From 7c98a87bebd819161378115049e569f2013da36c Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Thu, 24 Oct 2024 12:56:57 +0200
Subject: [PATCH 001/129] feat(TransactionsImport): add parameters for pipeline
 (#10388)

---
 .../v2/enum/TransactionsImportRowStatus.ts    |  17 +++
 .../graphql/v2/input/OrderReferenceInput.ts   |   8 +-
 .../input/TransactionsImportRowUpdateInput.ts |  14 ++-
 .../v2/mutation/AddedFundsMutations.ts        |   8 +-
 .../mutation/TransactionImportsMutations.ts   | 105 +++++++++++++-----
 .../graphql/v2/object/TransactionsImport.ts   |  52 ++++++++-
 6 files changed, 162 insertions(+), 42 deletions(-)
 create mode 100644 server/graphql/v2/enum/TransactionsImportRowStatus.ts

diff --git a/server/graphql/v2/enum/TransactionsImportRowStatus.ts b/server/graphql/v2/enum/TransactionsImportRowStatus.ts
new file mode 100644
index 00000000000..c795b36ab7d
--- /dev/null
+++ b/server/graphql/v2/enum/TransactionsImportRowStatus.ts
@@ -0,0 +1,17 @@
+import { GraphQLEnumType } from 'graphql';
+
+export enum TransactionsImportRowStatus {
+  PENDING = 'PENDING',
+  LINKED = 'LINKED',
+  IGNORED = 'IGNORED',
+}
+
+export const GraphQLTransactionsImportRowStatus = new GraphQLEnumType({
+  name: 'TransactionsImportRowStatus',
+  description: 'The status of a row in a transactions import',
+  values: {
+    PENDING: { value: 'PENDING', description: 'The row has not been processed yet' },
+    LINKED: { value: 'LINKED', description: 'The row has been linked to an existing expense or order' },
+    IGNORED: { value: 'IGNORED', description: 'The row has been ignored' },
+  },
+});
diff --git a/server/graphql/v2/input/OrderReferenceInput.ts b/server/graphql/v2/input/OrderReferenceInput.ts
index 4ed7521ebbb..b26a3c4e601 100644
--- a/server/graphql/v2/input/OrderReferenceInput.ts
+++ b/server/graphql/v2/input/OrderReferenceInput.ts
@@ -19,9 +19,9 @@ export const GraphQLOrderReferenceInput = new GraphQLInputObjectType({
   }),
 });
 
-export type ObjectReference = { id?: string; legacyId?: number };
+export type OrderReferenceInputGraphQLType = { id?: string; legacyId?: number };
 
-export const getDatabaseIdFromOrderReference = (input: ObjectReference): number => {
+export const getDatabaseIdFromOrderReference = (input: OrderReferenceInputGraphQLType): number => {
   if (input.id) {
     return idDecode(input.id, IDENTIFIER_TYPES.ORDER);
   } else if (input.legacyId) {
@@ -32,7 +32,7 @@ export const getDatabaseIdFromOrderReference = (input: ObjectReference): number
 };
 
 export const fetchOrderWithReference = async (
-  input: ObjectReference,
+  input: OrderReferenceInputGraphQLType,
   {
     include = undefined,
     throwIfMissing = true,
@@ -51,7 +51,7 @@ export const fetchOrderWithReference = async (
 };
 
 export const fetchOrdersWithReferences = async (
-  inputs: ObjectReference[],
+  inputs: OrderReferenceInputGraphQLType[],
   { include }: { include?: Includeable | Includeable[] },
 ) => {
   if (inputs.length === 0) {
diff --git a/server/graphql/v2/input/TransactionsImportRowUpdateInput.ts b/server/graphql/v2/input/TransactionsImportRowUpdateInput.ts
index 7bc8b9a00f0..2541fab5574 100644
--- a/server/graphql/v2/input/TransactionsImportRowUpdateInput.ts
+++ b/server/graphql/v2/input/TransactionsImportRowUpdateInput.ts
@@ -1,8 +1,18 @@
 import { GraphQLBoolean, GraphQLInputObjectType, GraphQLNonNull, GraphQLString } from 'graphql';
 import { GraphQLDateTime, GraphQLNonEmptyString } from 'graphql-scalars';
 
-import { GraphQLAmountInput } from './AmountInput';
-import { GraphQLOrderReferenceInput } from './OrderReferenceInput';
+import { AmountInputType, GraphQLAmountInput } from './AmountInput';
+import { GraphQLOrderReferenceInput, OrderReferenceInputGraphQLType } from './OrderReferenceInput';
+
+export type TransactionImportRowGraphQLType = {
+  id: string;
+  sourceId?: string | null;
+  description?: string | null;
+  date?: string | null;
+  amount?: AmountInputType | null;
+  isDismissed?: boolean | null;
+  order?: OrderReferenceInputGraphQLType | null;
+};
 
 export const GraphQLTransactionsImportRowUpdateInput = new GraphQLInputObjectType({
   name: 'TransactionsImportRowUpdateInput',
diff --git a/server/graphql/v2/mutation/AddedFundsMutations.ts b/server/graphql/v2/mutation/AddedFundsMutations.ts
index ed868ffc9cb..d391b8c6f2e 100644
--- a/server/graphql/v2/mutation/AddedFundsMutations.ts
+++ b/server/graphql/v2/mutation/AddedFundsMutations.ts
@@ -24,7 +24,11 @@ import {
 } from '../input/AccountingCategoryInput';
 import { fetchAccountWithReference, GraphQLAccountReferenceInput } from '../input/AccountReferenceInput';
 import { AmountInputType, getValueInCentsFromAmountInput, GraphQLAmountInput } from '../input/AmountInput';
-import { fetchOrderWithReference, GraphQLOrderReferenceInput, ObjectReference } from '../input/OrderReferenceInput';
+import {
+  fetchOrderWithReference,
+  GraphQLOrderReferenceInput,
+  OrderReferenceInputGraphQLType,
+} from '../input/OrderReferenceInput';
 import { GraphQLTaxInput, TaxInput } from '../input/TaxInput';
 import { fetchTierWithReference, GraphQLTierReferenceInput } from '../input/TierReferenceInput';
 import {
@@ -297,7 +301,7 @@ export default {
     },
     resolve: async (
       _,
-      args: Omit<AddFundsMutationArgs, 'transactionsImportRow'> & { order: ObjectReference },
+      args: Omit<AddFundsMutationArgs, 'transactionsImportRow'> & { order: OrderReferenceInputGraphQLType },
       req: express.Request,
     ) => {
       checkRemoteUserCanUseHost(req);
diff --git a/server/graphql/v2/mutation/TransactionImportsMutations.ts b/server/graphql/v2/mutation/TransactionImportsMutations.ts
index 1331ac482aa..3d47c4a0278 100644
--- a/server/graphql/v2/mutation/TransactionImportsMutations.ts
+++ b/server/graphql/v2/mutation/TransactionImportsMutations.ts
@@ -3,7 +3,7 @@ import type { Request } from 'express';
 import { GraphQLBoolean, GraphQLList, GraphQLNonNull } from 'graphql';
 import { GraphQLJSONObject, GraphQLNonEmptyString } from 'graphql-scalars';
 import GraphQLUpload from 'graphql-upload/GraphQLUpload.js';
-import { isUndefined, omit, omitBy, pick } from 'lodash';
+import { omit, pick } from 'lodash';
 
 import { disconnectPlaidAccount } from '../../../lib/plaid/connect';
 import RateLimit from '../../../lib/rate-limit';
@@ -17,7 +17,10 @@ import { fetchAccountWithReference, GraphQLAccountReferenceInput } from '../inpu
 import { getValueInCentsFromAmountInput } from '../input/AmountInput';
 import { getDatabaseIdFromOrderReference } from '../input/OrderReferenceInput';
 import { GraphQLTransactionsImportRowCreateInput } from '../input/TransactionsImportRowCreateInput';
-import { GraphQLTransactionsImportRowUpdateInput } from '../input/TransactionsImportRowUpdateInput';
+import {
+  GraphQLTransactionsImportRowUpdateInput,
+  TransactionImportRowGraphQLType,
+} from '../input/TransactionsImportRowUpdateInput';
 import { GraphQLTransactionsImport } from '../object/TransactionsImport';
 
 const transactionImportsMutations = {
@@ -194,11 +197,28 @@ const transactionImportsMutations = {
         description: 'ID of the import to add transactions to',
       },
       rows: {
-        type: new GraphQLNonNull(new GraphQLList(new GraphQLNonNull(GraphQLTransactionsImportRowUpdateInput))),
+        type: new GraphQLList(new GraphQLNonNull(GraphQLTransactionsImportRowUpdateInput)),
         description: 'Rows to update',
       },
+      dismissAll: {
+        type: GraphQLBoolean,
+        description: 'Whether to ignore all non-processed rows',
+      },
+      restoreAll: {
+        type: GraphQLBoolean,
+        description: 'Whether to restore all dismissed rows',
+      },
     },
-    resolve: async (_: void, args, req: Request) => {
+    resolve: async (
+      _: void,
+      args: {
+        id: string;
+        rows?: TransactionImportRowGraphQLType[];
+        dismissAll?: boolean;
+        restoreAll?: boolean;
+      },
+      req: Request,
+    ) => {
       checkRemoteUserCanUseTransactions(req);
       const importId = idDecode(args.id, 'transactions-import');
       const transactionsImport = await TransactionsImport.findByPk(importId, {
@@ -213,35 +233,62 @@ const transactionImportsMutations = {
       // Preload orders
       return sequelize.transaction(async transaction => {
         // Update rows
-        await Promise.all(
-          args.rows.map(async row => {
-            const rowId = idDecode(row.id, 'transactions-import-row');
-            const values = omitBy(omit(row, ['id', 'order']), isUndefined);
-            if (row.amount) {
-              values.amount = getValueInCentsFromAmountInput(row.amount);
-              values.currency = row.amount.currency;
-            }
-            if (row.order) {
-              const orderId = getDatabaseIdFromOrderReference(row.order);
-              const order = await req.loaders.Order.byId.load(orderId);
-              const collective = order && (await req.loaders.Collective.byId.load(order.CollectiveId));
-              if (!order || !collective || collective.HostCollectiveId !== transactionsImport.CollectiveId) {
-                throw new Unauthorized(`Order not found or not associated with the import: ${orderId}`);
+        if (args.rows?.length) {
+          await Promise.all(
+            args.rows.map(async row => {
+              const rowId = idDecode(row.id, 'transactions-import-row');
+              let values: Parameters<typeof TransactionsImportRow.update>[0] = pick(row, [
+                'sourceId',
+                'description',
+                'date',
+                'isDismissed',
+              ]);
+              if (row.amount) {
+                values.amount = getValueInCentsFromAmountInput(row.amount);
+                values.currency = row.amount.currency;
               }
+              if (row.order) {
+                const orderId = getDatabaseIdFromOrderReference(row.order);
+                const order = await req.loaders.Order.byId.load(orderId);
+                const collective = order && (await req.loaders.Collective.byId.load(order.CollectiveId));
+                if (!order || !collective || collective.HostCollectiveId !== transactionsImport.CollectiveId) {
+                  throw new Unauthorized(`Order not found or not associated with the import: ${orderId}`);
+                }
 
-              values['OrderId'] = order.id;
-            }
+                values['OrderId'] = order.id;
+              }
 
-            const [updatedCount] = await TransactionsImportRow.update(values, {
-              where: { id: rowId, TransactionsImportId: importId },
-              transaction,
-            });
+              // For plaid imports, users can't change amount, date or sourceId
+              if (transactionsImport.type === 'PLAID') {
+                values = omit(values, ['amount', 'date', 'sourceId']);
+              }
 
-            if (!updatedCount) {
-              throw new NotFound(`Row not found: ${row.id}`);
-            }
-          }),
-        );
+              const [updatedCount] = await TransactionsImportRow.update(values, {
+                where: { id: rowId, TransactionsImportId: importId },
+                transaction,
+              });
+
+              if (!updatedCount) {
+                throw new NotFound(`Row not found: ${row.id}`);
+              }
+            }),
+          );
+        } else if (args.dismissAll) {
+          await TransactionsImportRow.update(
+            { isDismissed: true },
+            {
+              where: { TransactionsImportId: importId, isDismissed: false, ExpenseId: null, OrderId: null },
+              transaction,
+            },
+          );
+        } else if (args.restoreAll) {
+          await TransactionsImportRow.update(
+            { isDismissed: false },
+            { where: { TransactionsImportId: importId, isDismissed: true }, transaction },
+          );
+        } else {
+          throw new ValidationFailed('You must provide at least one row to update or dismiss/restore all rows');
+        }
 
         // Update import
         return transactionsImport.update({ updatedAt: new Date() }, { transaction });
diff --git a/server/graphql/v2/object/TransactionsImport.ts b/server/graphql/v2/object/TransactionsImport.ts
index ce4bcf1c662..f715168aad8 100644
--- a/server/graphql/v2/object/TransactionsImport.ts
+++ b/server/graphql/v2/object/TransactionsImport.ts
@@ -1,12 +1,15 @@
 import { GraphQLBoolean, GraphQLInt, GraphQLNonNull, GraphQLObjectType, GraphQLString } from 'graphql';
 import { GraphQLDateTime, GraphQLJSON, GraphQLNonEmptyString } from 'graphql-scalars';
 
-import { TransactionsImport } from '../../../models';
+import { buildSearchConditions } from '../../../lib/sql-search';
+import { Op, TransactionsImport } from '../../../models';
 import TransactionsImportRow from '../../../models/TransactionsImportRow';
 import { GraphQLTransactionsImportRowCollection } from '../collection/GraphQLTransactionsImportRow';
+import { GraphQLTransactionsImportRowStatus, TransactionsImportRowStatus } from '../enum/TransactionsImportRowStatus';
 import { GraphQLTransactionsImportType } from '../enum/TransactionsImportType';
 import { getIdEncodeResolver } from '../identifiers';
 import { GraphQLAccount } from '../interface/Account';
+import { getCollectionArgs } from '../interface/Collection';
 import { GraphQLFileInfo } from '../interface/FileInfo';
 
 import { GraphQLConnectedAccount } from './ConnectedAccount';
@@ -86,15 +89,54 @@ export const GraphQLTransactionsImport = new GraphQLObjectType({
     rows: {
       type: new GraphQLNonNull(GraphQLTransactionsImportRowCollection),
       description: 'List of rows in the import',
-      resolve: async importInstance => {
-        const where = { TransactionsImportId: importInstance.id };
+      args: {
+        ...getCollectionArgs({ limit: 100 }),
+        status: {
+          type: GraphQLTransactionsImportRowStatus,
+          description: 'Filter rows by status',
+        },
+        searchTerm: {
+          type: GraphQLString,
+          description: 'Search by text',
+        },
+      },
+      resolve: async (
+        importInstance,
+        args: { limit: number; offset: number; status: TransactionsImportRowStatus; searchTerm: string },
+      ) => {
+        const where: Parameters<typeof TransactionsImportRow.findAll>[0]['where'] = {
+          [Op.and]: [{ TransactionsImportId: importInstance.id }],
+        };
+
+        // Filter by status
+        if (args.status) {
+          if (args.status === 'IGNORED') {
+            where[Op.and].push({ isDismissed: true });
+          } else if (args.status === 'LINKED') {
+            where[Op.and].push({ [Op.or]: [{ ExpenseId: { [Op.not]: null } }, { OrderId: { [Op.not]: null } }] });
+          } else if (args.status === 'PENDING') {
+            where[Op.and].push({ ExpenseId: null }, { OrderId: null }, { isDismissed: false });
+          }
+        }
+
+        // Search term
+        if (args.searchTerm) {
+          where[Op.and].push({
+            [Op.or]: buildSearchConditions(args.searchTerm, {
+              textFields: ['description', 'sourceId'],
+            }),
+          });
+        }
+
         return {
-          offset: 0,
-          limit: 1000000, // TODO: pagination
+          offset: args.offset,
+          limit: args.limit,
           totalCount: () => TransactionsImportRow.count({ where }),
           nodes: () =>
             TransactionsImportRow.findAll({
               where,
+              limit: args.limit,
+              offset: args.offset,
               order: [
                 ['createdAt', 'ASC'],
                 ['id', 'ASC'],

From 320212a3ec189e0c583d683936c4a54c8871a582 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 24 Oct 2024 12:57:18 +0200
Subject: [PATCH 002/129] fix(deps): update dependency uuid to v10 (#10417)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 48 +++++++++++++++++++++++++++++++++++++++++++----
 package.json      |  2 +-
 2 files changed, 45 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index d0bb5b4b2f3..5d951d0f82e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -109,7 +109,7 @@
         "tweetnacl": "1.0.3",
         "tweetnacl-util": "0.15.1",
         "twitter-api-v2": "1.17.2",
-        "uuid": "9.0.1",
+        "uuid": "10.0.0",
         "validator": "13.12.0",
         "winston": "3.13.1",
         "zod": "3.23.8"
@@ -289,6 +289,19 @@
         "node": ">=12"
       }
     },
+    "node_modules/@apollo/server/node_modules/uuid": {
+      "version": "9.0.1",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz",
+      "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==",
+      "funding": [
+        "https://github.com/sponsors/broofa",
+        "https://github.com/sponsors/ctavan"
+      ],
+      "license": "MIT",
+      "bin": {
+        "uuid": "dist/bin/uuid"
+      }
+    },
     "node_modules/@apollo/usage-reporting-protobuf": {
       "version": "4.1.1",
       "resolved": "https://registry.npmjs.org/@apollo/usage-reporting-protobuf/-/usage-reporting-protobuf-4.1.1.tgz",
@@ -4334,6 +4347,19 @@
         "node": ">=8"
       }
     },
+    "node_modules/@hyperwatch/hyperwatch/node_modules/uuid": {
+      "version": "9.0.1",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz",
+      "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==",
+      "funding": [
+        "https://github.com/sponsors/broofa",
+        "https://github.com/sponsors/ctavan"
+      ],
+      "license": "MIT",
+      "bin": {
+        "uuid": "dist/bin/uuid"
+      }
+    },
     "node_modules/@hyperwatch/useragent": {
       "version": "3.9.3",
       "resolved": "https://registry.npmjs.org/@hyperwatch/useragent/-/useragent-3.9.3.tgz",
@@ -7784,6 +7810,19 @@
         "node": ">=16.0.0"
       }
     },
+    "node_modules/@smithy/middleware-retry/node_modules/uuid": {
+      "version": "9.0.1",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz",
+      "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==",
+      "funding": [
+        "https://github.com/sponsors/broofa",
+        "https://github.com/sponsors/ctavan"
+      ],
+      "license": "MIT",
+      "bin": {
+        "uuid": "dist/bin/uuid"
+      }
+    },
     "node_modules/@smithy/middleware-serde": {
       "version": "3.0.3",
       "resolved": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-3.0.3.tgz",
@@ -22478,13 +22517,14 @@
       }
     },
     "node_modules/uuid": {
-      "version": "9.0.1",
-      "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz",
-      "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==",
+      "version": "10.0.0",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-10.0.0.tgz",
+      "integrity": "sha512-8XkAphELsDnEGrDxUOHB3RGvXz6TeuYSGEZBOjtTtPm2lwhGBjLgOzLHB63IUWfBpNucQjND6d3AOudO+H3RWQ==",
       "funding": [
         "https://github.com/sponsors/broofa",
         "https://github.com/sponsors/ctavan"
       ],
+      "license": "MIT",
       "bin": {
         "uuid": "dist/bin/uuid"
       }
diff --git a/package.json b/package.json
index 965f1daec52..12be88317dc 100644
--- a/package.json
+++ b/package.json
@@ -130,7 +130,7 @@
     "tweetnacl": "1.0.3",
     "tweetnacl-util": "0.15.1",
     "twitter-api-v2": "1.17.2",
-    "uuid": "9.0.1",
+    "uuid": "10.0.0",
     "validator": "13.12.0",
     "winston": "3.13.1",
     "zod": "3.23.8"

From 42956d2113eccf2348a3e013ebc6118c583f8016 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 24 Oct 2024 12:57:45 +0200
Subject: [PATCH 003/129] fix(deps): update dependency plaid to v29 (#10415)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 5d951d0f82e..77bbf70a6fe 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -94,7 +94,7 @@
         "pg": "8.12.0",
         "pg-connection-string": "2.7.0",
         "pg-format": "1.0.4",
-        "plaid": "28.0.0",
+        "plaid": "29.0.0",
         "prepend-http": "3.0.1",
         "redis": "4.6.6",
         "sanitize-html": "2.13.1",
@@ -19492,9 +19492,9 @@
       }
     },
     "node_modules/plaid": {
-      "version": "28.0.0",
-      "resolved": "https://registry.npmjs.org/plaid/-/plaid-28.0.0.tgz",
-      "integrity": "sha512-jz5adPpiTMgKAPHqaAoD05LaqUrE1CKIXXp41fIYpfVV21p6boQ5aoft6GHJOed43ZA9iwu8jeIJrl6zO8GHTQ==",
+      "version": "29.0.0",
+      "resolved": "https://registry.npmjs.org/plaid/-/plaid-29.0.0.tgz",
+      "integrity": "sha512-bDcLcRkJxd6rI+fYsxYhSvaMvFY/k/yDlcF4KqWLQEIDXSgDtViMw59URIOfAWK+ohRTPnzQ8RAucGltLoCYKA==",
       "license": "MIT",
       "dependencies": {
         "axios": "^1.6.2"
diff --git a/package.json b/package.json
index 12be88317dc..5302442c68a 100644
--- a/package.json
+++ b/package.json
@@ -115,7 +115,7 @@
     "pg": "8.12.0",
     "pg-connection-string": "2.7.0",
     "pg-format": "1.0.4",
-    "plaid": "28.0.0",
+    "plaid": "29.0.0",
     "prepend-http": "3.0.1",
     "redis": "4.6.6",
     "sanitize-html": "2.13.1",

