
+. The single-page application uses the access token to retrieve the service data from the Quarkus service.
+. The Quarkus service verifies the bearer access token and returns data to the single-page application.
+. The single-page application returns the same data to the Quarkus user.
+
 .Bearer Token Authorization mechanism with Client in Quarkus
 image::security-bearer-token-authorization-mechanism-2.png[alt=Bearer Token Authorization, align=center]
 
+In the previous figure:
+
+. First, the Quarkus service retrieves verification keys from the OpenID Connect provider.
+. The Client uses provided credentials to retrieve the access token from the OpenID Connect provider.
+. The Client uses the access token to retrieve the service data from the Quarkus service.
+. The Quarkus service verifies the bearer access token and returns data to the Client.
+
 If you need to authenticate and authorize the users using OpenID Connect Authorization Code Flow, see xref:security-openid-connect-web-authentication.adoc[Using OpenID Connect to Protect Web Applications].
 Also, if you use Keycloak and Bearer Tokens, see xref:security-keycloak-authorization.adoc[Using Keycloak to Centralize Authorization].
 

From fa7319e56e31482c16fa12d5ffb6e5662423c188 Mon Sep 17 00:00:00 2001
From: hmanwani-rh <hmanwani@redhat.com>
Date: Wed, 14 Sep 2022 18:46:19 +0530
Subject: [PATCH 19/36] Incorporated SME suggestions

---
 .../asciidoc/security-openid-connect.adoc     | 30 +++++++++----------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/docs/src/main/asciidoc/security-openid-connect.adoc b/docs/src/main/asciidoc/security-openid-connect.adoc
index 1d4f1adbca9e1..2f82bf23fb744 100644
--- a/docs/src/main/asciidoc/security-openid-connect.adoc
+++ b/docs/src/main/asciidoc/security-openid-connect.adoc
@@ -14,29 +14,29 @@ The Bearer Tokens are issued by OIDC and OAuth 2.0 compliant authorization serve
 Bearer Token Authorization is the process of authorizing HTTP requests based on the existence and validity of a Bearer Token. 
 The Bearer Token provides information about the subject of the call which is used to determine whether or not an HTTP resource can be accessed.
 
-The following figures outline the Bearer Token Authorization mechanism in Quarkus:
+The following diagrams outline the Bearer Token Authorization mechanism in Quarkus:
 
-.Bearer Token Authorization mechanism in Quarkus
+.Bearer Token Authorization mechanism in Quarkus with Single-page application
 image::security-bearer-token-authorization-mechanism-1.png[alt=Bearer Token Authorization, align=center]
 
-In the previous figure:
+In the previous diagram:
 
-. First, the Quarkus service retrieves verification keys from the OpenID Connect provider.
-. The Quarkus user accesses the single-page application.
-. The single-page application uses Authorization Code Flow to authenticate the user and retrieve tokens from the OpenID Connect provider.
-. The single-page application uses the access token to retrieve the service data from the Quarkus service.
-. The Quarkus service verifies the bearer access token and returns data to the single-page application.
-. The single-page application returns the same data to the Quarkus user.
+1. The Quarkus service retrieves verification keys from the OpenID Connect provider. The verification keys are used to verify the bearer access token signatures.
+2. The Quarkus user accesses the Single-page application.
+3. The Single-page application uses Authorization Code Flow to authenticate the user and retrieve tokens from the OpenID Connect provider.
+4. The Single-page application uses the access token to retrieve the service data from the Quarkus service.
+5. The Quarkus service verifies the bearer access token signature using the verification keys, checks the token expiry date and other claims, allows the request to proceed if the token is valid, and returns the service response to the Single-page application.
+6. The Single-page application returns the same data to the Quarkus user.
 
-.Bearer Token Authorization mechanism with Client in Quarkus
+.Bearer Token Authorization mechanism in Quarkus with Java or command line client
 image::security-bearer-token-authorization-mechanism-2.png[alt=Bearer Token Authorization, align=center]
 
-In the previous figure:
+In the previous diagram:
 
-. First, the Quarkus service retrieves verification keys from the OpenID Connect provider.
-. The Client uses provided credentials to retrieve the access token from the OpenID Connect provider.
-. The Client uses the access token to retrieve the service data from the Quarkus service.
-. The Quarkus service verifies the bearer access token and returns data to the Client.
+1. The Quarkus service retrieves verification keys from the OpenID Connect provider. The verification keys are used to verify the bearer access token signatures.
+2. The Client uses `client_credentials` that requires client ID and secret or password grant, which also requires client ID, secret, user name, and password to retrieve the access token from the OpenID Connect provider.
+3. The Client uses the access token to retrieve the service data from the Quarkus service.
+4. The Quarkus service verifies the bearer access token signature using the verification keys, checks the token expiry date and other claims, allows the request to proceed if the token is valid, and returns the service response to the Client.
 
 If you need to authenticate and authorize the users using OpenID Connect Authorization Code Flow, see xref:security-openid-connect-web-authentication.adoc[Using OpenID Connect to Protect Web Applications].
 Also, if you use Keycloak and Bearer Tokens, see xref:security-keycloak-authorization.adoc[Using Keycloak to Centralize Authorization].

From 20bbc7f011b117efda2f3f795b17fd396d723f75 Mon Sep 17 00:00:00 2001
From: hmanwani-rh <hmanwani@redhat.com>
Date: Thu, 15 Sep 2022 15:08:07 +0530
Subject: [PATCH 20/36] graphic size changes

---
 docs/src/main/asciidoc/security-openid-connect.adoc | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/docs/src/main/asciidoc/security-openid-connect.adoc b/docs/src/main/asciidoc/security-openid-connect.adoc
index 2f82bf23fb744..af0f39765b706 100644
--- a/docs/src/main/asciidoc/security-openid-connect.adoc
+++ b/docs/src/main/asciidoc/security-openid-connect.adoc
@@ -17,9 +17,7 @@ The Bearer Token provides information about the subject of the call which is use
 The following diagrams outline the Bearer Token Authorization mechanism in Quarkus:
 
 .Bearer Token Authorization mechanism in Quarkus with Single-page application
-image::security-bearer-token-authorization-mechanism-1.png[alt=Bearer Token Authorization, align=center]
-
-In the previous diagram:
+image::security-bearer-token-authorization-mechanism-1.png[alt=Bearer Token Authorization, width="60%", align=center]
 
 1. The Quarkus service retrieves verification keys from the OpenID Connect provider. The verification keys are used to verify the bearer access token signatures.
 2. The Quarkus user accesses the Single-page application.
@@ -29,9 +27,7 @@ In the previous diagram:
 6. The Single-page application returns the same data to the Quarkus user.
 
 .Bearer Token Authorization mechanism in Quarkus with Java or command line client
-image::security-bearer-token-authorization-mechanism-2.png[alt=Bearer Token Authorization, align=center]
-
-In the previous diagram:
+image::security-bearer-token-authorization-mechanism-2.png[alt=Bearer Token Authorization, width="60%", align=center]
 
 1. The Quarkus service retrieves verification keys from the OpenID Connect provider. The verification keys are used to verify the bearer access token signatures.
 2. The Client uses `client_credentials` that requires client ID and secret or password grant, which also requires client ID, secret, user name, and password to retrieve the access token from the OpenID Connect provider.

From 6382413496aa207f1c8859584716a20e9f02b172 Mon Sep 17 00:00:00 2001
From: Guillaume Smet <guillaume.smet@gmail.com>
Date: Wed, 14 Sep 2022 10:45:56 +0200
Subject: [PATCH 21/36] Jakarta - Bump wildfly-elytron to 2.0.0.Final

---
 jakarta/rewrite.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jakarta/rewrite.yml b/jakarta/rewrite.yml
index 8b37a399dfdc6..4aa04a0531e1d 100644
--- a/jakarta/rewrite.yml
+++ b/jakarta/rewrite.yml
@@ -183,7 +183,7 @@ recipeList:
   # WildFly Security
   - org.openrewrite.maven.ChangePropertyValue:
       key: wildfly-elytron.version
-      newValue: 2.0.0.Beta3
+      newValue: 2.0.0.Final
 ---
 type: specs.openrewrite.org/v1beta/recipe
 name: io.quarkus.jakarta-jaxrs-jaxb

From bee662a70147cd9a0d7ab4003203327b9685daa3 Mon Sep 17 00:00:00 2001
From: Guillaume Smet <guillaume.smet@gmail.com>
Date: Thu, 15 Sep 2022 12:32:34 +0200
Subject: [PATCH 22/36] Jakarta - Fix the Parsson situation

---
 build-parent/pom.xml                          |  1 +
 .../deployment/pom.xml                        | 15 -----------
 .../resteasy-reactive/server/jsonb/pom.xml    |  1 +
 .../reactive-messaging-amqp/pom.xml           | 18 -------------
 jakarta/rewrite.yml                           | 25 +++++++++++++++++++
 jakarta/transform.sh                          |  5 ++--
 6 files changed, 30 insertions(+), 35 deletions(-)

diff --git a/build-parent/pom.xml b/build-parent/pom.xml
index 2a9d7f36089c1..ea7c0e5e4a45e 100644
--- a/build-parent/pom.xml
+++ b/build-parent/pom.xml
@@ -1274,6 +1274,7 @@
                             </activeStyles>
                             <activeRecipes>
                                 <recipe>io.quarkus.build-parent</recipe>
+                                <recipe>io.quarkus.jakarta-json-cleanup</recipe>
                             </activeRecipes>
                         </configuration>
                     </plugin>
diff --git a/extensions/smallrye-reactive-messaging-amqp/deployment/pom.xml b/extensions/smallrye-reactive-messaging-amqp/deployment/pom.xml
index 60bd5b514e3af..ecd53ab12ed09 100644
--- a/extensions/smallrye-reactive-messaging-amqp/deployment/pom.xml
+++ b/extensions/smallrye-reactive-messaging-amqp/deployment/pom.xml
@@ -47,20 +47,6 @@
             <groupId>org.apache.activemq</groupId>
             <artifactId>artemis-server</artifactId>
             <scope>test</scope>
-            <exclusions>
-                <exclusion>
-                    <groupId>org.jboss.logmanager</groupId>
-                    <artifactId>jboss-logmanager</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>commons-logging</groupId>
-                    <artifactId>commons-logging</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>jakarta.json</groupId>
-                    <artifactId>jakarta.json-api</artifactId>
-                </exclusion>
-            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.testcontainers</groupId>
@@ -123,5 +109,4 @@
             </plugin>
         </plugins>
     </build>
-
 </project>
diff --git a/independent-projects/resteasy-reactive/server/jsonb/pom.xml b/independent-projects/resteasy-reactive/server/jsonb/pom.xml
index 5213908b714b5..61859d2038764 100644
--- a/independent-projects/resteasy-reactive/server/jsonb/pom.xml
+++ b/independent-projects/resteasy-reactive/server/jsonb/pom.xml
@@ -111,6 +111,7 @@
                         <configuration>
                             <activeRecipes>
                                 <recipe>io.quarkus.jakarta-jaxb-switch</recipe>
+                                <recipe>io.quarkus.jakarta-json-cleanup</recipe>
                             </activeRecipes>
                         </configuration>
                     </plugin>
diff --git a/integration-tests/reactive-messaging-amqp/pom.xml b/integration-tests/reactive-messaging-amqp/pom.xml
index da8bdcb487de4..2ccd4e67e7cf8 100644
--- a/integration-tests/reactive-messaging-amqp/pom.xml
+++ b/integration-tests/reactive-messaging-amqp/pom.xml
@@ -59,24 +59,6 @@
             <groupId>org.apache.activemq</groupId>
             <artifactId>artemis-server</artifactId>
             <scope>test</scope>
-            <exclusions>
-                <exclusion>
-                    <groupId>org.jboss.logmanager</groupId>
-                    <artifactId>jboss-logmanager</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>commons-logging</groupId>
-                    <artifactId>commons-logging</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.apache.johnzon</groupId>
-                    <artifactId>johnzon-core</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>jakarta.json</groupId>
-                    <artifactId>jakarta.json-api</artifactId>
-                </exclusion>
-            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.apache.activemq</groupId>
diff --git a/jakarta/rewrite.yml b/jakarta/rewrite.yml
index 4aa04a0531e1d..98c4e0c465eac 100644
--- a/jakarta/rewrite.yml
+++ b/jakarta/rewrite.yml
@@ -316,6 +316,31 @@ recipeList:
       artifactId: resteasy-json-p-provider
       exclusionGroupId: jakarta.json
       exclusionArtifactId: jakarta.json-api
+  - org.openrewrite.maven.RemoveExclusion:
+      groupId: org.apache.activemq
+      artifactId: artemis-server
+      exclusionGroupId: jakarta.json
+      exclusionArtifactId: jakarta.json-api
+  - org.openrewrite.maven.RemoveExclusion:
+      groupId: org.apache.activemq
+      artifactId: artemis-amqp-protocol
+      exclusionGroupId: jakarta.json
+      exclusionArtifactId: jakarta.json-api
+  - org.openrewrite.maven.RemoveExclusion:
+      groupId: org.eclipse
+      artifactId: yasson
+      exclusionGroupId: jakarta.json
+      exclusionArtifactId: jakarta.json-api
+  - org.openrewrite.maven.RemoveExclusion:
+      groupId: org.eclipse
+      artifactId: yasson
+      exclusionGroupId: org.glassfish
+      exclusionArtifactId: jakarta.json
+  - org.openrewrite.maven.RemoveExclusion:
+      groupId: jakarta.json.bind
+      artifactId: jakarta.json.bind-api
+      exclusionGroupId: jakarta.json
+      exclusionArtifactId: jakarta.json-api
 ---
 type: specs.openrewrite.org/v1beta/recipe
 name: io.quarkus.jakarta-json
diff --git a/jakarta/transform.sh b/jakarta/transform.sh
index cfad1b3fbd6bc..af6ba984ead8e 100755
--- a/jakarta/transform.sh
+++ b/jakarta/transform.sh
@@ -230,8 +230,9 @@ sed -i 's@com.sun.xml.bind.v2.ContextFactory@org.glassfish.jaxb.runtime.v2.Conte
 sed -i '/com.sun.xml.internal.bind.v2.ContextFactory/d' extensions/jaxb/deployment/src/main/java/io/quarkus/jaxb/deployment/JaxbProcessor.java
 
 ## JSON-P implementation switch
-sed -i 's@<runnerParentFirstArtifact>org.glassfish:jakarta.json</runnerParentFirstArtifact>@<runnerParentFirstArtifact>org.eclipse.parsson:jakarta.json</runnerParentFirstArtifact>@g' extensions/logging-json/runtime/pom.xml
-sed -i 's@<parentFirstArtifact>org.glassfish:jakarta.json</parentFirstArtifact>@<parentFirstArtifact>org.eclipse.parsson:jakarta.json</parentFirstArtifact>@g' extensions/jsonp/runtime/pom.xml
+sed -i 's@<runnerParentFirstArtifact>org.glassfish:jakarta.json</runnerParentFirstArtifact>@<runnerParentFirstArtifact>org.eclipse.parsson:parsson</runnerParentFirstArtifact>\n                        <runnerParentFirstArtifact>jakarta.json:jakarta.json-api</runnerParentFirstArtifact>@g' extensions/logging-json/runtime/pom.xml
+sed -i 's@<parentFirstArtifact>org.glassfish:jakarta.json</parentFirstArtifact>@<parentFirstArtifact>org.eclipse.parsson:parsson</parentFirstArtifact>@g' extensions/jsonp/runtime/pom.xml
+sed -i 's@<excludedArtifact>org.glassfish:javax.json</excludedArtifact>@<excludedArtifact>org.glassfish:javax.json</excludedArtifact>\n                        <excludedArtifact>org.glassfish:jakarta.json</excludedArtifact>\n                        <excludedArtifact>org.eclipse.parsson:jakarta.json</excludedArtifact>@g' extensions/jsonp/runtime/pom.xml
 sed -i 's@import org.glassfish.json.JsonProviderImpl;@import org.eclipse.parsson.JsonProviderImpl;@g' extensions/jsonp/deployment/src/main/java/io/quarkus/jsonp/deployment/JsonpProcessor.java
 
 ## cleanup phase - needs to be done once everything has been rewritten

From 7270dc661fdf834fc3dcb0e4a2dad79b0c3fb8dc Mon Sep 17 00:00:00 2001
From: anavarr <artnavarro@protonmail.com>
Date: Thu, 8 Sep 2022 18:34:13 +0200
Subject: [PATCH 23/36] wrote the first version of the guide for writing REST
 microservices using virtual threads
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Georgios Andrianakis <geoand@gmail.com> and Clément Escoffier <clement.escoffier@redhat.com>
---
 docs/src/main/asciidoc/virtual-threads.adoc | 521 ++++++++++++++++++++
 1 file changed, 521 insertions(+)
 create mode 100644 docs/src/main/asciidoc/virtual-threads.adoc