From b828585396ad0f056235eea56fb5f90cce347ee1 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 24 Oct 2024 12:58:23 +0200
Subject: [PATCH 004/129] fix(deps): update dependency @aws-sdk/client-s3 to
 v3.678.0 (#10403)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 1795 +++++++++++++++++++++++++++++----------------
 package.json      |    2 +-
 2 files changed, 1166 insertions(+), 631 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 77bbf70a6fe..cf7a1b9327a 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,7 +9,7 @@
       "license": "MIT",
       "dependencies": {
         "@apollo/server": "4.11.0",
-        "@aws-sdk/client-s3": "3.614.0",
+        "@aws-sdk/client-s3": "3.678.0",
         "@babel/core": "7.25.8",
         "@babel/node": "7.25.7",
         "@babel/plugin-transform-typescript": "7.25.7",
@@ -552,68 +552,81 @@
       }
     },
     "node_modules/@aws-sdk/client-s3": {
-      "version": "3.614.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.614.0.tgz",
-      "integrity": "sha512-9BlhfeBegvyjOqHtcr9kvrT80wiy7EVUiqYyTFiiDv/hJIcG88XHQCZdLU7658XBkQ7aFrr5b8rF2HRD1oroxw==",
+      "version": "3.678.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/client-s3/-/client-s3-3.678.0.tgz",
+      "integrity": "sha512-2N+cGerOtcijYVRThakA1wwaXjdb7bNX8fMnmNzfqsRu1kASCPNvefhPTAiNl//Hf2l2d+H8TdI3wtLw0KurBQ==",
       "license": "Apache-2.0",
       "dependencies": {
         "@aws-crypto/sha1-browser": "5.2.0",
         "@aws-crypto/sha256-browser": "5.2.0",
         "@aws-crypto/sha256-js": "5.2.0",
-        "@aws-sdk/client-sso-oidc": "3.614.0",
-        "@aws-sdk/client-sts": "3.614.0",
-        "@aws-sdk/core": "3.614.0",
-        "@aws-sdk/credential-provider-node": "3.614.0",
-        "@aws-sdk/middleware-bucket-endpoint": "3.614.0",
-        "@aws-sdk/middleware-expect-continue": "3.609.0",
-        "@aws-sdk/middleware-flexible-checksums": "3.614.0",
-        "@aws-sdk/middleware-host-header": "3.609.0",
-        "@aws-sdk/middleware-location-constraint": "3.609.0",
-        "@aws-sdk/middleware-logger": "3.609.0",
-        "@aws-sdk/middleware-recursion-detection": "3.609.0",
-        "@aws-sdk/middleware-sdk-s3": "3.614.0",
-        "@aws-sdk/middleware-signing": "3.609.0",
-        "@aws-sdk/middleware-ssec": "3.609.0",
-        "@aws-sdk/middleware-user-agent": "3.614.0",
-        "@aws-sdk/region-config-resolver": "3.614.0",
-        "@aws-sdk/signature-v4-multi-region": "3.614.0",
-        "@aws-sdk/types": "3.609.0",
-        "@aws-sdk/util-endpoints": "3.614.0",
-        "@aws-sdk/util-user-agent-browser": "3.609.0",
-        "@aws-sdk/util-user-agent-node": "3.614.0",
-        "@aws-sdk/xml-builder": "3.609.0",
-        "@smithy/config-resolver": "^3.0.5",
-        "@smithy/core": "^2.2.6",
-        "@smithy/eventstream-serde-browser": "^3.0.4",
-        "@smithy/eventstream-serde-config-resolver": "^3.0.3",
-        "@smithy/eventstream-serde-node": "^3.0.4",
-        "@smithy/fetch-http-handler": "^3.2.1",
-        "@smithy/hash-blob-browser": "^3.1.2",
-        "@smithy/hash-node": "^3.0.3",
-        "@smithy/hash-stream-node": "^3.1.2",
-        "@smithy/invalid-dependency": "^3.0.3",
-        "@smithy/md5-js": "^3.0.3",
-        "@smithy/middleware-content-length": "^3.0.3",
-        "@smithy/middleware-endpoint": "^3.0.5",
-        "@smithy/middleware-retry": "^3.0.9",
-        "@smithy/middleware-serde": "^3.0.3",
-        "@smithy/middleware-stack": "^3.0.3",
-        "@smithy/node-config-provider": "^3.1.4",
-        "@smithy/node-http-handler": "^3.1.2",
-        "@smithy/protocol-http": "^4.0.3",
-        "@smithy/smithy-client": "^3.1.7",
-        "@smithy/types": "^3.3.0",
-        "@smithy/url-parser": "^3.0.3",
+        "@aws-sdk/client-sso-oidc": "3.678.0",
+        "@aws-sdk/client-sts": "3.678.0",
+        "@aws-sdk/core": "3.678.0",
+        "@aws-sdk/credential-provider-node": "3.678.0",
+        "@aws-sdk/middleware-bucket-endpoint": "3.667.0",
+        "@aws-sdk/middleware-expect-continue": "3.667.0",
+        "@aws-sdk/middleware-flexible-checksums": "3.678.0",
+        "@aws-sdk/middleware-host-header": "3.667.0",
+        "@aws-sdk/middleware-location-constraint": "3.667.0",
+        "@aws-sdk/middleware-logger": "3.667.0",
+        "@aws-sdk/middleware-recursion-detection": "3.667.0",
+        "@aws-sdk/middleware-sdk-s3": "3.678.0",
+        "@aws-sdk/middleware-ssec": "3.667.0",
+        "@aws-sdk/middleware-user-agent": "3.678.0",
+        "@aws-sdk/region-config-resolver": "3.667.0",
+        "@aws-sdk/signature-v4-multi-region": "3.678.0",
+        "@aws-sdk/types": "3.667.0",
+        "@aws-sdk/util-endpoints": "3.667.0",
+        "@aws-sdk/util-user-agent-browser": "3.675.0",
+        "@aws-sdk/util-user-agent-node": "3.678.0",
+        "@aws-sdk/xml-builder": "3.662.0",
+        "@smithy/config-resolver": "^3.0.9",
+        "@smithy/core": "^2.4.8",
+        "@smithy/eventstream-serde-browser": "^3.0.10",
+        "@smithy/eventstream-serde-config-resolver": "^3.0.7",
+        "@smithy/eventstream-serde-node": "^3.0.9",
+        "@smithy/fetch-http-handler": "^3.2.9",
+        "@smithy/hash-blob-browser": "^3.1.6",
+        "@smithy/hash-node": "^3.0.7",
+        "@smithy/hash-stream-node": "^3.1.6",
+        "@smithy/invalid-dependency": "^3.0.7",
+        "@smithy/md5-js": "^3.0.7",
+        "@smithy/middleware-content-length": "^3.0.9",
+        "@smithy/middleware-endpoint": "^3.1.4",
+        "@smithy/middleware-retry": "^3.0.23",
+        "@smithy/middleware-serde": "^3.0.7",
+        "@smithy/middleware-stack": "^3.0.7",
+        "@smithy/node-config-provider": "^3.1.8",
+        "@smithy/node-http-handler": "^3.2.4",
+        "@smithy/protocol-http": "^4.1.4",
+        "@smithy/smithy-client": "^3.4.0",
+        "@smithy/types": "^3.5.0",
+        "@smithy/url-parser": "^3.0.7",
         "@smithy/util-base64": "^3.0.0",
         "@smithy/util-body-length-browser": "^3.0.0",
         "@smithy/util-body-length-node": "^3.0.0",
-        "@smithy/util-defaults-mode-browser": "^3.0.9",
-        "@smithy/util-defaults-mode-node": "^3.0.9",
-        "@smithy/util-endpoints": "^2.0.5",
-        "@smithy/util-retry": "^3.0.3",
-        "@smithy/util-stream": "^3.0.6",
+        "@smithy/util-defaults-mode-browser": "^3.0.23",
+        "@smithy/util-defaults-mode-node": "^3.0.23",
+        "@smithy/util-endpoints": "^2.1.3",
+        "@smithy/util-middleware": "^3.0.7",
+        "@smithy/util-retry": "^3.0.7",
+        "@smithy/util-stream": "^3.1.9",
         "@smithy/util-utf8": "^3.0.0",
-        "@smithy/util-waiter": "^3.1.2",
+        "@smithy/util-waiter": "^3.1.6",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/client-s3/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -659,47 +672,47 @@
       }
     },
     "node_modules/@aws-sdk/client-sso": {
-      "version": "3.614.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.614.0.tgz",
-      "integrity": "sha512-p5pyYaxRzBttjBkqfc8i3K7DzBdTg3ECdVgBo6INIUxfvDy0J8QUE8vNtCgvFIkq+uPw/8M+Eo4zzln7anuO0Q==",
+      "version": "3.678.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.678.0.tgz",
+      "integrity": "sha512-5Fg2BkR1En8iBbiZ18STvLDGPK9Re5MyCmX+hfIhQzPsEf1FRkAkOluEXX79aBva8iWn2oCD/xKBUku4x3eusw==",
       "license": "Apache-2.0",
       "dependencies": {
         "@aws-crypto/sha256-browser": "5.2.0",
         "@aws-crypto/sha256-js": "5.2.0",
-        "@aws-sdk/core": "3.614.0",
-        "@aws-sdk/middleware-host-header": "3.609.0",
-        "@aws-sdk/middleware-logger": "3.609.0",
-        "@aws-sdk/middleware-recursion-detection": "3.609.0",
-        "@aws-sdk/middleware-user-agent": "3.614.0",
-        "@aws-sdk/region-config-resolver": "3.614.0",
-        "@aws-sdk/types": "3.609.0",
-        "@aws-sdk/util-endpoints": "3.614.0",
-        "@aws-sdk/util-user-agent-browser": "3.609.0",
-        "@aws-sdk/util-user-agent-node": "3.614.0",
-        "@smithy/config-resolver": "^3.0.5",
-        "@smithy/core": "^2.2.6",
-        "@smithy/fetch-http-handler": "^3.2.1",
-        "@smithy/hash-node": "^3.0.3",
-        "@smithy/invalid-dependency": "^3.0.3",
-        "@smithy/middleware-content-length": "^3.0.3",
-        "@smithy/middleware-endpoint": "^3.0.5",
-        "@smithy/middleware-retry": "^3.0.9",
-        "@smithy/middleware-serde": "^3.0.3",
-        "@smithy/middleware-stack": "^3.0.3",
-        "@smithy/node-config-provider": "^3.1.4",
-        "@smithy/node-http-handler": "^3.1.2",
-        "@smithy/protocol-http": "^4.0.3",
-        "@smithy/smithy-client": "^3.1.7",
-        "@smithy/types": "^3.3.0",
-        "@smithy/url-parser": "^3.0.3",
+        "@aws-sdk/core": "3.678.0",
+        "@aws-sdk/middleware-host-header": "3.667.0",
+        "@aws-sdk/middleware-logger": "3.667.0",
+        "@aws-sdk/middleware-recursion-detection": "3.667.0",
+        "@aws-sdk/middleware-user-agent": "3.678.0",
+        "@aws-sdk/region-config-resolver": "3.667.0",
+        "@aws-sdk/types": "3.667.0",
+        "@aws-sdk/util-endpoints": "3.667.0",
+        "@aws-sdk/util-user-agent-browser": "3.675.0",
+        "@aws-sdk/util-user-agent-node": "3.678.0",
+        "@smithy/config-resolver": "^3.0.9",
+        "@smithy/core": "^2.4.8",
+        "@smithy/fetch-http-handler": "^3.2.9",
+        "@smithy/hash-node": "^3.0.7",
+        "@smithy/invalid-dependency": "^3.0.7",
+        "@smithy/middleware-content-length": "^3.0.9",
+        "@smithy/middleware-endpoint": "^3.1.4",
+        "@smithy/middleware-retry": "^3.0.23",
+        "@smithy/middleware-serde": "^3.0.7",
+        "@smithy/middleware-stack": "^3.0.7",
+        "@smithy/node-config-provider": "^3.1.8",
+        "@smithy/node-http-handler": "^3.2.4",
+        "@smithy/protocol-http": "^4.1.4",
+        "@smithy/smithy-client": "^3.4.0",
+        "@smithy/types": "^3.5.0",
+        "@smithy/url-parser": "^3.0.7",
         "@smithy/util-base64": "^3.0.0",
         "@smithy/util-body-length-browser": "^3.0.0",
         "@smithy/util-body-length-node": "^3.0.0",
-        "@smithy/util-defaults-mode-browser": "^3.0.9",
-        "@smithy/util-defaults-mode-node": "^3.0.9",
-        "@smithy/util-endpoints": "^2.0.5",
-        "@smithy/util-middleware": "^3.0.3",
-        "@smithy/util-retry": "^3.0.3",
+        "@smithy/util-defaults-mode-browser": "^3.0.23",
+        "@smithy/util-defaults-mode-node": "^3.0.23",
+        "@smithy/util-endpoints": "^2.1.3",
+        "@smithy/util-middleware": "^3.0.7",
+        "@smithy/util-retry": "^3.0.7",
         "@smithy/util-utf8": "^3.0.0",
         "tslib": "^2.6.2"
       },
@@ -708,48 +721,48 @@
       }
     },
     "node_modules/@aws-sdk/client-sso-oidc": {
-      "version": "3.614.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.614.0.tgz",
-      "integrity": "sha512-BI1NWcpppbHg/28zbUg54dZeckork8BItZIcjls12vxasy+p3iEzrJVG60jcbUTTsk3Qc1tyxNfrdcVqx0y7Ww==",
+      "version": "3.678.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.678.0.tgz",
+      "integrity": "sha512-sgj9Y4zGiwLePLDjqhGoghoZgseh88JkKkwWH558IIte/cf/ix7ezOvptnA0WUlI5Z/329LtkN6O8TRqSJ7MWw==",
       "license": "Apache-2.0",
       "dependencies": {
         "@aws-crypto/sha256-browser": "5.2.0",
         "@aws-crypto/sha256-js": "5.2.0",
-        "@aws-sdk/core": "3.614.0",
-        "@aws-sdk/credential-provider-node": "3.614.0",
-        "@aws-sdk/middleware-host-header": "3.609.0",
-        "@aws-sdk/middleware-logger": "3.609.0",
-        "@aws-sdk/middleware-recursion-detection": "3.609.0",
-        "@aws-sdk/middleware-user-agent": "3.614.0",
-        "@aws-sdk/region-config-resolver": "3.614.0",
-        "@aws-sdk/types": "3.609.0",
-        "@aws-sdk/util-endpoints": "3.614.0",
-        "@aws-sdk/util-user-agent-browser": "3.609.0",
-        "@aws-sdk/util-user-agent-node": "3.614.0",
-        "@smithy/config-resolver": "^3.0.5",
-        "@smithy/core": "^2.2.6",
-        "@smithy/fetch-http-handler": "^3.2.1",
-        "@smithy/hash-node": "^3.0.3",
-        "@smithy/invalid-dependency": "^3.0.3",
-        "@smithy/middleware-content-length": "^3.0.3",
-        "@smithy/middleware-endpoint": "^3.0.5",
-        "@smithy/middleware-retry": "^3.0.9",
-        "@smithy/middleware-serde": "^3.0.3",
-        "@smithy/middleware-stack": "^3.0.3",
-        "@smithy/node-config-provider": "^3.1.4",
-        "@smithy/node-http-handler": "^3.1.2",
-        "@smithy/protocol-http": "^4.0.3",
-        "@smithy/smithy-client": "^3.1.7",
-        "@smithy/types": "^3.3.0",
-        "@smithy/url-parser": "^3.0.3",
+        "@aws-sdk/core": "3.678.0",
+        "@aws-sdk/credential-provider-node": "3.678.0",
+        "@aws-sdk/middleware-host-header": "3.667.0",
+        "@aws-sdk/middleware-logger": "3.667.0",
+        "@aws-sdk/middleware-recursion-detection": "3.667.0",
+        "@aws-sdk/middleware-user-agent": "3.678.0",
+        "@aws-sdk/region-config-resolver": "3.667.0",
+        "@aws-sdk/types": "3.667.0",
+        "@aws-sdk/util-endpoints": "3.667.0",
+        "@aws-sdk/util-user-agent-browser": "3.675.0",
+        "@aws-sdk/util-user-agent-node": "3.678.0",
+        "@smithy/config-resolver": "^3.0.9",
+        "@smithy/core": "^2.4.8",
+        "@smithy/fetch-http-handler": "^3.2.9",
+        "@smithy/hash-node": "^3.0.7",
+        "@smithy/invalid-dependency": "^3.0.7",
+        "@smithy/middleware-content-length": "^3.0.9",
+        "@smithy/middleware-endpoint": "^3.1.4",
+        "@smithy/middleware-retry": "^3.0.23",
+        "@smithy/middleware-serde": "^3.0.7",
+        "@smithy/middleware-stack": "^3.0.7",
+        "@smithy/node-config-provider": "^3.1.8",
+        "@smithy/node-http-handler": "^3.2.4",
+        "@smithy/protocol-http": "^4.1.4",
+        "@smithy/smithy-client": "^3.4.0",
+        "@smithy/types": "^3.5.0",
+        "@smithy/url-parser": "^3.0.7",
         "@smithy/util-base64": "^3.0.0",
         "@smithy/util-body-length-browser": "^3.0.0",
         "@smithy/util-body-length-node": "^3.0.0",
-        "@smithy/util-defaults-mode-browser": "^3.0.9",
-        "@smithy/util-defaults-mode-node": "^3.0.9",
-        "@smithy/util-endpoints": "^2.0.5",
-        "@smithy/util-middleware": "^3.0.3",
-        "@smithy/util-retry": "^3.0.3",
+        "@smithy/util-defaults-mode-browser": "^3.0.23",
+        "@smithy/util-defaults-mode-node": "^3.0.23",
+        "@smithy/util-endpoints": "^2.1.3",
+        "@smithy/util-middleware": "^3.0.7",
+        "@smithy/util-retry": "^3.0.7",
         "@smithy/util-utf8": "^3.0.0",
         "tslib": "^2.6.2"
       },
@@ -757,7 +770,20 @@
         "node": ">=16.0.0"
       },
       "peerDependencies": {
-        "@aws-sdk/client-sts": "^3.614.0"
+        "@aws-sdk/client-sts": "^3.678.0"
+      }
+    },
+    "node_modules/@aws-sdk/client-sso-oidc/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
       }
     },
     "node_modules/@aws-sdk/client-sso-oidc/node_modules/@smithy/is-array-buffer": {
@@ -798,6 +824,19 @@
         "node": ">=16.0.0"
       }
     },
+    "node_modules/@aws-sdk/client-sso/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
     "node_modules/@aws-sdk/client-sso/node_modules/@smithy/is-array-buffer": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-3.0.0.tgz",
@@ -837,49 +876,49 @@
       }
     },
     "node_modules/@aws-sdk/client-sts": {
-      "version": "3.614.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.614.0.tgz",
-      "integrity": "sha512-i6QmaVA1KHHYNnI2VYQy/sc31rLm4+jSp8b/YbQpFnD0w3aXsrEEHHlxek45uSkHb4Nrj1omFBVy/xp1WVYx2Q==",
+      "version": "3.678.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.678.0.tgz",
+      "integrity": "sha512-oRtDnbqIuTbBq0xd7XlaugDA41EqRFzWLpPNr4uwkH8L7xwtIByfJG/qXx2OtOiFFasAhMWJLu/DDqWZyp819A==",
       "license": "Apache-2.0",
       "dependencies": {
         "@aws-crypto/sha256-browser": "5.2.0",
         "@aws-crypto/sha256-js": "5.2.0",
-        "@aws-sdk/client-sso-oidc": "3.614.0",
-        "@aws-sdk/core": "3.614.0",
-        "@aws-sdk/credential-provider-node": "3.614.0",
-        "@aws-sdk/middleware-host-header": "3.609.0",
-        "@aws-sdk/middleware-logger": "3.609.0",
-        "@aws-sdk/middleware-recursion-detection": "3.609.0",
-        "@aws-sdk/middleware-user-agent": "3.614.0",
-        "@aws-sdk/region-config-resolver": "3.614.0",
-        "@aws-sdk/types": "3.609.0",
-        "@aws-sdk/util-endpoints": "3.614.0",
-        "@aws-sdk/util-user-agent-browser": "3.609.0",
-        "@aws-sdk/util-user-agent-node": "3.614.0",
-        "@smithy/config-resolver": "^3.0.5",
-        "@smithy/core": "^2.2.6",
-        "@smithy/fetch-http-handler": "^3.2.1",
-        "@smithy/hash-node": "^3.0.3",
-        "@smithy/invalid-dependency": "^3.0.3",
-        "@smithy/middleware-content-length": "^3.0.3",
-        "@smithy/middleware-endpoint": "^3.0.5",
-        "@smithy/middleware-retry": "^3.0.9",
-        "@smithy/middleware-serde": "^3.0.3",
-        "@smithy/middleware-stack": "^3.0.3",
-        "@smithy/node-config-provider": "^3.1.4",
-        "@smithy/node-http-handler": "^3.1.2",
-        "@smithy/protocol-http": "^4.0.3",
-        "@smithy/smithy-client": "^3.1.7",
-        "@smithy/types": "^3.3.0",
-        "@smithy/url-parser": "^3.0.3",
+        "@aws-sdk/client-sso-oidc": "3.678.0",
+        "@aws-sdk/core": "3.678.0",
+        "@aws-sdk/credential-provider-node": "3.678.0",
+        "@aws-sdk/middleware-host-header": "3.667.0",
+        "@aws-sdk/middleware-logger": "3.667.0",
+        "@aws-sdk/middleware-recursion-detection": "3.667.0",
+        "@aws-sdk/middleware-user-agent": "3.678.0",
+        "@aws-sdk/region-config-resolver": "3.667.0",
+        "@aws-sdk/types": "3.667.0",
+        "@aws-sdk/util-endpoints": "3.667.0",
+        "@aws-sdk/util-user-agent-browser": "3.675.0",
+        "@aws-sdk/util-user-agent-node": "3.678.0",
+        "@smithy/config-resolver": "^3.0.9",
+        "@smithy/core": "^2.4.8",
+        "@smithy/fetch-http-handler": "^3.2.9",
+        "@smithy/hash-node": "^3.0.7",
+        "@smithy/invalid-dependency": "^3.0.7",
+        "@smithy/middleware-content-length": "^3.0.9",
+        "@smithy/middleware-endpoint": "^3.1.4",
+        "@smithy/middleware-retry": "^3.0.23",
+        "@smithy/middleware-serde": "^3.0.7",
+        "@smithy/middleware-stack": "^3.0.7",
+        "@smithy/node-config-provider": "^3.1.8",
+        "@smithy/node-http-handler": "^3.2.4",
+        "@smithy/protocol-http": "^4.1.4",
+        "@smithy/smithy-client": "^3.4.0",
+        "@smithy/types": "^3.5.0",
+        "@smithy/url-parser": "^3.0.7",
         "@smithy/util-base64": "^3.0.0",
         "@smithy/util-body-length-browser": "^3.0.0",
         "@smithy/util-body-length-node": "^3.0.0",
-        "@smithy/util-defaults-mode-browser": "^3.0.9",
-        "@smithy/util-defaults-mode-node": "^3.0.9",
-        "@smithy/util-endpoints": "^2.0.5",
-        "@smithy/util-middleware": "^3.0.3",
-        "@smithy/util-retry": "^3.0.3",
+        "@smithy/util-defaults-mode-browser": "^3.0.23",
+        "@smithy/util-defaults-mode-node": "^3.0.23",
+        "@smithy/util-endpoints": "^2.1.3",
+        "@smithy/util-middleware": "^3.0.7",
+        "@smithy/util-retry": "^3.0.7",
         "@smithy/util-utf8": "^3.0.0",
         "tslib": "^2.6.2"
       },
@@ -887,6 +926,19 @@
         "node": ">=16.0.0"
       }
     },
+    "node_modules/@aws-sdk/client-sts/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
     "node_modules/@aws-sdk/client-sts/node_modules/@smithy/is-array-buffer": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-3.0.0.tgz",
@@ -926,16 +978,20 @@
       }
     },
     "node_modules/@aws-sdk/core": {
-      "version": "3.614.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.614.0.tgz",
-      "integrity": "sha512-BUuS5/1YkgmKc4J0bg83XEtMyDHVyqG2QDzfmhYe8gbOIZabUl1FlrFVwhCAthtrrI6MPGTQcERB4BtJKUSplw==",
+      "version": "3.678.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.678.0.tgz",
+      "integrity": "sha512-ZTzybFZqSaPQymgRkTl08vk6xilaxr8LnJOc0h3KhcHLK4TJmdOcxqPpa6QxrBKcn2rmxzGiPRbAHLGI+BIxBw==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/core": "^2.2.6",
-        "@smithy/protocol-http": "^4.0.3",
-        "@smithy/signature-v4": "^3.1.2",
-        "@smithy/smithy-client": "^3.1.7",
-        "@smithy/types": "^3.3.0",
+        "@aws-sdk/types": "3.667.0",
+        "@smithy/core": "^2.4.8",
+        "@smithy/node-config-provider": "^3.1.8",
+        "@smithy/property-provider": "^3.1.7",
+        "@smithy/protocol-http": "^4.1.4",
+        "@smithy/signature-v4": "^4.2.0",
+        "@smithy/smithy-client": "^3.4.0",
+        "@smithy/types": "^3.5.0",
+        "@smithy/util-middleware": "^3.0.7",
         "fast-xml-parser": "4.4.1",
         "tslib": "^2.6.2"
       },
@@ -943,15 +999,99 @@
         "node": ">=16.0.0"
       }
     },
+    "node_modules/@aws-sdk/core/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/core/node_modules/@smithy/is-array-buffer": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-3.0.0.tgz",
+      "integrity": "sha512-+Fsu6Q6C4RSJiy81Y8eApjEB5gVtM+oFKTffg+jSuwtvomJJrhUJBu2zS8wjXSgH/g1MKEWrzyChTBe6clb5FQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/core/node_modules/@smithy/signature-v4": {
+      "version": "4.2.1",
+      "resolved": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-4.2.1.tgz",
+      "integrity": "sha512-NsV1jF4EvmO5wqmaSzlnTVetemBS3FZHdyc5CExbDljcyJCEEkJr8ANu2JvtNbVg/9MvKAWV44kTrGS+Pi4INg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/is-array-buffer": "^3.0.0",
+        "@smithy/protocol-http": "^4.1.5",
+        "@smithy/types": "^3.6.0",
+        "@smithy/util-hex-encoding": "^3.0.0",
+        "@smithy/util-middleware": "^3.0.8",
+        "@smithy/util-uri-escape": "^3.0.0",
+        "@smithy/util-utf8": "^3.0.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/core/node_modules/@smithy/util-buffer-from": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-3.0.0.tgz",
+      "integrity": "sha512-aEOHCgq5RWFbP+UDPvPot26EJHjOC+bRgse5A8V3FSShqd5E5UN4qc7zkwsvJPPAVsf73QwYcHN1/gt/rtLwQA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/is-array-buffer": "^3.0.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/core/node_modules/@smithy/util-utf8": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-3.0.0.tgz",
+      "integrity": "sha512-rUeT12bxFnplYDe815GXbq/oixEGHfRFFtcTF3YdDi/JaENIM6aSYYLJydG83UNzLXeRI5K8abYd/8Sp/QM0kA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/util-buffer-from": "^3.0.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
     "node_modules/@aws-sdk/credential-provider-env": {
-      "version": "3.609.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.609.0.tgz",
-      "integrity": "sha512-v69ZCWcec2iuV9vLVJMa6fAb5xwkzN4jYIT8yjo2c4Ia/j976Q+TPf35Pnz5My48Xr94EFcaBazrWedF+kwfuQ==",
+      "version": "3.678.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.678.0.tgz",
+      "integrity": "sha512-29uhXAB7uJqHtvJ2U3pi1YkMfv0WefW9EmSMoFAunjudXXBVktwTlWg0lyCM+KHrGKLkQyfs5UF/A9IelS8tdQ==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@aws-sdk/types": "3.609.0",
-        "@smithy/property-provider": "^3.1.3",
-        "@smithy/types": "^3.3.0",
+        "@aws-sdk/core": "3.678.0",
+        "@aws-sdk/types": "3.667.0",
+        "@smithy/property-provider": "^3.1.7",
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/credential-provider-env/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -959,19 +1099,33 @@
       }
     },
     "node_modules/@aws-sdk/credential-provider-http": {
-      "version": "3.614.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.614.0.tgz",
-      "integrity": "sha512-YIEjlNUKb3Vo/iTnGAPdsiDC3FUUnNoex2OwU8LmR7AkYZiWdB8nx99DfgkkY+OFMUpw7nKD2PCOtuFONelfGA==",
+      "version": "3.678.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.678.0.tgz",
+      "integrity": "sha512-EvpmP0nc7ddRp0qwJOSu0uBXa+MMk4+OLlyEJcdaHnZI4/BoyVWr5fJUD5eQYZk11LZPZSvnsliYXWwLyVNXHQ==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@aws-sdk/types": "3.609.0",
-        "@smithy/fetch-http-handler": "^3.2.1",
-        "@smithy/node-http-handler": "^3.1.2",
-        "@smithy/property-provider": "^3.1.3",
-        "@smithy/protocol-http": "^4.0.3",
-        "@smithy/smithy-client": "^3.1.7",
-        "@smithy/types": "^3.3.0",
-        "@smithy/util-stream": "^3.0.6",
+        "@aws-sdk/core": "3.678.0",
+        "@aws-sdk/types": "3.667.0",
+        "@smithy/fetch-http-handler": "^3.2.9",
+        "@smithy/node-http-handler": "^3.2.4",
+        "@smithy/property-provider": "^3.1.7",
+        "@smithy/protocol-http": "^4.1.4",
+        "@smithy/smithy-client": "^3.4.0",
+        "@smithy/types": "^3.5.0",
+        "@smithy/util-stream": "^3.1.9",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/credential-provider-http/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -979,47 +1133,74 @@
       }
     },
     "node_modules/@aws-sdk/credential-provider-ini": {
-      "version": "3.614.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.614.0.tgz",
-      "integrity": "sha512-KfLuLFGwlvFSZ2MuzYwWGPb1y5TeiwX5okIDe0aQ1h10oD3924FXbN+mabOnUHQ8EFcGAtCaWbrC86mI7ktC6A==",
+      "version": "3.678.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.678.0.tgz",
+      "integrity": "sha512-8kHy7V5rRO73EpBCUclykP9T/QIBVi0SkQsc88ZRxpdh59/JY2N6DT5khMTzrz9+Vvlw3FDMJN4AI/qWjJHhdw==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@aws-sdk/credential-provider-env": "3.609.0",
-        "@aws-sdk/credential-provider-http": "3.614.0",
-        "@aws-sdk/credential-provider-process": "3.614.0",
-        "@aws-sdk/credential-provider-sso": "3.614.0",
-        "@aws-sdk/credential-provider-web-identity": "3.609.0",
-        "@aws-sdk/types": "3.609.0",
-        "@smithy/credential-provider-imds": "^3.1.4",
-        "@smithy/property-provider": "^3.1.3",
-        "@smithy/shared-ini-file-loader": "^3.1.4",
-        "@smithy/types": "^3.3.0",
+        "@aws-sdk/core": "3.678.0",
+        "@aws-sdk/credential-provider-env": "3.678.0",
+        "@aws-sdk/credential-provider-http": "3.678.0",
+        "@aws-sdk/credential-provider-process": "3.678.0",
+        "@aws-sdk/credential-provider-sso": "3.678.0",
+        "@aws-sdk/credential-provider-web-identity": "3.678.0",
+        "@aws-sdk/types": "3.667.0",
+        "@smithy/credential-provider-imds": "^3.2.4",
+        "@smithy/property-provider": "^3.1.7",
+        "@smithy/shared-ini-file-loader": "^3.1.8",
+        "@smithy/types": "^3.5.0",
         "tslib": "^2.6.2"
       },
       "engines": {
         "node": ">=16.0.0"
       },
       "peerDependencies": {
-        "@aws-sdk/client-sts": "^3.614.0"
+        "@aws-sdk/client-sts": "^3.678.0"
+      }
+    },
+    "node_modules/@aws-sdk/credential-provider-ini/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
       }
     },
     "node_modules/@aws-sdk/credential-provider-node": {
-      "version": "3.614.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.614.0.tgz",
-      "integrity": "sha512-4J6gPEuFZP0mkWq5E//oMS1vrmMM88iNNcv7TEljYnsc6JTAlKejCyFwx6CN+nkIhmIZsl06SXIhBemzBdBPfg==",
+      "version": "3.678.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.678.0.tgz",
+      "integrity": "sha512-KGRBVD/oNr/aD+Wy5zc5AjfeSv5b4ahAu5eAUbOz+eGjGpGgrMtjY+R2rDY/3i3wFj9/DvOIfFGeZQMwtDzIuA==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@aws-sdk/credential-provider-env": "3.609.0",
-        "@aws-sdk/credential-provider-http": "3.614.0",
-        "@aws-sdk/credential-provider-ini": "3.614.0",
-        "@aws-sdk/credential-provider-process": "3.614.0",
-        "@aws-sdk/credential-provider-sso": "3.614.0",
-        "@aws-sdk/credential-provider-web-identity": "3.609.0",
-        "@aws-sdk/types": "3.609.0",
-        "@smithy/credential-provider-imds": "^3.1.4",
-        "@smithy/property-provider": "^3.1.3",
-        "@smithy/shared-ini-file-loader": "^3.1.4",
-        "@smithy/types": "^3.3.0",
+        "@aws-sdk/credential-provider-env": "3.678.0",
+        "@aws-sdk/credential-provider-http": "3.678.0",
+        "@aws-sdk/credential-provider-ini": "3.678.0",
+        "@aws-sdk/credential-provider-process": "3.678.0",
+        "@aws-sdk/credential-provider-sso": "3.678.0",
+        "@aws-sdk/credential-provider-web-identity": "3.678.0",
+        "@aws-sdk/types": "3.667.0",
+        "@smithy/credential-provider-imds": "^3.2.4",
+        "@smithy/property-provider": "^3.1.7",
+        "@smithy/shared-ini-file-loader": "^3.1.8",
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/credential-provider-node/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -1027,15 +1208,29 @@
       }
     },
     "node_modules/@aws-sdk/credential-provider-process": {
-      "version": "3.614.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.614.0.tgz",
-      "integrity": "sha512-Q0SI0sTRwi8iNODLs5+bbv8vgz8Qy2QdxbCHnPk/6Cx6LMf7i3dqmWquFbspqFRd8QiqxStrblwxrUYZi09tkA==",
+      "version": "3.678.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.678.0.tgz",
+      "integrity": "sha512-5TpzzHKwPOvUJig0bvTt+brtXfLPaSVLwea9re+XGrS5T6Hz65IaX2RL6uY1GQ0UVOqgwQ5nAti1WOfBoSJ5BA==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@aws-sdk/types": "3.609.0",
-        "@smithy/property-provider": "^3.1.3",
-        "@smithy/shared-ini-file-loader": "^3.1.4",
-        "@smithy/types": "^3.3.0",
+        "@aws-sdk/core": "3.678.0",
+        "@aws-sdk/types": "3.667.0",
+        "@smithy/property-provider": "^3.1.7",
+        "@smithy/shared-ini-file-loader": "^3.1.8",
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/credential-provider-process/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -1043,17 +1238,31 @@
       }
     },
     "node_modules/@aws-sdk/credential-provider-sso": {
-      "version": "3.614.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.614.0.tgz",
-      "integrity": "sha512-55+gp0JY4451cWI1qXmVMFM0GQaBKiQpXv2P0xmd9P3qLDyeFUSEW8XPh0d2lb1ICr6x4s47ynXVdGCIv2mXMg==",
+      "version": "3.678.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.678.0.tgz",
+      "integrity": "sha512-PXydLUsLYd1rkhZ7zwf0613u5sofxIEhh7C1QGP1MSY3L1jt8bu7pZIcMzubfvmaGZI5k84aHhhjQEiAJUxIMg==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@aws-sdk/client-sso": "3.614.0",
-        "@aws-sdk/token-providers": "3.614.0",
-        "@aws-sdk/types": "3.609.0",
-        "@smithy/property-provider": "^3.1.3",
-        "@smithy/shared-ini-file-loader": "^3.1.4",
-        "@smithy/types": "^3.3.0",
+        "@aws-sdk/client-sso": "3.678.0",
+        "@aws-sdk/core": "3.678.0",
+        "@aws-sdk/token-providers": "3.667.0",
+        "@aws-sdk/types": "3.667.0",
+        "@smithy/property-provider": "^3.1.7",
+        "@smithy/shared-ini-file-loader": "^3.1.8",
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/credential-provider-sso/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -1061,34 +1270,48 @@
       }
     },
     "node_modules/@aws-sdk/credential-provider-web-identity": {
-      "version": "3.609.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.609.0.tgz",
-      "integrity": "sha512-U+PG8NhlYYF45zbr1km3ROtBMYqyyj/oK8NRp++UHHeuavgrP+4wJ4wQnlEaKvJBjevfo3+dlIBcaeQ7NYejWg==",
+      "version": "3.678.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.678.0.tgz",
+      "integrity": "sha512-fcYZjTTFcef99l+BhcEAhHS4tEK1kE6Xj5Zz5lT4tFA07BkQt3d6kUKRVVfJnsbcHH4RDBUCnLhU8HPfc/kvjA==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@aws-sdk/types": "3.609.0",
-        "@smithy/property-provider": "^3.1.3",
-        "@smithy/types": "^3.3.0",
+        "@aws-sdk/core": "3.678.0",
+        "@aws-sdk/types": "3.667.0",
+        "@smithy/property-provider": "^3.1.7",
+        "@smithy/types": "^3.5.0",
         "tslib": "^2.6.2"
       },
       "engines": {
         "node": ">=16.0.0"
       },
       "peerDependencies": {
-        "@aws-sdk/client-sts": "^3.609.0"
+        "@aws-sdk/client-sts": "^3.678.0"
+      }
+    },
+    "node_modules/@aws-sdk/credential-provider-web-identity/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
       }
     },
     "node_modules/@aws-sdk/middleware-bucket-endpoint": {
-      "version": "3.614.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.614.0.tgz",
-      "integrity": "sha512-TqEY8KcZeZ0LIxXaqG9RSSNnDHvD8RAFP4Xenwsxqnyad0Yn7LgCoFwRByelJ0t54ROYL1/ETJleWE4U4TOXdg==",
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-bucket-endpoint/-/middleware-bucket-endpoint-3.667.0.tgz",
+      "integrity": "sha512-XGz4jMAkDoTyFdtLz7ZF+C05IAhCTC1PllpvTBaj821z/L0ilhbqVhrT/f2Buw8Id/K5A390csGXgusXyrFFjA==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@aws-sdk/types": "3.609.0",
+        "@aws-sdk/types": "3.667.0",
         "@aws-sdk/util-arn-parser": "3.568.0",
-        "@smithy/node-config-provider": "^3.1.4",
-        "@smithy/protocol-http": "^4.0.3",
-        "@smithy/types": "^3.3.0",
+        "@smithy/node-config-provider": "^3.1.8",
+        "@smithy/protocol-http": "^4.1.4",
+        "@smithy/types": "^3.5.0",
         "@smithy/util-config-provider": "^3.0.0",
         "tslib": "^2.6.2"
       },
@@ -1096,15 +1319,41 @@
         "node": ">=16.0.0"
       }
     },
+    "node_modules/@aws-sdk/middleware-bucket-endpoint/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
     "node_modules/@aws-sdk/middleware-expect-continue": {
-      "version": "3.609.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.609.0.tgz",
-      "integrity": "sha512-+zeg//mSer4JZRxOB/4mUOMUJyuYPwATnIC5moBB8P8Xe+mJaVRFy8qlCtzYNj2TycnlsBPzTK0j7P1yvDh97w==",
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-expect-continue/-/middleware-expect-continue-3.667.0.tgz",
+      "integrity": "sha512-0TiSL9S5DSG95NHGIz6qTMuV7GDKVn8tvvGSrSSZu/wXO3JaYSH0AElVpYfc4PtPRqVpEyNA7nnc7W56mMCLWQ==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@aws-sdk/types": "3.609.0",
-        "@smithy/protocol-http": "^4.0.3",
-        "@smithy/types": "^3.3.0",
+        "@aws-sdk/types": "3.667.0",
+        "@smithy/protocol-http": "^4.1.4",
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-expect-continue/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -1112,17 +1361,20 @@
       }
     },
     "node_modules/@aws-sdk/middleware-flexible-checksums": {
-      "version": "3.614.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.614.0.tgz",
-      "integrity": "sha512-ZLpxVXMboDeMT7p2Kdp5m1uLVKOktkZoMgLvvbe3zbrU4Ji5IU5xVE0aa4X7H28BtuODCs6SLESnPs19bhMKlA==",
+      "version": "3.678.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.678.0.tgz",
+      "integrity": "sha512-IyWWXVvG4IJ9vkagTF8wkNtybKU5SWYIQ1BRDiCmoDyLPOpogNOBVnn10RX9FW7J7BMAUFgtx6N1uMQ8MitDiA==",
       "license": "Apache-2.0",
       "dependencies": {
         "@aws-crypto/crc32": "5.2.0",
         "@aws-crypto/crc32c": "5.2.0",
-        "@aws-sdk/types": "3.609.0",
+        "@aws-sdk/core": "3.678.0",
+        "@aws-sdk/types": "3.667.0",
         "@smithy/is-array-buffer": "^3.0.0",
-        "@smithy/protocol-http": "^4.0.3",
-        "@smithy/types": "^3.3.0",
+        "@smithy/node-config-provider": "^3.1.8",
+        "@smithy/protocol-http": "^4.1.4",
+        "@smithy/types": "^3.5.0",
+        "@smithy/util-middleware": "^3.0.7",
         "@smithy/util-utf8": "^3.0.0",
         "tslib": "^2.6.2"
       },
@@ -1130,6 +1382,19 @@
         "node": ">=16.0.0"
       }
     },
+    "node_modules/@aws-sdk/middleware-flexible-checksums/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
     "node_modules/@aws-sdk/middleware-flexible-checksums/node_modules/@smithy/is-array-buffer": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-3.0.0.tgz",
@@ -1169,14 +1434,27 @@
       }
     },
     "node_modules/@aws-sdk/middleware-host-header": {
-      "version": "3.609.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.609.0.tgz",
-      "integrity": "sha512-iTKfo158lc4jLDfYeZmYMIBHsn8m6zX+XB6birCSNZ/rrlzAkPbGE43CNdKfvjyWdqgLMRXF+B+OcZRvqhMXPQ==",
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.667.0.tgz",
+      "integrity": "sha512-Z7fIAMQnPegs7JjAQvlOeWXwpMRfegh5eCoIP6VLJIeR6DLfYKbP35JBtt98R6DXslrN2RsbTogjbxPEDQfw1w==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@aws-sdk/types": "3.609.0",
-        "@smithy/protocol-http": "^4.0.3",
-        "@smithy/types": "^3.3.0",
+        "@aws-sdk/types": "3.667.0",
+        "@smithy/protocol-http": "^4.1.4",
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-host-header/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -1184,167 +1462,387 @@
       }
     },
     "node_modules/@aws-sdk/middleware-location-constraint": {
-      "version": "3.609.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.609.0.tgz",
-      "integrity": "sha512-xzsdoTkszGVqGVPjUmgoP7TORiByLueMHieI1fhQL888WPdqctwAx3ES6d/bA9Q/i8jnc6hs+Fjhy8UvBTkE9A==",
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.667.0.tgz",
+      "integrity": "sha512-ob85H3HhT3/u5O+x0o557xGZ78vSNeSSwMaSitxdsfs2hOuoUl1uk+OeLpi1hkuJnL41FPpokV7TVII2XrFfmg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/types": "3.667.0",
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-location-constraint/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-logger": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.667.0.tgz",
+      "integrity": "sha512-PtTRNpNm/5c746jRgZCNg4X9xEJIwggkGJrF0GP9AB1ANg4pc/sF2Fvn1NtqPe9wtQ2stunJprnm5WkCHN7QiA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/types": "3.667.0",
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-logger/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-recursion-detection": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.667.0.tgz",
+      "integrity": "sha512-U5glWD3ehFohzpUpopLtmqAlDurGWo2wRGPNgi4SwhWU7UDt6LS7E/UvJjqC0CUrjlzOw+my2A+Ncf+fisMhxQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/types": "3.667.0",
+        "@smithy/protocol-http": "^4.1.4",
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-recursion-detection/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-sdk-s3": {
+      "version": "3.678.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.678.0.tgz",
+      "integrity": "sha512-AT4oKh4kPGWG+Ews9M/KYB/TdSvRJLxhVvrVXFxStm9OgeNksxsHH02gnyEOfmGX08ouNRyeaIsqG9RsvXz6Gg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/core": "3.678.0",
+        "@aws-sdk/types": "3.667.0",
+        "@aws-sdk/util-arn-parser": "3.568.0",
+        "@smithy/core": "^2.4.8",
+        "@smithy/node-config-provider": "^3.1.8",
+        "@smithy/protocol-http": "^4.1.4",
+        "@smithy/signature-v4": "^4.2.0",
+        "@smithy/smithy-client": "^3.4.0",
+        "@smithy/types": "^3.5.0",
+        "@smithy/util-config-provider": "^3.0.0",
+        "@smithy/util-middleware": "^3.0.7",
+        "@smithy/util-stream": "^3.1.9",
+        "@smithy/util-utf8": "^3.0.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-sdk-s3/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-sdk-s3/node_modules/@smithy/is-array-buffer": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-3.0.0.tgz",
+      "integrity": "sha512-+Fsu6Q6C4RSJiy81Y8eApjEB5gVtM+oFKTffg+jSuwtvomJJrhUJBu2zS8wjXSgH/g1MKEWrzyChTBe6clb5FQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-sdk-s3/node_modules/@smithy/signature-v4": {
+      "version": "4.2.1",
+      "resolved": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-4.2.1.tgz",
+      "integrity": "sha512-NsV1jF4EvmO5wqmaSzlnTVetemBS3FZHdyc5CExbDljcyJCEEkJr8ANu2JvtNbVg/9MvKAWV44kTrGS+Pi4INg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/is-array-buffer": "^3.0.0",
+        "@smithy/protocol-http": "^4.1.5",
+        "@smithy/types": "^3.6.0",
+        "@smithy/util-hex-encoding": "^3.0.0",
+        "@smithy/util-middleware": "^3.0.8",
+        "@smithy/util-uri-escape": "^3.0.0",
+        "@smithy/util-utf8": "^3.0.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-sdk-s3/node_modules/@smithy/util-buffer-from": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-3.0.0.tgz",
+      "integrity": "sha512-aEOHCgq5RWFbP+UDPvPot26EJHjOC+bRgse5A8V3FSShqd5E5UN4qc7zkwsvJPPAVsf73QwYcHN1/gt/rtLwQA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/is-array-buffer": "^3.0.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-sdk-s3/node_modules/@smithy/util-utf8": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-3.0.0.tgz",
+      "integrity": "sha512-rUeT12bxFnplYDe815GXbq/oixEGHfRFFtcTF3YdDi/JaENIM6aSYYLJydG83UNzLXeRI5K8abYd/8Sp/QM0kA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/util-buffer-from": "^3.0.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-ssec": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.667.0.tgz",
+      "integrity": "sha512-1wuAUZIkmZIvOmGg5qNQU821CGFHhkuKioxXgNh0DpUxZ9+AeiV7yorJr+bqkb2KBFv1i1TnzGRecvKf/KvZIQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/types": "3.667.0",
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-ssec/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-user-agent": {
+      "version": "3.678.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.678.0.tgz",
+      "integrity": "sha512-tg9cC5COgGP0cznD2ys9kxPtVeKUygPZshDWXLAfA/cH/4m2ZUBvoEVv1SxkIbvOjnPwa976rdPLQUwRZvsL0g==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@aws-sdk/core": "3.678.0",
+        "@aws-sdk/types": "3.667.0",
+        "@aws-sdk/util-endpoints": "3.667.0",
+        "@smithy/core": "^2.4.8",
+        "@smithy/protocol-http": "^4.1.4",
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/middleware-user-agent/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/region-config-resolver": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.667.0.tgz",
+      "integrity": "sha512-iNr+JhhA902JMKHG9IwT9YdaEx6KGl6vjAL5BRNeOjfj4cZYMog6Lz/IlfOAltMtT0w88DAHDEFrBd2uO0l2eg==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@aws-sdk/types": "3.609.0",
-        "@smithy/types": "^3.3.0",
+        "@aws-sdk/types": "3.667.0",
+        "@smithy/node-config-provider": "^3.1.8",
+        "@smithy/types": "^3.5.0",
+        "@smithy/util-config-provider": "^3.0.0",
+        "@smithy/util-middleware": "^3.0.7",
         "tslib": "^2.6.2"
       },
       "engines": {
         "node": ">=16.0.0"
       }
     },
-    "node_modules/@aws-sdk/middleware-logger": {
-      "version": "3.609.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.609.0.tgz",
-      "integrity": "sha512-S62U2dy4jMDhDFDK5gZ4VxFdWzCtLzwbYyFZx2uvPYTECkepLUfzLic2BHg2Qvtu4QjX+oGE3P/7fwaGIsGNuQ==",
+    "node_modules/@aws-sdk/region-config-resolver/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@aws-sdk/types": "3.609.0",
-        "@smithy/types": "^3.3.0",
+        "@smithy/types": "^3.5.0",
         "tslib": "^2.6.2"
       },
       "engines": {
         "node": ">=16.0.0"
       }
     },
-    "node_modules/@aws-sdk/middleware-recursion-detection": {
-      "version": "3.609.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.609.0.tgz",
-      "integrity": "sha512-6sewsYB7/o/nbUfA99Aa/LokM+a/u4Wpm/X2o0RxOsDtSB795ObebLJe2BxY5UssbGaWkn7LswyfvrdZNXNj1w==",
+    "node_modules/@aws-sdk/signature-v4-multi-region": {
+      "version": "3.678.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.678.0.tgz",
+      "integrity": "sha512-IPredemaXQ09SsRAry0x0o60V3eKXqjvhg4/rD5QcSxZXNkHQPZzbfEpB6J68NN8IXTv8n9uFwAKBAtbIrnnfg==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@aws-sdk/types": "3.609.0",
-        "@smithy/protocol-http": "^4.0.3",
-        "@smithy/types": "^3.3.0",
+        "@aws-sdk/middleware-sdk-s3": "3.678.0",
+        "@aws-sdk/types": "3.667.0",
+        "@smithy/protocol-http": "^4.1.4",
+        "@smithy/signature-v4": "^4.2.0",
+        "@smithy/types": "^3.5.0",
         "tslib": "^2.6.2"
       },
       "engines": {
         "node": ">=16.0.0"
       }
     },
-    "node_modules/@aws-sdk/middleware-sdk-s3": {
-      "version": "3.614.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.614.0.tgz",
-      "integrity": "sha512-9fJTaiuuOfFV4FqmUEhPYzrtv7JOfYpB7q65oG3uayVH4ngWHIJkjnnX79zRhNZKdPGta+XIsnZzjEghg82ngA==",
+    "node_modules/@aws-sdk/signature-v4-multi-region/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@aws-sdk/types": "3.609.0",
-        "@aws-sdk/util-arn-parser": "3.568.0",
-        "@smithy/node-config-provider": "^3.1.4",
-        "@smithy/protocol-http": "^4.0.3",
-        "@smithy/signature-v4": "^3.1.2",
-        "@smithy/smithy-client": "^3.1.7",
-        "@smithy/types": "^3.3.0",
-        "@smithy/util-config-provider": "^3.0.0",
+        "@smithy/types": "^3.5.0",
         "tslib": "^2.6.2"
       },
       "engines": {
         "node": ">=16.0.0"
       }
     },
-    "node_modules/@aws-sdk/middleware-signing": {
-      "version": "3.609.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-signing/-/middleware-signing-3.609.0.tgz",
-      "integrity": "sha512-2w3dBLjQVKIajYzokO4hduq8/0hSMUYHHmIo1Kdl+MSY8uwRBt12bLL6pyreobTcRMxizvn2ph/CQ9I1ST/WGQ==",
+    "node_modules/@aws-sdk/signature-v4-multi-region/node_modules/@smithy/is-array-buffer": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-3.0.0.tgz",
+      "integrity": "sha512-+Fsu6Q6C4RSJiy81Y8eApjEB5gVtM+oFKTffg+jSuwtvomJJrhUJBu2zS8wjXSgH/g1MKEWrzyChTBe6clb5FQ==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@aws-sdk/types": "3.609.0",
-        "@smithy/property-provider": "^3.1.3",
-        "@smithy/protocol-http": "^4.0.3",
-        "@smithy/signature-v4": "^3.1.2",
-        "@smithy/types": "^3.3.0",
-        "@smithy/util-middleware": "^3.0.3",
         "tslib": "^2.6.2"
       },
       "engines": {
         "node": ">=16.0.0"
       }
     },
-    "node_modules/@aws-sdk/middleware-ssec": {
-      "version": "3.609.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-ssec/-/middleware-ssec-3.609.0.tgz",
-      "integrity": "sha512-GZSD1s7+JswWOTamVap79QiDaIV7byJFssBW68GYjyRS5EBjNfwA/8s+6uE6g39R3ojyTbYOmvcANoZEhSULXg==",
+    "node_modules/@aws-sdk/signature-v4-multi-region/node_modules/@smithy/signature-v4": {
+      "version": "4.2.1",
+      "resolved": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-4.2.1.tgz",
+      "integrity": "sha512-NsV1jF4EvmO5wqmaSzlnTVetemBS3FZHdyc5CExbDljcyJCEEkJr8ANu2JvtNbVg/9MvKAWV44kTrGS+Pi4INg==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@aws-sdk/types": "3.609.0",
-        "@smithy/types": "^3.3.0",
+        "@smithy/is-array-buffer": "^3.0.0",
+        "@smithy/protocol-http": "^4.1.5",
+        "@smithy/types": "^3.6.0",
+        "@smithy/util-hex-encoding": "^3.0.0",
+        "@smithy/util-middleware": "^3.0.8",
+        "@smithy/util-uri-escape": "^3.0.0",
+        "@smithy/util-utf8": "^3.0.0",
         "tslib": "^2.6.2"
       },
       "engines": {
         "node": ">=16.0.0"
       }
     },
-    "node_modules/@aws-sdk/middleware-user-agent": {
-      "version": "3.614.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.614.0.tgz",
-      "integrity": "sha512-xUxh0UPQiMTG6E31Yvu6zVYlikrIcFDKljM11CaatInzvZubGTGiX0DjpqRlfGzUNsuPc/zNrKwRP2+wypgqIw==",
+    "node_modules/@aws-sdk/signature-v4-multi-region/node_modules/@smithy/util-buffer-from": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-3.0.0.tgz",
+      "integrity": "sha512-aEOHCgq5RWFbP+UDPvPot26EJHjOC+bRgse5A8V3FSShqd5E5UN4qc7zkwsvJPPAVsf73QwYcHN1/gt/rtLwQA==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@aws-sdk/types": "3.609.0",
-        "@aws-sdk/util-endpoints": "3.614.0",
-        "@smithy/protocol-http": "^4.0.3",
-        "@smithy/types": "^3.3.0",
+        "@smithy/is-array-buffer": "^3.0.0",
         "tslib": "^2.6.2"
       },
       "engines": {
         "node": ">=16.0.0"
       }
     },
-    "node_modules/@aws-sdk/region-config-resolver": {
-      "version": "3.614.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.614.0.tgz",
-      "integrity": "sha512-vDCeMXvic/LU0KFIUjpC3RiSTIkkvESsEfbVHiHH0YINfl8HnEqR5rj+L8+phsCeVg2+LmYwYxd5NRz4PHxt5g==",
+    "node_modules/@aws-sdk/signature-v4-multi-region/node_modules/@smithy/util-utf8": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-3.0.0.tgz",
+      "integrity": "sha512-rUeT12bxFnplYDe815GXbq/oixEGHfRFFtcTF3YdDi/JaENIM6aSYYLJydG83UNzLXeRI5K8abYd/8Sp/QM0kA==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@aws-sdk/types": "3.609.0",
-        "@smithy/node-config-provider": "^3.1.4",
-        "@smithy/types": "^3.3.0",
-        "@smithy/util-config-provider": "^3.0.0",
-        "@smithy/util-middleware": "^3.0.3",
+        "@smithy/util-buffer-from": "^3.0.0",
         "tslib": "^2.6.2"
       },
       "engines": {
         "node": ">=16.0.0"
       }
     },
-    "node_modules/@aws-sdk/signature-v4-multi-region": {
-      "version": "3.614.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.614.0.tgz",
-      "integrity": "sha512-6mW3ONW4oLzxrePznYhz7sNT9ji9Am9ufLeV722tbOVS5lArBOZ6E1oPz0uYBhisUPznWKhcLRMggt7vIJWMng==",
+    "node_modules/@aws-sdk/token-providers": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.667.0.tgz",
+      "integrity": "sha512-ZecJlG8p6D4UTYlBHwOWX6nknVtw/OBJ3yPXTSajBjhUlj9lE2xvejI8gl4rqkyLXk7z3bki+KR4tATbMaM9yg==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@aws-sdk/middleware-sdk-s3": "3.614.0",
-        "@aws-sdk/types": "3.609.0",
-        "@smithy/protocol-http": "^4.0.3",
-        "@smithy/signature-v4": "^3.1.2",
-        "@smithy/types": "^3.3.0",
+        "@aws-sdk/types": "3.667.0",
+        "@smithy/property-provider": "^3.1.7",
+        "@smithy/shared-ini-file-loader": "^3.1.8",
+        "@smithy/types": "^3.5.0",
         "tslib": "^2.6.2"
       },
       "engines": {
         "node": ">=16.0.0"
+      },
+      "peerDependencies": {
+        "@aws-sdk/client-sso-oidc": "^3.667.0"
       }
     },
-    "node_modules/@aws-sdk/token-providers": {
-      "version": "3.614.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.614.0.tgz",
-      "integrity": "sha512-okItqyY6L9IHdxqs+Z116y5/nda7rHxLvROxtAJdLavWTYDydxrZstImNgGWTeVdmc0xX2gJCI77UYUTQWnhRw==",
+    "node_modules/@aws-sdk/token-providers/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@aws-sdk/types": "3.609.0",
-        "@smithy/property-provider": "^3.1.3",
-        "@smithy/shared-ini-file-loader": "^3.1.4",
-        "@smithy/types": "^3.3.0",
+        "@smithy/types": "^3.5.0",
         "tslib": "^2.6.2"
       },
       "engines": {
         "node": ">=16.0.0"
-      },
-      "peerDependencies": {
-        "@aws-sdk/client-sso-oidc": "^3.614.0"
       }
     },
     "node_modules/@aws-sdk/types": {
@@ -1373,14 +1871,27 @@
       }
     },
     "node_modules/@aws-sdk/util-endpoints": {
-      "version": "3.614.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.614.0.tgz",
-      "integrity": "sha512-wK2cdrXHH4oz4IomV/yrGkftU9A+ITB6nFL+rxxyO78is2ifHJpFdV4aqk4LSkXYPi6CXWNru/Dqc7yiKXgJPw==",
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.667.0.tgz",
+      "integrity": "sha512-X22SYDAuQJWnkF1/q17pkX3nGw5XMD9YEUbmt87vUnRq7iyJ3JOpl6UKOBeUBaL838wA5yzdbinmCITJ/VZ1QA==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@aws-sdk/types": "3.609.0",
-        "@smithy/types": "^3.3.0",
-        "@smithy/util-endpoints": "^2.0.5",
+        "@aws-sdk/types": "3.667.0",
+        "@smithy/types": "^3.5.0",
+        "@smithy/util-endpoints": "^2.1.3",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@aws-sdk/util-endpoints/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -1399,26 +1910,40 @@
       }
     },
     "node_modules/@aws-sdk/util-user-agent-browser": {
-      "version": "3.609.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.609.0.tgz",
-      "integrity": "sha512-fojPU+mNahzQ0YHYBsx0ZIhmMA96H+ZIZ665ObU9tl+SGdbLneVZVikGve+NmHTQwHzwkFsZYYnVKAkreJLAtA==",
+      "version": "3.675.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.675.0.tgz",
+      "integrity": "sha512-HW4vGfRiX54RLcsYjLuAhcBBJ6lRVEZd7njfGpAwBB9s7BH8t48vrpYbyA5XbbqbTvXfYBnugQCUw9HWjEa1ww==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@aws-sdk/types": "3.609.0",
-        "@smithy/types": "^3.3.0",
+        "@aws-sdk/types": "3.667.0",
+        "@smithy/types": "^3.5.0",
         "bowser": "^2.11.0",
         "tslib": "^2.6.2"
       }
     },
+    "node_modules/@aws-sdk/util-user-agent-browser/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
     "node_modules/@aws-sdk/util-user-agent-node": {
-      "version": "3.614.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.614.0.tgz",
-      "integrity": "sha512-15ElZT88peoHnq5TEoEtZwoXTXRxNrk60TZNdpl/TUBJ5oNJ9Dqb5Z4ryb8ofN6nm9aFf59GVAerFDz8iUoHBA==",
+      "version": "3.678.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.678.0.tgz",
+      "integrity": "sha512-bKRemCdHMPAlEYE9KuQiMQG9/b4n8C+9DlJAL/X00Q7Zvm9Gv6h0+i5EZ+Xx8sbHq5oUv9a4W4tb+nkUZ0ltpw==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@aws-sdk/types": "3.609.0",
-        "@smithy/node-config-provider": "^3.1.4",
-        "@smithy/types": "^3.3.0",
+        "@aws-sdk/middleware-user-agent": "3.678.0",
+        "@aws-sdk/types": "3.667.0",
+        "@smithy/node-config-provider": "^3.1.8",
+        "@smithy/types": "^3.5.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -1433,13 +1958,26 @@
         }
       }
     },
+    "node_modules/@aws-sdk/util-user-agent-node/node_modules/@aws-sdk/types": {
+      "version": "3.667.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.667.0.tgz",
+      "integrity": "sha512-gYq0xCsqFfQaSL/yT1Gl1vIUjtsg7d7RhnUfsXaHt8xTxOKRTdH9GjbesBjXOzgOvB0W0vfssfreSNGFlOOMJg==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/types": "^3.5.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
     "node_modules/@aws-sdk/xml-builder": {
-      "version": "3.609.0",
-      "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.609.0.tgz",
-      "integrity": "sha512-l9XxNcA4HX98rwCC2/KoiWcmEiRfZe4G+mYwDbCFT87JIMj6GBhLDkAzr/W8KAaA2IDr8Vc6J8fZPgVulxxfMA==",
+      "version": "3.662.0",
+      "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.662.0.tgz",
+      "integrity": "sha512-ikLkXn0igUpnJu2mCZjklvmcDGWT9OaLRv3JyC/cRkTaaSrblPjPM7KKsltxdMTLQ+v7fjCN0TsJpxphMfaOPA==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/types": "^3.3.0",
+        "@smithy/types": "^3.5.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -7409,12 +7947,12 @@
       "dev": true
     },
     "node_modules/@smithy/abort-controller": {
-      "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-3.1.1.tgz",
-      "integrity": "sha512-MBJBiidoe+0cTFhyxT8g+9g7CeVccLM0IOKKUMCNQ1CNMJ/eIfoo0RTfVrXOONEI1UCN1W+zkiHSbzUNE9dZtQ==",
+      "version": "3.1.6",
+      "resolved": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-3.1.6.tgz",
+      "integrity": "sha512-0XuhuHQlEqbNQZp7QxxrFTdVWdwxch4vjxYgfInF91hZFkPxf9QDrdQka0KfxFMPqLNzSw0b95uGTrLliQUavQ==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/types": "^3.3.0",
+        "@smithy/types": "^3.6.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -7422,18 +7960,18 @@
       }
     },
     "node_modules/@smithy/chunked-blob-reader": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-3.0.0.tgz",
-      "integrity": "sha512-sbnURCwjF0gSToGlsBiAmd1lRCmSn72nu9axfJu5lIx6RUEgHu6GwTMbqCdhQSi0Pumcm5vFxsi9XWXb2mTaoA==",
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader/-/chunked-blob-reader-4.0.0.tgz",
+      "integrity": "sha512-jSqRnZvkT4egkq/7b6/QRCNXmmYVcHwnJldqJ3IhVpQE2atObVJ137xmGeuGFhjFUr8gCEVAOKwSY79OvpbDaQ==",
       "license": "Apache-2.0",
       "dependencies": {
         "tslib": "^2.6.2"
       }
     },
     "node_modules/@smithy/chunked-blob-reader-native": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-3.0.0.tgz",
-      "integrity": "sha512-VDkpCYW+peSuM4zJip5WDfqvg2Mo/e8yxOv3VF1m11y7B8KKMKVFtmZWDe36Fvk8rGuWrPZHHXZ7rR7uM5yWyg==",
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/@smithy/chunked-blob-reader-native/-/chunked-blob-reader-native-3.0.1.tgz",
+      "integrity": "sha512-VEYtPvh5rs/xlyqpm5NRnfYLZn+q0SRPELbvBV+C/G7IQ+ouTuo+NKKa3ShG5OaFR8NYVMXls9hPYLTvIKKDrQ==",
       "license": "Apache-2.0",
       "dependencies": {
         "@smithy/util-base64": "^3.0.0",
@@ -7441,15 +7979,15 @@
       }
     },
     "node_modules/@smithy/config-resolver": {
-      "version": "3.0.5",
-      "resolved": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-3.0.5.tgz",
-      "integrity": "sha512-SkW5LxfkSI1bUC74OtfBbdz+grQXYiPYolyu8VfpLIjEoN/sHVBlLeGXMQ1vX4ejkgfv6sxVbQJ32yF2cl1veA==",
+      "version": "3.0.10",
+      "resolved": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-3.0.10.tgz",
+      "integrity": "sha512-Uh0Sz9gdUuz538nvkPiyv1DZRX9+D15EKDtnQP5rYVAzM/dnYk3P8cg73jcxyOitPgT3mE3OVj7ky7sibzHWkw==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/node-config-provider": "^3.1.4",
-        "@smithy/types": "^3.3.0",
+        "@smithy/node-config-provider": "^3.1.9",
+        "@smithy/types": "^3.6.0",
         "@smithy/util-config-provider": "^3.0.0",
-        "@smithy/util-middleware": "^3.0.3",
+        "@smithy/util-middleware": "^3.0.8",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -7457,18 +7995,56 @@
       }
     },
     "node_modules/@smithy/core": {
-      "version": "2.2.6",
-      "resolved": "https://registry.npmjs.org/@smithy/core/-/core-2.2.6.tgz",
-      "integrity": "sha512-tBbVIv/ui7/lLTKayYJJvi8JLVL2SwOQTbNFEOrvzSE3ktByvsa1erwBOnAMo8N5Vu30g7lN4lLStrU75oDGuw==",
+      "version": "2.5.1",
+      "resolved": "https://registry.npmjs.org/@smithy/core/-/core-2.5.1.tgz",
+      "integrity": "sha512-DujtuDA7BGEKExJ05W5OdxCoyekcKT3Rhg1ZGeiUWaz2BJIWXjZmsG/DIP4W48GHno7AQwRsaCb8NcBgH3QZpg==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/middleware-endpoint": "^3.0.5",
-        "@smithy/middleware-retry": "^3.0.9",
-        "@smithy/middleware-serde": "^3.0.3",
-        "@smithy/protocol-http": "^4.0.3",
-        "@smithy/smithy-client": "^3.1.7",
-        "@smithy/types": "^3.3.0",
-        "@smithy/util-middleware": "^3.0.3",
+        "@smithy/middleware-serde": "^3.0.8",
+        "@smithy/protocol-http": "^4.1.5",
+        "@smithy/types": "^3.6.0",
+        "@smithy/util-body-length-browser": "^3.0.0",
+        "@smithy/util-middleware": "^3.0.8",
+        "@smithy/util-stream": "^3.2.1",
+        "@smithy/util-utf8": "^3.0.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@smithy/core/node_modules/@smithy/is-array-buffer": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-3.0.0.tgz",
+      "integrity": "sha512-+Fsu6Q6C4RSJiy81Y8eApjEB5gVtM+oFKTffg+jSuwtvomJJrhUJBu2zS8wjXSgH/g1MKEWrzyChTBe6clb5FQ==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@smithy/core/node_modules/@smithy/util-buffer-from": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-3.0.0.tgz",
+      "integrity": "sha512-aEOHCgq5RWFbP+UDPvPot26EJHjOC+bRgse5A8V3FSShqd5E5UN4qc7zkwsvJPPAVsf73QwYcHN1/gt/rtLwQA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/is-array-buffer": "^3.0.0",
+        "tslib": "^2.6.2"
+      },
+      "engines": {
+        "node": ">=16.0.0"
+      }
+    },
+    "node_modules/@smithy/core/node_modules/@smithy/util-utf8": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-3.0.0.tgz",
+      "integrity": "sha512-rUeT12bxFnplYDe815GXbq/oixEGHfRFFtcTF3YdDi/JaENIM6aSYYLJydG83UNzLXeRI5K8abYd/8Sp/QM0kA==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/util-buffer-from": "^3.0.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -7476,15 +8052,15 @@
       }
     },
     "node_modules/@smithy/credential-provider-imds": {
-      "version": "3.1.4",
-      "resolved": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-3.1.4.tgz",
-      "integrity": "sha512-NKyH01m97Xa5xf3pB2QOF3lnuE8RIK0hTVNU5zvZAwZU8uspYO4DHQVlK+Y5gwSrujTfHvbfd1D9UFJAc0iYKQ==",
+      "version": "3.2.5",
+      "resolved": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-3.2.5.tgz",
+      "integrity": "sha512-4FTQGAsuwqTzVMmiRVTn0RR9GrbRfkP0wfu/tXWVHd2LgNpTY0uglQpIScXK4NaEyXbB3JmZt8gfVqO50lP8wg==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/node-config-provider": "^3.1.4",
-        "@smithy/property-provider": "^3.1.3",
-        "@smithy/types": "^3.3.0",
-        "@smithy/url-parser": "^3.0.3",
+        "@smithy/node-config-provider": "^3.1.9",
+        "@smithy/property-provider": "^3.1.8",
+        "@smithy/types": "^3.6.0",
+        "@smithy/url-parser": "^3.0.8",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -7492,25 +8068,25 @@
       }
     },
     "node_modules/@smithy/eventstream-codec": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-3.1.2.tgz",
-      "integrity": "sha512-0mBcu49JWt4MXhrhRAlxASNy0IjDRFU+aWNDRal9OtUJvJNiwDuyKMUONSOjLjSCeGwZaE0wOErdqULer8r7yw==",
+      "version": "3.1.7",
+      "resolved": "https://registry.npmjs.org/@smithy/eventstream-codec/-/eventstream-codec-3.1.7.tgz",
+      "integrity": "sha512-kVSXScIiRN7q+s1x7BrQtZ1Aa9hvvP9FeCqCdBxv37GimIHgBCOnZ5Ip80HLt0DhnAKpiobFdGqTFgbaJNrazA==",
       "license": "Apache-2.0",
       "dependencies": {
         "@aws-crypto/crc32": "5.2.0",
-        "@smithy/types": "^3.3.0",
+        "@smithy/types": "^3.6.0",
         "@smithy/util-hex-encoding": "^3.0.0",
         "tslib": "^2.6.2"
       }
     },
     "node_modules/@smithy/eventstream-serde-browser": {
-      "version": "3.0.4",
-      "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-3.0.4.tgz",
-      "integrity": "sha512-Eo4anLZX6ltGJTZ5yJMc80gZPYYwBn44g0h7oFq6et+TYr5dUsTpIcDbz2evsOKIZhZ7zBoFWHtBXQ4QQeb5xA==",
+      "version": "3.0.11",
+      "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-browser/-/eventstream-serde-browser-3.0.11.tgz",
+      "integrity": "sha512-Pd1Wnq3CQ/v2SxRifDUihvpXzirJYbbtXfEnnLV/z0OGCTx/btVX74P86IgrZkjOydOASBGXdPpupYQI+iO/6A==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/eventstream-serde-universal": "^3.0.4",
-        "@smithy/types": "^3.3.0",
+        "@smithy/eventstream-serde-universal": "^3.0.10",
+        "@smithy/types": "^3.6.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -7518,12 +8094,12 @@
       }
     },
     "node_modules/@smithy/eventstream-serde-config-resolver": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-3.0.3.tgz",
-      "integrity": "sha512-NVTYjOuYpGfrN/VbRQgn31x73KDLfCXCsFdad8DiIc3IcdxL+dYA9zEQPyOP7Fy2QL8CPy2WE4WCUD+ZsLNfaQ==",
+      "version": "3.0.8",
+      "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-config-resolver/-/eventstream-serde-config-resolver-3.0.8.tgz",
+      "integrity": "sha512-zkFIG2i1BLbfoGQnf1qEeMqX0h5qAznzaZmMVNnvPZz9J5AWBPkOMckZWPedGUPcVITacwIdQXoPcdIQq5FRcg==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/types": "^3.3.0",
+        "@smithy/types": "^3.6.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -7531,13 +8107,13 @@
       }
     },
     "node_modules/@smithy/eventstream-serde-node": {
-      "version": "3.0.4",
-      "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-3.0.4.tgz",
-      "integrity": "sha512-mjlG0OzGAYuUpdUpflfb9zyLrBGgmQmrobNT8b42ZTsGv/J03+t24uhhtVEKG/b2jFtPIHF74Bq+VUtbzEKOKg==",
+      "version": "3.0.10",
+      "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-node/-/eventstream-serde-node-3.0.10.tgz",
+      "integrity": "sha512-hjpU1tIsJ9qpcoZq9zGHBJPBOeBGYt+n8vfhDwnITPhEre6APrvqq/y3XMDEGUT2cWQ4ramNqBPRbx3qn55rhw==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/eventstream-serde-universal": "^3.0.4",
-        "@smithy/types": "^3.3.0",
+        "@smithy/eventstream-serde-universal": "^3.0.10",
+        "@smithy/types": "^3.6.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -7545,13 +8121,13 @@
       }
     },
     "node_modules/@smithy/eventstream-serde-universal": {
-      "version": "3.0.4",
-      "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-3.0.4.tgz",
-      "integrity": "sha512-Od9dv8zh3PgOD7Vj4T3HSuox16n0VG8jJIM2gvKASL6aCtcS8CfHZDWe1Ik3ZXW6xBouU+45Q5wgoliWDZiJ0A==",
+      "version": "3.0.10",
+      "resolved": "https://registry.npmjs.org/@smithy/eventstream-serde-universal/-/eventstream-serde-universal-3.0.10.tgz",
+      "integrity": "sha512-ewG1GHbbqsFZ4asaq40KmxCmXO+AFSM1b+DcO2C03dyJj/ZH71CiTg853FSE/3SHK9q3jiYQIFjlGSwfxQ9kww==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/eventstream-codec": "^3.1.2",
-        "@smithy/types": "^3.3.0",
+        "@smithy/eventstream-codec": "^3.1.7",
+        "@smithy/types": "^3.6.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -7559,37 +8135,37 @@
       }
     },
     "node_modules/@smithy/fetch-http-handler": {
-      "version": "3.2.1",
-      "resolved": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-3.2.1.tgz",
-      "integrity": "sha512-0w0bgUvZmfa0vHN8a+moByhCJT07WN6AHKEhFSOLsDpnszm+5dLVv5utGaqbhOrZ/aF5x3xuPMs/oMCd+4O5xg==",
+      "version": "3.2.9",
+      "resolved": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-3.2.9.tgz",
+      "integrity": "sha512-hYNVQOqhFQ6vOpenifFME546f0GfJn2OiQ3M0FDmuUu8V/Uiwy2wej7ZXxFBNqdx0R5DZAqWM1l6VRhGz8oE6A==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/protocol-http": "^4.0.3",
-        "@smithy/querystring-builder": "^3.0.3",
-        "@smithy/types": "^3.3.0",
+        "@smithy/protocol-http": "^4.1.4",
+        "@smithy/querystring-builder": "^3.0.7",
+        "@smithy/types": "^3.5.0",
         "@smithy/util-base64": "^3.0.0",
         "tslib": "^2.6.2"
       }
     },
     "node_modules/@smithy/hash-blob-browser": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-3.1.2.tgz",
-      "integrity": "sha512-hAbfqN2UbISltakCC2TP0kx4LqXBttEv2MqSPE98gVuDFMf05lU+TpC41QtqGP3Ff5A3GwZMPfKnEy0VmEUpmg==",
+      "version": "3.1.7",
+      "resolved": "https://registry.npmjs.org/@smithy/hash-blob-browser/-/hash-blob-browser-3.1.7.tgz",
+      "integrity": "sha512-4yNlxVNJifPM5ThaA5HKnHkn7JhctFUHvcaz6YXxHlYOSIrzI6VKQPTN8Gs1iN5nqq9iFcwIR9THqchUCouIfg==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/chunked-blob-reader": "^3.0.0",
-        "@smithy/chunked-blob-reader-native": "^3.0.0",
-        "@smithy/types": "^3.3.0",
+        "@smithy/chunked-blob-reader": "^4.0.0",
+        "@smithy/chunked-blob-reader-native": "^3.0.1",
+        "@smithy/types": "^3.6.0",
         "tslib": "^2.6.2"
       }
     },
     "node_modules/@smithy/hash-node": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-3.0.3.tgz",
-      "integrity": "sha512-2ctBXpPMG+B3BtWSGNnKELJ7SH9e4TNefJS0cd2eSkOOROeBnnVBnAy9LtJ8tY4vUEoe55N4CNPxzbWvR39iBw==",
+      "version": "3.0.8",
+      "resolved": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-3.0.8.tgz",
+      "integrity": "sha512-tlNQYbfpWXHimHqrvgo14DrMAgUBua/cNoz9fMYcDmYej7MAmUcjav/QKQbFc3NrcPxeJ7QClER4tWZmfwoPng==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/types": "^3.3.0",
+        "@smithy/types": "^3.6.0",
         "@smithy/util-buffer-from": "^3.0.0",
         "@smithy/util-utf8": "^3.0.0",
         "tslib": "^2.6.2"
@@ -7637,12 +8213,12 @@
       }
     },
     "node_modules/@smithy/hash-stream-node": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-3.1.2.tgz",
-      "integrity": "sha512-PBgDMeEdDzi6JxKwbfBtwQG9eT9cVwsf0dZzLXoJF4sHKHs5HEo/3lJWpn6jibfJwT34I1EBXpBnZE8AxAft6g==",
+      "version": "3.1.7",
+      "resolved": "https://registry.npmjs.org/@smithy/hash-stream-node/-/hash-stream-node-3.1.7.tgz",
+      "integrity": "sha512-xMAsvJ3hLG63lsBVi1Hl6BBSfhd8/Qnp8fC06kjOpJvyyCEXdwHITa5Kvdsk6gaAXLhbZMhQMIGvgUbfnJDP6Q==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/types": "^3.3.0",
+        "@smithy/types": "^3.6.0",
         "@smithy/util-utf8": "^3.0.0",
         "tslib": "^2.6.2"
       },
@@ -7689,12 +8265,12 @@
       }
     },
     "node_modules/@smithy/invalid-dependency": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-3.0.3.tgz",
-      "integrity": "sha512-ID1eL/zpDULmHJbflb864k72/SNOZCADRc9i7Exq3RUNJw6raWUSlFEQ+3PX3EYs++bTxZB2dE9mEHTQLv61tw==",
+      "version": "3.0.8",
+      "resolved": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-3.0.8.tgz",
+      "integrity": "sha512-7Qynk6NWtTQhnGTTZwks++nJhQ1O54Mzi7fz4PqZOiYXb4Z1Flpb2yRvdALoggTS8xjtohWUM+RygOtB30YL3Q==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/types": "^3.3.0",
+        "@smithy/types": "^3.6.0",
         "tslib": "^2.6.2"
       }
     },
@@ -7710,12 +8286,12 @@
       }
     },
     "node_modules/@smithy/md5-js": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-3.0.3.tgz",
-      "integrity": "sha512-O/SAkGVwpWmelpj/8yDtsaVe6sINHLB1q8YE/+ZQbDxIw3SRLbTZuRaI10K12sVoENdnHqzPp5i3/H+BcZ3m3Q==",
+      "version": "3.0.8",
+      "resolved": "https://registry.npmjs.org/@smithy/md5-js/-/md5-js-3.0.8.tgz",
+      "integrity": "sha512-LwApfTK0OJ/tCyNUXqnWCKoE2b4rDSr4BJlDAVCkiWYeHESr+y+d5zlAanuLW6fnitVJRD/7d9/kN/ZM9Su4mA==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/types": "^3.3.0",
+        "@smithy/types": "^3.6.0",
         "@smithy/util-utf8": "^3.0.0",
         "tslib": "^2.6.2"
       }
@@ -7759,13 +8335,13 @@
       }
     },
     "node_modules/@smithy/middleware-content-length": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-3.0.3.tgz",
-      "integrity": "sha512-Dbz2bzexReYIQDWMr+gZhpwBetNXzbhnEMhYKA6urqmojO14CsXjnsoPYO8UL/xxcawn8ZsuVU61ElkLSltIUQ==",
+      "version": "3.0.10",
+      "resolved": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-3.0.10.tgz",
+      "integrity": "sha512-T4dIdCs1d/+/qMpwhJ1DzOhxCZjZHbHazEPJWdB4GDi2HjIZllVzeBEcdJUN0fomV8DURsgOyrbEUzg3vzTaOg==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/protocol-http": "^4.0.3",
-        "@smithy/types": "^3.3.0",
+        "@smithy/protocol-http": "^4.1.5",
+        "@smithy/types": "^3.6.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -7773,17 +8349,18 @@
       }
     },
     "node_modules/@smithy/middleware-endpoint": {
-      "version": "3.0.5",
-      "resolved": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-3.0.5.tgz",
-      "integrity": "sha512-V4acqqrh5tDxUEGVTOgf2lYMZqPQsoGntCrjrJZEeBzEzDry2d2vcI1QCXhGltXPPY+BMc6eksZMguA9fIY8vA==",
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-3.2.1.tgz",
+      "integrity": "sha512-wWO3xYmFm6WRW8VsEJ5oU6h7aosFXfszlz3Dj176pTij6o21oZnzkCLzShfmRaaCHDkBXWBdO0c4sQAvLFP6zA==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/middleware-serde": "^3.0.3",
-        "@smithy/node-config-provider": "^3.1.4",
-        "@smithy/shared-ini-file-loader": "^3.1.4",
-        "@smithy/types": "^3.3.0",
-        "@smithy/url-parser": "^3.0.3",
-        "@smithy/util-middleware": "^3.0.3",
+        "@smithy/core": "^2.5.1",
+        "@smithy/middleware-serde": "^3.0.8",
+        "@smithy/node-config-provider": "^3.1.9",
+        "@smithy/shared-ini-file-loader": "^3.1.9",
+        "@smithy/types": "^3.6.0",
+        "@smithy/url-parser": "^3.0.8",
+        "@smithy/util-middleware": "^3.0.8",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -7791,18 +8368,18 @@
       }
     },
     "node_modules/@smithy/middleware-retry": {
-      "version": "3.0.9",
-      "resolved": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-3.0.9.tgz",
-      "integrity": "sha512-Mrv9omExU1gA7Y0VEJG2LieGfPYtwwcEiOnVGZ54a37NEMr66TJ0glFslOJFuKWG6izg5DpKIUmDV9rRxjm47Q==",
+      "version": "3.0.25",
+      "resolved": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-3.0.25.tgz",
+      "integrity": "sha512-m1F70cPaMBML4HiTgCw5I+jFNtjgz5z5UdGnUbG37vw6kh4UvizFYjqJGHvicfgKMkDL6mXwyPp5mhZg02g5sg==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/node-config-provider": "^3.1.4",
-        "@smithy/protocol-http": "^4.0.3",
-        "@smithy/service-error-classification": "^3.0.3",
-        "@smithy/smithy-client": "^3.1.7",
-        "@smithy/types": "^3.3.0",
-        "@smithy/util-middleware": "^3.0.3",
-        "@smithy/util-retry": "^3.0.3",
+        "@smithy/node-config-provider": "^3.1.9",
+        "@smithy/protocol-http": "^4.1.5",
+        "@smithy/service-error-classification": "^3.0.8",
+        "@smithy/smithy-client": "^3.4.2",
+        "@smithy/types": "^3.6.0",
+        "@smithy/util-middleware": "^3.0.8",
+        "@smithy/util-retry": "^3.0.8",
         "tslib": "^2.6.2",
         "uuid": "^9.0.1"
       },
@@ -7824,12 +8401,12 @@
       }
     },
     "node_modules/@smithy/middleware-serde": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-3.0.3.tgz",
-      "integrity": "sha512-puUbyJQBcg9eSErFXjKNiGILJGtiqmuuNKEYNYfUD57fUl4i9+mfmThtQhvFXU0hCVG0iEJhvQUipUf+/SsFdA==",
+      "version": "3.0.8",
+      "resolved": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-3.0.8.tgz",
+      "integrity": "sha512-Xg2jK9Wc/1g/MBMP/EUn2DLspN8LNt+GMe7cgF+Ty3vl+Zvu+VeZU5nmhveU+H8pxyTsjrAkci8NqY6OuvZnjA==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/types": "^3.3.0",
+        "@smithy/types": "^3.6.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -7837,12 +8414,12 @@
       }
     },
     "node_modules/@smithy/middleware-stack": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-3.0.3.tgz",
-      "integrity": "sha512-r4klY9nFudB0r9UdSMaGSyjyQK5adUyPnQN/ZM6M75phTxOdnc/AhpvGD1fQUvgmqjQEBGCwpnPbDm8pH5PapA==",
+      "version": "3.0.8",
+      "resolved": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-3.0.8.tgz",
+      "integrity": "sha512-d7ZuwvYgp1+3682Nx0MD3D/HtkmZd49N3JUndYWQXfRZrYEnCWYc8BHcNmVsPAp9gKvlurdg/mubE6b/rPS9MA==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/types": "^3.3.0",
+        "@smithy/types": "^3.6.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -7850,14 +8427,14 @@
       }
     },
     "node_modules/@smithy/node-config-provider": {
-      "version": "3.1.4",
-      "resolved": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-3.1.4.tgz",
-      "integrity": "sha512-YvnElQy8HR4vDcAjoy7Xkx9YT8xZP4cBXcbJSgm/kxmiQu08DwUwj8rkGnyoJTpfl/3xYHH+d8zE+eHqoDCSdQ==",
+      "version": "3.1.9",
+      "resolved": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-3.1.9.tgz",
+      "integrity": "sha512-qRHoah49QJ71eemjuS/WhUXB+mpNtwHRWQr77J/m40ewBVVwvo52kYAmb7iuaECgGTTcYxHS4Wmewfwy++ueew==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/property-provider": "^3.1.3",
-        "@smithy/shared-ini-file-loader": "^3.1.4",
-        "@smithy/types": "^3.3.0",
+        "@smithy/property-provider": "^3.1.8",
+        "@smithy/shared-ini-file-loader": "^3.1.9",
+        "@smithy/types": "^3.6.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -7865,15 +8442,15 @@
       }
     },
     "node_modules/@smithy/node-http-handler": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-3.1.2.tgz",
-      "integrity": "sha512-Td3rUNI7qqtoSLTsJBtsyfoG4cF/XMFmJr6Z2dX8QNzIi6tIW6YmuyFml8mJ2cNpyWNqITKbROMOFrvQjmsOvw==",
+      "version": "3.2.5",
+      "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-3.2.5.tgz",
+      "integrity": "sha512-PkOwPNeKdvX/jCpn0A8n9/TyoxjGZB8WVoJmm9YzsnAgggTj4CrjpRHlTQw7dlLZ320n1mY1y+nTRUDViKi/3w==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/abort-controller": "^3.1.1",
-        "@smithy/protocol-http": "^4.0.3",
-        "@smithy/querystring-builder": "^3.0.3",
-        "@smithy/types": "^3.3.0",
+        "@smithy/abort-controller": "^3.1.6",
+        "@smithy/protocol-http": "^4.1.5",
+        "@smithy/querystring-builder": "^3.0.8",
+        "@smithy/types": "^3.6.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -7881,12 +8458,12 @@
       }
     },
     "node_modules/@smithy/property-provider": {
-      "version": "3.1.3",
-      "resolved": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-3.1.3.tgz",
-      "integrity": "sha512-zahyOVR9Q4PEoguJ/NrFP4O7SMAfYO1HLhB18M+q+Z4KFd4V2obiMnlVoUFzFLSPeVt1POyNWneHHrZaTMoc/g==",
+      "version": "3.1.8",
+      "resolved": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-3.1.8.tgz",
+      "integrity": "sha512-ukNUyo6rHmusG64lmkjFeXemwYuKge1BJ8CtpVKmrxQxc6rhUX0vebcptFA9MmrGsnLhwnnqeH83VTU9hwOpjA==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/types": "^3.3.0",
+        "@smithy/types": "^3.6.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -7894,12 +8471,12 @@
       }
     },
     "node_modules/@smithy/protocol-http": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-4.0.3.tgz",
-      "integrity": "sha512-x5jmrCWwQlx+Zv4jAtc33ijJ+vqqYN+c/ZkrnpvEe/uDas7AT7A/4Rc2CdfxgWv4WFGmEqODIrrUToPN6DDkGw==",
+      "version": "4.1.5",
+      "resolved": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-4.1.5.tgz",
+      "integrity": "sha512-hsjtwpIemmCkm3ZV5fd/T0bPIugW1gJXwZ/hpuVubt2hEUApIoUTrf6qIdh9MAWlw0vjMrA1ztJLAwtNaZogvg==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/types": "^3.3.0",
+        "@smithy/types": "^3.6.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -7907,12 +8484,12 @@
       }
     },
     "node_modules/@smithy/querystring-builder": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-3.0.3.tgz",
-      "integrity": "sha512-vyWckeUeesFKzCDaRwWLUA1Xym9McaA6XpFfAK5qI9DKJ4M33ooQGqvM4J+LalH4u/Dq9nFiC8U6Qn1qi0+9zw==",
+      "version": "3.0.8",
+      "resolved": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-3.0.8.tgz",
+      "integrity": "sha512-btYxGVqFUARbUrN6VhL9c3dnSviIwBYD9Rz1jHuN1hgh28Fpv2xjU1HeCeDJX68xctz7r4l1PBnFhGg1WBBPuA==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/types": "^3.3.0",
+        "@smithy/types": "^3.6.0",
         "@smithy/util-uri-escape": "^3.0.0",
         "tslib": "^2.6.2"
       },
@@ -7921,12 +8498,12 @@
       }
     },
     "node_modules/@smithy/querystring-parser": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-3.0.3.tgz",
-      "integrity": "sha512-zahM1lQv2YjmznnfQsWbYojFe55l0SLG/988brlLv1i8z3dubloLF+75ATRsqPBboUXsW6I9CPGE5rQgLfY0vQ==",
+      "version": "3.0.8",
+      "resolved": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-3.0.8.tgz",
+      "integrity": "sha512-BtEk3FG7Ks64GAbt+JnKqwuobJNX8VmFLBsKIwWr1D60T426fGrV2L3YS5siOcUhhp6/Y6yhBw1PSPxA5p7qGg==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/types": "^3.3.0",
+        "@smithy/types": "^3.6.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -7934,80 +8511,24 @@
       }
     },
     "node_modules/@smithy/service-error-classification": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-3.0.3.tgz",
-      "integrity": "sha512-Jn39sSl8cim/VlkLsUhRFq/dKDnRUFlfRkvhOJaUbLBXUsLRLNf9WaxDv/z9BjuQ3A6k/qE8af1lsqcwm7+DaQ==",
+      "version": "3.0.8",
+      "resolved": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-3.0.8.tgz",
+      "integrity": "sha512-uEC/kCCFto83bz5ZzapcrgGqHOh/0r69sZ2ZuHlgoD5kYgXJEThCoTuw/y1Ub3cE7aaKdznb+jD9xRPIfIwD7g==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/types": "^3.3.0"
+        "@smithy/types": "^3.6.0"
       },
       "engines": {
         "node": ">=16.0.0"
       }
     },
     "node_modules/@smithy/shared-ini-file-loader": {
-      "version": "3.1.4",
-      "resolved": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-3.1.4.tgz",
-      "integrity": "sha512-qMxS4hBGB8FY2GQqshcRUy1K6k8aBWP5vwm8qKkCT3A9K2dawUwOIJfqh9Yste/Bl0J2lzosVyrXDj68kLcHXQ==",
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@smithy/types": "^3.3.0",
-        "tslib": "^2.6.2"
-      },
-      "engines": {
-        "node": ">=16.0.0"
-      }
-    },
-    "node_modules/@smithy/signature-v4": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-3.1.2.tgz",
-      "integrity": "sha512-3BcPylEsYtD0esM4Hoyml/+s7WP2LFhcM3J2AGdcL2vx9O60TtfpDOL72gjb4lU8NeRPeKAwR77YNyyGvMbuEA==",
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@smithy/is-array-buffer": "^3.0.0",
-        "@smithy/types": "^3.3.0",
-        "@smithy/util-hex-encoding": "^3.0.0",
-        "@smithy/util-middleware": "^3.0.3",
-        "@smithy/util-uri-escape": "^3.0.0",
-        "@smithy/util-utf8": "^3.0.0",
-        "tslib": "^2.6.2"
-      },
-      "engines": {
-        "node": ">=16.0.0"
-      }
-    },
-    "node_modules/@smithy/signature-v4/node_modules/@smithy/is-array-buffer": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-3.0.0.tgz",
-      "integrity": "sha512-+Fsu6Q6C4RSJiy81Y8eApjEB5gVtM+oFKTffg+jSuwtvomJJrhUJBu2zS8wjXSgH/g1MKEWrzyChTBe6clb5FQ==",
-      "license": "Apache-2.0",
-      "dependencies": {
-        "tslib": "^2.6.2"
-      },
-      "engines": {
-        "node": ">=16.0.0"
-      }
-    },
-    "node_modules/@smithy/signature-v4/node_modules/@smithy/util-buffer-from": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-3.0.0.tgz",
-      "integrity": "sha512-aEOHCgq5RWFbP+UDPvPot26EJHjOC+bRgse5A8V3FSShqd5E5UN4qc7zkwsvJPPAVsf73QwYcHN1/gt/rtLwQA==",
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@smithy/is-array-buffer": "^3.0.0",
-        "tslib": "^2.6.2"
-      },
-      "engines": {
-        "node": ">=16.0.0"
-      }
-    },
-    "node_modules/@smithy/signature-v4/node_modules/@smithy/util-utf8": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-3.0.0.tgz",
-      "integrity": "sha512-rUeT12bxFnplYDe815GXbq/oixEGHfRFFtcTF3YdDi/JaENIM6aSYYLJydG83UNzLXeRI5K8abYd/8Sp/QM0kA==",
+      "version": "3.1.9",
+      "resolved": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-3.1.9.tgz",
+      "integrity": "sha512-/+OsJRNtoRbtsX0UpSgWVxFZLsJHo/4sTr+kBg/J78sr7iC+tHeOvOJrS5hCpVQ6sWBbhWLp1UNiuMyZhE6pmA==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/util-buffer-from": "^3.0.0",
+        "@smithy/types": "^3.6.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -8015,16 +8536,17 @@
       }
     },
     "node_modules/@smithy/smithy-client": {
-      "version": "3.1.7",
-      "resolved": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-3.1.7.tgz",
-      "integrity": "sha512-nZbJZB0XI3YnaFBWGDBr7kjaew6O0oNYNmopyIz6gKZEbxzrtH7rwvU1GcVxcSFoOwWecLJEe79fxEMljHopFQ==",
+      "version": "3.4.2",
+      "resolved": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-3.4.2.tgz",
+      "integrity": "sha512-dxw1BDxJiY9/zI3cBqfVrInij6ShjpV4fmGHesGZZUiP9OSE/EVfdwdRz0PgvkEvrZHpsj2htRaHJfftE8giBA==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/middleware-endpoint": "^3.0.5",
-        "@smithy/middleware-stack": "^3.0.3",
-        "@smithy/protocol-http": "^4.0.3",
-        "@smithy/types": "^3.3.0",
-        "@smithy/util-stream": "^3.0.6",
+        "@smithy/core": "^2.5.1",
+        "@smithy/middleware-endpoint": "^3.2.1",
+        "@smithy/middleware-stack": "^3.0.8",
+        "@smithy/protocol-http": "^4.1.5",
+        "@smithy/types": "^3.6.0",
+        "@smithy/util-stream": "^3.2.1",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -8032,9 +8554,9 @@
       }
     },
     "node_modules/@smithy/types": {
-      "version": "3.3.0",
-      "resolved": "https://registry.npmjs.org/@smithy/types/-/types-3.3.0.tgz",
-      "integrity": "sha512-IxvBBCTFDHbVoK7zIxqA1ZOdc4QfM5HM7rGleCuHi7L1wnKv5Pn69xXJQ9hgxH60ZVygH9/JG0jRgtUncE3QUA==",
+      "version": "3.6.0",
+      "resolved": "https://registry.npmjs.org/@smithy/types/-/types-3.6.0.tgz",
+      "integrity": "sha512-8VXK/KzOHefoC65yRgCn5vG1cysPJjHnOVt9d0ybFQSmJgQj152vMn4EkYhGuaOmnnZvCPav/KnYyE6/KsNZ2w==",
       "license": "Apache-2.0",
       "dependencies": {
         "tslib": "^2.6.2"
@@ -8044,13 +8566,13 @@
       }
     },
     "node_modules/@smithy/url-parser": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-3.0.3.tgz",
-      "integrity": "sha512-pw3VtZtX2rg+s6HMs6/+u9+hu6oY6U7IohGhVNnjbgKy86wcIsSZwgHrFR+t67Uyxvp4Xz3p3kGXXIpTNisq8A==",
+      "version": "3.0.8",
+      "resolved": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-3.0.8.tgz",
+      "integrity": "sha512-4FdOhwpTW7jtSFWm7SpfLGKIBC9ZaTKG5nBF0wK24aoQKQyDIKUw3+KFWCQ9maMzrgTJIuOvOnsV2lLGW5XjTg==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/querystring-parser": "^3.0.3",
-        "@smithy/types": "^3.3.0",
+        "@smithy/querystring-parser": "^3.0.8",
+        "@smithy/types": "^3.6.0",
         "tslib": "^2.6.2"
       }
     },
@@ -8152,14 +8674,14 @@
       }
     },
     "node_modules/@smithy/util-defaults-mode-browser": {
-      "version": "3.0.9",
-      "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-3.0.9.tgz",
-      "integrity": "sha512-WKPcElz92MAQG09miBdb0GxEH/MwD5GfE8g07WokITq5g6J1ROQfYCKC1wNnkqAGfrSywT7L0rdvvqlBplqiyA==",
+      "version": "3.0.25",
+      "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-3.0.25.tgz",
+      "integrity": "sha512-fRw7zymjIDt6XxIsLwfJfYUfbGoO9CmCJk6rjJ/X5cd20+d2Is7xjU5Kt/AiDt6hX8DAf5dztmfP5O82gR9emA==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/property-provider": "^3.1.3",
-        "@smithy/smithy-client": "^3.1.7",
-        "@smithy/types": "^3.3.0",
+        "@smithy/property-provider": "^3.1.8",
+        "@smithy/smithy-client": "^3.4.2",
+        "@smithy/types": "^3.6.0",
         "bowser": "^2.11.0",
         "tslib": "^2.6.2"
       },
@@ -8168,17 +8690,17 @@
       }
     },
     "node_modules/@smithy/util-defaults-mode-node": {
-      "version": "3.0.9",
-      "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-3.0.9.tgz",
-      "integrity": "sha512-dQLrUqFxqpf0GvEKEuFdgXcdZwz6oFm752h4d6C7lQz+RLddf761L2r7dSwGWzESMMB3wKj0jL+skRhEGlecjw==",
+      "version": "3.0.25",
+      "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-3.0.25.tgz",
+      "integrity": "sha512-H3BSZdBDiVZGzt8TG51Pd2FvFO0PAx/A0mJ0EH8a13KJ6iUCdYnw/Dk/MdC1kTd0eUuUGisDFaxXVXo4HHFL1g==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/config-resolver": "^3.0.5",
-        "@smithy/credential-provider-imds": "^3.1.4",
-        "@smithy/node-config-provider": "^3.1.4",
-        "@smithy/property-provider": "^3.1.3",
-        "@smithy/smithy-client": "^3.1.7",
-        "@smithy/types": "^3.3.0",
+        "@smithy/config-resolver": "^3.0.10",
+        "@smithy/credential-provider-imds": "^3.2.5",
+        "@smithy/node-config-provider": "^3.1.9",
+        "@smithy/property-provider": "^3.1.8",
+        "@smithy/smithy-client": "^3.4.2",
+        "@smithy/types": "^3.6.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -8186,13 +8708,13 @@
       }
     },
     "node_modules/@smithy/util-endpoints": {
-      "version": "2.0.5",
-      "resolved": "https://registry.npmjs.org/@smithy/util-endpoints/-/util-endpoints-2.0.5.tgz",
-      "integrity": "sha512-ReQP0BWihIE68OAblC/WQmDD40Gx+QY1Ez8mTdFMXpmjfxSyz2fVQu3A4zXRfQU9sZXtewk3GmhfOHswvX+eNg==",
+      "version": "2.1.4",
+      "resolved": "https://registry.npmjs.org/@smithy/util-endpoints/-/util-endpoints-2.1.4.tgz",
+      "integrity": "sha512-kPt8j4emm7rdMWQyL0F89o92q10gvCUa6sBkBtDJ7nV2+P7wpXczzOfoDJ49CKXe5CCqb8dc1W+ZdLlrKzSAnQ==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/node-config-provider": "^3.1.4",
-        "@smithy/types": "^3.3.0",
+        "@smithy/node-config-provider": "^3.1.9",
+        "@smithy/types": "^3.6.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -8212,12 +8734,12 @@
       }
     },
     "node_modules/@smithy/util-middleware": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-3.0.3.tgz",
-      "integrity": "sha512-l+StyYYK/eO3DlVPbU+4Bi06Jjal+PFLSMmlWM1BEwyLxZ3aKkf1ROnoIakfaA7mC6uw3ny7JBkau4Yc+5zfWw==",
+      "version": "3.0.8",
+      "resolved": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-3.0.8.tgz",
+      "integrity": "sha512-p7iYAPaQjoeM+AKABpYWeDdtwQNxasr4aXQEA/OmbOaug9V0odRVDy3Wx4ci8soljE/JXQo+abV0qZpW8NX0yA==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/types": "^3.3.0",
+        "@smithy/types": "^3.6.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -8225,13 +8747,13 @@
       }
     },
     "node_modules/@smithy/util-retry": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-3.0.3.tgz",
-      "integrity": "sha512-AFw+hjpbtVApzpNDhbjNG5NA3kyoMs7vx0gsgmlJF4s+yz1Zlepde7J58zpIRIsdjc+emhpAITxA88qLkPF26w==",
+      "version": "3.0.8",
+      "resolved": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-3.0.8.tgz",
+      "integrity": "sha512-TCEhLnY581YJ+g1x0hapPz13JFqzmh/pMWL2KEFASC51qCfw3+Y47MrTmea4bUE5vsdxQ4F6/KFbUeSz22Q1ow==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/service-error-classification": "^3.0.3",
-        "@smithy/types": "^3.3.0",
+        "@smithy/service-error-classification": "^3.0.8",
+        "@smithy/types": "^3.6.0",
         "tslib": "^2.6.2"
       },
       "engines": {
@@ -8239,14 +8761,14 @@
       }
     },
     "node_modules/@smithy/util-stream": {
-      "version": "3.0.6",
-      "resolved": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-3.0.6.tgz",
-      "integrity": "sha512-w9i//7egejAIvplX821rPWWgaiY1dxsQUw0hXX7qwa/uZ9U3zplqTQ871jWadkcVB9gFDhkPWYVZf4yfFbZ0xA==",
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-3.2.1.tgz",
+      "integrity": "sha512-R3ufuzJRxSJbE58K9AEnL/uSZyVdHzud9wLS8tIbXclxKzoe09CRohj2xV8wpx5tj7ZbiJaKYcutMm1eYgz/0A==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/fetch-http-handler": "^3.2.1",
-        "@smithy/node-http-handler": "^3.1.2",
-        "@smithy/types": "^3.3.0",
+        "@smithy/fetch-http-handler": "^4.0.0",
+        "@smithy/node-http-handler": "^3.2.5",
+        "@smithy/types": "^3.6.0",
         "@smithy/util-base64": "^3.0.0",
         "@smithy/util-buffer-from": "^3.0.0",
         "@smithy/util-hex-encoding": "^3.0.0",
@@ -8257,6 +8779,19 @@
         "node": ">=16.0.0"
       }
     },
+    "node_modules/@smithy/util-stream/node_modules/@smithy/fetch-http-handler": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-4.0.0.tgz",
+      "integrity": "sha512-MLb1f5tbBO2X6K4lMEKJvxeLooyg7guq48C2zKr4qM7F2Gpkz4dc+hdSgu77pCJ76jVqFBjZczHYAs6dp15N+g==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@smithy/protocol-http": "^4.1.5",
+        "@smithy/querystring-builder": "^3.0.8",
+        "@smithy/types": "^3.6.0",
+        "@smithy/util-base64": "^3.0.0",
+        "tslib": "^2.6.2"
+      }
+    },
     "node_modules/@smithy/util-stream/node_modules/@smithy/is-array-buffer": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-3.0.0.tgz",
@@ -8320,13 +8855,13 @@
       }
     },
     "node_modules/@smithy/util-waiter": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-3.1.2.tgz",
-      "integrity": "sha512-4pP0EV3iTsexDx+8PPGAKCQpd/6hsQBaQhqWzU4hqKPHN5epPsxKbvUTIiYIHTxaKt6/kEaqPBpu/ufvfbrRzw==",
+      "version": "3.1.7",
+      "resolved": "https://registry.npmjs.org/@smithy/util-waiter/-/util-waiter-3.1.7.tgz",
+      "integrity": "sha512-d5yGlQtmN/z5eoTtIYgkvOw27US2Ous4VycnXatyoImIF9tzlcpnKqQ/V7qhvJmb2p6xZne1NopCLakdTnkBBQ==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@smithy/abort-controller": "^3.1.1",
-        "@smithy/types": "^3.3.0",
+        "@smithy/abort-controller": "^3.1.6",
+        "@smithy/types": "^3.6.0",
         "tslib": "^2.6.2"
       },
       "engines": {
diff --git a/package.json b/package.json
index 5302442c68a..004009450bb 100644
--- a/package.json
+++ b/package.json
@@ -30,7 +30,7 @@
   },
   "dependencies": {
     "@apollo/server": "4.11.0",
-    "@aws-sdk/client-s3": "3.614.0",
+    "@aws-sdk/client-s3": "3.678.0",
     "@babel/core": "7.25.8",
     "@babel/node": "7.25.7",
     "@babel/plugin-transform-typescript": "7.25.7",