diff --git a/docs/src/main/asciidoc/virtual-threads.adoc b/docs/src/main/asciidoc/virtual-threads.adoc
new file mode 100644
index 0000000000000..e55f24476308e
--- /dev/null
+++ b/docs/src/main/asciidoc/virtual-threads.adoc
@@ -0,0 +1,521 @@
+////
+This guide is maintained in the main Quarkus repository
+and pull requests should be submitted there:
+https://github.com/quarkusio/quarkus/tree/main/docs/src/main/asciidoc
+////
+= Writing simpler reactive REST services with Quarkus Virtual Thread support
+
+include::./attributes.adoc[]
+:resteasy-reactive-api: https://javadoc.io/doc/io.quarkus.resteasy.reactive/resteasy-reactive/{quarkus-version}
+:resteasy-reactive-common-api: https://javadoc.io/doc/io.quarkus.resteasy.reactive/resteasy-reactive-common/{quarkus-version}
+:runonvthread: https://javadoc.io/doc/io.smallrye.common/smallrye-common-annotation/latest/io/smallrye/common/annotation/RunOnVirtualThread.html
+:blockingannotation: https://javadoc.io/doc/io.smallrye.common/smallrye-common-annotation/latest/io/smallrye/common/annotation/Blocking.html
+:vthreadjep: https://openjdk.org/jeps/425
+:thread: https://docs.oracle.com/en/java/javase/18/docs/api/java.base/java/lang/Thread.html
+:mutiny-vertx-sql: https://smallrye.io/smallrye-mutiny-vertx-bindings/2.26.0/apidocs/io/vertx/mutiny/sqlclient/package-summary.html
+:pgsql-driver: https://javadoc.io/doc/org.postgresql/postgresql/latest/index.html
+
+This guide explains how to benefit from Java 19 virtual threads when writing REST services in Quarkus.
+
+[TIP]
+====
+This is the reference guide for using virtual threads to write reactive REST services.
+Please refer to the xref:rest-json.adoc[Writing JSON REST services guides] for a lightweight introduction to reactive REST
+services and to the xref:resteasy-reactive.adoc[Writing REST Services with RESTEasy Reactive] guide for a detailed presentation.
+====
+
+== What are virtual threads ?
+
+=== Terminology
+OS thread::
+A "thread-like" data-structure managed by the Operating System.
+
+Platform thread::
+Up until Java 19, every instance of the link:{thread}[Thread] class was a platform thread, that is, a wrapper around an OS thread.
+Creating a platform threads creates an OS thread, blocking a platform thread blocks an OS thread.
+
+Virtual thread::
+Lightweight, JVM-managed threads. They extend the link:{thread}[Thread] class but are not tied to one specific OS thread.
+Thus, scheduling virtual threads is the responsibility of the JVM.
+
+Carrier thread::
+A platform thread used to execute a virtual thread is called a carrier.
+This isn't a class distinct from link:{Thread}[Thread] or VirtualThread but rather a functional denomination.
+
+=== Differences between virtual threads and platform threads
+We will give a brief overview of the topic here, please refer to the link:{vthreadjep}[JEP 425] for more information.
+
+Virtual threads are a feature available since Java 19 aiming at providing a cheap alternative to platform threads for I/O-bound workloads.
+
+Until now, platform threads were the concurrency unit of the JVM.
+They are a wrapper over OS structures.
+This means that creating a Java platform thread actually results in creating a "thread-like" structure in your operating system.
+
+Virtual threads on the other hand are managed by the JVM. In order to be executed, they need to be mounted on a platform thread
+(which acts as a carrier to that virtual thread).
+As such, they have been designed to offer the following characteristics:
+
+Lightweight :: Virtual threads occupy less space than platform threads in memory.
+Hence, it becomes possible to use more virtual threads than platform threads simultaneously without blowing up the heap.
+By default, platform threads are created with a stack of about 1 MB where virtual threads stack is "pay-as-you-go".
+You can find these numbers along with other motivations for virtual threads in this presentation given by the lead developer of project Loom: https://youtu.be/lIq-x_iI-kc?t=543.
+
+Cheap to create:: Creating a platform thread in Java takes time.
+Currently, techniques such as pooling where threads are created once then reused are strongly encouraged to minimize the
+time lost in starting them (as well as limiting the maximum number of threads to keep memory consumption low).
+Virtual threads are supposed to be disposable entities that we create when we need them,
+it is discouraged to pool them or to reuse them for different tasks.
+
+Cheap to block:: When performing blocking I/O, the underlying OS thread wrapped by the Java platform thread is put in a
+wait queue and a context switch occurs to load a new thread context onto the CPU core. This operation takes time.
+Since virtual threads are managed by the JVM, no underlying OS thread is blocked when they perform a blocking operation.
+Their state is simply stored in the heap and another Virtual thread is executed on the same Java platform thread.
+
+=== Virtual threads are useful for I/O-bound workloads only
+We now know that we can create way more virtual threads than platform threads. One could be tempted to use virtual threads
+to perform long computations (CPU-bound workload).
+This is useless if not counterproductive.
+CPU-bound doesn't consist in quickly swapping threads while they need to wait for the completion of an I/O but in leaving
+them attached to a CPU-core to actually compute something.
+In this scenario, it is useless to have thousands of threads if we have tens of CPU-cores, virtual threads won't enhance
+the performance of CPU-bound workloads.
+
+
+== Bringing virtual threads to reactive REST services
+Since virtual threads are disposable entities, the fundamental idea of quarkus-loom is to offload the execution of an
+endpoint handler on a new virtual thread instead of running it on an event-loop (in the case of RESTeasy-reactive) or a
+platform worker thread.
+
+To do so, it suffices to add the link:{runonvthread}[@RunOnVirtualThread] annotation to the endpoint.
+If the JDK is compatible (Java 19 or later versions) then the endpoint will be offloaded to a virtual thread.
+It will then be possible to perform blocking operations without blocking the platform thread upon which the virtual
+thread is mounted.
+
+This annotation can only be used in conjunction with endpoints annotated with link:{blockingannotation}[@Blocking] or
+considered blocking because of their signature.
+You can visit xref:resteasy-reactive.adoc#execution-model-blocking-non-blocking[Execution model, blocking, non-blocking]
+for more information.
+
+=== Getting started
+
+Add the following import to your build file:
+
+[source,xml,role="primary asciidoc-tabs-target-sync-cli asciidoc-tabs-target-sync-maven"]
+.pom.xml
+----
+<dependency>
+    <groupId>io.quarkus</groupId>
+    <artifactId>quarkus-resteasy-reactive</artifactId>
+</dependency>
+----
+
+[source,gradle,role="secondary asciidoc-tabs-target-sync-gradle"]
+.build.gradle
+----
+implementation("io.quarkus:quarkus-resteasy-reactive")
+----
+
+You also need to make sure that you are using the version 19 of Java, this can be enforced in your pom.xml file with the following:
+
+[source,xml,role="primary asciidoc-tabs-target-sync-cli asciidoc-tabs-target-sync-maven"]
+.pom.xml
+----
+<properties>
+    <maven.compiler.source>19</maven.compiler.source>
+    <maven.compiler.target>19</maven.compiler.target>
+</properties>
+----
+
+Virtual threads are still an experimental feature, you need to start your application with the `--enable-preview` flag:
+
+[source, bash]
+----
+java --enable-preview -jar target/quarkus-app/quarkus-run.jar
+----
+
+The example below shows the differences between three endpoints, all of them querying a fortune in the database then
+returning it to the client.
+
+- the first one uses the traditional blocking style, it is considered blocking due to its signature.
+- the second one uses Mutiny reactive streams in a declarative style, it is considered non-blocking due to its signature.
+- the third one uses Mutiny reactive streams in a synchronous way, since it doesn't return a "reactive type" it is
+considered blocking and the link:{runonvthread}[@RunOnVirtualThread] annotation can be used.
+
+When using Mutiny, alternative "xAndAwait" methods are provided to be used with virtual threads.
+They ensure that waiting for the completion of the I/O will not "pin" the carrier thread and deteriorate performance.
+Pinning is a phenomenon that we describe in xref:Pinning cases[this section].
+
+
+In other words, the mutiny environment is a safe environment for virtual threads.
+The guarantees offered by Mutiny are detailed later.
+
+[source,java]
+----
+package org.acme.rest;
+
+import org.acme.fortune.model.Fortune;
+import org.acme.fortune.repository.FortuneRepository;
+import io.smallrye.common.annotation.RunOnVirtualThread;
+import io.smallrye.mutiny.Uni;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import java.util.List;
+import java.util.Random;
+
+
+@Path("")
+public class FortuneResource {
+
+    @GET
+    @Path("/blocking")
+    public Fortune blocking() {
+        var list = repository.findAllBlocking();
+        return pickOne(list);
+    }
+
+    @GET
+    @Path("/reactive")
+    public Uni<Fortune> reactive() {
+        return repository.findAllAsync()
+                .map(this::pickOne);
+    }
+
+    @GET
+    @Path("/virtual")
+    @RunOnVirtualThread
+    public Fortune virtualThread() {
+        var list = repository.findAllAsyncAndAwait();
+        return pickOne(list);
+    }
+
+}
+----
+
+=== Simplifying complex logic
+The previous example is trivial and doesn't capture how imperative style can simplify complex reactive operations.
+Below is a more complex example.
+The endpoints must now fetch all the fortunes in the database, then append a quote to each fortune before finally returning
+the result to the client.
+
+
+
+[source,java]
+----
+package org.acme.rest;
+
+import org.acme.fortune.model.Fortune;
+import org.acme.fortune.repository.FortuneRepository;
+import io.smallrye.common.annotation.RunOnVirtualThread;
+import io.smallrye.mutiny.Uni;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import java.util.List;
+import java.util.Random;
+
+
+@Path("")
+public class FortuneResource {
+
+    private final FortuneRepository repository;
+
+    public Uni<List<String>> getQuotesAsync(int size){
+        //...
+        //asynchronously returns a list of quotes from an arbitrary source
+    }
+
+    @GET
+    @Path("/quoted-blocking")
+    public List<Fortune> getAllQuotedBlocking() {
+        // we get the list of fortunes
+        var fortunes = repository.findAllBlocking();
+
+        // we get the list of quotes
+        var quotes = getQuotes(fortunes.size()).await().indefinitely();
+
+        // we append each quote to each fortune
+        for(int i=0; i  < fortunes.size();i ++){
+            fortunes.get(i).title+= "   -  "+quotes.get(i);
+        }
+        return todos;
+    }
+
+    @GET
+    @Path("/quoted-reactive")
+    public Uni<List<Fortune>> getAllQuoted() {
+        // we first fetch the list of resource and we memoize it
+        // to avoid fetching it again everytime need it
+        var fortunes = repository.findAllAsync().memoize().indefinitely();
+
+        // once we get a result for fortunes,
+        // we know its size and can thus query the right number of quotes
+        var quotes = fortunes.onItem().transformToUni(list -> getQuotes(list.size()));
+
+        // we now need to combine the two reactive streams
+        // before returning the result to the user
+        return Uni.combine().all().unis(fortunes,quotes).asTuple().onItem().transform(tuple -> {
+            var todoList=tuple.getItem1();
+            //can await it since it is already resolved
+            var quotesList = tuple.getItem2();
+            for(int i=0; i  < todoList.size();i ++){
+                            todoList.get(i).title+= "   -  "+quotesList.get(i);
+            }
+            return todoList;
+        });
+    }
+
+    @GET
+    @RunOnVirtualThread
+    @Path("/quoted-virtual-thread")
+    public List<Fortune> getAllQuotedBlocking() {
+        //we get the list of fortunes
+        var fortunes = repository.findAllAsyncAndAwait();
+
+        //we get the list of quotes
+        var quotes = getQuotes(fortunes.size()).await().indefinitely();
+
+        //we append each quote to each fortune
+        for(int i=0; i  < fortunes.size();i ++){
+            fortunes.get(i).title+= "   -  "+quotes.get(i);
+        }
+        return todos;
+    }
+
+}
+----
+
+== Pinning cases
+The notion of "cheap blocking" might not always be true: in certain occasions a virtual thread might "pin" its carrier
+(the platform thread it is mounted upon).
+In this situation, the platform thread is blocked exactly as it would have been in a typical blocking scenario.
+
+According to link:{vthreadjep}[JEP 425] this can happen in two situations:
+
+- when a virtual thread executes performs a blocking operation inside a `synchronized` block or method
+- when it executes a blocking operation inside a native method or a foreign function
+
+It can be fairly easy to avoid these situations in our own code, but it is hard to verify every dependency we use.
+Typically, while experimenting with virtual-threads, we realized that using the link:{pgsql-driver}[postgresql-JDBC driver]
+results in frequent pinning.
+
+=== The JDBC problem
+Our experiments so far show that when a virtual thread queries a database using the JDBC driver, it will pin its carrier
+thread during the entire operation.
+
+Let's show the code of the `findAllBlocking()` method we used in the first example
+
+[source, java]
+----
+//import ...
+
+@ApplicationScoped
+public class FortuneRepository {
+    // ...
+
+    public List<Fortune> findAllBlocking() {
+        List<Fortune> fortunes = new ArrayList<>();
+        Connection conn = null;
+        try {
+            conn = db.getJdbcConnection();
+            var preparedStatement = conn.prepareStatement(SELECT_ALL);
+            ResultSet rs = preparedStatement.executeQuery();
+            while (rs.next()) {
+                fortunes.add(create(rs));
+            }
+            rs.close();
+            preparedStatement.close();
+        } catch (SQLException e) {
+            logger.warn("Unable to retrieve fortunes from the database", e);
+        } finally {
+           close(conn);
+        }
+        return fortunes;
+    }
+
+    //...
+}
+----
+
+The actual query happens at `ResultSet rs = preparedStatement.executeQuery();`, here is how it is implemented in the
+postgresql-jdbc driver 42.5.0:
+
+[source, java]
+----
+class PgPreparedStatement extends PgStatement implements PreparedStatement {
+    // ...
+
+    /*
+    * A Prepared SQL query is executed and its ResultSet is returned
+    *
+    * @return a ResultSet that contains the data produced by the * query - never null
+    *
+    * @exception SQLException if a database access error occurs
+    */
+    @Override
+    public ResultSet executeQuery() throws SQLException {
+        synchronized (this) {
+            if (!executeWithFlags(0)) {
+                throw new PSQLException(GT.tr("No results were returned by the query."), PSQLState.NO_DATA);
+            }
+            return getSingleResultSet();
+        }
+    }
+
+    // ...
+}
+----
+
+This `synchronized` block is the culprit.
+Replacing it with a lock is a good solution, but it won't be enough: `synchronized` blocks are also used in `executeWithFlags(int flag)`.
+A systematic review of the postgresql-jdbc driver is necessary to make sure that it is compliant with virtual threads.
+
+=== Reactive drivers at the rescue
+The vertx-sql-client is a reactive client, hence it is not supposed to block while waiting for the completion of a
+transaction with the database.
+However, when using the link:{mutiny-vertx-sql}[smallrye-mutiny-vertx-sqlclient] it is possible to use a variant method
+that will await for the completion of the transaction, mimicking a blocking behaviour.
+
+Below is the `FortuneRepository` except the blocking we've seen earlier has been replaced by reactive methods.
+
+[source, java]
+----
+//import ...
+
+@ApplicationScoped
+public class FortuneRepository {
+    // ...
+
+    public Uni<List<Fortune>> findAllAsync() {
+        return db.getPool()
+                .preparedQuery(SELECT_ALL).execute()
+                .map(this::createListOfFortunes);
+
+    }
+
+    public List<Fortune> findAllAsyncAndAwait() {
+        var rows = db.getPool().preparedQuery(SELECT_ALL)
+                .executeAndAwait();
+        return createListOfFortunes(rows);
+    }
+
+    //...
+}
+----
+
+Contrary to the link:{pgsql-driver}[postgresql-jdbc driver], no `synchronized` block is used where it shouldn't be, and
+the `await` behaviour is implemented using locks and latches that won't cause pinning.
+
+Using the synchronous methods of the link:{mutiny-vertx-sql}[smallrye-mutiny-vertx-sqlclient] along with virtual threads
+will allow you to use the synchronous blocking style, avoid pinning the carrier thread, and get performance close to a pure
+reactive implementation.
+
+== A point about performance
+
+Our experiments seem to indicate that Quarkus with virtual threads will scale better than Quarkus blocking (offloading
+the computation on a pool of platform worker threads) but not as well Quarkus reactive.
+The memory consumption especially might be an issue: if your system needs to keep its memory footprint low we would
+advise you stick to using reactive constructs.
+
+This degradation of performance doesn't seem to come from virtual threads themselves but from the interactions between
+Vert.x/Netty (Quarkus underlying reactive engine) and the virtual threads.
+This was illustrated in the issue that we will now describe.
+
+=== The Netty problem
+For JSON serialization, Netty uses their custom implementation of thread locals, `FastThreadLocal` to store buffers.
+When using virtual threads in quarkus, then number of virtual threads simultaneously living in the service is directly
+related to the incoming traffic.
+It is possible to get hundreds of thousands, if not millions, of them.
+
+If they need to serialize some data to JSON they will end up creating as many instances of `FastThreadLocal`, resulting
+on a massive memory consumption as well as exacerbated pressure on the garbage collector.
+This will eventually affect the performance of the application and inhibit its scalability.
+
+This is a perfect example of the mismatch between the reactive stack and the virtual threads.
+The fundamental hypothesis are completely different and result in different optimizations.
+Netty expects a system using few event-loops (as many event-loops as CPU cores by default in Quarkus), but it gets hundreds
+of thousands of threads.
+You can refer to link:https://mail.openjdk.org/pipermail/loom-dev/2022-July/004844.html[this mail] to get more information
+on how we envision our future with virtual threads.
+
+=== Our solution to the Netty problem
+In order to avoid this wasting of resource without modifying Netty upstream, we wrote an extension that modifies the
+bytecode of the class responsible for creating the thread locals at build time.
+Using this extension, performance of virtual threads in Quarkus for the Json Serialization test of the Techempower suite
+increased by nearly 80%, making it almost as good as reactive endpoints.
+
+To use it, it needs to be added as a dependency:
+
+[source,xml,role="primary asciidoc-tabs-target-sync-cli asciidoc-tabs-target-sync-maven"]
+.pom.xml
+----
+<dependency>
+    <groupId>io.quarkus</groupId>
+    <artifactId>quarkus-netty-loom-adaptor</artifactId>
+</dependency>
+----
+
+Furthermore, some operations undertaken by this extension need special access, it is necessary to
+
+- compile the application with the flag `-Dnet.bytebuddy.experimental`
+- open the `java.base.lang` module at runtime with the flag `--add-opens java.base/java.lang=ALL-UNNAMED`
+
+This extension is only intended to improve performance, it is perfectly fine not to use it.
+
+=== Concerning dev mode
+If you want to use quarkus with the dev mode, it won't be possible to manually specify the flags we mentioned along this guide.
+Instead, you want to specify them all in the configuration of the `quarkus-maven-plugin` as presented below.
+
+[source,xml,role="primary asciidoc-tabs-target-sync-cli asciidoc-tabs-target-sync-maven"]
+.pom.xml
+----
+<plugin>
+    <groupId>io.quarkus</groupId>
+    <artifactId>quarkus-maven-plugin</artifactId>
+    <version>${quarkus.version}</version>
+    <executions>
+        <execution>
+            <goals>
+                <goal>build</goal>
+            </goals>
+        </execution>
+    </executions>
+
+    <configuration>
+      <source>19</source>
+      <target>19</target>
+      <compilerArgs>
+        <arg>--enable-preview</arg>
+        <arg>-Dnet.bytebuddy.experimental</arg>
+      </compilerArgs>
+      <jvmArgs>--enable-preview --add-opens java.base/java.lang=ALL-UNNAMED</jvmArgs>
+    </configuration>
+
+</plugin>
+----
+
+If you don't want to put specify the opening the `java.lang` module in your pom.xml file, you can also specify it as an argument
+when you start the dev mode.
+
+The configuration of the quarkus-maven-plugin will be simpler:
+
+[source,xml,role="primary asciidoc-tabs-target-sync-cli asciidoc-tabs-target-sync-maven"]
+.pom.xml
+----
+    <configuration>
+      <source>19</source>
+      <target>19</target>
+      <compilerArgs>
+        <arg>--enable-preview</arg>
+        <arg>-Dnet.bytebuddy.experimental</arg>
+      </compilerArgs>
+      <jvmArgs>--enable-preview</jvmArgs>
+    </configuration>
+----
+
+And the command will become:
+
+[source, bash]
+----
+mvn quarkus:dev -Dopen-lang-package
+----

From dd0173349ac3058d37b483f1c56b656fda2e9bbf Mon Sep 17 00:00:00 2001
From: Fedor Dudinskiy <fdudinsk@redhat.com>
Date: Thu, 15 Sep 2022 14:37:43 +0200
Subject: [PATCH 24/36] Update documentation in regards to parity and add an
 example

---
 docs/src/main/asciidoc/qute-reference.adoc | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/docs/src/main/asciidoc/qute-reference.adoc b/docs/src/main/asciidoc/qute-reference.adoc
index 6a50ddec75fe8..cd74be8f916f6 100644
--- a/docs/src/main/asciidoc/qute-reference.adoc
+++ b/docs/src/main/asciidoc/qute-reference.adoc
@@ -632,9 +632,9 @@ It's also possible to access the iteration metadata inside the loop via the foll
 * `hasNext` - `true` if the iteration has more elements
 * `isLast` - `true` if `hasNext == false`
 * `isFirst` - `true` if `count == 1`
-* `odd` - `true` if the zero-based index is odd
-* `even` - `true` if the zero-based index is even
-* `indexParity` - outputs `odd` or `even` based on the zero-based index value
+* `odd` - `true` if the element's count is odd
+* `even` - `true` if the element's count is even
+* `indexParity` - outputs `odd` or `even` based on the count value
 
 However, the keys cannot be used directly.
 Instead, a prefix is used to avoid possible collisions with variables from the outer scope.
@@ -679,7 +679,7 @@ The `for` statement also works with integers, starting from 1. In the example be
 [source]
 ----
 {#for i in total}
-  {i}:
+  {i}: ({i_count} {i_indexParity} {i_even})<br>
 {/for}
 ----
 
@@ -687,7 +687,9 @@ And the output will be:
 
 [source]
 ----
-1:2:3:
+1: (1 odd false)
+2: (2 even true)
+3: (3 odd false)
 ----
 
 A loop section may also define the `{#else}` block that is executed when there are no items to iterate:

From 414519cbe81f558b6aba66be89a00ebaafc83a78 Mon Sep 17 00:00:00 2001
From: Sergey Beryozkin <sberyozkin@gmail.com>
Date: Thu, 15 Sep 2022 15:51:15 +0100
Subject: [PATCH 25/36] Improve OIDC code flow tests

---
 .../runtime/CodeAuthenticationMechanism.java  |  4 +-
 .../it/keycloak/ProtectedResource.java        |  6 ---
 .../it/keycloak/TenantAutoRefresh.java        |  7 +++-
 .../io/quarkus/it/keycloak/TenantLogout.java  |  7 +++-
 .../src/main/resources/application.properties |  1 +
 .../io/quarkus/it/keycloak/CodeFlowTest.java  | 37 +++++++++----------
 6 files changed, 32 insertions(+), 30 deletions(-)

diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java
index 2421c3b3b6dd3..7fdfea032c413 100644
--- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java
+++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java
@@ -250,7 +250,7 @@ public Uni<? extends SecurityIdentity> apply(Throwable t) {
                                             }
                                             if (!configContext.oidcConfig.token.refreshExpired) {
                                                 LOG.debug("Token has expired, token refresh is not allowed");
-                                                throw new AuthenticationCompletionException(t.getCause());
+                                                throw new AuthenticationFailedException(t.getCause());
                                             }
                                             LOG.debug("Token has expired, trying to refresh it");
                                             return refreshSecurityIdentity(configContext,
@@ -833,7 +833,7 @@ private Uni<SecurityIdentity> refreshSecurityIdentity(TenantConfigContext config
                     @Override
                     public Uni<SecurityIdentity> apply(final AuthorizationCodeTokens tokens, final Throwable t) {
                         if (t != null) {
-                            LOG.debugf("ID token refresh has failed: %s", t.getMessage());
+                            LOG.errorf("ID token refresh has failed: %s", t.getMessage());
                             if (autoRefresh) {
                                 LOG.debug("Using the current SecurityIdentity since the ID token is still valid");
                                 return Uni.createFrom().item(((TokenAutoRefreshException) t).getSecurityIdentity());
diff --git a/integration-tests/oidc-code-flow/src/main/java/io/quarkus/it/keycloak/ProtectedResource.java b/integration-tests/oidc-code-flow/src/main/java/io/quarkus/it/keycloak/ProtectedResource.java
index 9f4941b88e385..fbe80108b4407 100644
--- a/integration-tests/oidc-code-flow/src/main/java/io/quarkus/it/keycloak/ProtectedResource.java
+++ b/integration-tests/oidc-code-flow/src/main/java/io/quarkus/it/keycloak/ProtectedResource.java
@@ -174,12 +174,6 @@ public String getNameCallbackJwtNotUsedAfterRedirect() {
         throw new InternalServerErrorException("This method must not be invoked");
     }
 
-    @GET
-    @Path("tenant-logout")
-    public String getTenantLogout() {
-        return "Tenant Logout";
-    }
-
     @GET
     @Path("access")
     public String getAccessToken() {
diff --git a/integration-tests/oidc-code-flow/src/main/java/io/quarkus/it/keycloak/TenantAutoRefresh.java b/integration-tests/oidc-code-flow/src/main/java/io/quarkus/it/keycloak/TenantAutoRefresh.java
index 9d5e9b4345070..092d6c8b63f87 100644
--- a/integration-tests/oidc-code-flow/src/main/java/io/quarkus/it/keycloak/TenantAutoRefresh.java
+++ b/integration-tests/oidc-code-flow/src/main/java/io/quarkus/it/keycloak/TenantAutoRefresh.java
@@ -1,15 +1,20 @@
 package io.quarkus.it.keycloak;
 
+import javax.inject.Inject;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 
 import io.quarkus.security.Authenticated;
+import io.vertx.ext.web.RoutingContext;
 
 @Path("/tenant-autorefresh")
 public class TenantAutoRefresh {
+    @Inject
+    RoutingContext context;
+
     @Authenticated
     @GET
     public String getTenantLogout() {
-        return "Tenant AutoRefresh";
+        return "Tenant AutoRefresh, refreshed: " + (context.get("refresh_token_grant_response") != null);
     }
 }
diff --git a/integration-tests/oidc-code-flow/src/main/java/io/quarkus/it/keycloak/TenantLogout.java b/integration-tests/oidc-code-flow/src/main/java/io/quarkus/it/keycloak/TenantLogout.java
index cd9568ed14035..5ffabd9a6b9ea 100644
--- a/integration-tests/oidc-code-flow/src/main/java/io/quarkus/it/keycloak/TenantLogout.java
+++ b/integration-tests/oidc-code-flow/src/main/java/io/quarkus/it/keycloak/TenantLogout.java
@@ -1,5 +1,6 @@
 package io.quarkus.it.keycloak;
 
+import javax.inject.Inject;
 import javax.ws.rs.GET;
 import javax.ws.rs.InternalServerErrorException;
 import javax.ws.rs.Path;
@@ -9,6 +10,7 @@
 import javax.ws.rs.core.HttpHeaders;
 
 import io.quarkus.security.Authenticated;
+import io.vertx.ext.web.RoutingContext;
 
 @Path("/tenant-logout")
 public class TenantLogout {
@@ -16,10 +18,13 @@ public class TenantLogout {
     @Context
     HttpHeaders headers;
 
+    @Inject
+    RoutingContext context;
+
     @Authenticated
     @GET
     public String getTenantLogout() {
-        return "Tenant Logout";
+        return "Tenant Logout, refreshed: " + (context.get("refresh_token_grant_response") != null);
     }
 
     // It is needed for the proactive-auth=false to work: /tenant-logout/logout should match a user initiated logout request
diff --git a/integration-tests/oidc-code-flow/src/main/resources/application.properties b/integration-tests/oidc-code-flow/src/main/resources/application.properties
index c693d6853e3d7..69b81d6eccce7 100644
--- a/integration-tests/oidc-code-flow/src/main/resources/application.properties
+++ b/integration-tests/oidc-code-flow/src/main/resources/application.properties
@@ -86,6 +86,7 @@ quarkus.oidc.tenant-autorefresh.application-type=web-app
 quarkus.oidc.tenant-autorefresh.authentication.cookie-path=/tenant-autorefresh
 quarkus.oidc.tenant-autorefresh.token.refresh-expired=true
 quarkus.oidc.tenant-autorefresh.token.refresh-token-time-skew=30S
+quarkus.oidc.tenant-autorefresh.authentication.remove-redirect-parameters=false
 
 # Tenant which is used to test that the redirect_uri https scheme is enforced.
 quarkus.oidc.tenant-https.auth-server-url=${keycloak.url}/realms/quarkus
diff --git a/integration-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/CodeFlowTest.java b/integration-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/CodeFlowTest.java
index c1571712c6937..a574802dbb855 100644
--- a/integration-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/CodeFlowTest.java
+++ b/integration-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/CodeFlowTest.java
@@ -413,7 +413,7 @@ public void testRPInitiatedLogout() throws IOException {
             loginForm.getInputByName("username").setValueAttribute("alice");
             loginForm.getInputByName("password").setValueAttribute("alice");
             page = loginForm.getInputByName("login").click();
-            assertTrue(page.asText().contains("Tenant Logout"));
+            assertEquals("Tenant Logout, refreshed: false", page.asText());
             assertNotNull(getSessionCookie(webClient, "tenant-logout"));
 
             page = webClient.getPage("http://localhost:8081/tenant-logout/logout");
@@ -422,11 +422,20 @@ public void testRPInitiatedLogout() throws IOException {
 
             page = webClient.getPage("http://localhost:8081/tenant-logout");
             assertEquals("Sign in to logout-realm", page.getTitleText());
-            loginForm = page.getForms().get(0);
+            webClient.getCookieManager().clearCookies();
+        }
+    }
+
+    @Test
+    public void testTokenRefresh() throws IOException {
+        try (final WebClient webClient = createWebClient()) {
+            HtmlPage page = webClient.getPage("http://localhost:8081/tenant-logout");
+            assertEquals("Sign in to logout-realm", page.getTitleText());
+            HtmlForm loginForm = page.getForms().get(0);
             loginForm.getInputByName("username").setValueAttribute("alice");
             loginForm.getInputByName("password").setValueAttribute("alice");
             page = loginForm.getInputByName("login").click();
-            assertTrue(page.asText().contains("Tenant Logout"));
+            assertEquals("Tenant Logout, refreshed: false", page.asText());
 
             Cookie sessionCookie = getSessionCookie(webClient, "tenant-logout");
             assertNotNull(sessionCookie);
@@ -445,13 +454,14 @@ public Boolean call() throws Exception {
                             // Should not redirect to OP but silently refresh token
                             Cookie newSessionCookie = getSessionCookie(webClient, "tenant-logout");
                             assertNotNull(newSessionCookie);
-                            return !idToken.equals(getIdToken(newSessionCookie));
+                            return webResponse.getContentAsString().equals("Tenant Logout, refreshed: true")
+                                    && !idToken.equals(getIdToken(newSessionCookie));
                         }
                     });
 
             // local session refreshed and still valid
             page = webClient.getPage("http://localhost:8081/tenant-logout");
-            assertTrue(page.asText().contains("Tenant Logout"));
+            assertEquals("Tenant Logout, refreshed: false", page.asText());
             assertNotNull(getSessionCookie(webClient, "tenant-logout"));
 
             //wait now so that we reach the refresh timeout
@@ -495,7 +505,7 @@ public void testTokenAutoRefresh() throws IOException {
             loginForm.getInputByName("username").setValueAttribute("alice");
             loginForm.getInputByName("password").setValueAttribute("alice");
             page = loginForm.getInputByName("login").click();
-            assertTrue(page.asText().contains("Tenant AutoRefresh"));
+            assertEquals("Tenant AutoRefresh, refreshed: false", page.asText());
 
             Cookie sessionCookie = getSessionCookie(webClient, "tenant-autorefresh");
             assertNotNull(sessionCookie);
@@ -504,24 +514,11 @@ public void testTokenAutoRefresh() throws IOException {
             // Auto-refresh-interval is 30 secs so every call auto-refreshes the token
             // Right now the original ID token is still valid but will be auto-refreshed
             page = webClient.getPage("http://localhost:8081/tenant-autorefresh");
-            assertTrue(page.getBody().asText().contains("Tenant AutoRefresh"));
+            assertEquals("Tenant AutoRefresh, refreshed: true", page.asText());
             sessionCookie = getSessionCookie(webClient, "tenant-autorefresh");
             assertNotNull(sessionCookie);
             String nextIdToken = getIdToken(sessionCookie);
             assertNotEquals(idToken, nextIdToken);
-            idToken = nextIdToken;
-
-            //wait now so that we reach the ID token timeout
-            await().atLeast(6, TimeUnit.SECONDS);
-
-            // ID token has expired, must be refreshed, auto-refresh-interval must not cause
-            // an auto-refresh loop even though it is larger than the ID token lifespan
-            page = webClient.getPage("http://localhost:8081/tenant-autorefresh");
-            assertTrue(page.getBody().asText().contains("Tenant AutoRefresh"));
-            sessionCookie = getSessionCookie(webClient, "tenant-autorefresh");
-            assertNotNull(sessionCookie);
-            nextIdToken = getIdToken(sessionCookie);
-            assertNotEquals(idToken, nextIdToken);
 
             webClient.getCookieManager().clearCookies();
         }

From 7c77aa6a470758003cfe13057c8b2168be8bd681 Mon Sep 17 00:00:00 2001
From: Ladislav Thon <lthon@redhat.com>
Date: Fri, 19 Aug 2022 14:38:42 +0200
Subject: [PATCH 26/36] Fix type variable resolution in ArC's bean type closure
 search