From b731583c18188c3d656261a67e410241fed608d6 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 24 Oct 2024 12:59:53 +0200
Subject: [PATCH 005/129] chore(deps): update dependency
 @opentelemetry/auto-instrumentations-node to ^0.51.0 (#10402)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 89 ++++++++++++++++++++++++-----------------------
 package.json      |  2 +-
 2 files changed, 47 insertions(+), 44 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index cf7a1b9327a..ab0886c6a8b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -119,7 +119,7 @@
         "@babel/register": "^7.23.7",
         "@graphql-eslint/eslint-plugin": "^3.20.1",
         "@opentelemetry/api": "^1.7.0",
-        "@opentelemetry/auto-instrumentations-node": "^0.50.0",
+        "@opentelemetry/auto-instrumentations-node": "^0.51.0",
         "@opentelemetry/exporter-trace-otlp-proto": "^0.53.0",
         "@opentelemetry/instrumentation": "^0.53.0",
         "@opentelemetry/resources": "^1.20.0",
@@ -6169,15 +6169,15 @@
       }
     },
     "node_modules/@opentelemetry/auto-instrumentations-node": {
-      "version": "0.50.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/auto-instrumentations-node/-/auto-instrumentations-node-0.50.0.tgz",
-      "integrity": "sha512-LqoSiWrOM4Cnr395frDHL4R/o5c2fuqqrqW8sZwhxvkasImmVlyL66YMPHllM2O5xVj2nP2ANUKHZSd293meZA==",
+      "version": "0.51.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/auto-instrumentations-node/-/auto-instrumentations-node-0.51.0.tgz",
+      "integrity": "sha512-xsgydgtJiToxvFsDcmLDrHiFfHOmdomqk4KCnr40YZdsfw7KO4RJEU0om2f7pFh6WUI5q8nSQ53QgZ+DAz6TzA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
         "@opentelemetry/instrumentation": "^0.53.0",
         "@opentelemetry/instrumentation-amqplib": "^0.42.0",
-        "@opentelemetry/instrumentation-aws-lambda": "^0.44.0",
+        "@opentelemetry/instrumentation-aws-lambda": "^0.45.0",
         "@opentelemetry/instrumentation-aws-sdk": "^0.44.0",
         "@opentelemetry/instrumentation-bunyan": "^0.41.0",
         "@opentelemetry/instrumentation-cassandra-driver": "^0.41.0",
@@ -6185,8 +6185,8 @@
         "@opentelemetry/instrumentation-cucumber": "^0.9.0",
         "@opentelemetry/instrumentation-dataloader": "^0.12.0",
         "@opentelemetry/instrumentation-dns": "^0.39.0",
-        "@opentelemetry/instrumentation-express": "^0.42.0",
-        "@opentelemetry/instrumentation-fastify": "^0.39.0",
+        "@opentelemetry/instrumentation-express": "^0.43.0",
+        "@opentelemetry/instrumentation-fastify": "^0.40.0",
         "@opentelemetry/instrumentation-fs": "^0.15.0",
         "@opentelemetry/instrumentation-generic-pool": "^0.39.0",
         "@opentelemetry/instrumentation-graphql": "^0.43.0",
@@ -6205,21 +6205,21 @@
         "@opentelemetry/instrumentation-mysql2": "^0.41.0",
         "@opentelemetry/instrumentation-nestjs-core": "^0.40.0",
         "@opentelemetry/instrumentation-net": "^0.39.0",
-        "@opentelemetry/instrumentation-pg": "^0.44.0",
+        "@opentelemetry/instrumentation-pg": "^0.46.0",
         "@opentelemetry/instrumentation-pino": "^0.42.0",
         "@opentelemetry/instrumentation-redis": "^0.42.0",
-        "@opentelemetry/instrumentation-redis-4": "^0.42.0",
+        "@opentelemetry/instrumentation-redis-4": "^0.42.1",
         "@opentelemetry/instrumentation-restify": "^0.41.0",
         "@opentelemetry/instrumentation-router": "^0.40.0",
         "@opentelemetry/instrumentation-socket.io": "^0.42.0",
         "@opentelemetry/instrumentation-tedious": "^0.14.0",
         "@opentelemetry/instrumentation-undici": "^0.6.0",
         "@opentelemetry/instrumentation-winston": "^0.40.0",
-        "@opentelemetry/resource-detector-alibaba-cloud": "^0.29.1",
-        "@opentelemetry/resource-detector-aws": "^1.6.1",
+        "@opentelemetry/resource-detector-alibaba-cloud": "^0.29.3",
+        "@opentelemetry/resource-detector-aws": "^1.6.2",
         "@opentelemetry/resource-detector-azure": "^0.2.11",
-        "@opentelemetry/resource-detector-container": "^0.4.1",
-        "@opentelemetry/resource-detector-gcp": "^0.29.11",
+        "@opentelemetry/resource-detector-container": "^0.4.4",
+        "@opentelemetry/resource-detector-gcp": "^0.29.12",
         "@opentelemetry/resources": "^1.24.0",
         "@opentelemetry/sdk-node": "^0.53.0"
       },
@@ -6441,9 +6441,9 @@
       }
     },
     "node_modules/@opentelemetry/instrumentation-aws-lambda": {
-      "version": "0.44.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-aws-lambda/-/instrumentation-aws-lambda-0.44.0.tgz",
-      "integrity": "sha512-6vmr7FJIuopZzsQjEQTp4xWtF6kBp7DhD7pPIN8FN0dKUKyuVraABIpgWjMfelaUPy4rTYUGkYqPluhG0wx8Dw==",
+      "version": "0.45.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-aws-lambda/-/instrumentation-aws-lambda-0.45.0.tgz",
+      "integrity": "sha512-22ZnmYftKjFoiqC1k3tu2AVKiXSZv+ohuHWk4V4MdJpPuNkadY624aDkv5BmwDeavDxVFgqE9nGgDM9s3Q94mg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -6597,9 +6597,9 @@
       }
     },
     "node_modules/@opentelemetry/instrumentation-express": {
-      "version": "0.42.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-express/-/instrumentation-express-0.42.0.tgz",
-      "integrity": "sha512-YNcy7ZfGnLsVEqGXQPT+S0G1AE46N21ORY7i7yUQyfhGAL4RBjnZUqefMI0NwqIl6nGbr1IpF0rZGoN8Q7x12Q==",
+      "version": "0.43.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-express/-/instrumentation-express-0.43.0.tgz",
+      "integrity": "sha512-bxTIlzn9qPXJgrhz8/Do5Q3jIlqfpoJrSUtVGqH+90eM1v2PkPHc+SdE+zSqe4q9Y1UQJosmZ4N4bm7Zj/++MA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -6615,9 +6615,9 @@
       }
     },
     "node_modules/@opentelemetry/instrumentation-fastify": {
-      "version": "0.39.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-fastify/-/instrumentation-fastify-0.39.0.tgz",
-      "integrity": "sha512-SS9uSlKcsWZabhBp2szErkeuuBDgxOUlllwkS92dVaWRnMmwysPhcEgHKB8rUe3BHg/GnZC1eo1hbTZv4YhfoA==",
+      "version": "0.40.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-fastify/-/instrumentation-fastify-0.40.0.tgz",
+      "integrity": "sha512-74qj4nG3zPtU7g2x4sm2T4R3/pBMyrYstTsqSZwdlhQk1SD4l8OSY9sPRX1qkhfxOuW3U4KZQAV/Cymb3fB6hg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -6959,14 +6959,15 @@
       }
     },
     "node_modules/@opentelemetry/instrumentation-pg": {
-      "version": "0.44.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-pg/-/instrumentation-pg-0.44.0.tgz",
-      "integrity": "sha512-oTWVyzKqXud1BYEGX1loo2o4k4vaU1elr3vPO8NZolrBtFvQ34nx4HgUaexUDuEog00qQt+MLR5gws/p+JXMLQ==",
+      "version": "0.46.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-pg/-/instrumentation-pg-0.46.0.tgz",
+      "integrity": "sha512-PLbYYC7EIoigh9uzhBrDjyL4yhH9akjV2Mln3ci9+lD7p9HE5nUUgYCgcUasyr4bz99c8xy9ErzKLt38Y7Kodg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
+        "@opentelemetry/core": "^1.26.0",
         "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0",
+        "@opentelemetry/semantic-conventions": "1.27.0",
         "@opentelemetry/sql-common": "^0.40.1",
         "@types/pg": "8.6.1",
         "@types/pg-pool": "2.0.6"
@@ -7015,9 +7016,9 @@
       }
     },
     "node_modules/@opentelemetry/instrumentation-redis-4": {
-      "version": "0.42.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-redis-4/-/instrumentation-redis-4-0.42.0.tgz",
-      "integrity": "sha512-NaD+t2JNcOzX/Qa7kMy68JbmoVIV37fT/fJYzLKu2Wwd+0NCxt+K2OOsOakA8GVg8lSpFdbx4V/suzZZ2Pvdjg==",
+      "version": "0.42.1",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-redis-4/-/instrumentation-redis-4-0.42.1.tgz",
+      "integrity": "sha512-xm17LJhDfQzQo4wkM/zFwh6wk3SNN/FBFGkscI9Kj4efrb/o5p8Z3yE6ldBPNdIZ6RAwg2p3DL7fvE3DuUDJWA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -7278,13 +7279,14 @@
       }
     },
     "node_modules/@opentelemetry/resource-detector-alibaba-cloud": {
-      "version": "0.29.1",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-alibaba-cloud/-/resource-detector-alibaba-cloud-0.29.1.tgz",
-      "integrity": "sha512-Qshebw6azBuKUqGkVgambZlLS6Xh+LCoLXep1oqW1RSzSOHQxGYDsPs99v8NzO65eJHHOu8wc2yKsWZQAgYsSw==",
+      "version": "0.29.3",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-alibaba-cloud/-/resource-detector-alibaba-cloud-0.29.3.tgz",
+      "integrity": "sha512-jdnG/cYItxwKGRj2n3YsJn1+j3QsMRUfaH/mQSj2b6yULo7bKO4turvASwxy3GuSDH55VwrK+F8oIbanJk69ng==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/resources": "^1.0.0",
+        "@opentelemetry/core": "^1.26.0",
+        "@opentelemetry/resources": "^1.10.0",
         "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
@@ -7295,9 +7297,9 @@
       }
     },
     "node_modules/@opentelemetry/resource-detector-aws": {
-      "version": "1.6.1",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-aws/-/resource-detector-aws-1.6.1.tgz",
-      "integrity": "sha512-A/3lqx9xoew7sFi+AVUUVr6VgB7UJ5qqddkKR3gQk9hWLm1R7HUXVJG09cLcZ7DMNpX13DohPRGmHE/vp1vafw==",
+      "version": "1.6.2",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-aws/-/resource-detector-aws-1.6.2.tgz",
+      "integrity": "sha512-xxT6PVmcBTtCo0rf4Bv/mnDMpVRITVt13bDX8mOqKVb0kr5EwIMabZS5EGJhXjP4nljrOIA7ZlOJgSX0Kehfkw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -7331,12 +7333,13 @@
       }
     },
     "node_modules/@opentelemetry/resource-detector-container": {
-      "version": "0.4.1",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-container/-/resource-detector-container-0.4.1.tgz",
-      "integrity": "sha512-v0bvO6RxYtbxvY/HwqrPQnZ4UtP4nBq4AOyS30iqV2vEtiLTY1gNTbNvTF1lwN/gg/g5CY1tRSrHcYODDOv0vw==",
+      "version": "0.4.4",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-container/-/resource-detector-container-0.4.4.tgz",
+      "integrity": "sha512-ZEN2mq7lIjQWJ8NTt1umtr6oT/Kb89856BOmESLSvgSHbIwOFYs7cSfSRH5bfiVw6dXTQAVbZA/wLgCHKrebJA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
+        "@opentelemetry/core": "^1.26.0",
         "@opentelemetry/resources": "^1.10.0",
         "@opentelemetry/semantic-conventions": "^1.27.0"
       },
@@ -7348,14 +7351,14 @@
       }
     },
     "node_modules/@opentelemetry/resource-detector-gcp": {
-      "version": "0.29.11",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-gcp/-/resource-detector-gcp-0.29.11.tgz",
-      "integrity": "sha512-07wJx4nyxD/c2z3n70OQOg8fmoO/baTsq8uU+f7tZaehRNQx76MPkRbV2L902N40Z21SPIG8biUZ30OXE9tOIg==",
+      "version": "0.29.12",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-gcp/-/resource-detector-gcp-0.29.12.tgz",
+      "integrity": "sha512-liFG9XTaFVyY9YdFy4r2qVNa4a+Mg3k+XoWzzq2F+/xR0hFLfL0H4k7CsMW+T4Vl+1Cvc9W9WEVt5VCF4u/SYw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
         "@opentelemetry/core": "^1.0.0",
-        "@opentelemetry/resources": "^1.0.0",
+        "@opentelemetry/resources": "^1.10.0",
         "@opentelemetry/semantic-conventions": "^1.27.0",
         "gcp-metadata": "^6.0.0"
       },
diff --git a/package.json b/package.json
index 004009450bb..f036cf8d36c 100644
--- a/package.json
+++ b/package.json
@@ -140,7 +140,7 @@
     "@babel/register": "^7.23.7",
     "@graphql-eslint/eslint-plugin": "^3.20.1",
     "@opentelemetry/api": "^1.7.0",
-    "@opentelemetry/auto-instrumentations-node": "^0.50.0",
+    "@opentelemetry/auto-instrumentations-node": "^0.51.0",
     "@opentelemetry/exporter-trace-otlp-proto": "^0.53.0",
     "@opentelemetry/instrumentation": "^0.53.0",
     "@opentelemetry/resources": "^1.20.0",