---
 .../arc/processor/ClientProxyGenerator.java   |  7 ++--
 .../arc/processor/DecoratorGenerator.java     |  4 +-
 .../arc/processor/InjectionPointInfo.java     |  7 ++--
 .../quarkus/arc/processor/ObserverInfo.java   |  3 +-
 .../arc/processor/SubclassGenerator.java      |  4 +-
 .../java/io/quarkus/arc/processor/Types.java  | 38 ++++++++++---------
 .../io/quarkus/arc/processor/TypesTest.java   |  5 +--
 7 files changed, 33 insertions(+), 35 deletions(-)

diff --git a/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/ClientProxyGenerator.java b/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/ClientProxyGenerator.java
index 3523648b96b93..e13c36fcebb3b 100644
--- a/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/ClientProxyGenerator.java
+++ b/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/ClientProxyGenerator.java
@@ -35,7 +35,6 @@
 import org.jboss.jandex.IndexView;
 import org.jboss.jandex.MethodInfo;
 import org.jboss.jandex.Type;
-import org.jboss.jandex.TypeVariable;
 
 /**
  *
@@ -120,7 +119,7 @@ Collection<Resource> generate(BeanInfo bean, String beanClassName,
         if (!providerClass.typeParameters().isEmpty()) {
             clientProxy.setSignature(AsmUtilCopy.getGeneratedSubClassSignature(providerClass, bean.getProviderType()));
         }
-        Map<ClassInfo, Map<TypeVariable, Type>> resolvedTypeVariables = Types.resolvedTypeVariables(providerClass,
+        Map<ClassInfo, Map<String, Type>> resolvedTypeVariables = Types.resolvedTypeVariables(providerClass,
                 bean.getDeployment());
         FieldCreator beanField = clientProxy.getFieldCreator(BEAN_FIELD, InjectableBean.class)
                 .setModifiers(ACC_PRIVATE | ACC_FINAL);
@@ -148,10 +147,10 @@ Collection<Resource> generate(BeanInfo bean, String beanClassName,
             MethodDescriptor originalMethodDescriptor = MethodDescriptor.of(method);
             MethodCreator forward = clientProxy.getMethodCreator(originalMethodDescriptor);
             if (AsmUtilCopy.needsSignature(method)) {
-                Map<TypeVariable, Type> methodClassVariables = resolvedTypeVariables.get(method.declaringClass());
+                Map<String, Type> methodClassVariables = resolvedTypeVariables.get(method.declaringClass());
                 String signature = AsmUtilCopy.getSignature(method, typeVariable -> {
                     if (methodClassVariables != null) {
-                        Type ret = methodClassVariables.get(typeVariable);
+                        Type ret = methodClassVariables.get(typeVariable.identifier());
                         // let's not map a TV to itself
                         if (ret != typeVariable)
                             return ret;
diff --git a/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/DecoratorGenerator.java b/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/DecoratorGenerator.java
index 65fc970d8fece..6091bad566cc4 100644
--- a/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/DecoratorGenerator.java
+++ b/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/DecoratorGenerator.java
@@ -187,7 +187,7 @@ private String generateDecoratorImplementation(String baseName, String targetPac
             // A decorated type can declare type parameters
             // For example Converter<String> should result in a T -> String mapping
             List<TypeVariable> typeParameters = decoratedTypeClass.typeParameters();
-            Map<TypeVariable, org.jboss.jandex.Type> resolvedTypeParameters = Collections.emptyMap();
+            Map<String, org.jboss.jandex.Type> resolvedTypeParameters = Collections.emptyMap();
             if (!typeParameters.isEmpty()) {
                 resolvedTypeParameters = new HashMap<>();
                 // The delegate type can be used to infer the parameter types
@@ -195,7 +195,7 @@ private String generateDecoratorImplementation(String baseName, String targetPac
                 if (type.kind() == Kind.PARAMETERIZED_TYPE) {
                     List<org.jboss.jandex.Type> typeArguments = type.asParameterizedType().arguments();
                     for (int i = 0; i < typeParameters.size(); i++) {
-                        resolvedTypeParameters.put(typeParameters.get(i), typeArguments.get(i));
+                        resolvedTypeParameters.put(typeParameters.get(i).identifier(), typeArguments.get(i));
                     }
                 }
             }
diff --git a/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/InjectionPointInfo.java b/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/InjectionPointInfo.java
index 1477f06aceedd..2bdf5ea705f41 100644
--- a/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/InjectionPointInfo.java
+++ b/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/InjectionPointInfo.java
@@ -22,7 +22,6 @@
 import org.jboss.jandex.MethodInfo;
 import org.jboss.jandex.ParameterizedType;
 import org.jboss.jandex.Type;
-import org.jboss.jandex.TypeVariable;
 
 /**
  * Represents an injection point.
@@ -262,15 +261,15 @@ private static Type resolveType(Type type, ClassInfo beanClass, ClassInfo declar
         if (type.kind() == org.jboss.jandex.Type.Kind.CLASS) {
             return type;
         }
-        Map<ClassInfo, Map<TypeVariable, Type>> resolvedTypeVariables = Types.resolvedTypeVariables(beanClass, beanDeployment);
+        Map<ClassInfo, Map<String, Type>> resolvedTypeVariables = Types.resolvedTypeVariables(beanClass, beanDeployment);
         return resolveType(type, declaringClass, beanDeployment, resolvedTypeVariables);
     }
 
     private static Type resolveType(Type type, ClassInfo beanClass, BeanDeployment beanDeployment,
-            Map<ClassInfo, Map<TypeVariable, Type>> resolvedTypeVariables) {
+            Map<ClassInfo, Map<String, Type>> resolvedTypeVariables) {
         if (type.kind() == org.jboss.jandex.Type.Kind.TYPE_VARIABLE) {
             if (resolvedTypeVariables.containsKey(beanClass)) {
-                return resolvedTypeVariables.get(beanClass).getOrDefault(type.asTypeVariable(), type);
+                return resolvedTypeVariables.get(beanClass).getOrDefault(type.asTypeVariable().identifier(), type);
             }
         } else if (type.kind() == org.jboss.jandex.Type.Kind.PARAMETERIZED_TYPE) {
             ParameterizedType parameterizedType = type.asParameterizedType();
diff --git a/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/ObserverInfo.java b/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/ObserverInfo.java
index 6a4579e675011..b858c74df729e 100644
--- a/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/ObserverInfo.java
+++ b/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/ObserverInfo.java
@@ -27,7 +27,6 @@
 import org.jboss.jandex.MethodInfo;
 import org.jboss.jandex.MethodParameterInfo;
 import org.jboss.jandex.Type;
-import org.jboss.jandex.TypeVariable;
 import org.jboss.logging.Logger;
 
 /**
@@ -54,7 +53,7 @@ static ObserverInfo create(BeanInfo declaringBean, MethodInfo observerMethod, In
 
         Type observedType = observerMethod.parameterType(eventParameter.position());
         if (Types.containsTypeVariable(observedType)) {
-            Map<TypeVariable, Type> resolvedTypeVariables = Types
+            Map<String, Type> resolvedTypeVariables = Types
                     .resolvedTypeVariables(declaringBean.getImplClazz(), declaringBean.getDeployment())
                     .getOrDefault(observerMethod.declaringClass(), Collections.emptyMap());
             observedType = Types.resolveTypeParam(observedType, resolvedTypeVariables,
diff --git a/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/SubclassGenerator.java b/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/SubclassGenerator.java
index 08462d17a133b..d385a31f874c0 100644
--- a/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/SubclassGenerator.java
+++ b/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/SubclassGenerator.java
@@ -480,7 +480,7 @@ private void processDecorator(DecoratorInfo decorator, BeanInfo bean, Type provi
         // The delegate type can declare type parameters
         // For example @Delegate Converter<String> should result in a T -> String mapping
         List<TypeVariable> typeParameters = delegateTypeClass.typeParameters();
-        Map<TypeVariable, Type> resolvedTypeParameters = Collections.emptyMap();
+        Map<String, Type> resolvedTypeParameters = Collections.emptyMap();
         if (!typeParameters.isEmpty()) {
             resolvedTypeParameters = new HashMap<>();
             // The delegate type can be used to infer the parameter types
@@ -488,7 +488,7 @@ private void processDecorator(DecoratorInfo decorator, BeanInfo bean, Type provi
             if (delegateType.kind() == Kind.PARAMETERIZED_TYPE) {
                 List<Type> typeArguments = delegateType.asParameterizedType().arguments();
                 for (int i = 0; i < typeParameters.size(); i++) {
-                    resolvedTypeParameters.put(typeParameters.get(i), typeArguments.get(i));
+                    resolvedTypeParameters.put(typeParameters.get(i).identifier(), typeArguments.get(i));
                 }
             }
         }
diff --git a/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/Types.java b/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/Types.java
index c604471397b4b..59202d6cdf3f8 100644
--- a/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/Types.java
+++ b/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/Types.java
@@ -384,7 +384,7 @@ static List<Type> getResolvedParameters(ClassInfo classInfo, MethodInfo method,
         return getResolvedParameters(classInfo, Collections.emptyMap(), method, index);
     }
 
-    static List<Type> getResolvedParameters(ClassInfo classInfo, Map<TypeVariable, Type> resolvedMap,
+    static List<Type> getResolvedParameters(ClassInfo classInfo, Map<String, Type> resolvedMap,
             MethodInfo method, IndexView index) {
         List<TypeVariable> typeParameters = classInfo.typeParameters();
         // E.g. Foo, T, List<String>
@@ -414,12 +414,13 @@ static List<Type> getResolvedParameters(ClassInfo classInfo, Map<TypeVariable, T
     }
 
     static Set<Type> getTypeClosure(ClassInfo classInfo, AnnotationTarget producerFieldOrMethod,
-            Map<TypeVariable, Type> resolvedTypeParameters,
-            BeanDeployment beanDeployment, BiConsumer<ClassInfo, Map<TypeVariable, Type>> resolvedTypeVariablesConsumer) {
+            Map<String, Type> resolvedTypeParameters,
+            BeanDeployment beanDeployment, BiConsumer<ClassInfo, Map<String, Type>> resolvedTypeVariablesConsumer) {
         Set<Type> types = new HashSet<>();
         List<TypeVariable> typeParameters = classInfo.typeParameters();
 
-        if (typeParameters.isEmpty() || !typeParameters.stream().allMatch(resolvedTypeParameters::containsKey)) {
+        if (typeParameters.isEmpty()
+                || !typeParameters.stream().allMatch(it -> resolvedTypeParameters.containsKey(it.identifier()))) {
             // Not a parameterized type or a raw type
             types.add(Type.create(classInfo.name(), Kind.CLASS));
         } else {
@@ -427,7 +428,7 @@ static Set<Type> getTypeClosure(ClassInfo classInfo, AnnotationTarget producerFi
             Type[] typeParams = new Type[typeParameters.size()];
             boolean skipThisType = false;
             for (int i = 0; i < typeParameters.size(); i++) {
-                typeParams[i] = resolvedTypeParameters.get(typeParameters.get(i));
+                typeParams[i] = resolvedTypeParameters.get(typeParameters.get(i).identifier());
                 // this should only be the case for producers; wildcard is not a legal bean type
                 // see https://docs.jboss.org/cdi/spec/2.0/cdi-spec.html#legal_bean_types
                 if (typeParams[i].kind().equals(Kind.WILDCARD_TYPE) && producerFieldOrMethod != null) {
@@ -440,9 +441,9 @@ static Set<Type> getTypeClosure(ClassInfo classInfo, AnnotationTarget producerFi
                 }
             }
             if (resolvedTypeVariablesConsumer != null) {
-                Map<TypeVariable, Type> resolved = new HashMap<>();
+                Map<String, Type> resolved = new HashMap<>();
                 for (int i = 0; i < typeParameters.size(); i++) {
-                    resolved.put(typeParameters.get(i), typeParams[i]);
+                    resolved.put(typeParameters.get(i).identifier(), typeParams[i]);
                 }
                 resolvedTypeVariablesConsumer.accept(classInfo, resolved);
             }
@@ -457,7 +458,7 @@ static Set<Type> getTypeClosure(ClassInfo classInfo, AnnotationTarget producerFi
             }
             ClassInfo interfaceClassInfo = getClassByName(beanDeployment.getBeanArchiveIndex(), interfaceType.name());
             if (interfaceClassInfo != null) {
-                Map<TypeVariable, Type> resolved = Collections.emptyMap();
+                Map<String, Type> resolved = Collections.emptyMap();
                 if (Kind.PARAMETERIZED_TYPE.equals(interfaceType.kind())) {
                     resolved = buildResolvedMap(interfaceType.asParameterizedType().arguments(),
                             interfaceClassInfo.typeParameters(), resolvedTypeParameters, beanDeployment.getBeanArchiveIndex());
@@ -470,7 +471,7 @@ static Set<Type> getTypeClosure(ClassInfo classInfo, AnnotationTarget producerFi
         if (classInfo.superClassType() != null) {
             ClassInfo superClassInfo = getClassByName(beanDeployment.getBeanArchiveIndex(), classInfo.superName());
             if (superClassInfo != null) {
-                Map<TypeVariable, Type> resolved = Collections.emptyMap();
+                Map<String, Type> resolved = Collections.emptyMap();
                 if (Kind.PARAMETERIZED_TYPE.equals(classInfo.superClassType().kind())) {
                     resolved = buildResolvedMap(classInfo.superClassType().asParameterizedType().arguments(),
                             superClassInfo.typeParameters(),
@@ -509,9 +510,9 @@ static Set<Type> getDelegateTypeClosure(InjectionPointInfo delegateInjectionPoin
         return types;
     }
 
-    static Map<ClassInfo, Map<TypeVariable, Type>> resolvedTypeVariables(ClassInfo classInfo,
+    static Map<ClassInfo, Map<String, Type>> resolvedTypeVariables(ClassInfo classInfo,
             BeanDeployment beanDeployment) {
-        Map<ClassInfo, Map<TypeVariable, Type>> resolvedTypeVariables = new HashMap<>();
+        Map<ClassInfo, Map<String, Type>> resolvedTypeVariables = new HashMap<>();
         getTypeClosure(classInfo, null, Collections.emptyMap(), beanDeployment, resolvedTypeVariables::put);
         return resolvedTypeVariables;
     }
@@ -540,26 +541,27 @@ static Set<Type> restrictBeanTypes(Set<Type> types, Collection<AnnotationInstanc
         return types;
     }
 
-    static <T extends Type> Map<TypeVariable, Type> buildResolvedMap(List<T> resolvedArguments,
+    static <T extends Type> Map<String, Type> buildResolvedMap(List<T> resolvedArguments,
             List<TypeVariable> typeVariables,
-            Map<TypeVariable, Type> resolvedTypeParameters, IndexView index) {
-        Map<TypeVariable, Type> resolvedMap = new HashMap<>();
+            Map<String, Type> resolvedTypeParameters, IndexView index) {
+        Map<String, Type> resolvedMap = new HashMap<>();
         for (int i = 0; i < resolvedArguments.size(); i++) {
-            resolvedMap.put(typeVariables.get(i), resolveTypeParam(resolvedArguments.get(i), resolvedTypeParameters, index));
+            resolvedMap.put(typeVariables.get(i).identifier(),
+                    resolveTypeParam(resolvedArguments.get(i), resolvedTypeParameters, index));
         }
         return resolvedMap;
     }
 
-    static Type resolveTypeParam(Type typeParam, Map<TypeVariable, Type> resolvedTypeParameters, IndexView index) {
+    static Type resolveTypeParam(Type typeParam, Map<String, Type> resolvedTypeParameters, IndexView index) {
         if (typeParam.kind() == Kind.TYPE_VARIABLE) {
-            return resolvedTypeParameters.getOrDefault(typeParam, typeParam);
+            return resolvedTypeParameters.getOrDefault(typeParam.asTypeVariable().identifier(), typeParam);
         } else if (typeParam.kind() == Kind.PARAMETERIZED_TYPE) {
             ParameterizedType parameterizedType = typeParam.asParameterizedType();
             ClassInfo classInfo = getClassByName(index, parameterizedType.name());
             if (classInfo != null) {
                 List<TypeVariable> typeParameters = classInfo.typeParameters();
                 List<Type> arguments = parameterizedType.arguments();
-                Map<TypeVariable, Type> resolvedMap = buildResolvedMap(arguments, typeParameters,
+                Map<String, Type> resolvedMap = buildResolvedMap(arguments, typeParameters,
                         resolvedTypeParameters, index);
                 Type[] typeParams = new Type[typeParameters.size()];
                 for (int i = 0; i < typeParameters.size(); i++) {
diff --git a/independent-projects/arc/processor/src/test/java/io/quarkus/arc/processor/TypesTest.java b/independent-projects/arc/processor/src/test/java/io/quarkus/arc/processor/TypesTest.java
index 787085e203cb2..b24c18e3cba06 100644
--- a/independent-projects/arc/processor/src/test/java/io/quarkus/arc/processor/TypesTest.java
+++ b/independent-projects/arc/processor/src/test/java/io/quarkus/arc/processor/TypesTest.java
@@ -18,7 +18,6 @@
 import org.jboss.jandex.ParameterizedType;
 import org.jboss.jandex.Type;
 import org.jboss.jandex.Type.Kind;
-import org.jboss.jandex.TypeVariable;
 import org.junit.jupiter.api.Test;
 
 public class TypesTest {
@@ -31,7 +30,7 @@ public void testGetTypeClosure() throws IOException {
         DotName fooName = DotName.createSimple(Foo.class.getName());
         DotName producerName = DotName.createSimple(Producer.class.getName());
         ClassInfo fooClass = index.getClassByName(fooName);
-        Map<ClassInfo, Map<TypeVariable, Type>> resolvedTypeVariables = new HashMap<>();
+        Map<ClassInfo, Map<String, Type>> resolvedTypeVariables = new HashMap<>();
         BeanDeployment dummyDeployment = BeanProcessor.builder().setBeanArchiveIndex(index).build().getBeanDeployment();
 
         // Baz, Foo<String>, Object
@@ -46,7 +45,7 @@ public void testGetTypeClosure() throws IOException {
                 null)));
         assertEquals(resolvedTypeVariables.size(), 1);
         assertTrue(resolvedTypeVariables.containsKey(fooClass));
-        assertEquals(resolvedTypeVariables.get(fooClass).get(fooClass.typeParameters().get(0)),
+        assertEquals(resolvedTypeVariables.get(fooClass).get(fooClass.typeParameters().get(0).identifier()),
                 Type.create(DotName.createSimple(String.class.getName()), Kind.CLASS));
 
         resolvedTypeVariables.clear();

From fbc44b839d5839182507e29f81cf284795123d71 Mon Sep 17 00:00:00 2001
From: Ladislav Thon <lthon@redhat.com>
Date: Thu, 18 Aug 2022 16:37:45 +0200
Subject: [PATCH 27/36] Upgrade to Jandex 3.0.0

---
 .github/dependabot.yml                        |   4 +-
 bom/application/pom.xml                       |  20 ++-
 build-parent/pom.xml                          |  12 +-
 core/deployment/pom.xml                       |   2 +-
 .../dev/RuntimeUpdatesProcessor.java          |   2 +-
 .../deployment/index/IndexWrapper.java        | 158 ++++++++++++++----
 .../deployment/index/IndexingUtil.java        |  32 +++-
 .../recording/AnnotationProxyProvider.java    |   5 +-
 .../steps/ReflectiveHierarchyStep.java        |   4 +-
 .../io/quarkus/deployment/util/AsmUtil.java   |  13 ++
 .../main/java/io/quarkus/maven/DevMojo.java   |  20 ++-
 docs/pom.xml                                  |   2 +-
 docs/src/main/asciidoc/cdi-reference.adoc     |   4 +-
 .../main/asciidoc/grpc-getting-started.adoc   |   4 +-
 docs/src/main/asciidoc/maven-tooling.adoc     |   4 +-
 extensions/hibernate-orm/runtime/pom.xml      |   2 +-
 ...bernateSearchOutboxPollingClassesTest.java |   1 +
 .../runtime/pom.xml                           |   2 +-
 .../hibernate-orm-panache/runtime/pom.xml     |   2 +-
 .../runtime/pom.xml                           |   2 +-
 .../mongodb-panache-common/runtime/pom.xml    |   2 +-
 .../mongodb-panache-kotlin/runtime/pom.xml    |   2 +-
 .../panache/mongodb-panache/runtime/pom.xml   |   2 +-
 .../panache/panache-common/deployment/pom.xml |   2 +-
 .../deployment/pom.xml                        |   2 +-
 extensions/picocli/runtime/pom.xml            |   2 +-
 .../rest-client-config/runtime/pom.xml        |   2 +-
 .../JaxrsClientReactiveProcessor.java         |   1 +
 .../graphql/deployment/OverridableIndex.java  |  24 +++
 .../spring-boot-properties/runtime/pom.xml    |   2 +-
 .../di/deployment/SpringDIProcessorTest.java  |  19 +--
 .../SpringScheduledProcessorTest.java         |  20 +--
 .../vertx/deployment/EventBusConsumer.java    |   8 +-
 .../vertx/deployment/VertxProcessor.java      |   2 +-
 independent-projects/arc/pom.xml              |   6 +-
 independent-projects/arc/processor/pom.xml    |   2 +-
 .../io/quarkus/arc/processor/AsmUtilCopy.java |  11 +-
 .../quarkus/arc/processor/BeanArchives.java   | 158 ++++++++++++++----
 .../io/quarkus/arc/processor/Methods.java     |   1 +
 .../java/io/quarkus/arc/processor/Types.java  |   4 +-
 .../bootstrap/app-model/pom.xml               |   2 +-
 independent-projects/bootstrap/pom.xml        |   6 +-
 .../quarkus-banned-dependencies.xml           |   2 +
 independent-projects/qute/generator/pom.xml   |   2 +-
 .../generator/ValueResolverGenerator.java     |   1 +
 independent-projects/qute/pom.xml             |   6 +-
 .../client/processor/pom.xml                  |   2 +-
 .../common/processor/pom.xml                  |   2 +-
 .../reactive/common/processor/AsmUtil.java    |  12 ++
 .../processor/CalculatingIndexView.java       | 158 ++++++++++++++----
 .../resteasy-reactive/pom.xml                 |   6 +-
 .../server/processor/pom.xml                  |   2 +-
 independent-projects/tools/pom.xml            |   2 +-
 .../tools/registry-client/pom.xml             |   4 +-
 integration-tests/common-jpa-entities/pom.xml |   2 +-
 .../common/build.gradle                       |   8 +-
 .../jpa-mapping-xml/modern-library-a/pom.xml  |   2 +-
 .../jpa-mapping-xml/modern-library-b/pom.xml  |   2 +-
 jakarta/rewrite.yml                           |   6 +-
 tcks/microprofile-fault-tolerance/pom.xml     |   3 -
 .../microprofile-rest-client-reactive/pom.xml |   3 +-
 test-framework/common/pom.xml                 |   2 +-
 test-framework/security-jwt/pom.xml           |   2 +-
 test-framework/security-oidc/pom.xml          |   2 +-
 test-framework/security-webauthn/pom.xml      |   2 +-
 test-framework/security/pom.xml               |   2 +-
 66 files changed, 574 insertions(+), 236 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 419943c20baaa..43810566bee45 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -93,8 +93,8 @@ updates:
       # Agroal
       - dependency-name: io.agroal:*
       # Jandex
-      - dependency-name: org.jboss:jandex
-      - dependency-name: org.jboss.jandex:jandex-maven-plugin
+      - dependency-name: io.smallrye:jandex
+      - dependency-name: io.smallrye:jandex-maven-plugin
       # WireMock
       - dependency-name: com.github.tomakehurst:wiremock-jre8-standalone
       - dependency-name: uk.co.automatictester:wiremock-maven-plugin
diff --git a/bom/application/pom.xml b/bom/application/pom.xml
index 10a20945120bd..7ce21ae75f94d 100644
--- a/bom/application/pom.xml
+++ b/bom/application/pom.xml
@@ -18,7 +18,7 @@
         <bouncycastle.fips.version>1.0.2.3</bouncycastle.fips.version>
         <bouncycastle.tls.fips.version>1.0.12.3</bouncycastle.tls.fips.version>
         <findbugs.version>3.0.2</findbugs.version>
-        <jandex.version>2.4.3.Final</jandex.version>
+        <jandex.version>3.0.0</jandex.version>
         <resteasy.version>4.7.7.Final</resteasy.version>
         <opentracing.version>0.33.0</opentracing.version>
         <opentracing-jdbc.version>0.2.4</opentracing-jdbc.version>
@@ -43,8 +43,8 @@
         <smallrye-config.version>2.12.0</smallrye-config.version>
         <smallrye-health.version>3.3.0</smallrye-health.version>
         <smallrye-metrics.version>3.0.5</smallrye-metrics.version>
-        <smallrye-open-api.version>2.2.1</smallrye-open-api.version>
-        <smallrye-graphql.version>1.7.1</smallrye-graphql.version>
+        <smallrye-open-api.version>2.3.0</smallrye-open-api.version>
+        <smallrye-graphql.version>1.8.0</smallrye-graphql.version>
         <smallrye-opentracing.version>2.1.1</smallrye-opentracing.version>
         <smallrye-fault-tolerance.version>5.5.0</smallrye-fault-tolerance.version>
         <smallrye-jwt.version>3.5.3</smallrye-jwt.version>
@@ -82,7 +82,7 @@
         <plexus-component-annotations.version>2.1.0</plexus-component-annotations.version>
         <graal-sdk.version>22.2.0</graal-sdk.version>
         <graal-svm.version>${graal-sdk.version}</graal-svm.version>
-        <gizmo.version>1.1.0.Final</gizmo.version>
+        <gizmo.version>1.2.0.Final</gizmo.version>
         <jackson-bom.version>2.13.4</jackson-bom.version>
         <commons-logging-jboss-logging.version>1.0.0.Final</commons-logging-jboss-logging.version>
         <commons-lang3.version>3.12.0</commons-lang3.version>
@@ -4247,7 +4247,7 @@
                 <version>${graal-sdk.version}</version>
             </dependency>
             <dependency>
-                <groupId>org.jboss</groupId>
+                <groupId>io.smallrye</groupId>
                 <artifactId>jandex</artifactId>
                 <version>${jandex.version}</version>
             </dependency>
@@ -4855,6 +4855,12 @@
                 <groupId>org.hibernate</groupId>
                 <artifactId>hibernate-core</artifactId>
                 <version>${hibernate-orm.version}</version>
+                <exclusions>
+                    <exclusion>
+                        <groupId>org.jboss</groupId>
+                        <artifactId>jandex</artifactId>
+                    </exclusion>
+                </exclusions>
             </dependency>
             <dependency>
                 <groupId>org.hibernate</groupId>
@@ -4901,6 +4907,10 @@
                 <artifactId>hibernate-search-mapper-orm</artifactId>
                 <version>${hibernate-search.version}</version>
                 <exclusions>
+                    <exclusion>
+                        <groupId>org.jboss</groupId>
+                        <artifactId>jandex</artifactId>
+                    </exclusion>
                     <!-- the right version will come with Hibernate ORM -->
                     <exclusion>
                         <groupId>org.hibernate.common</groupId>
diff --git a/build-parent/pom.xml b/build-parent/pom.xml
index 2a9d7f36089c1..8188023f3a832 100644
--- a/build-parent/pom.xml
+++ b/build-parent/pom.xml
@@ -33,9 +33,9 @@
         <version.exec.plugin>3.0.0</version.exec.plugin>
         <failsafe-plugin.version>${version.surefire.plugin}</failsafe-plugin.version>
 