From c250010f4fff3e0e2261af7db607da232ee2b5cd Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 24 Oct 2024 13:00:50 +0200
Subject: [PATCH 006/129] fix(deps): update dependency winston to v3.15.0
 (#10397)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 14 +++++++-------
 package.json      |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index ab0886c6a8b..89452c57942 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -111,7 +111,7 @@
         "twitter-api-v2": "1.17.2",
         "uuid": "10.0.0",
         "validator": "13.12.0",
-        "winston": "3.13.1",
+        "winston": "3.15.0",
         "zod": "3.23.8"
       },
       "devDependencies": {
@@ -23414,9 +23414,9 @@
       }
     },
     "node_modules/winston": {
-      "version": "3.13.1",
-      "resolved": "https://registry.npmjs.org/winston/-/winston-3.13.1.tgz",
-      "integrity": "sha512-SvZit7VFNvXRzbqGHsv5KSmgbEYR5EiQfDAL9gxYkRqa934Hnk++zze0wANKtMHcy/gI4W/3xmSDwlhf865WGw==",
+      "version": "3.15.0",
+      "resolved": "https://registry.npmjs.org/winston/-/winston-3.15.0.tgz",
+      "integrity": "sha512-RhruH2Cj0bV0WgNL+lOfoUBI4DVfdUNjVnJGVovWZmrcKtrFTTRzgXYK2O9cymSGjrERCtaAeHwMNnUWXlwZow==",
       "license": "MIT",
       "dependencies": {
         "@colors/colors": "^1.6.0",
@@ -23462,9 +23462,9 @@
       }
     },
     "node_modules/winston/node_modules/async": {
-      "version": "3.2.5",
-      "resolved": "https://registry.npmjs.org/async/-/async-3.2.5.tgz",
-      "integrity": "sha512-baNZyqaaLhyLVKm/DlvdW051MSgO6b8eVfIezl9E5PqWxFgzLm/wQntEW4zOytVburDEr0JlALEpdOFwvErLsg==",
+      "version": "3.2.6",
+      "resolved": "https://registry.npmjs.org/async/-/async-3.2.6.tgz",
+      "integrity": "sha512-htCUDlxyyCLMgaM3xXg0C0LW2xqfuQ6p05pCEIsXuyQ+a1koYKTuBMzRNwmybfLgvJDMd0r1LTn4+E0Ti6C2AA==",
       "license": "MIT"
     },
     "node_modules/winston/node_modules/readable-stream": {
diff --git a/package.json b/package.json
index f036cf8d36c..c5a0207a8a2 100644
--- a/package.json
+++ b/package.json
@@ -132,7 +132,7 @@
     "twitter-api-v2": "1.17.2",
     "uuid": "10.0.0",
     "validator": "13.12.0",
-    "winston": "3.13.1",
+    "winston": "3.15.0",
     "zod": "3.23.8"
   },
   "devDependencies": {