-        <!-- jandex maven plugin version -->
-        <jandex-maven-plugin.version>1.2.3</jandex-maven-plugin.version>
-        <jandex-gradle-plugin.version>0.13.0</jandex-gradle-plugin.version>
+        <!-- Jandex versions -->
+        <jandex.version>3.0.0</jandex.version>
+        <jandex-gradle-plugin.version>1.0.0</jandex-gradle-plugin.version>
 
         <!-- These properties are needed in order for them to be resolvable by the documentation -->
         <!-- The Graal version we suggest using in documentation - as that's
@@ -599,9 +599,9 @@
                     </configuration>
                 </plugin>
                 <plugin>
-                    <groupId>org.jboss.jandex</groupId>
+                    <groupId>io.smallrye</groupId>
                     <artifactId>jandex-maven-plugin</artifactId>
-                    <version>${jandex-maven-plugin.version}</version>
+                    <version>${jandex.version}</version>
                 </plugin>
                 <plugin>
                     <groupId>net.revelc.code.formatter</groupId>
@@ -1034,7 +1034,7 @@
                                         <pluginExecution>
                                             <pluginExecutionFilter>
                                                 <groupId>
-                                                    org.jboss.jandex
+                                                    io.smallrye
                                                 </groupId>
                                                 <artifactId>
                                                     jandex-maven-plugin
diff --git a/core/deployment/pom.xml b/core/deployment/pom.xml
index 18a27d767cca7..cd20dfdcceaa1 100644
--- a/core/deployment/pom.xml
+++ b/core/deployment/pom.xml
@@ -35,7 +35,7 @@
             <artifactId>gizmo</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.jboss</groupId>
+            <groupId>io.smallrye</groupId>
             <artifactId>jandex</artifactId>
         </dependency>
         <dependency>
diff --git a/core/deployment/src/main/java/io/quarkus/deployment/dev/RuntimeUpdatesProcessor.java b/core/deployment/src/main/java/io/quarkus/deployment/dev/RuntimeUpdatesProcessor.java
index e1c0873b86691..57df8f03e13e7 100644
--- a/core/deployment/src/main/java/io/quarkus/deployment/dev/RuntimeUpdatesProcessor.java
+++ b/core/deployment/src/main/java/io/quarkus/deployment/dev/RuntimeUpdatesProcessor.java
@@ -484,7 +484,7 @@ public boolean doScan(boolean userInitiated, boolean forceRestart) {
                         int index = 0;
                         for (Path i : changedClassResults.changedClasses) {
                             byte[] bytes = Files.readAllBytes(i);
-                            String name = indexer.index(new ByteArrayInputStream(bytes)).name().toString();
+                            String name = indexer.indexWithSummary(new ByteArrayInputStream(bytes)).name().toString();
                             defs[index++] = new ClassDefinition(
                                     Thread.currentThread().getContextClassLoader().loadClass(name),
                                     classTransformers.apply(name, bytes));
diff --git a/core/deployment/src/main/java/io/quarkus/deployment/index/IndexWrapper.java b/core/deployment/src/main/java/io/quarkus/deployment/index/IndexWrapper.java
index 6da05bc210274..904e38123913c 100644
--- a/core/deployment/src/main/java/io/quarkus/deployment/index/IndexWrapper.java
+++ b/core/deployment/src/main/java/io/quarkus/deployment/index/IndexWrapper.java
@@ -3,13 +3,16 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.lang.reflect.Modifier;
+import java.util.ArrayDeque;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Optional;
+import java.util.Queue;
 import java.util.Set;
 import java.util.stream.Collectors;
 
@@ -91,6 +94,73 @@ public Collection<ClassInfo> getAllKnownSubclasses(DotName className) {
         return allKnown;
     }
 
+    private void getAllKnownSubClasses(DotName className, Set<ClassInfo> allKnown, Set<DotName> processedClasses) {
+        final Set<DotName> subClassesToProcess = new HashSet<DotName>();
+        subClassesToProcess.add(className);
+        while (!subClassesToProcess.isEmpty()) {
+            final Iterator<DotName> toProcess = subClassesToProcess.iterator();
+            DotName name = toProcess.next();
+            toProcess.remove();
+            processedClasses.add(name);
+            getAllKnownSubClasses(name, allKnown, subClassesToProcess, processedClasses);
+        }
+    }
+
+    private void getAllKnownSubClasses(DotName name, Set<ClassInfo> allKnown, Set<DotName> subClassesToProcess,
+            Set<DotName> processedClasses) {
+        final Collection<ClassInfo> directSubclasses = getKnownDirectSubclasses(name);
+        if (directSubclasses != null) {
+            for (final ClassInfo clazz : directSubclasses) {
+                final DotName className = clazz.name();
+                if (!processedClasses.contains(className)) {
+                    allKnown.add(clazz);
+                    subClassesToProcess.add(className);
+                }
+            }
+        }
+    }
+
+    @Override
+    public Collection<ClassInfo> getKnownDirectSubinterfaces(DotName interfaceName) {
+        if (additionalClasses.isEmpty()) {
+            return index.getKnownDirectSubinterfaces(interfaceName);
+        }
+        Set<ClassInfo> directSubinterfaces = new HashSet<>(index.getKnownDirectSubinterfaces(interfaceName));
+        for (Optional<ClassInfo> additional : additionalClasses.values()) {
+            if (additional.isPresent() && additional.get().interfaceNames().contains(interfaceName)) {
+                directSubinterfaces.add(additional.get());
+            }
+        }
+        return directSubinterfaces;
+    }
+
+    @Override
+    public Collection<ClassInfo> getAllKnownSubinterfaces(DotName interfaceName) {
+        if (additionalClasses.isEmpty()) {
+            return index.getAllKnownSubinterfaces(interfaceName);
+        }
+
+        Set<ClassInfo> result = new HashSet<>();
+
+        Queue<DotName> workQueue = new ArrayDeque<>();
+        Set<DotName> alreadyProcessed = new HashSet<>();
+
+        workQueue.add(interfaceName);
+        while (!workQueue.isEmpty()) {
+            DotName iface = workQueue.remove();
+            if (!alreadyProcessed.add(iface)) {
+                continue;
+            }
+
+            for (ClassInfo directSubinterface : getKnownDirectSubinterfaces(iface)) {
+                result.add(directSubinterface);
+                workQueue.add(directSubinterface.name());
+            }
+        }
+
+        return result;
+    }
+
     @Override
     public Collection<ClassInfo> getKnownDirectImplementors(DotName className) {
         if (additionalClasses.isEmpty()) {
@@ -130,6 +200,27 @@ public Collection<ClassInfo> getAllKnownImplementors(DotName interfaceName) {
         return allKnown;
     }
 
+    private void getKnownImplementors(DotName name, Set<ClassInfo> allKnown, Set<DotName> subInterfacesToProcess,
+            Set<DotName> processedClasses) {
+        final Collection<ClassInfo> list = getKnownDirectImplementors(name);
+        if (list != null) {
+            for (final ClassInfo clazz : list) {
+                final DotName className = clazz.name();
+                if (!processedClasses.contains(className)) {
+                    if (Modifier.isInterface(clazz.flags())) {
+                        subInterfacesToProcess.add(className);
+                    } else {
+                        if (!allKnown.contains(clazz)) {
+                            allKnown.add(clazz);
+                            processedClasses.add(className);
+                            getAllKnownSubClasses(className, allKnown, processedClasses);
+                        }
+                    }
+                }
+            }
+        }
+    }
+
     @Override
     public Collection<AnnotationInstance> getAnnotations(DotName annotationName) {
         return index.getAnnotations(annotationName);
@@ -155,51 +246,44 @@ public Collection<ClassInfo> getKnownUsers(DotName className) {
         return this.index.getKnownUsers(className);
     }
 
-    private void getAllKnownSubClasses(DotName className, Set<ClassInfo> allKnown, Set<DotName> processedClasses) {
-        final Set<DotName> subClassesToProcess = new HashSet<DotName>();
-        subClassesToProcess.add(className);
-        while (!subClassesToProcess.isEmpty()) {
-            final Iterator<DotName> toProcess = subClassesToProcess.iterator();
-            DotName name = toProcess.next();
-            toProcess.remove();
-            processedClasses.add(name);
-            getAllKnownSubClasses(name, allKnown, subClassesToProcess, processedClasses);
+    @Override
+    public Collection<ClassInfo> getClassesInPackage(DotName packageName) {
+        if (additionalClasses.isEmpty()) {
+            return index.getClassesInPackage(packageName);
         }
-    }
-
-    private void getAllKnownSubClasses(DotName name, Set<ClassInfo> allKnown, Set<DotName> subClassesToProcess,
-            Set<DotName> processedClasses) {
-        final Collection<ClassInfo> directSubclasses = getKnownDirectSubclasses(name);
-        if (directSubclasses != null) {
-            for (final ClassInfo clazz : directSubclasses) {
-                final DotName className = clazz.name();
-                if (!processedClasses.contains(className)) {
-                    allKnown.add(clazz);
-                    subClassesToProcess.add(className);
-                }
+        Set<ClassInfo> classesInPackage = new HashSet<>(index.getClassesInPackage(packageName));
+        for (Optional<ClassInfo> additional : additionalClasses.values()) {
+            if (additional.isEmpty()) {
+                continue;
+            }
+            if (Objects.equals(packageName, additional.get().name().packagePrefixName())) {
+                classesInPackage.add(additional.get());
             }
         }
+        return classesInPackage;
     }
 
-    private void getKnownImplementors(DotName name, Set<ClassInfo> allKnown, Set<DotName> subInterfacesToProcess,
-            Set<DotName> processedClasses) {
-        final Collection<ClassInfo> list = getKnownDirectImplementors(name);
-        if (list != null) {
-            for (final ClassInfo clazz : list) {
-                final DotName className = clazz.name();
-                if (!processedClasses.contains(className)) {
-                    if (Modifier.isInterface(clazz.flags())) {
-                        subInterfacesToProcess.add(className);
-                    } else {
-                        if (!allKnown.contains(clazz)) {
-                            allKnown.add(clazz);
-                            processedClasses.add(className);
-                            getAllKnownSubClasses(className, allKnown, processedClasses);
-                        }
-                    }
+    @Override
+    public Set<DotName> getSubpackages(DotName packageName) {
+        if (additionalClasses.isEmpty()) {
+            return index.getSubpackages(packageName);
+        }
+        Set<DotName> subpackages = new HashSet<>(index.getSubpackages(packageName));
+        for (Optional<ClassInfo> additional : additionalClasses.values()) {
+            if (additional.isEmpty()) {
+                continue;
+            }
+            DotName pkg = additional.get().name().packagePrefixName();
+            while (pkg != null) {
+                DotName superPkg = pkg.packagePrefixName();
+                if (superPkg != null && superPkg.equals(packageName)) {
+                    subpackages.add(pkg);
                 }
+                pkg = superPkg;
             }
+
         }
+        return subpackages;
     }
 
     private Optional<ClassInfo> computeAdditional(DotName className) {
diff --git a/core/deployment/src/main/java/io/quarkus/deployment/index/IndexingUtil.java b/core/deployment/src/main/java/io/quarkus/deployment/index/IndexingUtil.java
index 2030fca7c05cb..7a573e3b77f62 100644
--- a/core/deployment/src/main/java/io/quarkus/deployment/index/IndexingUtil.java
+++ b/core/deployment/src/main/java/io/quarkus/deployment/index/IndexingUtil.java
@@ -19,6 +19,7 @@
 import java.util.zip.ZipEntry;
 
 import org.jboss.jandex.ClassInfo;
+import org.jboss.jandex.ClassSummary;
 import org.jboss.jandex.DotName;
 import org.jboss.jandex.Index;
 import org.jboss.jandex.IndexReader;
@@ -134,20 +135,29 @@ public static void indexClass(String className, Indexer indexer, IndexView quark
         if (additionalIndex.contains(classDotName)) {
             return;
         }
+
+        DotName superclassName;
+        Set<DotName> annotationNames;
+
         ClassInfo classInfo = quarkusIndex.getClassByName(classDotName);
         if (classInfo == null) {
             log.debugf("Index class: %s", className);
             try (InputStream stream = IoUtil.readClass(classLoader, className)) {
-                classInfo = indexer.index(stream);
-                additionalIndex.add(classInfo.name());
+                ClassSummary summary = indexer.indexWithSummary(stream);
+                additionalIndex.add(summary.name());
+                superclassName = summary.superclassName();
+                annotationNames = summary.annotations();
             } catch (Exception e) {
                 throw new IllegalStateException("Failed to index: " + className, e);
             }
         } else {
             // The class could be indexed by quarkus - we still need to distinguish framework classes
             additionalIndex.add(classDotName);
+            superclassName = classInfo.superName();
+            annotationNames = classInfo.annotationsMap().keySet();
         }
-        for (DotName annotationName : classInfo.annotationsMap().keySet()) {
+
+        for (DotName annotationName : annotationNames) {
             if (!additionalIndex.contains(annotationName) && quarkusIndex.getClassByName(annotationName) == null) {
                 try (InputStream annotationStream = IoUtil.readClass(classLoader, annotationName.toString())) {
                     if (annotationStream == null) {
@@ -162,8 +172,8 @@ public static void indexClass(String className, Indexer indexer, IndexView quark
                 }
             }
         }
-        if (classInfo.superName() != null && !classInfo.superName().equals(OBJECT)) {
-            indexClass(classInfo.superName().toString(), indexer, quarkusIndex, additionalIndex, classLoader);
+        if (superclassName != null && !superclassName.equals(OBJECT)) {
+            indexClass(superclassName.toString(), indexer, quarkusIndex, additionalIndex, classLoader);
         }
     }
 
@@ -174,20 +184,26 @@ public static void indexClass(String className, Indexer indexer,
         if (additionalIndex.contains(classDotName)) {
             return;
         }
+
+        Set<DotName> annotationNames;
+
         ClassInfo classInfo = quarkusIndex.getClassByName(classDotName);
         if (classInfo == null) {
             log.debugf("Index class: %s", className);
             try (InputStream stream = new ByteArrayInputStream(beanData)) {
-                classInfo = indexer.index(stream);
-                additionalIndex.add(classInfo.name());
+                ClassSummary summary = indexer.indexWithSummary(stream);
+                additionalIndex.add(summary.name());
+                annotationNames = summary.annotations();
             } catch (IOException e) {
                 throw new IllegalStateException("Failed to index: " + className, e);
             }
         } else {
             // The class could be indexed by quarkus - we still need to distinguish framework classes
             additionalIndex.add(classDotName);
+            annotationNames = classInfo.annotationsMap().keySet();
         }
-        for (DotName annotationName : classInfo.annotationsMap().keySet()) {
+
+        for (DotName annotationName : annotationNames) {
             if (!additionalIndex.contains(annotationName) && quarkusIndex.getClassByName(annotationName) == null) {
                 try (InputStream annotationStream = IoUtil.readClass(classLoader, annotationName.toString())) {
                     log.debugf("Index annotation: %s", annotationName);
diff --git a/core/deployment/src/main/java/io/quarkus/deployment/recording/AnnotationProxyProvider.java b/core/deployment/src/main/java/io/quarkus/deployment/recording/AnnotationProxyProvider.java
index 4bb449bc7f7c0..f6960c54221a4 100644
--- a/core/deployment/src/main/java/io/quarkus/deployment/recording/AnnotationProxyProvider.java
+++ b/core/deployment/src/main/java/io/quarkus/deployment/recording/AnnotationProxyProvider.java
@@ -22,8 +22,8 @@
 import org.jboss.jandex.AnnotationInstance;
 import org.jboss.jandex.ClassInfo;
 import org.jboss.jandex.DotName;
+import org.jboss.jandex.Index;
 import org.jboss.jandex.IndexView;
-import org.jboss.jandex.Indexer;
 import org.jboss.jandex.MethodInfo;
 
 import io.quarkus.deployment.util.IoUtil;
@@ -63,8 +63,7 @@ public <A extends Annotation> AnnotationProxyBuilder<A> builder(AnnotationInstan
             ClassInfo clazz = index.getClassByName(name);
             if (clazz == null) {
                 try (InputStream annotationStream = IoUtil.readClass(classLoader, name.toString())) {
-                    Indexer indexer = new Indexer();
-                    clazz = indexer.index(annotationStream);
+                    clazz = Index.singleClass(annotationStream);
                 } catch (Exception e) {
                     throw new IllegalStateException("Failed to index: " + name, e);
                 }
diff --git a/core/deployment/src/main/java/io/quarkus/deployment/steps/ReflectiveHierarchyStep.java b/core/deployment/src/main/java/io/quarkus/deployment/steps/ReflectiveHierarchyStep.java
index acb789975c268..ebcb59cdd0290 100644
--- a/core/deployment/src/main/java/io/quarkus/deployment/steps/ReflectiveHierarchyStep.java
+++ b/core/deployment/src/main/java/io/quarkus/deployment/steps/ReflectiveHierarchyStep.java
@@ -22,6 +22,7 @@
 import org.jboss.jandex.PrimitiveType;
 import org.jboss.jandex.Type;
 import org.jboss.jandex.Type.Kind;
+import org.jboss.jandex.TypeVariableReference;
 import org.jboss.jandex.UnresolvedTypeVariable;
 import org.jboss.jandex.VoidType;
 import org.jboss.logging.Logger;
@@ -133,7 +134,8 @@ private void addReflectiveHierarchy(CombinedIndexBuildItem combinedIndexBuildIte
             Deque<ReflectiveHierarchyVisitor> visits) {
         if (type instanceof VoidType ||
                 type instanceof PrimitiveType ||
-                type instanceof UnresolvedTypeVariable) {
+                type instanceof UnresolvedTypeVariable ||
+                type instanceof TypeVariableReference) {
             return;
         } else if (type instanceof ClassType) {
             if (reflectiveHierarchyBuildItem.getIgnoreTypePredicate().test(type.name())) {
diff --git a/core/deployment/src/main/java/io/quarkus/deployment/util/AsmUtil.java b/core/deployment/src/main/java/io/quarkus/deployment/util/AsmUtil.java
index 2deb8abaf8aea..d753f8c68408b 100644
--- a/core/deployment/src/main/java/io/quarkus/deployment/util/AsmUtil.java
+++ b/core/deployment/src/main/java/io/quarkus/deployment/util/AsmUtil.java
@@ -28,6 +28,7 @@
 import org.jboss.jandex.Type;
 import org.jboss.jandex.Type.Kind;
 import org.jboss.jandex.TypeVariable;
+import org.jboss.jandex.TypeVariableReference;
 import org.jboss.jandex.UnresolvedTypeVariable;
 import org.jboss.jandex.WildcardType;
 import org.objectweb.asm.MethodVisitor;
@@ -385,6 +386,17 @@ private static void toSignature(StringBuilder sb, Type type, Function<String, St
                     sb.append("T").append(unresolvedTypeVariable.identifier()).append(";");
                 }
                 break;
+            case TYPE_VARIABLE_REFERENCE:
+                TypeVariableReference typeVariableReference = type.asTypeVariableReference();
+                String mappedSignature3 = typeArgMapper.apply(typeVariableReference.identifier());
+                if (mappedSignature3 != null) {
+                    sb.append(mappedSignature3);
+                } else if (erased) {
+                    // TODO ???
+                } else {
+                    sb.append("T").append(typeVariableReference.identifier()).append(";");
+                }
+                break;
             case VOID:
                 sb.append('V');
                 break;
@@ -524,6 +536,7 @@ public static void visitLdc(MethodVisitor mv, Type jandexType) {
                     visitLdc(mv, bounds.get(0));
                 break;
             case UNRESOLVED_TYPE_VARIABLE:
+            case TYPE_VARIABLE_REFERENCE:
                 mv.visitLdcInsn(org.objectweb.asm.Type.getType(Object.class));
                 break;
             case VOID:
diff --git a/devtools/maven/src/main/java/io/quarkus/maven/DevMojo.java b/devtools/maven/src/main/java/io/quarkus/maven/DevMojo.java
index eb5037023d6d3..bfd2968ee22dc 100644
--- a/devtools/maven/src/main/java/io/quarkus/maven/DevMojo.java
+++ b/devtools/maven/src/main/java/io/quarkus/maven/DevMojo.java
@@ -170,6 +170,7 @@ public class DevMojo extends AbstractMojo {
     private static final String ORG_JETBRAINS_KOTLIN = "org.jetbrains.kotlin";
     private static final String KOTLIN_MAVEN_PLUGIN = "kotlin-maven-plugin";
 
+    private static final String IO_SMALLRYE = "io.smallrye";
     private static final String ORG_JBOSS_JANDEX = "org.jboss.jandex";
     private static final String JANDEX_MAVEN_PLUGIN = "jandex-maven-plugin";
 
@@ -513,8 +514,9 @@ private void handleAutoCompile() throws MojoExecutionException {
         boolean prepareNeeded = true;
         boolean prepareTestsNeeded = true;
 
-        String jandexGoalPhase = getGoalPhaseOrNull(ORG_JBOSS_JANDEX, JANDEX_MAVEN_PLUGIN, "jandex", "process-classes");
-        boolean indexClassNeeded = jandexGoalPhase != null;
+        String jandexGoalPhase = getGoalPhaseOrNull(IO_SMALLRYE, JANDEX_MAVEN_PLUGIN, "jandex", "process-classes");
+        String legacyJandexGoalPhase = getGoalPhaseOrNull(ORG_JBOSS_JANDEX, JANDEX_MAVEN_PLUGIN, "jandex", "process-classes");
+        boolean indexClassNeeded = legacyJandexGoalPhase != null || jandexGoalPhase != null;
 
         List<String> goals = session.getGoals();
         // check for default goal(s) if none were specified explicitly,
@@ -538,6 +540,10 @@ private void handleAutoCompile() throws MojoExecutionException {
                     && POST_COMPILE_PHASES.indexOf(goal) >= POST_COMPILE_PHASES.indexOf(jandexGoalPhase)) {
                 indexClassNeeded = false;
             }
+            if (jandexGoalPhase == null && legacyJandexGoalPhase != null
+                    && POST_COMPILE_PHASES.indexOf(goal) >= POST_COMPILE_PHASES.indexOf(legacyJandexGoalPhase)) {
+                indexClassNeeded = false;
+            }
 
             if (POST_TEST_COMPILE_PHASES.contains(goal)) {
                 testCompileNeeded = false;
@@ -552,7 +558,7 @@ private void handleAutoCompile() throws MojoExecutionException {
             triggerCompile(false, prepareNeeded);
         }
         if (indexClassNeeded) {
-            initClassIndexes();
+            initClassIndexes(jandexGoalPhase == null);
         }
         if (testCompileNeeded) {
             try {
@@ -574,8 +580,12 @@ private void triggerPrepare(boolean test) throws MojoExecutionException {
                 Map.of("mode", LaunchMode.DEVELOPMENT.name(), QuarkusBootstrapMojo.CLOSE_BOOTSTRAPPED_APP, "false"));
     }
 
-    private void initClassIndexes() throws MojoExecutionException {
-        executeIfConfigured(ORG_JBOSS_JANDEX, JANDEX_MAVEN_PLUGIN, "jandex", Collections.emptyMap());
+    private void initClassIndexes(boolean legacyJandex) throws MojoExecutionException {
+        if (legacyJandex) {
+            executeIfConfigured(ORG_JBOSS_JANDEX, JANDEX_MAVEN_PLUGIN, "jandex", Collections.emptyMap());
+        } else {
+            executeIfConfigured(IO_SMALLRYE, JANDEX_MAVEN_PLUGIN, "jandex", Collections.emptyMap());
+        }
     }
 
     private PluginDescriptor getPluginDescriptor() {
diff --git a/docs/pom.xml b/docs/pom.xml
index 4ba712b36fe97..d6f3ee24e9783 100644
--- a/docs/pom.xml
+++ b/docs/pom.xml
@@ -2918,7 +2918,7 @@
                         <kibana-image>${kibana.image}</kibana-image>
                         <keycloak-docker-image>${keycloak.docker.image}</keycloak-docker-image>
 
-                        <jandex-maven-plugin-version>${jandex-maven-plugin.version}</jandex-maven-plugin-version>
+                        <jandex-version>${jandex.version}</jandex-version>
                         <jandex-gradle-plugin-version>${jandex-gradle-plugin.version}</jandex-gradle-plugin-version>
                         <kotlin-version>${kotlin.version}</kotlin-version>
 
diff --git a/docs/src/main/asciidoc/cdi-reference.adoc b/docs/src/main/asciidoc/cdi-reference.adoc
index b98af78afd3b7..43b67fae2490a 100644
--- a/docs/src/main/asciidoc/cdi-reference.adoc
+++ b/docs/src/main/asciidoc/cdi-reference.adoc
@@ -54,9 +54,9 @@ To generate the index just add the following plugin to your build file:
 <build>
   <plugins>
     <plugin>
-      <groupId>org.jboss.jandex</groupId>
+      <groupId>io.smallrye</groupId>
       <artifactId>jandex-maven-plugin</artifactId>
-      <version>{jandex-maven-plugin-version}</version>
+      <version>{jandex-version}</version>
       <executions>
         <execution>
           <id>make-index</id>
diff --git a/docs/src/main/asciidoc/grpc-getting-started.adoc b/docs/src/main/asciidoc/grpc-getting-started.adoc
index a1ec29a3c515f..353a0360c56aa 100644
--- a/docs/src/main/asciidoc/grpc-getting-started.adoc
+++ b/docs/src/main/asciidoc/grpc-getting-started.adoc
@@ -411,9 +411,9 @@ The `jandex-maven-plugin` can be used to create a Jandex index. More information
 <build>
     <plugins>
         <plugin>
-            <groupId>org.jboss.jandex</groupId>
+            <groupId>io.smallrye</groupId>
             <artifactId>jandex-maven-plugin</artifactId>
-            <version>{jandex-maven-plugin-version}</version>
+            <version>{jandex-version}</version>
             <executions>
                 <execution>
                 <id>make-index</id>
diff --git a/docs/src/main/asciidoc/maven-tooling.adoc b/docs/src/main/asciidoc/maven-tooling.adoc
index c0e4da989f6ba..75fadb6958bc8 100644
--- a/docs/src/main/asciidoc/maven-tooling.adoc
+++ b/docs/src/main/asciidoc/maven-tooling.adoc
@@ -590,9 +590,9 @@ unless it is the main application module already configured with the quarkus-mav
 <build>
   <plugins>
     <plugin>
-      <groupId>org.jboss.jandex</groupId>
+      <groupId>io.smallrye</groupId>
       <artifactId>jandex-maven-plugin</artifactId>
-      <version>{jandex-maven-plugin-version}</version>
+      <version>{jandex-version}</version>
       <executions>
         <execution>
           <id>make-index</id>
diff --git a/extensions/hibernate-orm/runtime/pom.xml b/extensions/hibernate-orm/runtime/pom.xml
index 425c4401f8976..acacdcf4e5c77 100644
--- a/extensions/hibernate-orm/runtime/pom.xml
+++ b/extensions/hibernate-orm/runtime/pom.xml
@@ -91,7 +91,7 @@
 
                 <!-- Not necessary at runtime -->
                 <exclusion>
-                    <groupId>org.jboss</groupId>
+                    <groupId>io.smallrye</groupId>
                     <artifactId>jandex</artifactId>
                 </exclusion>
             </exclusions>
diff --git a/extensions/hibernate-search-orm-coordination-outbox-polling/deployment/src/test/java/io/quarkus/hibernate/search/orm/coordination/outboxpolling/test/HibernateSearchOutboxPollingClassesTest.java b/extensions/hibernate-search-orm-coordination-outbox-polling/deployment/src/test/java/io/quarkus/hibernate/search/orm/coordination/outboxpolling/test/HibernateSearchOutboxPollingClassesTest.java
index 15c55c8c03e26..be49d54a33287 100644
--- a/extensions/hibernate-search-orm-coordination-outbox-polling/deployment/src/test/java/io/quarkus/hibernate/search/orm/coordination/outboxpolling/test/HibernateSearchOutboxPollingClassesTest.java
+++ b/extensions/hibernate-search-orm-coordination-outbox-polling/deployment/src/test/java/io/quarkus/hibernate/search/orm/coordination/outboxpolling/test/HibernateSearchOutboxPollingClassesTest.java
@@ -165,6 +165,7 @@ private static void collectModelClassesRecursively(Index index, Type type, Set<D
             case PRIMITIVE:
             case VOID:
             case UNRESOLVED_TYPE_VARIABLE:
+            case TYPE_VARIABLE_REFERENCE:
                 // Ignore
                 break;
         }
diff --git a/extensions/panache/hibernate-orm-panache-kotlin/runtime/pom.xml b/extensions/panache/hibernate-orm-panache-kotlin/runtime/pom.xml
index 66f4191d3f9b9..3b30214d930ac 100644
--- a/extensions/panache/hibernate-orm-panache-kotlin/runtime/pom.xml
+++ b/extensions/panache/hibernate-orm-panache-kotlin/runtime/pom.xml
@@ -135,7 +135,7 @@
             </plugin>
             <!-- The entity classes needs to be indexed -->
             <plugin>
-                <groupId>org.jboss.jandex</groupId>
+                <groupId>io.smallrye</groupId>
                 <artifactId>jandex-maven-plugin</artifactId>
                 <executions>
                     <execution>
diff --git a/extensions/panache/hibernate-orm-panache/runtime/pom.xml b/extensions/panache/hibernate-orm-panache/runtime/pom.xml
index 5eae026f64935..79101f6144cc6 100644
--- a/extensions/panache/hibernate-orm-panache/runtime/pom.xml
+++ b/extensions/panache/hibernate-orm-panache/runtime/pom.xml
@@ -96,7 +96,7 @@
             </plugin>
             <!-- The entity classes needs to be indexed -->
             <plugin>
-                <groupId>org.jboss.jandex</groupId>
+                <groupId>io.smallrye</groupId>
                 <artifactId>jandex-maven-plugin</artifactId>
                 <executions>
                     <execution>
diff --git a/extensions/panache/hibernate-reactive-panache/runtime/pom.xml b/extensions/panache/hibernate-reactive-panache/runtime/pom.xml
index 8f177204ea95c..f3021f1329f25 100644
--- a/extensions/panache/hibernate-reactive-panache/runtime/pom.xml
+++ b/extensions/panache/hibernate-reactive-panache/runtime/pom.xml
@@ -104,7 +104,7 @@
             </plugin>
             <!-- The entity classes needs to be indexed -->
             <plugin>
-                <groupId>org.jboss.jandex</groupId>
+                <groupId>io.smallrye</groupId>
                 <artifactId>jandex-maven-plugin</artifactId>
                 <executions>
                     <execution>
diff --git a/extensions/panache/mongodb-panache-common/runtime/pom.xml b/extensions/panache/mongodb-panache-common/runtime/pom.xml
index c6decdfdad1ab..a0ee38dc6a428 100644
--- a/extensions/panache/mongodb-panache-common/runtime/pom.xml
+++ b/extensions/panache/mongodb-panache-common/runtime/pom.xml
@@ -73,7 +73,7 @@
             </plugin>
             <!-- The entity classes needs to be indexed -->
             <plugin>
-                <groupId>org.jboss.jandex</groupId>
+                <groupId>io.smallrye</groupId>
                 <artifactId>jandex-maven-plugin</artifactId>
                 <executions>
                     <execution>
diff --git a/extensions/panache/mongodb-panache-kotlin/runtime/pom.xml b/extensions/panache/mongodb-panache-kotlin/runtime/pom.xml
index 962592a648616..ef6c31f23d2f4 100644
--- a/extensions/panache/mongodb-panache-kotlin/runtime/pom.xml
+++ b/extensions/panache/mongodb-panache-kotlin/runtime/pom.xml
@@ -96,7 +96,7 @@
             </plugin>
             <!-- The entity classes needs to be indexed -->
             <plugin>
-                <groupId>org.jboss.jandex</groupId>
+                <groupId>io.smallrye</groupId>
                 <artifactId>jandex-maven-plugin</artifactId>
                 <executions>
                     <execution>
diff --git a/extensions/panache/mongodb-panache/runtime/pom.xml b/extensions/panache/mongodb-panache/runtime/pom.xml
index b586cc5b1a193..ef61e86e16c9c 100644
--- a/extensions/panache/mongodb-panache/runtime/pom.xml
+++ b/extensions/panache/mongodb-panache/runtime/pom.xml
@@ -70,7 +70,7 @@
             </plugin>
             <!-- The entity classes needs to be indexed -->
             <plugin>
-                <groupId>org.jboss.jandex</groupId>
+                <groupId>io.smallrye</groupId>
                 <artifactId>jandex-maven-plugin</artifactId>
                 <executions>
                     <execution>
diff --git a/extensions/panache/panache-common/deployment/pom.xml b/extensions/panache/panache-common/deployment/pom.xml
index ef1a0737cadca..d68ec60715fbe 100644
--- a/extensions/panache/panache-common/deployment/pom.xml
+++ b/extensions/panache/panache-common/deployment/pom.xml
@@ -25,7 +25,7 @@
             <artifactId>quarkus-arc-deployment</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.jboss</groupId>
+            <groupId>io.smallrye</groupId>
             <artifactId>jandex</artifactId>
         </dependency>
         <dependency>
diff --git a/extensions/panache/panache-hibernate-common/deployment/pom.xml b/extensions/panache/panache-hibernate-common/deployment/pom.xml
index fcc44e98545af..6592af6cd1c03 100644
--- a/extensions/panache/panache-hibernate-common/deployment/pom.xml
+++ b/extensions/panache/panache-hibernate-common/deployment/pom.xml
@@ -25,7 +25,7 @@
             <artifactId>quarkus-arc-deployment</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.jboss</groupId>
+            <groupId>io.smallrye</groupId>
             <artifactId>jandex</artifactId>
         </dependency>
         <dependency>
diff --git a/extensions/picocli/runtime/pom.xml b/extensions/picocli/runtime/pom.xml
index ea7fc88598ff3..2691817ad14a0 100644
--- a/extensions/picocli/runtime/pom.xml
+++ b/extensions/picocli/runtime/pom.xml
@@ -35,7 +35,7 @@
                 <artifactId>quarkus-extension-maven-plugin</artifactId>
             </plugin>
             <plugin>
-                <groupId>org.jboss.jandex</groupId>
+                <groupId>io.smallrye</groupId>
                 <artifactId>jandex-maven-plugin</artifactId>
                 <executions>
                     <execution>
diff --git a/extensions/resteasy-classic/rest-client-config/runtime/pom.xml b/extensions/resteasy-classic/rest-client-config/runtime/pom.xml
index 4d68b76280d4c..24efe5c74c332 100644
--- a/extensions/resteasy-classic/rest-client-config/runtime/pom.xml
+++ b/extensions/resteasy-classic/rest-client-config/runtime/pom.xml
@@ -28,7 +28,7 @@
             <artifactId>microprofile-rest-client-api</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.jboss</groupId>
+            <groupId>io.smallrye</groupId>
             <artifactId>jandex</artifactId>
         </dependency>
 
diff --git a/extensions/resteasy-reactive/jaxrs-client-reactive/deployment/src/main/java/io/quarkus/jaxrs/client/reactive/deployment/JaxrsClientReactiveProcessor.java b/extensions/resteasy-reactive/jaxrs-client-reactive/deployment/src/main/java/io/quarkus/jaxrs/client/reactive/deployment/JaxrsClientReactiveProcessor.java
index cbbaffa9befb2..edf3f2cbe5885 100644
--- a/extensions/resteasy-reactive/jaxrs-client-reactive/deployment/src/main/java/io/quarkus/jaxrs/client/reactive/deployment/JaxrsClientReactiveProcessor.java
+++ b/extensions/resteasy-reactive/jaxrs-client-reactive/deployment/src/main/java/io/quarkus/jaxrs/client/reactive/deployment/JaxrsClientReactiveProcessor.java
@@ -1610,6 +1610,7 @@ private ResultHandle createMultipartForm(MethodCreator methodCreator, ResultHand
                 case VOID:
                 case TYPE_VARIABLE:
                 case UNRESOLVED_TYPE_VARIABLE:
+                case TYPE_VARIABLE_REFERENCE:
                 case WILDCARD_TYPE:
                     throw new IllegalArgumentException("Unsupported multipart form field type: " + fieldType + " in " +
                             "field class " + formClassType.name());
diff --git a/extensions/smallrye-graphql/deployment/src/main/java/io/quarkus/smallrye/graphql/deployment/OverridableIndex.java b/extensions/smallrye-graphql/deployment/src/main/java/io/quarkus/smallrye/graphql/deployment/OverridableIndex.java
index 1c17b0f415891..fcb4b35f10a2b 100644
--- a/extensions/smallrye-graphql/deployment/src/main/java/io/quarkus/smallrye/graphql/deployment/OverridableIndex.java
+++ b/extensions/smallrye-graphql/deployment/src/main/java/io/quarkus/smallrye/graphql/deployment/OverridableIndex.java
@@ -2,6 +2,7 @@
 
 import java.util.Collection;
 import java.util.Comparator;
+import java.util.HashSet;
 import java.util.Set;
 import java.util.TreeSet;
 
@@ -52,6 +53,18 @@ public Collection<ClassInfo> getAllKnownSubclasses(DotName dn) {
         return overrideCollection(original.getAllKnownSubclasses(dn), override.getAllKnownSubclasses(dn), classInfoComparator);
     }
 
+    @Override
+    public Collection<ClassInfo> getKnownDirectSubinterfaces(DotName dn) {
+        return overrideCollection(original.getKnownDirectSubinterfaces(dn), override.getKnownDirectSubinterfaces(dn),
+                classInfoComparator);
+    }
+
+    @Override
+    public Collection<ClassInfo> getAllKnownSubinterfaces(DotName dn) {
+        return overrideCollection(original.getAllKnownSubinterfaces(dn), override.getAllKnownSubinterfaces(dn),
+                classInfoComparator);
+    }
+
     @Override
     public Collection<ClassInfo> getKnownDirectImplementors(DotName dn) {
         return overrideCollection(original.getKnownDirectImplementors(dn), override.getKnownDirectImplementors(dn),
@@ -90,6 +103,17 @@ public Collection<ClassInfo> getKnownUsers(DotName dn) {
         return overrideCollection(original.getKnownUsers(dn), override.getKnownUsers(dn), classInfoComparator);
     }
 
+    @Override
+    public Collection<ClassInfo> getClassesInPackage(DotName pn) {
+        return overrideCollection(original.getClassesInPackage(pn), override.getClassesInPackage(pn), classInfoComparator);
+    }
+
+    @Override
+    public Set<DotName> getSubpackages(DotName pn) {
+        return new HashSet<>(overrideCollection(original.getSubpackages(pn), override.getSubpackages(pn),
+                Comparator.naturalOrder()));
+    }
+
     private Comparator<ClassInfo> classInfoComparator = new Comparator<ClassInfo>() {
         @Override
         public int compare(ClassInfo t, ClassInfo t1) {
diff --git a/extensions/spring-boot-properties/runtime/pom.xml b/extensions/spring-boot-properties/runtime/pom.xml
index eb83c846666e6..88d6eb8da01e9 100644
--- a/extensions/spring-boot-properties/runtime/pom.xml
+++ b/extensions/spring-boot-properties/runtime/pom.xml
@@ -41,7 +41,7 @@
             </plugin>
             <!--- @SpringBootConfigProperties needs to be part of the index -->
             <plugin>
-                <groupId>org.jboss.jandex</groupId>
+                <groupId>io.smallrye</groupId>
                 <artifactId>jandex-maven-plugin</artifactId>
                 <executions>
                     <execution>
diff --git a/extensions/spring-di/deployment/src/test/java/io/quarkus/spring/di/deployment/SpringDIProcessorTest.java b/extensions/spring-di/deployment/src/test/java/io/quarkus/spring/di/deployment/SpringDIProcessorTest.java
index 74eccaef4e87b..5791891b3fca2 100644
--- a/extensions/spring-di/deployment/src/test/java/io/quarkus/spring/di/deployment/SpringDIProcessorTest.java
+++ b/extensions/spring-di/deployment/src/test/java/io/quarkus/spring/di/deployment/SpringDIProcessorTest.java
@@ -3,7 +3,6 @@
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
 import java.io.IOException;
-import java.io.InputStream;
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
@@ -26,8 +25,8 @@
 import org.jboss.jandex.AnnotationValue;
 import org.jboss.jandex.ClassInfo;
 import org.jboss.jandex.DotName;
+import org.jboss.jandex.Index;
 import org.jboss.jandex.IndexView;
-import org.jboss.jandex.Indexer;
 import org.jboss.jandex.MethodInfo;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
@@ -39,7 +38,6 @@
 
 import io.quarkus.arc.processor.BeanArchives;
 import io.quarkus.arc.processor.DotNames;
-import io.quarkus.deployment.util.IoUtil;
 
 /**
  * @author <a href="mailto:brent.n.douglas@gmail.com">Brent Douglas</a>
@@ -205,17 +203,12 @@ public void getAnnotationsToAddBeanMethodWithScope() {
     }
 
     private IndexView getIndex(final Class<?>... classes) {
-        final Indexer indexer = new Indexer();
-        for (final Class<?> clazz : classes) {
-            final String className = clazz.getName();
-            try (InputStream stream = IoUtil.readClass(getClass().getClassLoader(), className)) {
-                final ClassInfo beanInfo = indexer.index(stream);
-            } catch (IOException e) {
-                throw new IllegalStateException("Failed to index: " + className, e);
-            }
+        try {
+            Index index = Index.of(classes);
+            return BeanArchives.buildBeanArchiveIndex(getClass().getClassLoader(), new ConcurrentHashMap<>(), index);
+        } catch (IOException e) {
+            throw new IllegalStateException("Failed to index classes", e);
         }
-        return BeanArchives.buildBeanArchiveIndex(getClass().getClassLoader(), new ConcurrentHashMap<>(),
-                indexer.complete());
     }
 
     @SafeVarargs
diff --git a/extensions/spring-scheduled/deployment/src/test/java/io/quarkus/spring/scheduled/deployment/SpringScheduledProcessorTest.java b/extensions/spring-scheduled/deployment/src/test/java/io/quarkus/spring/scheduled/deployment/SpringScheduledProcessorTest.java
index ad55c1f7ece30..3abb0f2f3334b 100644
--- a/extensions/spring-scheduled/deployment/src/test/java/io/quarkus/spring/scheduled/deployment/SpringScheduledProcessorTest.java
+++ b/extensions/spring-scheduled/deployment/src/test/java/io/quarkus/spring/scheduled/deployment/SpringScheduledProcessorTest.java
@@ -4,7 +4,6 @@
 import static org.junit.jupiter.api.Assertions.fail;
 
 import java.io.IOException;
-import java.io.InputStream;
 import java.util.List;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.TimeUnit;
@@ -13,16 +12,14 @@
 
 import org.jboss.jandex.AnnotationInstance;
 import org.jboss.jandex.AnnotationValue;
-import org.jboss.jandex.ClassInfo;
 import org.jboss.jandex.DotName;
+import org.jboss.jandex.Index;
 import org.jboss.jandex.IndexView;
-import org.jboss.jandex.Indexer;
 import org.jboss.jandex.MethodInfo;
 import org.junit.jupiter.api.Test;
 import org.springframework.scheduling.annotation.Scheduled;
 
 import io.quarkus.arc.processor.BeanArchives;
-import io.quarkus.deployment.util.IoUtil;
 
 public class SpringScheduledProcessorTest {
 
@@ -116,17 +113,12 @@ public void testBuildDelayParamFromInvalidFormat() {
     }
 
     private IndexView getIndex(final Class<?>... classes) {
-        final Indexer indexer = new Indexer();
-        for (final Class<?> clazz : classes) {
-            final String className = clazz.getName();
-            try (InputStream stream = IoUtil.readClass(getClass().getClassLoader(), className)) {
-                final ClassInfo beanInfo = indexer.index(stream);
-            } catch (IOException e) {
-                throw new IllegalStateException("Failed to index: " + className, e);
-            }
+        try {
+            Index index = Index.of(classes);
+            return BeanArchives.buildBeanArchiveIndex(getClass().getClassLoader(), new ConcurrentHashMap<>(), index);
+        } catch (IOException e) {
+            throw new IllegalStateException("Failed to index classes", e);
         }
-        return BeanArchives.buildBeanArchiveIndex(getClass().getClassLoader(), new ConcurrentHashMap<>(),
-                indexer.complete());
     }
 
     @ApplicationScoped
diff --git a/extensions/vertx/deployment/src/main/java/io/quarkus/vertx/deployment/EventBusConsumer.java b/extensions/vertx/deployment/src/main/java/io/quarkus/vertx/deployment/EventBusConsumer.java
index 046ef6886e5e4..a4069c07d4609 100644
--- a/extensions/vertx/deployment/src/main/java/io/quarkus/vertx/deployment/EventBusConsumer.java
+++ b/extensions/vertx/deployment/src/main/java/io/quarkus/vertx/deployment/EventBusConsumer.java
@@ -169,14 +169,14 @@ private static void implementInvoke(BeanInfo bean, MethodInfo method, ClassCreat
         // https://github.com/quarkusio/quarkus/issues/21621
         Optional<Type> headerType = Optional.empty();
         Type paramType;
-        if (method.parameters().size() == 2) {
-            Type firstParamType = method.parameters().get(0);
+        if (method.parametersCount() == 2) {
+            Type firstParamType = method.parameterType(0);
             if (VertxConstants.isMessageHeaders(firstParamType.name())) {
                 headerType = Optional.of(firstParamType);
             }
-            paramType = method.parameters().get(1);
+            paramType = method.parameterType(1);
         } else {
-            paramType = method.parameters().get(0);
+            paramType = method.parameterType(0);
         }
         if (paramType.name().equals(MESSAGE)) {
             // io.vertx.core.eventbus.Message
diff --git a/extensions/vertx/deployment/src/main/java/io/quarkus/vertx/deployment/VertxProcessor.java b/extensions/vertx/deployment/src/main/java/io/quarkus/vertx/deployment/VertxProcessor.java
index 43b5c21d71156..7eeb82fb9f917 100644
--- a/extensions/vertx/deployment/src/main/java/io/quarkus/vertx/deployment/VertxProcessor.java
+++ b/extensions/vertx/deployment/src/main/java/io/quarkus/vertx/deployment/VertxProcessor.java
@@ -125,7 +125,7 @@ void collectEventConsumers(
                 AnnotationInstance consumeEvent = annotationStore.getAnnotation(method, CONSUME_EVENT);
                 if (consumeEvent != null) {
                     // Validate method params and return type
-                    List<Type> params = method.parameters();
+                    List<Type> params = method.parameterTypes();
                     if (params.size() == 2) {
                         if (!isMessageHeaders(params.get(0).name())) {
                             // If there are two parameters, the first must be message headers.
diff --git a/independent-projects/arc/pom.xml b/independent-projects/arc/pom.xml
index ea45249f5d2db..9838bd1a6cf34 100644
--- a/independent-projects/arc/pom.xml
+++ b/independent-projects/arc/pom.xml
@@ -42,13 +42,13 @@
         <!-- Versions -->
         <version.cdi>2.0.2</version.cdi>
         <version.jta>1.3.3</version.jta>
-        <version.jandex>2.4.3.Final</version.jandex>
+        <version.jandex>3.0.0</version.jandex>
         <version.junit5>5.9.0</version.junit5>
         <version.maven>3.8.6</version.maven>
         <version.assertj>3.23.1</version.assertj>
         <version.jboss-logging>3.5.0.Final</version.jboss-logging>
         <version.jakarta-annotation>1.3.5</version.jakarta-annotation>
-        <version.gizmo>1.1.0.Final</version.gizmo>
+        <version.gizmo>1.2.0.Final</version.gizmo>
         <version.jpa>2.2.3</version.jpa>
         <version.mutiny>1.6.0</version.mutiny>
 