From f61d1eb84ed1d5ac8c8222f76295ffdc51e97b54 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 24 Oct 2024 13:03:34 +0200
Subject: [PATCH 007/129] fix(deps): update dependency intl-messageformat to
 v10.7.1 (#10396)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 74 +++++++++++++++++++++++++----------------------
 package.json      |  2 +-
 2 files changed, 40 insertions(+), 36 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 89452c57942..58d672af3cf 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -73,7 +73,7 @@
         "html-pdf": "3.0.1",
         "html-to-text": "9.0.5",
         "ics": "3.8.1",
-        "intl-messageformat": "10.5.14",
+        "intl-messageformat": "10.7.1",
         "jsonwebtoken": "9.0.2",
         "juice": "10.0.1",
         "limax": "4.1.0",
@@ -4147,50 +4147,53 @@
       }
     },
     "node_modules/@formatjs/ecma402-abstract": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/@formatjs/ecma402-abstract/-/ecma402-abstract-2.0.0.tgz",
-      "integrity": "sha512-rRqXOqdFmk7RYvj4khklyqzcfQl9vEL/usogncBHRZfZBDOwMGuSRNFl02fu5KGHXdbinju+YXyuR+Nk8xlr/g==",
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/@formatjs/ecma402-abstract/-/ecma402-abstract-2.2.0.tgz",
+      "integrity": "sha512-IpM+ev1E4QLtstniOE29W1rqH9eTdx5hQdNL8pzrflMj/gogfaoONZqL83LUeQScHAvyMbpqP5C9MzNf+fFwhQ==",
       "license": "MIT",
       "dependencies": {
-        "@formatjs/intl-localematcher": "0.5.4",
-        "tslib": "^2.4.0"
+        "@formatjs/fast-memoize": "2.2.1",
+        "@formatjs/intl-localematcher": "0.5.5",
+        "tslib": "^2.7.0"
       }
     },
     "node_modules/@formatjs/fast-memoize": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/@formatjs/fast-memoize/-/fast-memoize-2.2.0.tgz",
-      "integrity": "sha512-hnk/nY8FyrL5YxwP9e4r9dqeM6cAbo8PeU9UjyXojZMNvVad2Z06FAVHyR3Ecw6fza+0GH7vdJgiKIVXTMbSBA==",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmjs.org/@formatjs/fast-memoize/-/fast-memoize-2.2.1.tgz",
+      "integrity": "sha512-XS2RcOSyWxmUB7BUjj3mlPH0exsUzlf6QfhhijgI941WaJhVxXQ6mEWkdUFIdnKi3TuTYxRdelsgv3mjieIGIA==",
+      "license": "MIT",
       "dependencies": {
-        "tslib": "^2.4.0"
+        "tslib": "^2.7.0"
       }
     },
     "node_modules/@formatjs/icu-messageformat-parser": {
-      "version": "2.7.8",
-      "resolved": "https://registry.npmjs.org/@formatjs/icu-messageformat-parser/-/icu-messageformat-parser-2.7.8.tgz",
-      "integrity": "sha512-nBZJYmhpcSX0WeJ5SDYUkZ42AgR3xiyhNCsQweFx3cz/ULJjym8bHAzWKvG5e2+1XO98dBYC0fWeeAECAVSwLA==",
+      "version": "2.8.0",
+      "resolved": "https://registry.npmjs.org/@formatjs/icu-messageformat-parser/-/icu-messageformat-parser-2.8.0.tgz",
+      "integrity": "sha512-r2un3fmF9oJv3mOkH+wwQZ037VpqmdfahbcCZ9Lh+p6Sx+sNsonI7Zcr6jNMm1s+Si7ejQORS4Ezlh05mMPAXA==",
       "license": "MIT",
       "dependencies": {
-        "@formatjs/ecma402-abstract": "2.0.0",
-        "@formatjs/icu-skeleton-parser": "1.8.2",
-        "tslib": "^2.4.0"
+        "@formatjs/ecma402-abstract": "2.2.0",
+        "@formatjs/icu-skeleton-parser": "1.8.4",
+        "tslib": "^2.7.0"
       }
     },
     "node_modules/@formatjs/icu-skeleton-parser": {
-      "version": "1.8.2",
-      "resolved": "https://registry.npmjs.org/@formatjs/icu-skeleton-parser/-/icu-skeleton-parser-1.8.2.tgz",
-      "integrity": "sha512-k4ERKgw7aKGWJZgTarIcNEmvyTVD9FYh0mTrrBMHZ1b8hUu6iOJ4SzsZlo3UNAvHYa+PnvntIwRPt1/vy4nA9Q==",
+      "version": "1.8.4",
+      "resolved": "https://registry.npmjs.org/@formatjs/icu-skeleton-parser/-/icu-skeleton-parser-1.8.4.tgz",
+      "integrity": "sha512-LMQ1+Wk1QSzU4zpd5aSu7+w5oeYhupRwZnMQckLPRYhSjf2/8JWQ882BauY9NyHxs5igpuQIXZDgfkaH3PoATg==",
       "license": "MIT",
       "dependencies": {
-        "@formatjs/ecma402-abstract": "2.0.0",
-        "tslib": "^2.4.0"
+        "@formatjs/ecma402-abstract": "2.2.0",
+        "tslib": "^2.7.0"
       }
     },
     "node_modules/@formatjs/intl-localematcher": {
-      "version": "0.5.4",
-      "resolved": "https://registry.npmjs.org/@formatjs/intl-localematcher/-/intl-localematcher-0.5.4.tgz",
-      "integrity": "sha512-zTwEpWOzZ2CiKcB93BLngUX59hQkuZjT2+SAQEscSm52peDW/getsawMcWF1rGRpMCX6D7nSJA3CzJ8gn13N/g==",
+      "version": "0.5.5",
+      "resolved": "https://registry.npmjs.org/@formatjs/intl-localematcher/-/intl-localematcher-0.5.5.tgz",
+      "integrity": "sha512-t5tOGMgZ/i5+ALl2/offNqAQq/lfUnKLEw0mXQI4N4bqpedhrSE+fyKLpwnd22sK0dif6AV+ufQcTsKShB9J1g==",
+      "license": "MIT",
       "dependencies": {
-        "tslib": "^2.4.0"
+        "tslib": "^2.7.0"
       }
     },
     "node_modules/@graphql-eslint/eslint-plugin": {
@@ -15424,15 +15427,15 @@
       }
     },
     "node_modules/intl-messageformat": {
-      "version": "10.5.14",
-      "resolved": "https://registry.npmjs.org/intl-messageformat/-/intl-messageformat-10.5.14.tgz",
-      "integrity": "sha512-IjC6sI0X7YRjjyVH9aUgdftcmZK7WXdHeil4KwbjDnRWjnVitKpAx3rr6t6di1joFp5188VqKcobOPA6mCLG/w==",
+      "version": "10.7.1",
+      "resolved": "https://registry.npmjs.org/intl-messageformat/-/intl-messageformat-10.7.1.tgz",
+      "integrity": "sha512-xQuJW2WcyzNJZWUu5xTVPOmNSA1Sowuu/NKFdUid5Fxx/Yl6/s4DefTU/y7zy+irZLDmFGmTLtnM8FqpN05wlA==",
       "license": "BSD-3-Clause",
       "dependencies": {
-        "@formatjs/ecma402-abstract": "2.0.0",
-        "@formatjs/fast-memoize": "2.2.0",
-        "@formatjs/icu-messageformat-parser": "2.7.8",
-        "tslib": "^2.4.0"
+        "@formatjs/ecma402-abstract": "2.2.0",
+        "@formatjs/fast-memoize": "2.2.1",
+        "@formatjs/icu-messageformat-parser": "2.8.0",
+        "tslib": "^2.7.0"
       }
     },
     "node_modules/ip-address": {
@@ -22628,9 +22631,10 @@
       }
     },
     "node_modules/tslib": {
-      "version": "2.6.2",
-      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz",
-      "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q=="
+      "version": "2.8.0",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.0.tgz",
+      "integrity": "sha512-jWVzBLplnCmoaTr13V9dYbiQ99wvZRd0vNWaDRg+aVYRcjDF3nDksxFDE/+fkXnKhpnUUkmx5pK/v8mCtLVqZA==",
+      "license": "0BSD"
     },
     "node_modules/tunnel-agent": {
       "version": "0.6.0",
diff --git a/package.json b/package.json
index c5a0207a8a2..697767f354b 100644
--- a/package.json
+++ b/package.json
@@ -94,7 +94,7 @@
     "html-pdf": "3.0.1",
     "html-to-text": "9.0.5",
     "ics": "3.8.1",
-    "intl-messageformat": "10.5.14",
+    "intl-messageformat": "10.7.1",
     "jsonwebtoken": "9.0.2",
     "juice": "10.0.1",
     "limax": "4.1.0",