@@ -85,7 +85,7 @@
             </dependency>
 
             <dependency>
-                <groupId>org.jboss</groupId>
+                <groupId>io.smallrye</groupId>
                 <artifactId>jandex</artifactId>
                 <version>${version.jandex}</version>
             </dependency>
diff --git a/independent-projects/arc/processor/pom.xml b/independent-projects/arc/processor/pom.xml
index 84e264d8f9208..c0411c79cb570 100644
--- a/independent-projects/arc/processor/pom.xml
+++ b/independent-projects/arc/processor/pom.xml
@@ -31,7 +31,7 @@
         </dependency>
 
         <dependency>
-            <groupId>org.jboss</groupId>
+            <groupId>io.smallrye</groupId>
             <artifactId>jandex</artifactId>
         </dependency>
 
diff --git a/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/AsmUtilCopy.java b/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/AsmUtilCopy.java
index f5835c0fde19c..6b60e5587e664 100644
--- a/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/AsmUtilCopy.java
+++ b/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/AsmUtilCopy.java
@@ -9,6 +9,8 @@
 import org.jboss.jandex.PrimitiveType.Primitive;
 import org.jboss.jandex.Type;
 import org.jboss.jandex.TypeVariable;
+import org.jboss.jandex.TypeVariableReference;
+import org.jboss.jandex.UnresolvedTypeVariable;
 
 /**
  * Copy of quarkus-core AsmUtil for some methods, with a tweak on the ARG_MAPPER (not name->String anymore) and
@@ -146,8 +148,14 @@ else if (erased)
                     sb.append("T").append(typeVariable.identifier()).append(";");
                 break;
             case UNRESOLVED_TYPE_VARIABLE:
-                // FIXME: ??
+                // TODO no mapping, no support for "erased"
+                UnresolvedTypeVariable unresolvedTypeVariable = type.asUnresolvedTypeVariable();
+                sb.append("T").append(unresolvedTypeVariable.identifier()).append(";");
                 break;
+            case TYPE_VARIABLE_REFERENCE:
+                // TODO no mapping, no support for "erased"
+                TypeVariableReference typeVariableReference = type.asTypeVariableReference();
+                sb.append("T").append(typeVariableReference.identifier()).append(";");
             case VOID:
                 sb.append("V");
                 break;
@@ -243,6 +251,7 @@ private static boolean needsSignature(Type type) {
             case PARAMETERIZED_TYPE:
             case TYPE_VARIABLE:
             case UNRESOLVED_TYPE_VARIABLE:
+            case TYPE_VARIABLE_REFERENCE:
             case WILDCARD_TYPE:
                 return true;
         }
diff --git a/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/BeanArchives.java b/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/BeanArchives.java
index e54908eb06fee..18f24553f034f 100644
--- a/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/BeanArchives.java
+++ b/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/BeanArchives.java
@@ -10,6 +10,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.lang.reflect.Modifier;
+import java.util.ArrayDeque;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -17,7 +18,9 @@
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Optional;
+import java.util.Queue;
 import java.util.Set;
 import javax.enterprise.context.BeforeDestroyed;
 import javax.enterprise.context.Destroyed;
@@ -144,6 +147,73 @@ public Collection<ClassInfo> getAllKnownSubclasses(DotName className) {
             return allKnown;
         }
 
+        private void getAllKnownSubClasses(DotName className, Set<ClassInfo> allKnown, Set<DotName> processedClasses) {
+            final Set<DotName> subClassesToProcess = new HashSet<DotName>();
+            subClassesToProcess.add(className);
+            while (!subClassesToProcess.isEmpty()) {
+                final Iterator<DotName> toProcess = subClassesToProcess.iterator();
+                DotName name = toProcess.next();
+                toProcess.remove();
+                processedClasses.add(name);
+                getAllKnownSubClasses(name, allKnown, subClassesToProcess, processedClasses);
+            }
+        }
+
+        private void getAllKnownSubClasses(DotName name, Set<ClassInfo> allKnown, Set<DotName> subClassesToProcess,
+                Set<DotName> processedClasses) {
+            final Collection<ClassInfo> directSubclasses = getKnownDirectSubclasses(name);
+            if (directSubclasses != null) {
+                for (final ClassInfo clazz : directSubclasses) {
+                    final DotName className = clazz.name();
+                    if (!processedClasses.contains(className)) {
+                        allKnown.add(clazz);
+                        subClassesToProcess.add(className);
+                    }
+                }
+            }
+        }
+
+        @Override
+        public Collection<ClassInfo> getKnownDirectSubinterfaces(DotName interfaceName) {
+            if (additionalClasses.isEmpty()) {
+                return index.getKnownDirectSubinterfaces(interfaceName);
+            }
+            Set<ClassInfo> directSubinterfaces = new HashSet<>(index.getKnownDirectSubinterfaces(interfaceName));
+            for (Optional<ClassInfo> additional : additionalClasses.values()) {
+                if (additional.isPresent() && additional.get().interfaceNames().contains(interfaceName)) {
+                    directSubinterfaces.add(additional.get());
+                }
+            }
+            return directSubinterfaces;
+        }
+
+        @Override
+        public Collection<ClassInfo> getAllKnownSubinterfaces(DotName interfaceName) {
+            if (additionalClasses.isEmpty()) {
+                return index.getAllKnownSubinterfaces(interfaceName);
+            }
+
+            Set<ClassInfo> result = new HashSet<>();
+
+            Queue<DotName> workQueue = new ArrayDeque<>();
+            Set<DotName> alreadyProcessed = new HashSet<>();
+
+            workQueue.add(interfaceName);
+            while (!workQueue.isEmpty()) {
+                DotName iface = workQueue.remove();
+                if (!alreadyProcessed.add(iface)) {
+                    continue;
+                }
+
+                for (ClassInfo directSubinterface : getKnownDirectSubinterfaces(iface)) {
+                    result.add(directSubinterface);
+                    workQueue.add(directSubinterface.name());
+                }
+            }
+
+            return result;
+        }
+
         @Override
         public Collection<ClassInfo> getKnownDirectImplementors(DotName className) {
             if (additionalClasses.isEmpty()) {
@@ -183,6 +253,27 @@ public Collection<ClassInfo> getAllKnownImplementors(DotName interfaceName) {
             return allKnown;
         }
 
+        private void getKnownImplementors(DotName name, Set<ClassInfo> allKnown, Set<DotName> subInterfacesToProcess,
+                Set<DotName> processedClasses) {
+            final Collection<ClassInfo> list = getKnownDirectImplementors(name);
+            if (list != null) {
+                for (final ClassInfo clazz : list) {
+                    final DotName className = clazz.name();
+                    if (!processedClasses.contains(className)) {
+                        if (Modifier.isInterface(clazz.flags())) {
+                            subInterfacesToProcess.add(className);
+                        } else {
+                            if (!allKnown.contains(clazz)) {
+                                allKnown.add(clazz);
+                                processedClasses.add(className);
+                                getAllKnownSubClasses(className, allKnown, processedClasses);
+                            }
+                        }
+                    }
+                }
+            }
+        }
+
         @Override
         public Collection<AnnotationInstance> getAnnotations(DotName annotationName) {
             return index.getAnnotations(annotationName);
@@ -208,51 +299,44 @@ public Collection<ClassInfo> getKnownUsers(DotName className) {
             return this.index.getKnownUsers(className);
         }
 
-        private void getAllKnownSubClasses(DotName className, Set<ClassInfo> allKnown, Set<DotName> processedClasses) {
-            final Set<DotName> subClassesToProcess = new HashSet<DotName>();
-            subClassesToProcess.add(className);
-            while (!subClassesToProcess.isEmpty()) {
-                final Iterator<DotName> toProcess = subClassesToProcess.iterator();
-                DotName name = toProcess.next();
-                toProcess.remove();
-                processedClasses.add(name);
-                getAllKnownSubClasses(name, allKnown, subClassesToProcess, processedClasses);
+        @Override
+        public Collection<ClassInfo> getClassesInPackage(DotName packageName) {
+            if (additionalClasses.isEmpty()) {
+                return index.getClassesInPackage(packageName);
             }
-        }
-
-        private void getAllKnownSubClasses(DotName name, Set<ClassInfo> allKnown, Set<DotName> subClassesToProcess,
-                Set<DotName> processedClasses) {
-            final Collection<ClassInfo> directSubclasses = getKnownDirectSubclasses(name);
-            if (directSubclasses != null) {
-                for (final ClassInfo clazz : directSubclasses) {
-                    final DotName className = clazz.name();
-                    if (!processedClasses.contains(className)) {
-                        allKnown.add(clazz);
-                        subClassesToProcess.add(className);
-                    }
+            Set<ClassInfo> classesInPackage = new HashSet<>(index.getClassesInPackage(packageName));
+            for (Optional<ClassInfo> additional : additionalClasses.values()) {
+                if (additional.isEmpty()) {
+                    continue;
+                }
+                if (Objects.equals(packageName, additional.get().name().packagePrefixName())) {
+                    classesInPackage.add(additional.get());
                 }
             }
+            return classesInPackage;
         }
 
-        private void getKnownImplementors(DotName name, Set<ClassInfo> allKnown, Set<DotName> subInterfacesToProcess,
-                Set<DotName> processedClasses) {
-            final Collection<ClassInfo> list = getKnownDirectImplementors(name);
-            if (list != null) {
-                for (final ClassInfo clazz : list) {
-                    final DotName className = clazz.name();
-                    if (!processedClasses.contains(className)) {
-                        if (Modifier.isInterface(clazz.flags())) {
-                            subInterfacesToProcess.add(className);
-                        } else {
-                            if (!allKnown.contains(clazz)) {
-                                allKnown.add(clazz);
-                                processedClasses.add(className);
-                                getAllKnownSubClasses(className, allKnown, processedClasses);
-                            }
-                        }
+        @Override
+        public Set<DotName> getSubpackages(DotName packageName) {
+            if (additionalClasses.isEmpty()) {
+                return index.getSubpackages(packageName);
+            }
+            Set<DotName> subpackages = new HashSet<>(index.getSubpackages(packageName));
+            for (Optional<ClassInfo> additional : additionalClasses.values()) {
+                if (additional.isEmpty()) {
+                    continue;
+                }
+                DotName pkg = additional.get().name().packagePrefixName();
+                while (pkg != null) {
+                    DotName superPkg = pkg.packagePrefixName();
+                    if (superPkg != null && superPkg.equals(packageName)) {
+                        subpackages.add(pkg);
                     }
+                    pkg = superPkg;
                 }
+
             }
+            return subpackages;
         }
 
         private Optional<ClassInfo> computeAdditional(DotName className) {
diff --git a/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/Methods.java b/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/Methods.java
index 0095e82894e5d..623dc14c5589a 100644
--- a/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/Methods.java
+++ b/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/Methods.java
@@ -438,6 +438,7 @@ static DotName toRawType(Type a) {
                 return a.asParameterizedType().name();
             case TYPE_VARIABLE:
             case UNRESOLVED_TYPE_VARIABLE:
+            case TYPE_VARIABLE_REFERENCE:
             case WILDCARD_TYPE:
             default:
                 return DotNames.OBJECT;
diff --git a/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/Types.java b/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/Types.java
index 59202d6cdf3f8..a17f01ed58dbb 100644
--- a/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/Types.java
+++ b/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/Types.java
@@ -224,8 +224,8 @@ private static void getTypeHandle(AssignableResultHandle variable, BytecodeCreat
                 default:
                     throw new IllegalArgumentException("Unsupported primitive type: " + type);
             }
-        } else if (Kind.UNRESOLVED_TYPE_VARIABLE.equals(type.kind())) {
-            String identifier = type.asUnresolvedTypeVariable().identifier();
+        } else if (Kind.TYPE_VARIABLE_REFERENCE.equals(type.kind())) {
+            String identifier = type.asTypeVariableReference().identifier();
             TypeVariableInfo recursive = TypeVariableInfo.find(identifier, typeVariableStack);
             if (recursive != null) {
                 ResultHandle typeVariableHandle = creator.newInstance(
diff --git a/independent-projects/bootstrap/app-model/pom.xml b/independent-projects/bootstrap/app-model/pom.xml
index ed97e4bac6473..937d0784c806f 100644
--- a/independent-projects/bootstrap/app-model/pom.xml
+++ b/independent-projects/bootstrap/app-model/pom.xml
@@ -86,7 +86,7 @@
     <build>
         <plugins>
             <plugin>
-                <groupId>org.jboss.jandex</groupId>
+                <groupId>io.smallrye</groupId>
                 <artifactId>jandex-maven-plugin</artifactId>
                 <executions>
                     <execution>
diff --git a/independent-projects/bootstrap/pom.xml b/independent-projects/bootstrap/pom.xml
index 1a6374d70b395..0fac28e2f3ab4 100644
--- a/independent-projects/bootstrap/pom.xml
+++ b/independent-projects/bootstrap/pom.xml
@@ -36,7 +36,7 @@
         <maven.compiler.release>11</maven.compiler.release>
         <version.surefire.plugin>3.0.0-M7</version.surefire.plugin>
         <nexus-staging-maven-plugin.version>1.6.8</nexus-staging-maven-plugin.version>
-        <jandex-maven-plugin.version>1.2.3</jandex-maven-plugin.version>
+        <jandex.version>3.0.0</jandex.version>
 
         <!-- Dependency versions -->
         <assertj.version>3.23.1</assertj.version>
@@ -83,9 +83,9 @@
         <pluginManagement>
             <plugins>
                 <plugin>
-                    <groupId>org.jboss.jandex</groupId>
+                    <groupId>io.smallrye</groupId>
                     <artifactId>jandex-maven-plugin</artifactId>
-                    <version>${jandex-maven-plugin.version}</version>
+                    <version>${jandex.version}</version>
                 </plugin>
                 <plugin>
                     <artifactId>maven-javadoc-plugin</artifactId>
diff --git a/independent-projects/enforcer-rules/src/main/resources/enforcer-rules/quarkus-banned-dependencies.xml b/independent-projects/enforcer-rules/src/main/resources/enforcer-rules/quarkus-banned-dependencies.xml
index 805b934d866db..30f9458575ccd 100644
--- a/independent-projects/enforcer-rules/src/main/resources/enforcer-rules/quarkus-banned-dependencies.xml
+++ b/independent-projects/enforcer-rules/src/main/resources/enforcer-rules/quarkus-banned-dependencies.xml
@@ -100,6 +100,8 @@
                 <exclude>org.jboss.modules:jboss-modules</exclude>
                 <!-- We prefer ByteBuddy where possible -->
                 <exclude>org.javassist:javassist</exclude>
+                <!-- Jandex moved to SmallRye -->
+                <exclude>org.jboss:jandex</exclude>
             </excludes>
             <includes>
                 <!-- this is for REST Assured -->
diff --git a/independent-projects/qute/generator/pom.xml b/independent-projects/qute/generator/pom.xml
index e0b861f993875..25eb37333cf27 100644
--- a/independent-projects/qute/generator/pom.xml
+++ b/independent-projects/qute/generator/pom.xml
@@ -23,7 +23,7 @@
             <artifactId>jboss-logging</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.jboss</groupId>
+            <groupId>io.smallrye</groupId>
             <artifactId>jandex</artifactId>
         </dependency>
         <dependency>
diff --git a/independent-projects/qute/generator/src/main/java/io/quarkus/qute/generator/ValueResolverGenerator.java b/independent-projects/qute/generator/src/main/java/io/quarkus/qute/generator/ValueResolverGenerator.java
index 3dfeebfea4bc7..e4257de003936 100644
--- a/independent-projects/qute/generator/src/main/java/io/quarkus/qute/generator/ValueResolverGenerator.java
+++ b/independent-projects/qute/generator/src/main/java/io/quarkus/qute/generator/ValueResolverGenerator.java
@@ -994,6 +994,7 @@ private boolean skipMemberType(Type type) {
             case ARRAY:
             case TYPE_VARIABLE:
             case UNRESOLVED_TYPE_VARIABLE:
+            case TYPE_VARIABLE_REFERENCE:
             case WILDCARD_TYPE:
                 return true;
             default:
diff --git a/independent-projects/qute/pom.xml b/independent-projects/qute/pom.xml
index 0fa65445960e5..b6c9de8348830 100644
--- a/independent-projects/qute/pom.xml
+++ b/independent-projects/qute/pom.xml
@@ -42,8 +42,8 @@
         <maven.compiler.release>11</maven.compiler.release>
         <version.junit>5.9.0</version.junit>
         <version.assertj>3.23.1</version.assertj>
-        <version.jandex>2.4.3.Final</version.jandex>
-        <version.gizmo>1.1.0.Final</version.gizmo>
+        <version.jandex>3.0.0</version.jandex>
+        <version.gizmo>1.2.0.Final</version.gizmo>
         <version.jboss-logging>3.5.0.Final</version.jboss-logging>
         <version.surefire.plugin>3.0.0-M7</version.surefire.plugin>
         <version.nexus-staging-maven-plugin>1.6.8</version.nexus-staging-maven-plugin>
@@ -86,7 +86,7 @@
                 <version>${version.jboss-logging}</version>
             </dependency>
             <dependency>
-                <groupId>org.jboss</groupId>
+                <groupId>io.smallrye</groupId>
                 <artifactId>jandex</artifactId>
                 <version>${version.jandex}</version>
             </dependency>
diff --git a/independent-projects/resteasy-reactive/client/processor/pom.xml b/independent-projects/resteasy-reactive/client/processor/pom.xml
index dd20ccce3997c..513306efc372b 100644
--- a/independent-projects/resteasy-reactive/client/processor/pom.xml
+++ b/independent-projects/resteasy-reactive/client/processor/pom.xml
@@ -15,7 +15,7 @@
 
     <dependencies>
         <dependency>
-            <groupId>org.jboss</groupId>
+            <groupId>io.smallrye</groupId>
             <artifactId>jandex</artifactId>
         </dependency>
         <dependency>
diff --git a/independent-projects/resteasy-reactive/common/processor/pom.xml b/independent-projects/resteasy-reactive/common/processor/pom.xml
index cdad011e35ef8..69fed04ce862a 100644
--- a/independent-projects/resteasy-reactive/common/processor/pom.xml
+++ b/independent-projects/resteasy-reactive/common/processor/pom.xml
@@ -15,7 +15,7 @@
 
     <dependencies>
         <dependency>
-            <groupId>org.jboss</groupId>
+            <groupId>io.smallrye</groupId>
             <artifactId>jandex</artifactId>
         </dependency>
         <dependency>
diff --git a/independent-projects/resteasy-reactive/common/processor/src/main/java/org/jboss/resteasy/reactive/common/processor/AsmUtil.java b/independent-projects/resteasy-reactive/common/processor/src/main/java/org/jboss/resteasy/reactive/common/processor/AsmUtil.java
index c12c423c62737..cc3bc29b06939 100644
--- a/independent-projects/resteasy-reactive/common/processor/src/main/java/org/jboss/resteasy/reactive/common/processor/AsmUtil.java
+++ b/independent-projects/resteasy-reactive/common/processor/src/main/java/org/jboss/resteasy/reactive/common/processor/AsmUtil.java
@@ -11,6 +11,7 @@
 import org.jboss.jandex.Type;
 import org.jboss.jandex.Type.Kind;
 import org.jboss.jandex.TypeVariable;
+import org.jboss.jandex.TypeVariableReference;
 import org.jboss.jandex.UnresolvedTypeVariable;
 import org.jboss.jandex.WildcardType;
 import org.objectweb.asm.MethodVisitor;
@@ -216,6 +217,17 @@ private static void toSignature(StringBuilder sb, Type type, Function<String, St
                     sb.append("T").append(unresolvedTypeVariable.identifier()).append(";");
                 }
                 break;
+            case TYPE_VARIABLE_REFERENCE:
+                TypeVariableReference typeVariableReference = type.asTypeVariableReference();
+                String mappedSignature3 = typeArgMapper.apply(typeVariableReference.identifier());
+                if (mappedSignature3 != null) {
+                    sb.append(mappedSignature3);
+                } else if (erased) {
+                    // TODO ???
+                } else {
+                    sb.append("T").append(typeVariableReference.identifier()).append(";");
+                }
+                break;
             case VOID:
                 sb.append('V');
                 break;
diff --git a/independent-projects/resteasy-reactive/common/processor/src/main/java/org/jboss/resteasy/reactive/common/processor/CalculatingIndexView.java b/independent-projects/resteasy-reactive/common/processor/src/main/java/org/jboss/resteasy/reactive/common/processor/CalculatingIndexView.java
index ed12e32808283..4fc548b128ebe 100644
--- a/independent-projects/resteasy-reactive/common/processor/src/main/java/org/jboss/resteasy/reactive/common/processor/CalculatingIndexView.java
+++ b/independent-projects/resteasy-reactive/common/processor/src/main/java/org/jboss/resteasy/reactive/common/processor/CalculatingIndexView.java
@@ -3,13 +3,16 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.lang.reflect.Modifier;
+import java.util.ArrayDeque;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Optional;
+import java.util.Queue;
 import java.util.Set;
 import java.util.stream.Collectors;
 import org.jboss.jandex.AnnotationInstance;
@@ -85,6 +88,73 @@ public Collection<ClassInfo> getAllKnownSubclasses(DotName className) {
         return allKnown;
     }
 
+    private void getAllKnownSubClasses(DotName className, Set<ClassInfo> allKnown, Set<DotName> processedClasses) {
+        final Set<DotName> subClassesToProcess = new HashSet<DotName>();
+        subClassesToProcess.add(className);
+        while (!subClassesToProcess.isEmpty()) {
+            final Iterator<DotName> toProcess = subClassesToProcess.iterator();
+            DotName name = toProcess.next();
+            toProcess.remove();
+            processedClasses.add(name);
+            getAllKnownSubClasses(name, allKnown, subClassesToProcess, processedClasses);
+        }
+    }
+
+    private void getAllKnownSubClasses(DotName name, Set<ClassInfo> allKnown, Set<DotName> subClassesToProcess,
+            Set<DotName> processedClasses) {
+        final Collection<ClassInfo> directSubclasses = getKnownDirectSubclasses(name);
+        if (directSubclasses != null) {
+            for (final ClassInfo clazz : directSubclasses) {
+                final DotName className = clazz.name();
+                if (!processedClasses.contains(className)) {
+                    allKnown.add(clazz);
+                    subClassesToProcess.add(className);
+                }
+            }
+        }
+    }
+
+    @Override
+    public Collection<ClassInfo> getKnownDirectSubinterfaces(DotName interfaceName) {
+        if (additionalClasses.isEmpty()) {
+            return index.getKnownDirectSubinterfaces(interfaceName);
+        }
+        Set<ClassInfo> directSubinterfaces = new HashSet<>(index.getKnownDirectSubinterfaces(interfaceName));
+        for (Optional<ClassInfo> additional : additionalClasses.values()) {
+            if (additional.isPresent() && additional.get().interfaceNames().contains(interfaceName)) {
+                directSubinterfaces.add(additional.get());
+            }
+        }
+        return directSubinterfaces;
+    }
+
+    @Override
+    public Collection<ClassInfo> getAllKnownSubinterfaces(DotName interfaceName) {
+        if (additionalClasses.isEmpty()) {
+            return index.getAllKnownSubinterfaces(interfaceName);
+        }
+
+        Set<ClassInfo> result = new HashSet<>();
+
+        Queue<DotName> workQueue = new ArrayDeque<>();
+        Set<DotName> alreadyProcessed = new HashSet<>();
+
+        workQueue.add(interfaceName);
+        while (!workQueue.isEmpty()) {
+            DotName iface = workQueue.remove();
+            if (!alreadyProcessed.add(iface)) {
+                continue;
+            }
+
+            for (ClassInfo directSubinterface : getKnownDirectSubinterfaces(iface)) {
+                result.add(directSubinterface);
+                workQueue.add(directSubinterface.name());
+            }
+        }
+
+        return result;
+    }
+
     @Override
     public Collection<ClassInfo> getKnownDirectImplementors(DotName className) {
         if (additionalClasses.isEmpty()) {
@@ -124,6 +194,27 @@ public Collection<ClassInfo> getAllKnownImplementors(DotName interfaceName) {
         return allKnown;
     }
 
+    private void getKnownImplementors(DotName name, Set<ClassInfo> allKnown, Set<DotName> subInterfacesToProcess,
+            Set<DotName> processedClasses) {
+        final Collection<ClassInfo> list = getKnownDirectImplementors(name);
+        if (list != null) {
+            for (final ClassInfo clazz : list) {
+                final DotName className = clazz.name();
+                if (!processedClasses.contains(className)) {
+                    if (Modifier.isInterface(clazz.flags())) {
+                        subInterfacesToProcess.add(className);
+                    } else {
+                        if (!allKnown.contains(clazz)) {
+                            allKnown.add(clazz);
+                            processedClasses.add(className);
+                            getAllKnownSubClasses(className, allKnown, processedClasses);
+                        }
+                    }
+                }
+            }
+        }
+    }
+
     @Override
     public Collection<AnnotationInstance> getAnnotations(DotName annotationName) {
         return index.getAnnotations(annotationName);
@@ -149,51 +240,44 @@ public Collection<ClassInfo> getKnownUsers(DotName className) {
         return this.index.getKnownUsers(className);
     }
 