From e384e5763b3fa163fe073f9f96eeeb01a7a38a02 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Thu, 24 Oct 2024 13:03:47 +0200
Subject: [PATCH 008/129] fix(Webhooks): account association (#10419)

---
 .../20241024103852-remove-invalid-webhooks.js | 40 +++++++++++++++++++
 .../graphql/v2/mutation/WebhookMutations.js   |  2 +-
 server/graphql/v2/object/Webhook.js           |  4 +-
 3 files changed, 44 insertions(+), 2 deletions(-)
 create mode 100644 migrations/20241024103852-remove-invalid-webhooks.js

diff --git a/migrations/20241024103852-remove-invalid-webhooks.js b/migrations/20241024103852-remove-invalid-webhooks.js
new file mode 100644
index 00000000000..b2761e79203
--- /dev/null
+++ b/migrations/20241024103852-remove-invalid-webhooks.js
@@ -0,0 +1,40 @@
+'use strict';
+
+/** @type {import('sequelize-cli').Migration} */
+module.exports = {
+  async up(queryInterface) {
+    const webhooks = await queryInterface.sequelize.query(
+      `
+      DELETE FROM "Notifications"
+      WHERE channel = 'webhook'
+      AND "CollectiveId" IS NULL
+      RETURNING *
+    `,
+      {
+        type: queryInterface.sequelize.QueryTypes.SELECT,
+      },
+    );
+
+    await queryInterface.sequelize.query(
+      `
+      INSERT INTO "MigrationLogs"
+      ("createdAt", "type", "description", "CreatedByUserId", "data")
+      VALUES (
+        NOW(),
+        'MIGRATION',
+        'migrations/20241024103852-remove-invalid-webhooks',
+        NULL,
+        :data
+      )
+    `,
+      {
+        replacements: { data: JSON.stringify(webhooks) },
+        type: queryInterface.sequelize.QueryTypes.INSERT,
+      },
+    );
+  },
+
+  async down() {
+    console.log(`No restore for this migration, look at the migration log for the deleted webhooks`);
+  },
+};
diff --git a/server/graphql/v2/mutation/WebhookMutations.js b/server/graphql/v2/mutation/WebhookMutations.js
index e16aa1602e1..18800d3f5e8 100644
--- a/server/graphql/v2/mutation/WebhookMutations.js
+++ b/server/graphql/v2/mutation/WebhookMutations.js
@@ -38,7 +38,7 @@ const createWebhook = {
       type: args.webhook.activityType,
       webhookUrl: args.webhook.webhookUrl,
       UserId: req.remoteUser.id,
-      CollectiveId: account.CollectiveId,
+      CollectiveId: account.id,
     };
 
     return models.Notification.create(createParams);
diff --git a/server/graphql/v2/object/Webhook.js b/server/graphql/v2/object/Webhook.js
index b9ce02d7755..bbeac34526f 100644
--- a/server/graphql/v2/object/Webhook.js
+++ b/server/graphql/v2/object/Webhook.js
@@ -36,7 +36,9 @@ export const GraphQLWebhook = new GraphQLObjectType({
     account: {
       type: new GraphQLNonNull(GraphQLAccount),
       resolve(notification, args, req) {
-        return req.loaders.Collective.byId.load(notification.CollectiveId);
+        if (notification.CollectiveId) {
+          return req.loaders.Collective.byId.load(notification.CollectiveId);
+        }
       },
     },
   }),