-    private void getAllKnownSubClasses(DotName className, Set<ClassInfo> allKnown, Set<DotName> processedClasses) {
-        final Set<DotName> subClassesToProcess = new HashSet<DotName>();
-        subClassesToProcess.add(className);
-        while (!subClassesToProcess.isEmpty()) {
-            final Iterator<DotName> toProcess = subClassesToProcess.iterator();
-            DotName name = toProcess.next();
-            toProcess.remove();
-            processedClasses.add(name);
-            getAllKnownSubClasses(name, allKnown, subClassesToProcess, processedClasses);
+    @Override
+    public Collection<ClassInfo> getClassesInPackage(DotName packageName) {
+        if (additionalClasses.isEmpty()) {
+            return index.getClassesInPackage(packageName);
         }
-    }
-
-    private void getAllKnownSubClasses(DotName name, Set<ClassInfo> allKnown, Set<DotName> subClassesToProcess,
-            Set<DotName> processedClasses) {
-        final Collection<ClassInfo> directSubclasses = getKnownDirectSubclasses(name);
-        if (directSubclasses != null) {
-            for (final ClassInfo clazz : directSubclasses) {
-                final DotName className = clazz.name();
-                if (!processedClasses.contains(className)) {
-                    allKnown.add(clazz);
-                    subClassesToProcess.add(className);
-                }
+        Set<ClassInfo> classesInPackage = new HashSet<>(index.getClassesInPackage(packageName));
+        for (Optional<ClassInfo> additional : additionalClasses.values()) {
+            if (additional.isEmpty()) {
+                continue;
+            }
+            if (Objects.equals(packageName, additional.get().name().packagePrefixName())) {
+                classesInPackage.add(additional.get());
             }
         }
+        return classesInPackage;
     }
 
-    private void getKnownImplementors(DotName name, Set<ClassInfo> allKnown, Set<DotName> subInterfacesToProcess,
-            Set<DotName> processedClasses) {
-        final Collection<ClassInfo> list = getKnownDirectImplementors(name);
-        if (list != null) {
-            for (final ClassInfo clazz : list) {
-                final DotName className = clazz.name();
-                if (!processedClasses.contains(className)) {
-                    if (Modifier.isInterface(clazz.flags())) {
-                        subInterfacesToProcess.add(className);
-                    } else {
-                        if (!allKnown.contains(clazz)) {
-                            allKnown.add(clazz);
-                            processedClasses.add(className);
-                            getAllKnownSubClasses(className, allKnown, processedClasses);
-                        }
-                    }
+    @Override
+    public Set<DotName> getSubpackages(DotName packageName) {
+        if (additionalClasses.isEmpty()) {
+            return index.getSubpackages(packageName);
+        }
+        Set<DotName> subpackages = new HashSet<>(index.getSubpackages(packageName));
+        for (Optional<ClassInfo> additional : additionalClasses.values()) {
+            if (additional.isEmpty()) {
+                continue;
+            }
+            DotName pkg = additional.get().name().packagePrefixName();
+            while (pkg != null) {
+                DotName superPkg = pkg.packagePrefixName();
+                if (superPkg != null && superPkg.equals(packageName)) {
+                    subpackages.add(pkg);
                 }
+                pkg = superPkg;
             }
+
         }
+        return subpackages;
     }
 
     private Optional<ClassInfo> computeAdditional(DotName className) {
diff --git a/independent-projects/resteasy-reactive/pom.xml b/independent-projects/resteasy-reactive/pom.xml
index 690c7443b5aef..513c58149396e 100644
--- a/independent-projects/resteasy-reactive/pom.xml
+++ b/independent-projects/resteasy-reactive/pom.xml
@@ -41,14 +41,14 @@
         <maven.compiler.release>11</maven.compiler.release>
         <!-- Versions -->
         <jakarta.enterprise.cdi-api.version>2.0.2</jakarta.enterprise.cdi-api.version>
-        <jandex.version>2.4.3.Final</jandex.version>
+        <jandex.version>3.0.0</jandex.version>
         <bytebuddy.version>1.12.12</bytebuddy.version>
         <junit5.version>5.9.0</junit5.version>
         <maven.version>3.8.6</maven.version>
         <assertj.version>3.23.1</assertj.version>
         <jboss-logging.version>3.5.0.Final</jboss-logging.version>
         <jakarta.annotation-api.version>1.3.5</jakarta.annotation-api.version>
-        <gizmo.version>1.1.0.Final</gizmo.version>
+        <gizmo.version>1.2.0.Final</gizmo.version>
         <jakarta.persistence-api.version>2.2.3</jakarta.persistence-api.version>
 
         <version.surefire.plugin>3.0.0-M7</version.surefire.plugin>
@@ -154,7 +154,7 @@
             </dependency>
 
             <dependency>
-                <groupId>org.jboss</groupId>
+                <groupId>io.smallrye</groupId>
                 <artifactId>jandex</artifactId>
                 <version>${jandex.version}</version>
             </dependency>
diff --git a/independent-projects/resteasy-reactive/server/processor/pom.xml b/independent-projects/resteasy-reactive/server/processor/pom.xml
index 16d112c07e8c1..c4623210140c9 100644
--- a/independent-projects/resteasy-reactive/server/processor/pom.xml
+++ b/independent-projects/resteasy-reactive/server/processor/pom.xml
@@ -15,7 +15,7 @@
 
     <dependencies>
         <dependency>
-            <groupId>org.jboss</groupId>
+            <groupId>io.smallrye</groupId>
             <artifactId>jandex</artifactId>
         </dependency>
 
diff --git a/independent-projects/tools/pom.xml b/independent-projects/tools/pom.xml
index ecbf1f2673203..84fd8512e6d30 100644
--- a/independent-projects/tools/pom.xml
+++ b/independent-projects/tools/pom.xml
@@ -62,7 +62,7 @@
         <maven-model-helper.version>20</maven-model-helper.version>
         <commons-io.version>2.11.0</commons-io.version>
         <smallrye-common.version>1.13.1</smallrye-common.version>
-        <jandex-maven-plugin.version>1.2.3</jandex-maven-plugin.version>
+        <jandex.version>3.0.0</jandex.version>
     </properties>
     <modules>
         <module>registry-client</module>
diff --git a/independent-projects/tools/registry-client/pom.xml b/independent-projects/tools/registry-client/pom.xml
index f3efab5cb315e..84c6a71a14aa8 100644
--- a/independent-projects/tools/registry-client/pom.xml
+++ b/independent-projects/tools/registry-client/pom.xml
@@ -44,9 +44,9 @@
     <build>
         <plugins>
             <plugin>
-                <groupId>org.jboss.jandex</groupId>
+                <groupId>io.smallrye</groupId>
                 <artifactId>jandex-maven-plugin</artifactId>
-                <version>${jandex-maven-plugin.version}</version>
+                <version>${jandex.version}</version>
                 <executions>
                     <execution>
                         <id>make-index</id>
diff --git a/integration-tests/common-jpa-entities/pom.xml b/integration-tests/common-jpa-entities/pom.xml
index d5ee8734e20b1..b029b6d3d3ddc 100644
--- a/integration-tests/common-jpa-entities/pom.xml
+++ b/integration-tests/common-jpa-entities/pom.xml
@@ -24,7 +24,7 @@
     <build>
         <plugins>
             <plugin>
-                <groupId>org.jboss.jandex</groupId>
+                <groupId>io.smallrye</groupId>
                 <artifactId>jandex-maven-plugin</artifactId>
                 <executions>
                     <execution>
diff --git a/integration-tests/gradle/src/main/resources/jandex-basic-multi-module-project/common/build.gradle b/integration-tests/gradle/src/main/resources/jandex-basic-multi-module-project/common/build.gradle
index 19a292e288dec..02bd53a2ac5f2 100644
--- a/integration-tests/gradle/src/main/resources/jandex-basic-multi-module-project/common/build.gradle
+++ b/integration-tests/gradle/src/main/resources/jandex-basic-multi-module-project/common/build.gradle
@@ -1,9 +1,13 @@
 plugins {
     id 'io.quarkus'
     id 'java-library'
-    id "org.kordamp.gradle.jandex" version "0.13.0"
+    id "org.kordamp.gradle.jandex" version "1.0.0"
 }
 
 dependencies {
 
-}
\ No newline at end of file
+}
+
+jandex {
+    version = "3.0.0"
+}
diff --git a/integration-tests/jpa-mapping-xml/modern-library-a/pom.xml b/integration-tests/jpa-mapping-xml/modern-library-a/pom.xml
index 4ae2ab65279cb..971f7fb8c8d10 100644
--- a/integration-tests/jpa-mapping-xml/modern-library-a/pom.xml
+++ b/integration-tests/jpa-mapping-xml/modern-library-a/pom.xml
@@ -44,7 +44,7 @@
         </resources>
         <plugins>
             <plugin>
-                <groupId>org.jboss.jandex</groupId>
+                <groupId>io.smallrye</groupId>
                 <artifactId>jandex-maven-plugin</artifactId>
                 <executions>
                     <execution>
diff --git a/integration-tests/jpa-mapping-xml/modern-library-b/pom.xml b/integration-tests/jpa-mapping-xml/modern-library-b/pom.xml
index d231faaffbe7d..5ccb00936280c 100644
--- a/integration-tests/jpa-mapping-xml/modern-library-b/pom.xml
+++ b/integration-tests/jpa-mapping-xml/modern-library-b/pom.xml
@@ -44,7 +44,7 @@
         </resources>
         <plugins>
             <plugin>
-                <groupId>org.jboss.jandex</groupId>
+                <groupId>io.smallrye</groupId>
                 <artifactId>jandex-maven-plugin</artifactId>
                 <executions>
                     <execution>
diff --git a/jakarta/rewrite.yml b/jakarta/rewrite.yml
index 8b37a399dfdc6..a3e3bfbbb9ca9 100644
--- a/jakarta/rewrite.yml
+++ b/jakarta/rewrite.yml
@@ -544,7 +544,7 @@ recipeList:
       newValue: 6.0.0-RC4
   - org.openrewrite.maven.ChangePropertyValue:
       key: smallrye-graphql.version
-      newValue: 2.0.0.RC8
+      newValue: 2.0.0.RC9
   - org.openrewrite.maven.ChangePropertyValue:
       key: smallrye-health.version
       newValue: 4.0.0
@@ -582,10 +582,10 @@ recipeList:
       newValue: 4.0.1
   - org.openrewrite.maven.ChangePropertyValue:
       key: smallrye-metrics.version
-      newValue: 4.0.0-RC1
+      newValue: 4.0.0
   - org.openrewrite.maven.ChangePropertyValue:
       key: smallrye-open-api.version
-      newValue: 3.0.0-RC4
+      newValue: 3.0.0
   - org.openrewrite.maven.ChangePropertyValue:
       key: microprofile-opentracing-api.version
       newValue: 3.0
diff --git a/tcks/microprofile-fault-tolerance/pom.xml b/tcks/microprofile-fault-tolerance/pom.xml
index 6236ed6dd6cad..0035bad6ad1f6 100644
--- a/tcks/microprofile-fault-tolerance/pom.xml
+++ b/tcks/microprofile-fault-tolerance/pom.xml
@@ -37,9 +37,6 @@
                     <excludes>
                         <!-- We do not support enablement via beans.xml -->
                         <exclude>org.eclipse.microprofile.fault.tolerance.tck.interceptor.xmlInterceptorEnabling.FaultToleranceInterceptorEnableByXmlTest</exclude>
-                        <!-- Jandex bug: https://github.com/wildfly/jandex/pull/114 -->
-                        <exclude>org.eclipse.microprofile.fault.tolerance.tck.invalidParameters.InvalidCircuitBreakerFailureRatioNegTest</exclude>
-                        <exclude>org.eclipse.microprofile.fault.tolerance.tck.invalidParameters.InvalidCircuitBreakerFailureRatioPosTest</exclude>
                     </excludes>
                 </configuration>
             </plugin>
diff --git a/tcks/microprofile-rest-client-reactive/pom.xml b/tcks/microprofile-rest-client-reactive/pom.xml
index f1892acafbac3..78639150f1b62 100644
--- a/tcks/microprofile-rest-client-reactive/pom.xml
+++ b/tcks/microprofile-rest-client-reactive/pom.xml
@@ -101,9 +101,8 @@
                 </executions>
             </plugin>
             <plugin>
-                <groupId>org.jboss.jandex</groupId>
+                <groupId>io.smallrye</groupId>
                 <artifactId>jandex-maven-plugin</artifactId>
-                <version>${jandex-maven-plugin.version}</version>
                 <executions>
                     <execution>
                         <id>make-index</id>
diff --git a/test-framework/common/pom.xml b/test-framework/common/pom.xml
index 9f4a830fe20d6..7ace31a5d36a4 100644
--- a/test-framework/common/pom.xml
+++ b/test-framework/common/pom.xml
@@ -27,7 +27,7 @@
             <artifactId>quarkus-bootstrap-gradle-resolver</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.jboss</groupId>
+            <groupId>io.smallrye</groupId>
             <artifactId>jandex</artifactId>
         </dependency>
         <!-- Needed for RestAssured -->
diff --git a/test-framework/security-jwt/pom.xml b/test-framework/security-jwt/pom.xml
index 8bd1a0123be40..0aa072bb0146d 100644
--- a/test-framework/security-jwt/pom.xml
+++ b/test-framework/security-jwt/pom.xml
@@ -38,7 +38,7 @@
         <plugins>
             <!-- The entity classes need to be indexed -->
             <plugin>
-                <groupId>org.jboss.jandex</groupId>
+                <groupId>io.smallrye</groupId>
                 <artifactId>jandex-maven-plugin</artifactId>
                 <executions>
                     <execution>
diff --git a/test-framework/security-oidc/pom.xml b/test-framework/security-oidc/pom.xml
index 095270779e35a..27aba21bfe3f4 100644
--- a/test-framework/security-oidc/pom.xml
+++ b/test-framework/security-oidc/pom.xml
@@ -38,7 +38,7 @@
         <plugins>
             <!-- The entity classes need to be indexed -->
             <plugin>
-                <groupId>org.jboss.jandex</groupId>
+                <groupId>io.smallrye</groupId>
                 <artifactId>jandex-maven-plugin</artifactId>
                 <executions>
                     <execution>
diff --git a/test-framework/security-webauthn/pom.xml b/test-framework/security-webauthn/pom.xml
index 807d734ea3b95..38923a799df21 100644
--- a/test-framework/security-webauthn/pom.xml
+++ b/test-framework/security-webauthn/pom.xml
@@ -48,7 +48,7 @@
         <plugins>
             <!-- The entity classes need to be indexed -->
             <plugin>
-                <groupId>org.jboss.jandex</groupId>
+                <groupId>io.smallrye</groupId>
                 <artifactId>jandex-maven-plugin</artifactId>
                 <executions>
                     <execution>
diff --git a/test-framework/security/pom.xml b/test-framework/security/pom.xml
index 56d34268f01da..56420535a7f2a 100644
--- a/test-framework/security/pom.xml
+++ b/test-framework/security/pom.xml
@@ -38,7 +38,7 @@
         <plugins>
             <!-- The entity classes needs to be indexed -->
             <plugin>
-                <groupId>org.jboss.jandex</groupId>
+                <groupId>io.smallrye</groupId>
                 <artifactId>jandex-maven-plugin</artifactId>
                 <executions>
                     <execution>

From 9a74058898a405118b3630903ce28c684f38470a Mon Sep 17 00:00:00 2001
From: Guillaume Smet <guillaume.smet@gmail.com>
Date: Thu, 15 Sep 2022 17:57:53 +0200
Subject: [PATCH 28/36] Jakarta - Transform some references in build.gradle

---
 jakarta/transform.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/jakarta/transform.sh b/jakarta/transform.sh
index af6ba984ead8e..b19632b0c6625 100755
--- a/jakarta/transform.sh
+++ b/jakarta/transform.sh
@@ -300,6 +300,9 @@ sed -i 's@org.jboss.narayana.rts:narayana-lra@org.jboss.narayana.rts:narayana-lr
 sed -i 's@org.jboss.narayana.rts:lra-client@org.jboss.narayana.rts:lra-client-jakarta@g' extensions/narayana-lra/runtime/pom.xml
 sed -i 's@META-INF/services/javax.ws.rs.client.ClientBuilder@META-INF/services/jakarta.ws.rs.client.ClientBuilder@g' extensions/narayana-lra/runtime/pom.xml
 
+find integration-tests/gradle -name build.gradle | xargs sed -i 's/javax.enterprise.context.ApplicationScoped/jakarta.enterprise.context.ApplicationScoped/g'
+find integration-tests/gradle -name build.gradle | xargs sed -i 's/javax.ws.rs.Path/jakarta.ws.rs.Path/g'
+
 transform_documentation
 sed -i 's@javax/ws/rs@jakarta/ws/rs@g' docs/src/main/asciidoc/resteasy-reactive.adoc
 sed -i 's@https://javadoc.io/doc/jakarta.ws.rs/jakarta.ws.rs-api/2.1.1@https://javadoc.io/doc/jakarta.ws.rs/jakarta.ws.rs-api/3.1.0@g' docs/src/main/asciidoc/resteasy-reactive.adoc

From 42b876ab6afaa6e1fd0b8707a36255e7838ee39f Mon Sep 17 00:00:00 2001
From: Guillaume Smet <guillaume.smet@gmail.com>
Date: Thu, 15 Sep 2022 17:58:40 +0200
Subject: [PATCH 29/36] Jakarta - Update the RESTEasy Reactive TCK

---
 jakarta/rewrite.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jakarta/rewrite.yml b/jakarta/rewrite.yml
index 98c4e0c465eac..c7c02bb31f30d 100644
--- a/jakarta/rewrite.yml
+++ b/jakarta/rewrite.yml
@@ -677,7 +677,7 @@ recipeList:
       newValue: 3.0
   - org.openrewrite.maven.ChangePropertyValue:
       key: resteasy-reactive-testsuite.repo.ref
-      newValue: c5785f3465fa87395574fde1274c1712b3aa728b
+      newValue: 4116f1a0c5605ad00d7779367dac8002af8c6882
 ---
 type: specs.openrewrite.org/v1beta/recipe
 name: io.quarkus.maven.javax.managed

From 7164593a0edbb59fda69d6d6b6cb9eb18b59a4ad Mon Sep 17 00:00:00 2001
From: shjones <shjones@redhat.com>
Date: Thu, 15 Sep 2022 17:59:09 +0100
Subject: [PATCH 30/36] QDOCS-31: Fix image alignment

---
 .../asciidoc/security-openid-connect-web-authentication.adoc   | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs/src/main/asciidoc/security-openid-connect-web-authentication.adoc b/docs/src/main/asciidoc/security-openid-connect-web-authentication.adoc
index 7f5a410e8c0c0..559905d7aad4c 100644
--- a/docs/src/main/asciidoc/security-openid-connect-web-authentication.adoc
+++ b/docs/src/main/asciidoc/security-openid-connect-web-authentication.adoc
@@ -15,8 +15,7 @@ After authentication, the OIDC provider redirects the user back to the applicati
 The following diagram outlines the Authorization Code Flow mechanism in Quarkus.
 
 .Authorization code flow mechanism in Quarkus
-image::authorization_code_flow.png[alt=Authorization Code Flow, align=center]
-
+image::authorization_code_flow.png[alt=Authorization Code Flow, role="center"]
 
 . The Quarkus user requests access to a Quarkus web-app application.
 . The Quarkus web-app redirects the user to the authorization endpoint, that is, the OIDC provider for authentication.

From 4de08609400c88d7fa8952f76f464d66f3561e2f Mon Sep 17 00:00:00 2001
From: Bill Burke <bburke@redhat.com>
Date: Thu, 15 Sep 2022 13:33:56 -0400
Subject: [PATCH 31/36] Stable Funqy Knative Events

---
 .../runtime/src/main/resources/META-INF/quarkus-extension.yaml  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/extensions/funqy/funqy-knative-events/runtime/src/main/resources/META-INF/quarkus-extension.yaml b/extensions/funqy/funqy-knative-events/runtime/src/main/resources/META-INF/quarkus-extension.yaml
index d307ac236dbbd..eee08b1544b0d 100644
--- a/extensions/funqy/funqy-knative-events/runtime/src/main/resources/META-INF/quarkus-extension.yaml
+++ b/extensions/funqy/funqy-knative-events/runtime/src/main/resources/META-INF/quarkus-extension.yaml
@@ -9,7 +9,7 @@ metadata:
   guide: "https://quarkus.io/guides/funqy-knative-events"
   categories:
   - "cloud"
-  status: "experimental"
+  status: "stable"
   codestart:
     name: "funqy-knative-events"
     kind: "example"

From 09320790012a0f7b64d161577079d8572231cd58 Mon Sep 17 00:00:00 2001
From: Georgios Andrianakis <geoand@gmail.com>
Date: Thu, 15 Sep 2022 16:07:55 +0300
Subject: [PATCH 32/36] Ensure that @ClientHeaderParam works when the rest
 client contains a method with a primitive return type

Relates to: #27959
---
 .../deployment/MicroProfileRestClientEnricher.java         | 2 +-
 .../rest/client/reactive/subresource/SubResourceTest.java  | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/extensions/resteasy-reactive/rest-client-reactive/deployment/src/main/java/io/quarkus/rest/client/reactive/deployment/MicroProfileRestClientEnricher.java b/extensions/resteasy-reactive/rest-client-reactive/deployment/src/main/java/io/quarkus/rest/client/reactive/deployment/MicroProfileRestClientEnricher.java
index 176c3721cdd70..738cc489ee0ea 100644
--- a/extensions/resteasy-reactive/rest-client-reactive/deployment/src/main/java/io/quarkus/rest/client/reactive/deployment/MicroProfileRestClientEnricher.java
+++ b/extensions/resteasy-reactive/rest-client-reactive/deployment/src/main/java/io/quarkus/rest/client/reactive/deployment/MicroProfileRestClientEnricher.java
@@ -445,7 +445,7 @@ private String mockInterface(ClassInfo declaringClass, BuildProducer<GeneratedCl
                 for (MethodInfo method : methods) {
                     if (Modifier.isAbstract(method.flags())) {
                         MethodCreator methodCreator = classCreator.getMethodCreator(MethodDescriptor.of(method));
-                        methodCreator.returnValue(methodCreator.loadNull());
+                        methodCreator.throwException(IllegalStateException.class, "This should never be called");
                     }
                 }
             }
diff --git a/extensions/resteasy-reactive/rest-client-reactive/deployment/src/test/java/io/quarkus/rest/client/reactive/subresource/SubResourceTest.java b/extensions/resteasy-reactive/rest-client-reactive/deployment/src/test/java/io/quarkus/rest/client/reactive/subresource/SubResourceTest.java
index fad7d095aea4a..ee757d0222937 100644
--- a/extensions/resteasy-reactive/rest-client-reactive/deployment/src/test/java/io/quarkus/rest/client/reactive/subresource/SubResourceTest.java
+++ b/extensions/resteasy-reactive/rest-client-reactive/deployment/src/test/java/io/quarkus/rest/client/reactive/subresource/SubResourceTest.java
@@ -5,6 +5,7 @@
 import java.net.URI;
 
 import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
@@ -107,6 +108,12 @@ interface RootClient {
         @ClientHeaderParam(name = "overridable", value = "RootClient#sub")
         SubClient sub(@PathParam("rootParam") String rootParam, @PathParam("methodParam") String methodParam);
 
+        // we only add this to make sure that the inclusion of @ClientHeaderParam does not break
+        // when the rest client interface contains a method returning a primitive type
+        @Path("/dummy")
+        @DELETE
+        boolean dummy();
+
         default String fillingMethod() {
             return "RootClientComputed";
         }

From 730d354ebddf4fa1946a73ceea3e0f99c2e08cc5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 15 Sep 2022 21:26:34 +0000
Subject: [PATCH 33/36] Bump wiremock-jre8-standalone from 2.33.2 to 2.34.0

Bumps [wiremock-jre8-standalone](https://github.com/wiremock/wiremock) from 2.33.2 to 2.34.0.
- [Release notes](https://github.com/wiremock/wiremock/releases)
- [Commits](https://github.com/wiremock/wiremock/compare/2.33.2...2.34.0)

---
updated-dependencies:
- dependency-name: com.github.tomakehurst:wiremock-jre8-standalone
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 build-parent/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build-parent/pom.xml b/build-parent/pom.xml
index ea7c0e5e4a45e..ad56d5e5d144d 100644
--- a/build-parent/pom.xml
+++ b/build-parent/pom.xml
@@ -111,7 +111,7 @@
 
         <assertj.version>3.23.1</assertj.version>
 
-        <wiremock-jre8.version>2.33.2</wiremock-jre8.version>
+        <wiremock-jre8.version>2.34.0</wiremock-jre8.version>
         <wiremock-maven-plugin.version>7.2.0</wiremock-maven-plugin.version>
 
         <!-- Artemis test dependencies -->

From ef78d38a46249d8c9ab4fbcabe01e744d8949524 Mon Sep 17 00:00:00 2001
From: Sergey Beryozkin <sberyozkin@gmail.com>
Date: Thu, 15 Sep 2022 22:37:05 +0100
Subject: [PATCH 34/36] Bump Keycloak version to 19.0.2

---
 bom/application/pom.xml                                       | 2 +-
 build-parent/pom.xml                                          | 2 +-
 .../deployment/devservices/keycloak/DevServicesConfig.java    | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/bom/application/pom.xml b/bom/application/pom.xml
index 10a20945120bd..6a7f80a6cbd6b 100644
--- a/bom/application/pom.xml
+++ b/bom/application/pom.xml
@@ -177,7 +177,7 @@
         <jna.version>5.8.0</jna.version><!-- should satisfy both testcontainers and mongodb -->
         <antlr.version>4.9.2</antlr.version>
         <quarkus-security.version>1.1.4.Final</quarkus-security.version>
-        <keycloak.version>19.0.1</keycloak.version>
+        <keycloak.version>19.0.2</keycloak.version>
         <logstash-gelf.version>1.15.0</logstash-gelf.version>
         <checker-qual.version>3.25.0</checker-qual.version>
         <error-prone-annotations.version>2.15.0</error-prone-annotations.version>
diff --git a/build-parent/pom.xml b/build-parent/pom.xml
index ea7c0e5e4a45e..195dcd03b888e 100644
--- a/build-parent/pom.xml
+++ b/build-parent/pom.xml
@@ -103,7 +103,7 @@
 
         <!-- The image to use for tests that run Keycloak -->
         <!-- IMPORTANT: If this is changed you must also update bom/application/pom.xml and KeycloakBuildTimeConfig/DevServicesConfig in quarkus-oidc/deployment to match the version -->
-        <keycloak.version>19.0.1</keycloak.version>
+        <keycloak.version>19.0.2</keycloak.version>
         <keycloak.docker.image>quay.io/keycloak/keycloak:${keycloak.version}</keycloak.docker.image>
         <keycloak.docker.legacy.image>quay.io/keycloak/keycloak:${keycloak.version}-legacy</keycloak.docker.legacy.image>
 
diff --git a/extensions/oidc/deployment/src/main/java/io/quarkus/oidc/deployment/devservices/keycloak/DevServicesConfig.java b/extensions/oidc/deployment/src/main/java/io/quarkus/oidc/deployment/devservices/keycloak/DevServicesConfig.java
index 27590f08142b4..c6a052ad3b0cd 100644
--- a/extensions/oidc/deployment/src/main/java/io/quarkus/oidc/deployment/devservices/keycloak/DevServicesConfig.java
+++ b/extensions/oidc/deployment/src/main/java/io/quarkus/oidc/deployment/devservices/keycloak/DevServicesConfig.java
@@ -27,7 +27,7 @@ public class DevServicesConfig {
      *
      * Image with a Quarkus based distribution is used by default.
      * Image with a WildFly based distribution can be selected instead, for example:
-     * 'quay.io/keycloak/keycloak:19.0.1-legacy'.
+     * 'quay.io/keycloak/keycloak:19.0.2-legacy'.
      * <p>
      * Note Keycloak Quarkus and Keycloak WildFly images are initialized differently.
      * By default, Dev Services for Keycloak will assume it is a Keycloak Quarkus image if the image version does not end with a
@@ -35,7 +35,7 @@ public class DevServicesConfig {
      * string.
      * Set 'quarkus.keycloak.devservices.keycloak-x-image' to override this check.
      */
-    @ConfigItem(defaultValue = "quay.io/keycloak/keycloak:19.0.1")
+    @ConfigItem(defaultValue = "quay.io/keycloak/keycloak:19.0.2")
     public String imageName;
 
     /**

From 1a9c550603f2d983736d4d902ba36eb87f771575 Mon Sep 17 00:00:00 2001
From: Sergey Beryozkin <sberyozkin@gmail.com>
Date: Fri, 16 Sep 2022 10:56:19 +0100
Subject: [PATCH 35/36] Remove keycloak-admin-client dep from the
 keycloak-authorization test

---
 .../keycloak-authorization/pom.xml             | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/integration-tests/keycloak-authorization/pom.xml b/integration-tests/keycloak-authorization/pom.xml
index 89aa96d57ce33..c2ad8eeac7c0a 100644
--- a/integration-tests/keycloak-authorization/pom.xml
+++ b/integration-tests/keycloak-authorization/pom.xml
@@ -51,24 +51,6 @@
             <artifactId>rest-assured</artifactId>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-admin-client</artifactId>
-            <exclusions>
-                <exclusion>
-                    <groupId>jakarta.activation</groupId>
-                    <artifactId>jakarta.activation-api</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>org.jboss.spec.javax.ws.rs</groupId>
-                    <artifactId>jboss-jaxrs-api_3.0_spec</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>com.sun.activation</groupId>
-                    <artifactId>jakarta.activation</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
 
         <!-- Minimal test dependencies to *-deployment artifacts for consistent build order -->
         <dependency>

From ce3d92669555459a4ba425f36cfb307c7ea5577f Mon Sep 17 00:00:00 2001
From: Guillaume Smet <guillaume.smet@gmail.com>
Date: Fri, 16 Sep 2022 14:05:02 +0200
Subject: [PATCH 36/36] Revert "Narayana recovery manager service"

---
 .../agroal/deployment/AgroalProcessor.java    |  3 ---
 .../quarkus/agroal/runtime/DataSources.java   | 15 +++---------
 .../jta/deployment/NarayanaInitBuildItem.java |  9 --------
 .../jta/deployment/NarayanaJtaProcessor.java  | 23 +------------------
 .../jta/runtime/NarayanaJtaProducers.java     |  8 ++-----
 .../jta/runtime/NarayanaJtaRecorder.java      | 19 +--------------
 .../TransactionManagerConfiguration.java      | 22 ------------------
 7 files changed, 7 insertions(+), 92 deletions(-)
 delete mode 100644 extensions/narayana-jta/deployment/src/main/java/io/quarkus/narayana/jta/deployment/NarayanaInitBuildItem.java

diff --git a/extensions/agroal/deployment/src/main/java/io/quarkus/agroal/deployment/AgroalProcessor.java b/extensions/agroal/deployment/src/main/java/io/quarkus/agroal/deployment/AgroalProcessor.java
index e90502dc4dfe2..769ad707fd29e 100644
--- a/extensions/agroal/deployment/src/main/java/io/quarkus/agroal/deployment/AgroalProcessor.java
+++ b/extensions/agroal/deployment/src/main/java/io/quarkus/agroal/deployment/AgroalProcessor.java
@@ -40,7 +40,6 @@
 import io.quarkus.deployment.Feature;
 import io.quarkus.deployment.annotations.BuildProducer;
 import io.quarkus.deployment.annotations.BuildStep;
-import io.quarkus.deployment.annotations.Consume;
 import io.quarkus.deployment.annotations.ExecutionTime;
 import io.quarkus.deployment.annotations.Record;
 import io.quarkus.deployment.builditem.ExtensionSslNativeSupportBuildItem;
@@ -49,7 +48,6 @@
 import io.quarkus.deployment.builditem.nativeimage.NativeImageResourceBuildItem;
 import io.quarkus.deployment.builditem.nativeimage.ReflectiveClassBuildItem;
 import io.quarkus.deployment.pkg.builditem.CurateOutcomeBuildItem;
-import io.quarkus.narayana.jta.deployment.NarayanaInitBuildItem;
 import io.quarkus.runtime.configuration.ConfigurationException;
 import io.quarkus.smallrye.health.deployment.spi.HealthBuildItem;
 
@@ -223,7 +221,6 @@ void generateDataSourceSupportBean(AgroalRecorder recorder,
 
     @Record(ExecutionTime.RUNTIME_INIT)
     @BuildStep
-    @Consume(NarayanaInitBuildItem.class)
     void generateDataSourceBeans(AgroalRecorder recorder,
             DataSourcesRuntimeConfig dataSourcesRuntimeConfig,
             List<AggregatedDataSourceBuildTimeConfigBuildItem> aggregatedBuildTimeConfigBuildItems,
diff --git a/extensions/agroal/runtime/src/main/java/io/quarkus/agroal/runtime/DataSources.java b/extensions/agroal/runtime/src/main/java/io/quarkus/agroal/runtime/DataSources.java
index 9adbe0abf066c..5008a18b6da99 100644
--- a/extensions/agroal/runtime/src/main/java/io/quarkus/agroal/runtime/DataSources.java
+++ b/extensions/agroal/runtime/src/main/java/io/quarkus/agroal/runtime/DataSources.java
@@ -22,7 +22,6 @@
 import javax.transaction.TransactionSynchronizationRegistry;
 
 import org.jboss.logging.Logger;
-import org.jboss.tm.XAResourceRecoveryRegistry;
 
 import io.agroal.api.AgroalDataSource;
 import io.agroal.api.AgroalPoolInterceptor;
@@ -73,7 +72,6 @@ public class DataSources {
     private final DataSourcesJdbcBuildTimeConfig dataSourcesJdbcBuildTimeConfig;
     private final DataSourcesJdbcRuntimeConfig dataSourcesJdbcRuntimeConfig;
     private final TransactionManager transactionManager;
-    private final XAResourceRecoveryRegistry xaResourceRecoveryRegistry;
     private final TransactionSynchronizationRegistry transactionSynchronizationRegistry;
     private final DataSourceSupport dataSourceSupport;
     private final Instance<AgroalPoolInterceptor> agroalPoolInterceptors;
@@ -84,7 +82,6 @@ public DataSources(DataSourcesBuildTimeConfig dataSourcesBuildTimeConfig,
             DataSourcesRuntimeConfig dataSourcesRuntimeConfig, DataSourcesJdbcBuildTimeConfig dataSourcesJdbcBuildTimeConfig,
             DataSourcesJdbcRuntimeConfig dataSourcesJdbcRuntimeConfig,
             TransactionManager transactionManager,
-            XAResourceRecoveryRegistry xaResourceRecoveryRegistry,
             TransactionSynchronizationRegistry transactionSynchronizationRegistry, DataSourceSupport dataSourceSupport,
             @Any Instance<AgroalPoolInterceptor> agroalPoolInterceptors) {
         this.dataSourcesBuildTimeConfig = dataSourcesBuildTimeConfig;
@@ -92,7 +89,6 @@ public DataSources(DataSourcesBuildTimeConfig dataSourcesBuildTimeConfig,
         this.dataSourcesJdbcBuildTimeConfig = dataSourcesJdbcBuildTimeConfig;
         this.dataSourcesJdbcRuntimeConfig = dataSourcesJdbcRuntimeConfig;
         this.transactionManager = transactionManager;
-        this.xaResourceRecoveryRegistry = xaResourceRecoveryRegistry;
         this.transactionSynchronizationRegistry = transactionSynchronizationRegistry;
         this.dataSourceSupport = dataSourceSupport;
         this.agroalPoolInterceptors = agroalPoolInterceptors;
@@ -272,10 +268,7 @@ private void applyNewConfiguration(AgroalDataSourceConfigurationSupplier dataSou
 
         if (dataSourceJdbcBuildTimeConfig.transactions != io.quarkus.agroal.runtime.TransactionIntegration.DISABLED) {
             TransactionIntegration txIntegration = new NarayanaTransactionIntegration(transactionManager,
-                    transactionSynchronizationRegistry, null, false,
-                    dataSourceJdbcBuildTimeConfig.transactions == io.quarkus.agroal.runtime.TransactionIntegration.XA
-                            ? xaResourceRecoveryRegistry
-                            : null);
+                    transactionSynchronizationRegistry);
             poolConfiguration.transactionIntegration(txIntegration);
         }
 
@@ -294,14 +287,12 @@ private void applyNewConfiguration(AgroalDataSourceConfigurationSupplier dataSou
 
         // Authentication
         if (dataSourceRuntimeConfig.username.isPresent()) {
-            NamePrincipal username = new NamePrincipal(dataSourceRuntimeConfig.username.get());
             connectionFactoryConfiguration
-                    .principal(username).recoveryPrincipal(username);
+                    .principal(new NamePrincipal(dataSourceRuntimeConfig.username.get()));
         }
         if (dataSourceRuntimeConfig.password.isPresent()) {
-            SimplePassword password = new SimplePassword(dataSourceRuntimeConfig.password.get());
             connectionFactoryConfiguration
-                    .credential(password).recoveryCredential(password);
+                    .credential(new SimplePassword(dataSourceRuntimeConfig.password.get()));
         }
 
         // credentials provider
diff --git a/extensions/narayana-jta/deployment/src/main/java/io/quarkus/narayana/jta/deployment/NarayanaInitBuildItem.java b/extensions/narayana-jta/deployment/src/main/java/io/quarkus/narayana/jta/deployment/NarayanaInitBuildItem.java
deleted file mode 100644
index 5cbee9c7ce40d..0000000000000
--- a/extensions/narayana-jta/deployment/src/main/java/io/quarkus/narayana/jta/deployment/NarayanaInitBuildItem.java
+++ /dev/null
@@ -1,9 +0,0 @@
-package io.quarkus.narayana.jta.deployment;
-
-import io.quarkus.builder.item.EmptyBuildItem;
-
-/**
- * Marker build item that indicates that the Narayana JTA extension has been initialized.
- */
-public final class NarayanaInitBuildItem extends EmptyBuildItem {
-}
diff --git a/extensions/narayana-jta/deployment/src/main/java/io/quarkus/narayana/jta/deployment/NarayanaJtaProcessor.java b/extensions/narayana-jta/deployment/src/main/java/io/quarkus/narayana/jta/deployment/NarayanaJtaProcessor.java
index 18e88ec312178..397f771bdfc79 100644
--- a/extensions/narayana-jta/deployment/src/main/java/io/quarkus/narayana/jta/deployment/NarayanaJtaProcessor.java
+++ b/extensions/narayana-jta/deployment/src/main/java/io/quarkus/narayana/jta/deployment/NarayanaJtaProcessor.java
@@ -10,20 +10,11 @@
 import javax.transaction.TransactionScoped;
 
 import com.arjuna.ats.arjuna.common.ObjectStoreEnvironmentBean;
-import com.arjuna.ats.arjuna.recovery.TransactionStatusConnectionManager;
 import com.arjuna.ats.internal.arjuna.coordinator.CheckedActionFactoryImple;
 import com.arjuna.ats.internal.arjuna.objectstore.ShadowNoFileLockStore;
-import com.arjuna.ats.internal.arjuna.recovery.AtomicActionExpiryScanner;
-import com.arjuna.ats.internal.arjuna.recovery.AtomicActionRecoveryModule;
-import com.arjuna.ats.internal.arjuna.recovery.ExpiredTransactionStatusManagerScanner;
 import com.arjuna.ats.internal.arjuna.utils.SocketProcessId;
 import com.arjuna.ats.internal.jta.recovery.arjunacore.CommitMarkableResourceRecordRecoveryModule;
-import com.arjuna.ats.internal.jta.recovery.arjunacore.JTAActionStatusServiceXAResourceOrphanFilter;
-import com.arjuna.ats.internal.jta.recovery.arjunacore.JTANodeNameXAResourceOrphanFilter;
-import com.arjuna.ats.internal.jta.recovery.arjunacore.JTATransactionLogXAResourceOrphanFilter;
 import com.arjuna.ats.internal.jta.recovery.arjunacore.RecoverConnectableAtomicAction;
-import com.arjuna.ats.internal.jta.recovery.arjunacore.XARecoveryModule;
-import com.arjuna.ats.internal.jta.resources.arjunacore.XAResourceRecord;
 import com.arjuna.ats.internal.jta.transaction.arjunacore.TransactionManagerImple;
 import com.arjuna.ats.internal.jta.transaction.arjunacore.TransactionSynchronizationRegistryImple;
 import com.arjuna.ats.internal.jta.transaction.arjunacore.UserTransactionImple;
@@ -41,7 +32,6 @@
 import io.quarkus.deployment.IsTest;
 import io.quarkus.deployment.annotations.BuildProducer;
 import io.quarkus.deployment.annotations.BuildStep;
-import io.quarkus.deployment.annotations.Produce;
 import io.quarkus.deployment.annotations.Record;
 import io.quarkus.deployment.builditem.FeatureBuildItem;
 import io.quarkus.deployment.builditem.ShutdownContextBuildItem;
@@ -74,7 +64,6 @@ public NativeImageSystemPropertyBuildItem nativeImageSystemPropertyBuildItem() {
 
     @BuildStep
     @Record(RUNTIME_INIT)
-    @Produce(NarayanaInitBuildItem.class)
     public void build(NarayanaJtaRecorder recorder,
             BuildProducer<AdditionalBeanBuildItem> additionalBeans,
             BuildProducer<ReflectiveClassBuildItem> reflectiveClass,
@@ -92,9 +81,6 @@ public void build(NarayanaJtaRecorder recorder,
         runtimeInit.produce(new RuntimeInitializedClassBuildItem(SocketProcessId.class.getName()));
         runtimeInit.produce(new RuntimeInitializedClassBuildItem(CommitMarkableResourceRecordRecoveryModule.class.getName()));
         runtimeInit.produce(new RuntimeInitializedClassBuildItem(RecoverConnectableAtomicAction.class.getName()));
-        runtimeInit.produce(new RuntimeInitializedClassBuildItem(TransactionStatusConnectionManager.class.getName()));
-        runtimeInit.produce(new RuntimeInitializedClassBuildItem(JTAActionStatusServiceXAResourceOrphanFilter.class.getName()));
-        runtimeInit.produce(new RuntimeInitializedClassBuildItem(AtomicActionExpiryScanner.class.getName()));
 
         reflectiveClass.produce(new ReflectiveClassBuildItem(false, false, JTAEnvironmentBean.class.getName(),
                 UserTransactionImple.class.getName(),
@@ -103,14 +89,7 @@ public void build(NarayanaJtaRecorder recorder,
                 TransactionSynchronizationRegistryImple.class.getName(),
                 ObjectStoreEnvironmentBean.class.getName(),
                 ShadowNoFileLockStore.class.getName(),
-                SocketProcessId.class.getName(),
-                AtomicActionRecoveryModule.class.getName(),
-                XARecoveryModule.class.getName(),
-                XAResourceRecord.class.getName(),
-                JTATransactionLogXAResourceOrphanFilter.class.getName(),
-                JTANodeNameXAResourceOrphanFilter.class.getName(),
-                JTAActionStatusServiceXAResourceOrphanFilter.class.getName(),
-                ExpiredTransactionStatusManagerScanner.class.getName()));
+                SocketProcessId.class.getName()));
 
         AdditionalBeanBuildItem.Builder builder = AdditionalBeanBuildItem.builder();
         builder.addBeanClass(TransactionalInterceptorSupports.class);
diff --git a/extensions/narayana-jta/runtime/src/main/java/io/quarkus/narayana/jta/runtime/NarayanaJtaProducers.java b/extensions/narayana-jta/runtime/src/main/java/io/quarkus/narayana/jta/runtime/NarayanaJtaProducers.java
index abfb7d0d36f97..85e4b99d2e17e 100644
--- a/extensions/narayana-jta/runtime/src/main/java/io/quarkus/narayana/jta/runtime/NarayanaJtaProducers.java
+++ b/extensions/narayana-jta/runtime/src/main/java/io/quarkus/narayana/jta/runtime/NarayanaJtaProducers.java
@@ -3,7 +3,6 @@
 import javax.enterprise.context.ApplicationScoped;
 import javax.enterprise.context.Dependent;
 import javax.enterprise.inject.Produces;
-import javax.inject.Singleton;
 import javax.transaction.TransactionSynchronizationRegistry;
 
 import org.jboss.tm.JBossXATerminator;
@@ -33,12 +32,9 @@ public javax.transaction.UserTransaction userTransaction() {
     }
 
     @Produces
-    @Singleton
+    @ApplicationScoped
     public XAResourceRecoveryRegistry xaResourceRecoveryRegistry() {
-        RecoveryManagerService recoveryManagerService = new RecoveryManagerService();
-        recoveryManagerService.create();
-        recoveryManagerService.start();
-        return recoveryManagerService;
+        return new RecoveryManagerService();
     }
 
     @Produces
diff --git a/extensions/narayana-jta/runtime/src/main/java/io/quarkus/narayana/jta/runtime/NarayanaJtaRecorder.java b/extensions/narayana-jta/runtime/src/main/java/io/quarkus/narayana/jta/runtime/NarayanaJtaRecorder.java
index 82d2e61b95ec4..b66dd67487d37 100644
--- a/extensions/narayana-jta/runtime/src/main/java/io/quarkus/narayana/jta/runtime/NarayanaJtaRecorder.java
+++ b/extensions/narayana-jta/runtime/src/main/java/io/quarkus/narayana/jta/runtime/NarayanaJtaRecorder.java
@@ -7,15 +7,10 @@
 import org.jboss.logging.Logger;
 
 import com.arjuna.ats.arjuna.common.CoreEnvironmentBeanException;
-import com.arjuna.ats.arjuna.common.ObjectStoreEnvironmentBean;
-import com.arjuna.ats.arjuna.common.RecoveryEnvironmentBean;
 import com.arjuna.ats.arjuna.common.arjPropertyManager;
 import com.arjuna.ats.arjuna.coordinator.TransactionReaper;
 import com.arjuna.ats.arjuna.coordinator.TxControl;
-import com.arjuna.ats.arjuna.recovery.RecoveryManager;
-import com.arjuna.ats.jta.common.JTAEnvironmentBean;
 import com.arjuna.ats.jta.common.jtaPropertyManager;
-import com.arjuna.common.internal.util.propertyservice.BeanPopulator;
 import com.arjuna.common.util.propertyservice.PropertiesFactory;
 
 import io.quarkus.runtime.ShutdownContext;
@@ -72,25 +67,13 @@ public void disableTransactionStatusManager() {
     }
 
     public void setConfig(final TransactionManagerConfiguration transactions) {
-        BeanPopulator.getDefaultInstance(ObjectStoreEnvironmentBean.class)
-                .setObjectStoreDir(transactions.objectStoreDirectory);
-        BeanPopulator.getNamedInstance(ObjectStoreEnvironmentBean.class, "communicationStore")
-                .setObjectStoreDir(transactions.objectStoreDirectory);
-        BeanPopulator.getNamedInstance(ObjectStoreEnvironmentBean.class, "stateStore")
-                .setObjectStoreDir(transactions.objectStoreDirectory);
-        BeanPopulator.getDefaultInstance(RecoveryEnvironmentBean.class)
-                .setRecoveryModuleClassNames(transactions.recoveryModules);
-        BeanPopulator.getDefaultInstance(RecoveryEnvironmentBean.class)
-                .setExpiryScannerClassNames(transactions.expiryScanners);
-        BeanPopulator.getDefaultInstance(JTAEnvironmentBean.class)
-                .setXaResourceOrphanFilterClassNames(transactions.xaResourceOrphanFilters);
+        arjPropertyManager.getObjectStoreEnvironmentBean().setObjectStoreDir(transactions.objectStoreDirectory);
     }
 
     public void handleShutdown(ShutdownContext context) {
         context.addLastShutdownTask(new Runnable() {
             @Override
             public void run() {
-                RecoveryManager.manager().terminate(true);
                 TransactionReaper.terminate(false);
             }
         });
diff --git a/extensions/narayana-jta/runtime/src/main/java/io/quarkus/narayana/jta/runtime/TransactionManagerConfiguration.java b/extensions/narayana-jta/runtime/src/main/java/io/quarkus/narayana/jta/runtime/TransactionManagerConfiguration.java
index b4f8ab1ee8cc1..ee2c70841b308 100644
--- a/extensions/narayana-jta/runtime/src/main/java/io/quarkus/narayana/jta/runtime/TransactionManagerConfiguration.java
+++ b/extensions/narayana-jta/runtime/src/main/java/io/quarkus/narayana/jta/runtime/TransactionManagerConfiguration.java
@@ -1,7 +1,6 @@
 package io.quarkus.narayana.jta.runtime;
 
 import java.time.Duration;
-import java.util.List;
 
 import io.quarkus.runtime.annotations.ConfigItem;
 import io.quarkus.runtime.annotations.ConfigPhase;
@@ -31,25 +30,4 @@ public final class TransactionManagerConfiguration {
      */
     @ConfigItem(defaultValue = "ObjectStore")
     public String objectStoreDirectory;
-
-    /**
-     * The list of recovery modules
-     */
-    @ConfigItem(defaultValue = "com.arjuna.ats.internal.arjuna.recovery.AtomicActionRecoveryModule," +
-            "com.arjuna.ats.internal.jta.recovery.arjunacore.XARecoveryModule")
-    public List<String> recoveryModules;
-
-    /**
-     * The list of expiry scanners
-     */
-    @ConfigItem(defaultValue = "com.arjuna.ats.internal.arjuna.recovery.ExpiredTransactionStatusManagerScanner")
-    public List<String> expiryScanners;
-
-    /**
-     * The list of orphan filters
-     */
-    @ConfigItem(defaultValue = "com.arjuna.ats.internal.jta.recovery.arjunacore.JTATransactionLogXAResourceOrphanFilter," +
-            "com.arjuna.ats.internal.jta.recovery.arjunacore.JTANodeNameXAResourceOrphanFilter," +
-            "com.arjuna.ats.internal.jta.recovery.arjunacore.JTAActionStatusServiceXAResourceOrphanFilter")
-    public List<String> xaResourceOrphanFilters;
 }