From 70b38881f7fa50c822810e205576d33171f43352 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 24 Oct 2024 13:44:58 +0200
Subject: [PATCH 009/129] fix(deps): update babel monorepo to v7.25.9 (#10401)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 995 +++++++++++++++++++++++-----------------------
 package.json      |   8 +-
 2 files changed, 497 insertions(+), 506 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 58d672af3cf..52f31bbe7b1 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,10 +10,10 @@
       "dependencies": {
         "@apollo/server": "4.11.0",
         "@aws-sdk/client-s3": "3.678.0",
-        "@babel/core": "7.25.8",
-        "@babel/node": "7.25.7",
-        "@babel/plugin-transform-typescript": "7.25.7",
-        "@babel/preset-env": "7.25.8",
+        "@babel/core": "7.25.9",
+        "@babel/node": "7.25.9",
+        "@babel/plugin-transform-typescript": "7.25.9",
+        "@babel/preset-env": "7.25.9",
         "@elastic/elasticsearch": "8.15.1",
         "@escape.tech/graphql-armor": "3.0.1",
         "@hyperwatch/hyperwatch": "4.0.0",
@@ -2023,12 +2023,12 @@
       }
     },
     "node_modules/@babel/code-frame": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.25.7.tgz",
-      "integrity": "sha512-0xZJFNE5XMpENsgfHYTw8FbX4kv53mFLn2i3XPoq69LyhYSCBJtitaHx9QnsVTrsogI4Z3+HtEfZ2/GFPOtf5g==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.25.9.tgz",
+      "integrity": "sha512-z88xeGxnzehn2sqZ8UdGQEvYErF1odv2CftxInpSYJt6uHuPe9YjahKZITGs3l5LeI9d2ROG+obuDAoSlqbNfQ==",
       "license": "MIT",
       "dependencies": {
-        "@babel/highlight": "^7.25.7",
+        "@babel/highlight": "^7.25.9",
         "picocolors": "^1.0.0"
       },
       "engines": {
@@ -2036,30 +2036,30 @@
       }
     },
     "node_modules/@babel/compat-data": {
-      "version": "7.25.8",
-      "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.25.8.tgz",
-      "integrity": "sha512-ZsysZyXY4Tlx+Q53XdnOFmqwfB9QDTHYxaZYajWRoBLuLEAwI2UIbtxOjWh/cFaa9IKUlcB+DDuoskLuKu56JA==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.25.9.tgz",
+      "integrity": "sha512-yD+hEuJ/+wAJ4Ox2/rpNv5HIuPG82x3ZlQvYVn8iYCprdxzE7P1udpGF1jyjQVBU4dgznN+k2h103vxZ7NdPyw==",
       "license": "MIT",
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/core": {
-      "version": "7.25.8",
-      "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.25.8.tgz",
-      "integrity": "sha512-Oixnb+DzmRT30qu9d3tJSQkxuygWm32DFykT4bRoORPa9hZ/L4KhVB/XiRm6KG+roIEM7DBQlmg27kw2HZkdZg==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.25.9.tgz",
+      "integrity": "sha512-WYvQviPw+Qyib0v92AwNIrdLISTp7RfDkM7bPqBvpbnhY4wq8HvHBZREVdYDXk98C8BkOIVnHAY3yvj7AVISxQ==",
       "license": "MIT",
       "dependencies": {
         "@ampproject/remapping": "^2.2.0",
-        "@babel/code-frame": "^7.25.7",
-        "@babel/generator": "^7.25.7",
-        "@babel/helper-compilation-targets": "^7.25.7",
-        "@babel/helper-module-transforms": "^7.25.7",
-        "@babel/helpers": "^7.25.7",
-        "@babel/parser": "^7.25.8",
-        "@babel/template": "^7.25.7",
-        "@babel/traverse": "^7.25.7",
-        "@babel/types": "^7.25.8",
+        "@babel/code-frame": "^7.25.9",
+        "@babel/generator": "^7.25.9",
+        "@babel/helper-compilation-targets": "^7.25.9",
+        "@babel/helper-module-transforms": "^7.25.9",
+        "@babel/helpers": "^7.25.9",
+        "@babel/parser": "^7.25.9",
+        "@babel/template": "^7.25.9",
+        "@babel/traverse": "^7.25.9",
+        "@babel/types": "^7.25.9",
         "convert-source-map": "^2.0.0",
         "debug": "^4.1.0",
         "gensync": "^1.0.0-beta.2",
@@ -2075,12 +2075,12 @@
       }
     },
     "node_modules/@babel/generator": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.25.7.tgz",
-      "integrity": "sha512-5Dqpl5fyV9pIAD62yK9P7fcA768uVPUyrQmqpqstHWgMma4feF1x/oFysBCVZLY5wJ2GkMUCdsNDnGZrPoR6rA==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.25.9.tgz",
+      "integrity": "sha512-omlUGkr5EaoIJrhLf9CJ0TvjBRpd9+AXRG//0GEQ9THSo8wPiTlbpy1/Ow8ZTrbXpjd9FHXfbFQx32I04ht0FA==",
       "license": "MIT",
       "dependencies": {
-        "@babel/types": "^7.25.7",
+        "@babel/types": "^7.25.9",
         "@jridgewell/gen-mapping": "^0.3.5",
         "@jridgewell/trace-mapping": "^0.3.25",
         "jsesc": "^3.0.2"
@@ -2090,38 +2090,38 @@
       }
     },
     "node_modules/@babel/helper-annotate-as-pure": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.25.7.tgz",
-      "integrity": "sha512-4xwU8StnqnlIhhioZf1tqnVWeQ9pvH/ujS8hRfw/WOza+/a+1qv69BWNy+oY231maTCWgKWhfBU7kDpsds6zAA==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.25.9.tgz",
+      "integrity": "sha512-gv7320KBUFJz1RnylIg5WWYPRXKZ884AGkYpgpWW02TH66Dl+HaC1t1CKd0z3R4b6hdYEcmrNZHUmfCP+1u3/g==",
       "license": "MIT",
       "dependencies": {
-        "@babel/types": "^7.25.7"
+        "@babel/types": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-builder-binary-assignment-operator-visitor": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-builder-binary-assignment-operator-visitor/-/helper-builder-binary-assignment-operator-visitor-7.25.7.tgz",
-      "integrity": "sha512-12xfNeKNH7jubQNm7PAkzlLwEmCs1tfuX3UjIw6vP6QXi+leKh6+LyC/+Ed4EIQermwd58wsyh070yjDHFlNGg==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/helper-builder-binary-assignment-operator-visitor/-/helper-builder-binary-assignment-operator-visitor-7.25.9.tgz",
+      "integrity": "sha512-C47lC7LIDCnz0h4vai/tpNOI95tCd5ZT3iBt/DBH5lXKHZsyNQv18yf1wIIg2ntiQNgmAvA+DgZ82iW8Qdym8g==",
       "license": "MIT",
       "dependencies": {
-        "@babel/traverse": "^7.25.7",
-        "@babel/types": "^7.25.7"
+        "@babel/traverse": "^7.25.9",
+        "@babel/types": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-compilation-targets": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.25.7.tgz",
-      "integrity": "sha512-DniTEax0sv6isaw6qSQSfV4gVRNtw2rte8HHM45t9ZR0xILaufBRNkpMifCRiAPyvL4ACD6v0gfCwCmtOQaV4A==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.25.9.tgz",
+      "integrity": "sha512-j9Db8Suy6yV/VHa4qzrj9yZfZxhLWQdVnRlXxmKLYlhWUVB1sB2G5sxuWYXk/whHD9iW76PmNzxZ4UCnTQTVEQ==",
       "license": "MIT",
       "dependencies": {
-        "@babel/compat-data": "^7.25.7",
-        "@babel/helper-validator-option": "^7.25.7",
+        "@babel/compat-data": "^7.25.9",
+        "@babel/helper-validator-option": "^7.25.9",
         "browserslist": "^4.24.0",
         "lru-cache": "^5.1.1",
         "semver": "^6.3.1"
@@ -2144,17 +2144,17 @@
       "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g=="
     },
     "node_modules/@babel/helper-create-class-features-plugin": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.25.7.tgz",
-      "integrity": "sha512-bD4WQhbkx80mAyj/WCm4ZHcF4rDxkoLFO6ph8/5/mQ3z4vAzltQXAmbc7GvVJx5H+lk5Mi5EmbTeox5nMGCsbw==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.25.9.tgz",
+      "integrity": "sha512-UTZQMvt0d/rSz6KI+qdu7GQze5TIajwTS++GUozlw8VBJDEOAqSXwm1WvmYEZwqdqSGQshRocPDqrt4HBZB3fQ==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-annotate-as-pure": "^7.25.7",
-        "@babel/helper-member-expression-to-functions": "^7.25.7",
-        "@babel/helper-optimise-call-expression": "^7.25.7",
-        "@babel/helper-replace-supers": "^7.25.7",
-        "@babel/helper-skip-transparent-expression-wrappers": "^7.25.7",
-        "@babel/traverse": "^7.25.7",
+        "@babel/helper-annotate-as-pure": "^7.25.9",
+        "@babel/helper-member-expression-to-functions": "^7.25.9",
+        "@babel/helper-optimise-call-expression": "^7.25.9",
+        "@babel/helper-replace-supers": "^7.25.9",
+        "@babel/helper-skip-transparent-expression-wrappers": "^7.25.9",
+        "@babel/traverse": "^7.25.9",
         "semver": "^6.3.1"
       },
       "engines": {
@@ -2165,12 +2165,12 @@
       }
     },
     "node_modules/@babel/helper-create-regexp-features-plugin": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.25.7.tgz",
-      "integrity": "sha512-byHhumTj/X47wJ6C6eLpK7wW/WBEcnUeb7D0FNc/jFQnQVw7DOso3Zz5u9x/zLrFVkHa89ZGDbkAa1D54NdrCQ==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.25.9.tgz",
+      "integrity": "sha512-ORPNZ3h6ZRkOyAa/SaHU+XsLZr0UQzRwuDQ0cczIA17nAzZ+85G5cVkOJIj7QavLZGSe8QXUmNFxSZzjcZF9bw==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-annotate-as-pure": "^7.25.7",
+        "@babel/helper-annotate-as-pure": "^7.25.9",
         "regexpu-core": "^6.1.1",
         "semver": "^6.3.1"
       },
@@ -2198,41 +2198,41 @@
       }
     },
     "node_modules/@babel/helper-member-expression-to-functions": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.25.7.tgz",
-      "integrity": "sha512-O31Ssjd5K6lPbTX9AAYpSKrZmLeagt9uwschJd+Ixo6QiRyfpvgtVQp8qrDR9UNFjZ8+DO34ZkdrN+BnPXemeA==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.25.9.tgz",
+      "integrity": "sha512-wbfdZ9w5vk0C0oyHqAJbc62+vet5prjj01jjJ8sKn3j9h3MQQlflEdXYvuqRWjHnM12coDEqiC1IRCi0U/EKwQ==",
       "license": "MIT",
       "dependencies": {
-        "@babel/traverse": "^7.25.7",
-        "@babel/types": "^7.25.7"
+        "@babel/traverse": "^7.25.9",
+        "@babel/types": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-module-imports": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.25.7.tgz",
-      "integrity": "sha512-o0xCgpNmRohmnoWKQ0Ij8IdddjyBFE4T2kagL/x6M3+4zUgc+4qTOUBoNe4XxDskt1HPKO007ZPiMgLDq2s7Kw==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.25.9.tgz",
+      "integrity": "sha512-tnUA4RsrmflIM6W6RFTLFSXITtl0wKjgpnLgXyowocVPrbYrLUXSBXDgTs8BlbmIzIdlBySRQjINYs2BAkiLtw==",
       "license": "MIT",
       "dependencies": {
-        "@babel/traverse": "^7.25.7",
-        "@babel/types": "^7.25.7"
+        "@babel/traverse": "^7.25.9",
+        "@babel/types": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-module-transforms": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.25.7.tgz",
-      "integrity": "sha512-k/6f8dKG3yDz/qCwSM+RKovjMix563SLxQFo0UhRNo239SP6n9u5/eLtKD6EAjwta2JHJ49CsD8pms2HdNiMMQ==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.25.9.tgz",
+      "integrity": "sha512-TvLZY/F3+GvdRYFZFyxMvnsKi+4oJdgZzU3BoGN9Uc2d9C6zfNwJcKKhjqLAhK8i46mv93jsO74fDh3ih6rpHA==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-module-imports": "^7.25.7",
-        "@babel/helper-simple-access": "^7.25.7",
-        "@babel/helper-validator-identifier": "^7.25.7",
-        "@babel/traverse": "^7.25.7"
+        "@babel/helper-module-imports": "^7.25.9",
+        "@babel/helper-simple-access": "^7.25.9",
+        "@babel/helper-validator-identifier": "^7.25.9",
+        "@babel/traverse": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2242,35 +2242,35 @@
       }
     },
     "node_modules/@babel/helper-optimise-call-expression": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.25.7.tgz",
-      "integrity": "sha512-VAwcwuYhv/AT+Vfr28c9y6SHzTan1ryqrydSTFGjU0uDJHw3uZ+PduI8plCLkRsDnqK2DMEDmwrOQRsK/Ykjng==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.25.9.tgz",
+      "integrity": "sha512-FIpuNaz5ow8VyrYcnXQTDRGvV6tTjkNtCK/RYNDXGSLlUD6cBuQTSw43CShGxjvfBTfcUA/r6UhUCbtYqkhcuQ==",
       "license": "MIT",
       "dependencies": {
-        "@babel/types": "^7.25.7"
+        "@babel/types": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-plugin-utils": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.25.7.tgz",
-      "integrity": "sha512-eaPZai0PiqCi09pPs3pAFfl/zYgGaE6IdXtYvmf0qlcDTd3WCtO7JWCcRd64e0EQrcYgiHibEZnOGsSY4QSgaw==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.25.9.tgz",
+      "integrity": "sha512-kSMlyUVdWe25rEsRGviIgOWnoT/nfABVWlqt9N19/dIPWViAOW2s9wznP5tURbs/IDuNk4gPy3YdYRgH3uxhBw==",
       "license": "MIT",
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-remap-async-to-generator": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.25.7.tgz",
-      "integrity": "sha512-kRGE89hLnPfcz6fTrlNU+uhgcwv0mBE4Gv3P9Ke9kLVJYpi4AMVVEElXvB5CabrPZW4nCM8P8UyyjrzCM0O2sw==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.25.9.tgz",
+      "integrity": "sha512-IZtukuUeBbhgOcaW2s06OXTzVNJR0ybm4W5xC1opWFFJMZbwRj5LCk+ByYH7WdZPZTt8KnFwA8pvjN2yqcPlgw==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-annotate-as-pure": "^7.25.7",
-        "@babel/helper-wrap-function": "^7.25.7",
-        "@babel/traverse": "^7.25.7"
+        "@babel/helper-annotate-as-pure": "^7.25.9",
+        "@babel/helper-wrap-function": "^7.25.9",
+        "@babel/traverse": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2280,14 +2280,14 @@
       }
     },
     "node_modules/@babel/helper-replace-supers": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.25.7.tgz",
-      "integrity": "sha512-iy8JhqlUW9PtZkd4pHM96v6BdJ66Ba9yWSE4z0W4TvSZwLBPkyDsiIU3ENe4SmrzRBs76F7rQXTy1lYC49n6Lw==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.25.9.tgz",
+      "integrity": "sha512-IiDqTOTBQy0sWyeXyGSC5TBJpGFXBkRynjBeXsvbhQFKj2viwJC76Epz35YLU1fpe/Am6Vppb7W7zM4fPQzLsQ==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-member-expression-to-functions": "^7.25.7",
-        "@babel/helper-optimise-call-expression": "^7.25.7",
-        "@babel/traverse": "^7.25.7"
+        "@babel/helper-member-expression-to-functions": "^7.25.9",
+        "@babel/helper-optimise-call-expression": "^7.25.9",
+        "@babel/traverse": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2297,92 +2297,92 @@
       }
     },
     "node_modules/@babel/helper-simple-access": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.25.7.tgz",
-      "integrity": "sha512-FPGAkJmyoChQeM+ruBGIDyrT2tKfZJO8NcxdC+CWNJi7N8/rZpSxK7yvBJ5O/nF1gfu5KzN7VKG3YVSLFfRSxQ==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.25.9.tgz",
+      "integrity": "sha512-c6WHXuiaRsJTyHYLJV75t9IqsmTbItYfdj99PnzYGQZkYKvan5/2jKJ7gu31J3/BJ/A18grImSPModuyG/Eo0Q==",
       "license": "MIT",
       "dependencies": {
-        "@babel/traverse": "^7.25.7",
-        "@babel/types": "^7.25.7"
+        "@babel/traverse": "^7.25.9",
+        "@babel/types": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-skip-transparent-expression-wrappers": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-skip-transparent-expression-wrappers/-/helper-skip-transparent-expression-wrappers-7.25.7.tgz",
-      "integrity": "sha512-pPbNbchZBkPMD50K0p3JGcFMNLVUCuU/ABybm/PGNj4JiHrpmNyqqCphBk4i19xXtNV0JhldQJJtbSW5aUvbyA==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/helper-skip-transparent-expression-wrappers/-/helper-skip-transparent-expression-wrappers-7.25.9.tgz",
+      "integrity": "sha512-K4Du3BFa3gvyhzgPcntrkDgZzQaq6uozzcpGbOO1OEJaI+EJdqWIMTLgFgQf6lrfiDFo5FU+BxKepI9RmZqahA==",
       "license": "MIT",
       "dependencies": {
-        "@babel/traverse": "^7.25.7",
-        "@babel/types": "^7.25.7"
+        "@babel/traverse": "^7.25.9",
+        "@babel/types": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-string-parser": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.25.7.tgz",
-      "integrity": "sha512-CbkjYdsJNHFk8uqpEkpCvRs3YRp9tY6FmFY7wLMSYuGYkrdUi7r2lc4/wqsvlHoMznX3WJ9IP8giGPq68T/Y6g==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.25.9.tgz",
+      "integrity": "sha512-4A/SCr/2KLd5jrtOMFzaKjVtAei3+2r/NChoBNoZ3EyP/+GlhoaEGoWOZUmFmoITP7zOJyHIMm+DYRd8o3PvHA==",
       "license": "MIT",
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-validator-identifier": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.25.7.tgz",
-      "integrity": "sha512-AM6TzwYqGChO45oiuPqwL2t20/HdMC1rTPAesnBCgPCSF1x3oN9MVUwQV2iyz4xqWrctwK5RNC8LV22kaQCNYg==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.25.9.tgz",
+      "integrity": "sha512-Ed61U6XJc3CVRfkERJWDz4dJwKe7iLmmJsbOGu9wSloNSFttHV0I8g6UAgb7qnK5ly5bGLPd4oXZlxCdANBOWQ==",
       "license": "MIT",
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-validator-option": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.25.7.tgz",
-      "integrity": "sha512-ytbPLsm+GjArDYXJ8Ydr1c/KJuutjF2besPNbIZnZ6MKUxi/uTA22t2ymmA4WFjZFpjiAMO0xuuJPqK2nvDVfQ==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.25.9.tgz",
+      "integrity": "sha512-e/zv1co8pp55dNdEcCynfj9X7nyUKUXoUEwfXqaZt0omVOmDe9oOTdKStH4GmAw6zxMFs50ZayuMfHDKlO7Tfw==",
       "license": "MIT",
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helper-wrap-function": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/helper-wrap-function/-/helper-wrap-function-7.25.7.tgz",
-      "integrity": "sha512-MA0roW3JF2bD1ptAaJnvcabsVlNQShUaThyJbCDD4bCp8NEgiFvpoqRI2YS22hHlc2thjO/fTg2ShLMC3jygAg==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/helper-wrap-function/-/helper-wrap-function-7.25.9.tgz",
+      "integrity": "sha512-ETzz9UTjQSTmw39GboatdymDq4XIQbR8ySgVrylRhPOFpsd+JrKHIuF0de7GCWmem+T4uC5z7EZguod7Wj4A4g==",
       "license": "MIT",
       "dependencies": {
-        "@babel/template": "^7.25.7",
-        "@babel/traverse": "^7.25.7",
-        "@babel/types": "^7.25.7"
+        "@babel/template": "^7.25.9",
+        "@babel/traverse": "^7.25.9",
+        "@babel/types": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/helpers": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.25.7.tgz",
-      "integrity": "sha512-Sv6pASx7Esm38KQpF/U/OXLwPPrdGHNKoeblRxgZRLXnAtnkEe4ptJPDtAZM7fBLadbc1Q07kQpSiGQ0Jg6tRA==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.25.9.tgz",
+      "integrity": "sha512-oKWp3+usOJSzDZOucZUAMayhPz/xVjzymyDzUN8dk0Wd3RWMlGLXi07UCQ/CgQVb8LvXx3XBajJH4XGgkt7H7g==",
       "license": "MIT",
       "dependencies": {
-        "@babel/template": "^7.25.7",
-        "@babel/types": "^7.25.7"
+        "@babel/template": "^7.25.9",
+        "@babel/types": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/highlight": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.25.7.tgz",
-      "integrity": "sha512-iYyACpW3iW8Fw+ZybQK+drQre+ns/tKpXbNESfrhNnPLIklLbXr7MYJ6gPEd0iETGLOK+SxMjVvKb/ffmk+FEw==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.25.9.tgz",
+      "integrity": "sha512-llL88JShoCsth8fF8R4SJnIn+WLvR6ccFxu1H3FlMhDontdcmZWf2HgIZ7AIqV3Xcck1idlohrN4EUBQz6klbw==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-validator-identifier": "^7.25.7",
+        "@babel/helper-validator-identifier": "^7.25.9",
         "chalk": "^2.4.2",
         "js-tokens": "^4.0.0",
         "picocolors": "^1.0.0"
@@ -2392,12 +2392,12 @@
       }
     },
     "node_modules/@babel/node": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/node/-/node-7.25.7.tgz",
-      "integrity": "sha512-SLrRogiTuneH3mZeZQtWBECyVRtznezYdnH4UjatZjHrk/QP+GH9bqsToCWp23pPeA20NO1/p8kECzWt5TTpUA==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/node/-/node-7.25.9.tgz",
+      "integrity": "sha512-EvwozHOSnCWZYb96f5i4eRF0Lbsyh/YbOUx8fbpiOXTALDexM3SMQ1KTAbWdtKNsIybG9cAJKMcML+YfT30w5A==",
       "license": "MIT",
       "dependencies": {
-        "@babel/register": "^7.25.7",
+        "@babel/register": "^7.25.9",
         "commander": "^6.2.0",
         "core-js": "^3.30.2",
         "node-environment-flags": "^1.0.5",
@@ -2424,12 +2424,12 @@
       }
     },
     "node_modules/@babel/parser": {
-      "version": "7.25.8",
-      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.25.8.tgz",
-      "integrity": "sha512-HcttkxzdPucv3nNFmfOOMfFf64KgdJVqm1KaCm25dPGMLElo9nsLvXeJECQg8UzPuBGLyTSA0ZzqCtDSzKTEoQ==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.25.9.tgz",
+      "integrity": "sha512-aI3jjAAO1fh7vY/pBGsn1i9LDbRP43+asrRlkPuTXW5yHXtd1NgTEMudbBoDDxrf1daEEfPJqR+JBMakzrR4Dg==",
       "license": "MIT",
       "dependencies": {
-        "@babel/types": "^7.25.8"
+        "@babel/types": "^7.25.9"
       },
       "bin": {
         "parser": "bin/babel-parser.js"
@@ -2439,13 +2439,13 @@
       }
     },
     "node_modules/@babel/plugin-bugfix-firefox-class-in-computed-class-key": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-firefox-class-in-computed-class-key/-/plugin-bugfix-firefox-class-in-computed-class-key-7.25.7.tgz",
-      "integrity": "sha512-UV9Lg53zyebzD1DwQoT9mzkEKa922LNUp5YkTJ6Uta0RbyXaQNUgcvSt7qIu1PpPzVb6rd10OVNTzkyBGeVmxQ==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-firefox-class-in-computed-class-key/-/plugin-bugfix-firefox-class-in-computed-class-key-7.25.9.tgz",
+      "integrity": "sha512-ZkRyVkThtxQ/J6nv3JFYv1RYY+JT5BvU0y3k5bWrmuG4woXypRa4PXmm9RhOwodRkYFWqC0C0cqcJ4OqR7kW+g==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7",
-        "@babel/traverse": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9",
+        "@babel/traverse": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2455,12 +2455,12 @@
       }
     },
     "node_modules/@babel/plugin-bugfix-safari-class-field-initializer-scope": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-safari-class-field-initializer-scope/-/plugin-bugfix-safari-class-field-initializer-scope-7.25.7.tgz",
-      "integrity": "sha512-GDDWeVLNxRIkQTnJn2pDOM1pkCgYdSqPeT1a9vh9yIqu2uzzgw1zcqEb+IJOhy+dTBMlNdThrDIksr2o09qrrQ==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-safari-class-field-initializer-scope/-/plugin-bugfix-safari-class-field-initializer-scope-7.25.9.tgz",
+      "integrity": "sha512-MrGRLZxLD/Zjj0gdU15dfs+HH/OXvnw/U4jJD8vpcP2CJQapPEv1IWwjc/qMg7ItBlPwSv1hRBbb7LeuANdcnw==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2470,12 +2470,12 @@
       }
     },
     "node_modules/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression/-/plugin-bugfix-safari-id-destructuring-collision-in-function-expression-7.25.7.tgz",
-      "integrity": "sha512-wxyWg2RYaSUYgmd9MR0FyRGyeOMQE/Uzr1wzd/g5cf5bwi9A4v6HFdDm7y1MgDtod/fLOSTZY6jDgV0xU9d5bA==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression/-/plugin-bugfix-safari-id-destructuring-collision-in-function-expression-7.25.9.tgz",
+      "integrity": "sha512-2qUwwfAFpJLZqxd02YW9btUCZHl+RFvdDkNfZwaIJrvB8Tesjsk8pEQkTvGwZXLqXUx/2oyY3ySRhm6HOXuCug==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2485,14 +2485,14 @@
       }
     },
     "node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining/-/plugin-bugfix-v8-spread-parameters-in-optional-chaining-7.25.7.tgz",
-      "integrity": "sha512-Xwg6tZpLxc4iQjorYsyGMyfJE7nP5MV8t/Ka58BgiA7Jw0fRqQNcANlLfdJ/yvBt9z9LD2We+BEkT7vLqZRWng==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining/-/plugin-bugfix-v8-spread-parameters-in-optional-chaining-7.25.9.tgz",
+      "integrity": "sha512-6xWgLZTJXwilVjlnV7ospI3xi+sl8lN8rXXbBD6vYn3UYDlGsag8wrZkKcSI8G6KgqKP7vNFaDgeDnfAABq61g==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7",
-        "@babel/helper-skip-transparent-expression-wrappers": "^7.25.7",
-        "@babel/plugin-transform-optional-chaining": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9",
+        "@babel/helper-skip-transparent-expression-wrappers": "^7.25.9",
+        "@babel/plugin-transform-optional-chaining": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2502,13 +2502,13 @@
       }
     },
     "node_modules/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly/-/plugin-bugfix-v8-static-class-fields-redefine-readonly-7.25.7.tgz",
-      "integrity": "sha512-UVATLMidXrnH+GMUIuxq55nejlj02HP7F5ETyBONzP6G87fPBogG4CH6kxrSrdIuAjdwNO9VzyaYsrZPscWUrw==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly/-/plugin-bugfix-v8-static-class-fields-redefine-readonly-7.25.9.tgz",
+      "integrity": "sha512-aLnMXYPnzwwqhYSCyXfKkIkYgJ8zv9RK+roo9DkTXz38ynIhd9XCbN08s3MGvqL2MYGVUGdRQLL/JqBIeJhJBg==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7",
-        "@babel/traverse": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9",
+        "@babel/traverse": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2529,12 +2529,12 @@
       }
     },
     "node_modules/@babel/plugin-syntax-import-assertions": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.25.7.tgz",
-      "integrity": "sha512-ZvZQRmME0zfJnDQnVBKYzHxXT7lYBB3Revz1GuS7oLXWMgqUPX4G+DDbT30ICClht9WKV34QVrZhSw6WdklwZQ==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.25.9.tgz",
+      "integrity": "sha512-4GHX5uzr5QMOOuzV0an9MFju4hKlm0OyePl/lHhcsTVae5t/IKVHnb8W67Vr6FuLlk5lPqLB7n7O+K5R46emYg==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2544,12 +2544,12 @@
       }
     },
     "node_modules/@babel/plugin-syntax-import-attributes": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-attributes/-/plugin-syntax-import-attributes-7.25.7.tgz",
-      "integrity": "sha512-AqVo+dguCgmpi/3mYBdu9lkngOBlQ2w2vnNpa6gfiCxQZLzV4ZbhsXitJ2Yblkoe1VQwtHSaNmIaGll/26YWRw==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-attributes/-/plugin-syntax-import-attributes-7.25.9.tgz",
+      "integrity": "sha512-u3EN9ub8LyYvgTnrgp8gboElouayiwPdnM7x5tcnW3iSt09/lQYPwMNK40I9IUxo7QOZhAsPHCmmuO7EPdruqg==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2559,12 +2559,12 @@
       }
     },
     "node_modules/@babel/plugin-syntax-typescript": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.25.7.tgz",
-      "integrity": "sha512-rR+5FDjpCHqqZN2bzZm18bVYGaejGq5ZkpVCJLXor/+zlSrSoc4KWcHI0URVWjl/68Dyr1uwZUz/1njycEAv9g==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.25.9.tgz",
+      "integrity": "sha512-hjMgRy5hb8uJJjUcdWunWVcoi9bGpJp8p5Ol1229PoN6aytsLwNMgmdftO23wnCLMfVmTwZDWMPNq/D1SY60JQ==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2589,12 +2589,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-arrow-functions": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-arrow-functions/-/plugin-transform-arrow-functions-7.25.7.tgz",
-      "integrity": "sha512-EJN2mKxDwfOUCPxMO6MUI58RN3ganiRAG/MS/S3HfB6QFNjroAMelQo/gybyYq97WerCBAZoyrAoW8Tzdq2jWg==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-arrow-functions/-/plugin-transform-arrow-functions-7.25.9.tgz",
+      "integrity": "sha512-6jmooXYIwn9ca5/RylZADJ+EnSxVUS5sjeJ9UPk6RWRzXCmOJCy6dqItPJFpw2cuCangPK4OYr5uhGKcmrm5Qg==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2604,14 +2604,14 @@
       }
     },
     "node_modules/@babel/plugin-transform-async-generator-functions": {
-      "version": "7.25.8",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.25.8.tgz",
-      "integrity": "sha512-9ypqkozyzpG+HxlH4o4gdctalFGIjjdufzo7I2XPda0iBnZ6a+FO0rIEQcdSPXp02CkvGsII1exJhmROPQd5oA==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.25.9.tgz",
+      "integrity": "sha512-RXV6QAzTBbhDMO9fWwOmwwTuYaiPbggWQ9INdZqAYeSHyG7FzQ+nOZaUUjNwKv9pV3aE4WFqFm1Hnbci5tBCAw==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7",
-        "@babel/helper-remap-async-to-generator": "^7.25.7",
-        "@babel/traverse": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9",
+        "@babel/helper-remap-async-to-generator": "^7.25.9",
+        "@babel/traverse": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2621,14 +2621,14 @@
       }
     },
     "node_modules/@babel/plugin-transform-async-to-generator": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.25.7.tgz",
-      "integrity": "sha512-ZUCjAavsh5CESCmi/xCpX1qcCaAglzs/7tmuvoFnJgA1dM7gQplsguljoTg+Ru8WENpX89cQyAtWoaE0I3X3Pg==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.25.9.tgz",
+      "integrity": "sha512-NT7Ejn7Z/LjUH0Gv5KsBCxh7BH3fbLTV0ptHvpeMvrt3cPThHfJfst9Wrb7S8EvJ7vRTFI7z+VAvFVEQn/m5zQ==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-module-imports": "^7.25.7",
-        "@babel/helper-plugin-utils": "^7.25.7",
-        "@babel/helper-remap-async-to-generator": "^7.25.7"
+        "@babel/helper-module-imports": "^7.25.9",
+        "@babel/helper-plugin-utils": "^7.25.9",
+        "@babel/helper-remap-async-to-generator": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2638,12 +2638,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-block-scoped-functions": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoped-functions/-/plugin-transform-block-scoped-functions-7.25.7.tgz",
-      "integrity": "sha512-xHttvIM9fvqW+0a3tZlYcZYSBpSWzGBFIt/sYG3tcdSzBB8ZeVgz2gBP7Df+sM0N1850jrviYSSeUuc+135dmQ==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoped-functions/-/plugin-transform-block-scoped-functions-7.25.9.tgz",
+      "integrity": "sha512-toHc9fzab0ZfenFpsyYinOX0J/5dgJVA2fm64xPewu7CoYHWEivIWKxkK2rMi4r3yQqLnVmheMXRdG+k239CgA==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2653,12 +2653,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-block-scoping": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.25.7.tgz",
-      "integrity": "sha512-ZEPJSkVZaeTFG/m2PARwLZQ+OG0vFIhPlKHK/JdIMy8DbRJ/htz6LRrTFtdzxi9EHmcwbNPAKDnadpNSIW+Aow==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.25.9.tgz",
+      "integrity": "sha512-1F05O7AYjymAtqbsFETboN1NvBdcnzMerO+zlMyJBEz6WkMdejvGWw9p05iTSjC85RLlBseHHQpYaM4gzJkBGg==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2668,13 +2668,13 @@
       }
     },
     "node_modules/@babel/plugin-transform-class-properties": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-properties/-/plugin-transform-class-properties-7.25.7.tgz",
-      "integrity": "sha512-mhyfEW4gufjIqYFo9krXHJ3ElbFLIze5IDp+wQTxoPd+mwFb1NxatNAwmv8Q8Iuxv7Zc+q8EkiMQwc9IhyGf4g==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-properties/-/plugin-transform-class-properties-7.25.9.tgz",
+      "integrity": "sha512-bbMAII8GRSkcd0h0b4X+36GksxuheLFjP65ul9w6C3KgAamI3JqErNgSrosX6ZPj+Mpim5VvEbawXxJCyEUV3Q==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-create-class-features-plugin": "^7.25.7",
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-create-class-features-plugin": "^7.25.9",
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2684,13 +2684,13 @@
       }
     },
     "node_modules/@babel/plugin-transform-class-static-block": {
-      "version": "7.25.8",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.25.8.tgz",
-      "integrity": "sha512-e82gl3TCorath6YLf9xUwFehVvjvfqFhdOo4+0iVIVju+6XOi5XHkqB3P2AXnSwoeTX0HBoXq5gJFtvotJzFnQ==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.25.9.tgz",
+      "integrity": "sha512-UIf+72C7YJ+PJ685/PpATbCz00XqiFEzHX5iysRwfvNT0Ko+FaXSvRgLytFSp8xUItrG9pFM/KoBBZDrY/cYyg==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-create-class-features-plugin": "^7.25.7",
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-create-class-features-plugin": "^7.25.9",
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2700,16 +2700,16 @@
       }
     },
     "node_modules/@babel/plugin-transform-classes": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-classes/-/plugin-transform-classes-7.25.7.tgz",
-      "integrity": "sha512-9j9rnl+YCQY0IGoeipXvnk3niWicIB6kCsWRGLwX241qSXpbA4MKxtp/EdvFxsc4zI5vqfLxzOd0twIJ7I99zg==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-classes/-/plugin-transform-classes-7.25.9.tgz",
+      "integrity": "sha512-mD8APIXmseE7oZvZgGABDyM34GUmK45Um2TXiBUt7PnuAxrgoSVf123qUzPxEr/+/BHrRn5NMZCdE2m/1F8DGg==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-annotate-as-pure": "^7.25.7",
-        "@babel/helper-compilation-targets": "^7.25.7",
-        "@babel/helper-plugin-utils": "^7.25.7",
-        "@babel/helper-replace-supers": "^7.25.7",
-        "@babel/traverse": "^7.25.7",
+        "@babel/helper-annotate-as-pure": "^7.25.9",
+        "@babel/helper-compilation-targets": "^7.25.9",
+        "@babel/helper-plugin-utils": "^7.25.9",
+        "@babel/helper-replace-supers": "^7.25.9",
+        "@babel/traverse": "^7.25.9",
         "globals": "^11.1.0"
       },
       "engines": {
@@ -2720,13 +2720,13 @@
       }
     },
     "node_modules/@babel/plugin-transform-computed-properties": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.25.7.tgz",
-      "integrity": "sha512-QIv+imtM+EtNxg/XBKL3hiWjgdLjMOmZ+XzQwSgmBfKbfxUjBzGgVPklUuE55eq5/uVoh8gg3dqlrwR/jw3ZeA==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.25.9.tgz",
+      "integrity": "sha512-HnBegGqXZR12xbcTHlJ9HGxw1OniltT26J5YpfruGqtUHlz/xKf/G2ak9e+t0rVqrjXa9WOhvYPz1ERfMj23AA==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7",
-        "@babel/template": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9",
+        "@babel/template": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2736,12 +2736,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-destructuring": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.25.7.tgz",
-      "integrity": "sha512-xKcfLTlJYUczdaM1+epcdh1UGewJqr9zATgrNHcLBcV2QmfvPPEixo/sK/syql9cEmbr7ulu5HMFG5vbbt/sEA==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.25.9.tgz",
+      "integrity": "sha512-WkCGb/3ZxXepmMiX101nnGiU+1CAdut8oHyEOHxkKuS1qKpU2SMXE2uSvfz8PBuLd49V6LEsbtyPhWC7fnkgvQ==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2751,13 +2751,13 @@
       }
     },
     "node_modules/@babel/plugin-transform-dotall-regex": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.25.7.tgz",
-      "integrity": "sha512-kXzXMMRzAtJdDEgQBLF4oaiT6ZCU3oWHgpARnTKDAqPkDJ+bs3NrZb310YYevR5QlRo3Kn7dzzIdHbZm1VzJdQ==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.25.9.tgz",
+      "integrity": "sha512-t7ZQ7g5trIgSRYhI9pIJtRl64KHotutUJsh4Eze5l7olJv+mRSg4/MmbZ0tv1eeqRbdvo/+trvJD/Oc5DmW2cA==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-create-regexp-features-plugin": "^7.25.7",
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-create-regexp-features-plugin": "^7.25.9",
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2767,12 +2767,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-duplicate-keys": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-duplicate-keys/-/plugin-transform-duplicate-keys-7.25.7.tgz",
-      "integrity": "sha512-by+v2CjoL3aMnWDOyCIg+yxU9KXSRa9tN6MbqggH5xvymmr9p4AMjYkNlQy4brMceBnUyHZ9G8RnpvT8wP7Cfg==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-duplicate-keys/-/plugin-transform-duplicate-keys-7.25.9.tgz",
+      "integrity": "sha512-LZxhJ6dvBb/f3x8xwWIuyiAHy56nrRG3PeYTpBkkzkYRRQ6tJLu68lEF5VIqMUZiAV7a8+Tb78nEoMCMcqjXBw==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2782,13 +2782,13 @@
       }
     },
     "node_modules/@babel/plugin-transform-duplicate-named-capturing-groups-regex": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-duplicate-named-capturing-groups-regex/-/plugin-transform-duplicate-named-capturing-groups-regex-7.25.7.tgz",
-      "integrity": "sha512-HvS6JF66xSS5rNKXLqkk7L9c/jZ/cdIVIcoPVrnl8IsVpLggTjXs8OWekbLHs/VtYDDh5WXnQyeE3PPUGm22MA==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-duplicate-named-capturing-groups-regex/-/plugin-transform-duplicate-named-capturing-groups-regex-7.25.9.tgz",
+      "integrity": "sha512-0UfuJS0EsXbRvKnwcLjFtJy/Sxc5J5jhLHnFhy7u4zih97Hz6tJkLU+O+FMMrNZrosUPxDi6sYxJ/EA8jDiAog==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-create-regexp-features-plugin": "^7.25.7",
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-create-regexp-features-plugin": "^7.25.9",
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2798,12 +2798,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-dynamic-import": {
-      "version": "7.25.8",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-dynamic-import/-/plugin-transform-dynamic-import-7.25.8.tgz",
-      "integrity": "sha512-gznWY+mr4ZQL/EWPcbBQUP3BXS5FwZp8RUOw06BaRn8tQLzN4XLIxXejpHN9Qo8x8jjBmAAKp6FoS51AgkSA/A==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-dynamic-import/-/plugin-transform-dynamic-import-7.25.9.tgz",
+      "integrity": "sha512-GCggjexbmSLaFhqsojeugBpeaRIgWNTcgKVq/0qIteFEqY2A+b9QidYadrWlnbWQUrW5fn+mCvf3tr7OeBFTyg==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2813,13 +2813,13 @@
       }
     },
     "node_modules/@babel/plugin-transform-exponentiation-operator": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.25.7.tgz",
-      "integrity": "sha512-yjqtpstPfZ0h/y40fAXRv2snciYr0OAoMXY/0ClC7tm4C/nG5NJKmIItlaYlLbIVAWNfrYuy9dq1bE0SbX0PEg==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.25.9.tgz",
+      "integrity": "sha512-KRhdhlVk2nObA5AYa7QMgTMTVJdfHprfpAk4DjZVtllqRg9qarilstTKEhpVjyt+Npi8ThRyiV8176Am3CodPA==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-builder-binary-assignment-operator-visitor": "^7.25.7",
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-builder-binary-assignment-operator-visitor": "^7.25.9",
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2829,12 +2829,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-export-namespace-from": {
-      "version": "7.25.8",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-export-namespace-from/-/plugin-transform-export-namespace-from-7.25.8.tgz",
-      "integrity": "sha512-sPtYrduWINTQTW7FtOy99VCTWp4H23UX7vYcut7S4CIMEXU+54zKX9uCoGkLsWXteyaMXzVHgzWbLfQ1w4GZgw==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-export-namespace-from/-/plugin-transform-export-namespace-from-7.25.9.tgz",
+      "integrity": "sha512-2NsEz+CxzJIVOPx2o9UsW1rXLqtChtLoVnwYHHiB04wS5sgn7mrV45fWMBX0Kk+ub9uXytVYfNP2HjbVbCB3Ww==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2844,13 +2844,13 @@
       }
     },
     "node_modules/@babel/plugin-transform-for-of": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.25.7.tgz",
-      "integrity": "sha512-n/TaiBGJxYFWvpJDfsxSj9lEEE44BFM1EPGz4KEiTipTgkoFVVcCmzAL3qA7fdQU96dpo4gGf5HBx/KnDvqiHw==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.25.9.tgz",
+      "integrity": "sha512-LqHxduHoaGELJl2uhImHwRQudhCM50pT46rIBNvtT/Oql3nqiS3wOwP+5ten7NpYSXrrVLgtZU3DZmPtWZo16A==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7",
-        "@babel/helper-skip-transparent-expression-wrappers": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9",
+        "@babel/helper-skip-transparent-expression-wrappers": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2860,14 +2860,14 @@
       }
     },
     "node_modules/@babel/plugin-transform-function-name": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-function-name/-/plugin-transform-function-name-7.25.7.tgz",
-      "integrity": "sha512-5MCTNcjCMxQ63Tdu9rxyN6cAWurqfrDZ76qvVPrGYdBxIj+EawuuxTu/+dgJlhK5eRz3v1gLwp6XwS8XaX2NiQ==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-function-name/-/plugin-transform-function-name-7.25.9.tgz",
+      "integrity": "sha512-8lP+Yxjv14Vc5MuWBpJsoUCd3hD6V9DgBon2FVYL4jJgbnVQ9fTgYmonchzZJOVNgzEgbxp4OwAf6xz6M/14XA==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-compilation-targets": "^7.25.7",
-        "@babel/helper-plugin-utils": "^7.25.7",
-        "@babel/traverse": "^7.25.7"
+        "@babel/helper-compilation-targets": "^7.25.9",
+        "@babel/helper-plugin-utils": "^7.25.9",
+        "@babel/traverse": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2877,12 +2877,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-json-strings": {
-      "version": "7.25.8",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-json-strings/-/plugin-transform-json-strings-7.25.8.tgz",
-      "integrity": "sha512-4OMNv7eHTmJ2YXs3tvxAfa/I43di+VcF+M4Wt66c88EAED1RoGaf1D64cL5FkRpNL+Vx9Hds84lksWvd/wMIdA==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-json-strings/-/plugin-transform-json-strings-7.25.9.tgz",
+      "integrity": "sha512-xoTMk0WXceiiIvsaquQQUaLLXSW1KJ159KP87VilruQm0LNNGxWzahxSS6T6i4Zg3ezp4vA4zuwiNUR53qmQAw==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2892,12 +2892,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-literals": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-literals/-/plugin-transform-literals-7.25.7.tgz",
-      "integrity": "sha512-fwzkLrSu2fESR/cm4t6vqd7ebNIopz2QHGtjoU+dswQo/P6lwAG04Q98lliE3jkz/XqnbGFLnUcE0q0CVUf92w==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-literals/-/plugin-transform-literals-7.25.9.tgz",
+      "integrity": "sha512-9N7+2lFziW8W9pBl2TzaNht3+pgMIRP74zizeCSrtnSKVdUl8mAjjOP2OOVQAfZ881P2cNjDj1uAMEdeD50nuQ==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2907,12 +2907,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-logical-assignment-operators": {
-      "version": "7.25.8",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.25.8.tgz",
-      "integrity": "sha512-f5W0AhSbbI+yY6VakT04jmxdxz+WsID0neG7+kQZbCOjuyJNdL5Nn4WIBm4hRpKnUcO9lP0eipUhFN12JpoH8g==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.25.9.tgz",
+      "integrity": "sha512-wI4wRAzGko551Y8eVf6iOY9EouIDTtPb0ByZx+ktDGHwv6bHFimrgJM/2T021txPZ2s4c7bqvHbd+vXG6K948Q==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2922,12 +2922,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-member-expression-literals": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-member-expression-literals/-/plugin-transform-member-expression-literals-7.25.7.tgz",
-      "integrity": "sha512-Std3kXwpXfRV0QtQy5JJcRpkqP8/wG4XL7hSKZmGlxPlDqmpXtEPRmhF7ztnlTCtUN3eXRUJp+sBEZjaIBVYaw==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-member-expression-literals/-/plugin-transform-member-expression-literals-7.25.9.tgz",
+      "integrity": "sha512-PYazBVfofCQkkMzh2P6IdIUaCEWni3iYEerAsRWuVd8+jlM1S9S9cz1dF9hIzyoZ8IA3+OwVYIp9v9e+GbgZhA==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2937,13 +2937,13 @@
       }
     },
     "node_modules/@babel/plugin-transform-modules-amd": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-amd/-/plugin-transform-modules-amd-7.25.7.tgz",
-      "integrity": "sha512-CgselSGCGzjQvKzghCvDTxKHP3iooenLpJDO842ehn5D2G5fJB222ptnDwQho0WjEvg7zyoxb9P+wiYxiJX5yA==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-amd/-/plugin-transform-modules-amd-7.25.9.tgz",
+      "integrity": "sha512-g5T11tnI36jVClQlMlt4qKDLlWnG5pP9CSM4GhdRciTNMRgkfpo5cR6b4rGIOYPgRRuFAvwjPQ/Yk+ql4dyhbw==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-module-transforms": "^7.25.7",
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-module-transforms": "^7.25.9",
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2953,14 +2953,14 @@
       }
     },
     "node_modules/@babel/plugin-transform-modules-commonjs": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.25.7.tgz",
-      "integrity": "sha512-L9Gcahi0kKFYXvweO6n0wc3ZG1ChpSFdgG+eV1WYZ3/dGbJK7vvk91FgGgak8YwRgrCuihF8tE/Xg07EkL5COg==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.25.9.tgz",
+      "integrity": "sha512-dwh2Ol1jWwL2MgkCzUSOvfmKElqQcuswAZypBSUsScMXvgdT8Ekq5YA6TtqpTVWH+4903NmboMuH1o9i8Rxlyg==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-module-transforms": "^7.25.7",
-        "@babel/helper-plugin-utils": "^7.25.7",
-        "@babel/helper-simple-access": "^7.25.7"
+        "@babel/helper-module-transforms": "^7.25.9",
+        "@babel/helper-plugin-utils": "^7.25.9",
+        "@babel/helper-simple-access": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2970,15 +2970,15 @@
       }
     },
     "node_modules/@babel/plugin-transform-modules-systemjs": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.25.7.tgz",
-      "integrity": "sha512-t9jZIvBmOXJsiuyOwhrIGs8dVcD6jDyg2icw1VL4A/g+FnWyJKwUfSSU2nwJuMV2Zqui856El9u+ElB+j9fV1g==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.25.9.tgz",
+      "integrity": "sha512-hyss7iIlH/zLHaehT+xwiymtPOpsiwIIRlCAOwBB04ta5Tt+lNItADdlXw3jAWZ96VJ2jlhl/c+PNIQPKNfvcA==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-module-transforms": "^7.25.7",
-        "@babel/helper-plugin-utils": "^7.25.7",
-        "@babel/helper-validator-identifier": "^7.25.7",
-        "@babel/traverse": "^7.25.7"
+        "@babel/helper-module-transforms": "^7.25.9",
+        "@babel/helper-plugin-utils": "^7.25.9",
+        "@babel/helper-validator-identifier": "^7.25.9",
+        "@babel/traverse": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -2988,13 +2988,13 @@
       }
     },
     "node_modules/@babel/plugin-transform-modules-umd": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-umd/-/plugin-transform-modules-umd-7.25.7.tgz",
-      "integrity": "sha512-p88Jg6QqsaPh+EB7I9GJrIqi1Zt4ZBHUQtjw3z1bzEXcLh6GfPqzZJ6G+G1HBGKUNukT58MnKG7EN7zXQBCODw==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-umd/-/plugin-transform-modules-umd-7.25.9.tgz",
+      "integrity": "sha512-bS9MVObUgE7ww36HEfwe6g9WakQ0KF07mQF74uuXdkoziUPfKyu/nIm663kz//e5O1nPInPFx36z7WJmJ4yNEw==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-module-transforms": "^7.25.7",
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-module-transforms": "^7.25.9",
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3004,13 +3004,13 @@
       }
     },
     "node_modules/@babel/plugin-transform-named-capturing-groups-regex": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.25.7.tgz",
-      "integrity": "sha512-BtAT9LzCISKG3Dsdw5uso4oV1+v2NlVXIIomKJgQybotJY3OwCwJmkongjHgwGKoZXd0qG5UZ12JUlDQ07W6Ow==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.25.9.tgz",
+      "integrity": "sha512-oqB6WHdKTGl3q/ItQhpLSnWWOpjUJLsOCLVyeFgeTktkBSCiurvPOsyt93gibI9CmuKvTUEtWmG5VhZD+5T/KA==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-create-regexp-features-plugin": "^7.25.7",
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-create-regexp-features-plugin": "^7.25.9",
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3020,12 +3020,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-new-target": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-new-target/-/plugin-transform-new-target-7.25.7.tgz",
-      "integrity": "sha512-CfCS2jDsbcZaVYxRFo2qtavW8SpdzmBXC2LOI4oO0rP+JSRDxxF3inF4GcPsLgfb5FjkhXG5/yR/lxuRs2pySA==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-new-target/-/plugin-transform-new-target-7.25.9.tgz",
+      "integrity": "sha512-U/3p8X1yCSoKyUj2eOBIx3FOn6pElFOKvAAGf8HTtItuPyB+ZeOqfn+mvTtg9ZlOAjsPdK3ayQEjqHjU/yLeVQ==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3035,12 +3035,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-nullish-coalescing-operator": {
-      "version": "7.25.8",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-nullish-coalescing-operator/-/plugin-transform-nullish-coalescing-operator-7.25.8.tgz",
-      "integrity": "sha512-Z7WJJWdQc8yCWgAmjI3hyC+5PXIubH9yRKzkl9ZEG647O9szl9zvmKLzpbItlijBnVhTUf1cpyWBsZ3+2wjWPQ==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-nullish-coalescing-operator/-/plugin-transform-nullish-coalescing-operator-7.25.9.tgz",
+      "integrity": "sha512-ENfftpLZw5EItALAD4WsY/KUWvhUlZndm5GC7G3evUsVeSJB6p0pBeLQUnRnBCBx7zV0RKQjR9kCuwrsIrjWog==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3050,12 +3050,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-numeric-separator": {
-      "version": "7.25.8",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-numeric-separator/-/plugin-transform-numeric-separator-7.25.8.tgz",
-      "integrity": "sha512-rm9a5iEFPS4iMIy+/A/PiS0QN0UyjPIeVvbU5EMZFKJZHt8vQnasbpo3T3EFcxzCeYO0BHfc4RqooCZc51J86Q==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-numeric-separator/-/plugin-transform-numeric-separator-7.25.9.tgz",
+      "integrity": "sha512-TlprrJ1GBZ3r6s96Yq8gEQv82s8/5HnCVHtEJScUj90thHQbwe+E5MLhi2bbNHBEJuzrvltXSru+BUxHDoog7Q==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3065,14 +3065,14 @@
       }
     },
     "node_modules/@babel/plugin-transform-object-rest-spread": {
-      "version": "7.25.8",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.25.8.tgz",
-      "integrity": "sha512-LkUu0O2hnUKHKE7/zYOIjByMa4VRaV2CD/cdGz0AxU9we+VA3kDDggKEzI0Oz1IroG+6gUP6UmWEHBMWZU316g==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.25.9.tgz",
+      "integrity": "sha512-fSaXafEE9CVHPweLYw4J0emp1t8zYTXyzN3UuG+lylqkvYd7RMrsOQ8TYx5RF231be0vqtFC6jnx3UmpJmKBYg==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-compilation-targets": "^7.25.7",
-        "@babel/helper-plugin-utils": "^7.25.7",
-        "@babel/plugin-transform-parameters": "^7.25.7"
+        "@babel/helper-compilation-targets": "^7.25.9",
+        "@babel/helper-plugin-utils": "^7.25.9",
+        "@babel/plugin-transform-parameters": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3082,13 +3082,13 @@
       }
     },
     "node_modules/@babel/plugin-transform-object-super": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-object-super/-/plugin-transform-object-super-7.25.7.tgz",
-      "integrity": "sha512-pWT6UXCEW3u1t2tcAGtE15ornCBvopHj9Bps9D2DsH15APgNVOTwwczGckX+WkAvBmuoYKRCFa4DK+jM8vh5AA==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-object-super/-/plugin-transform-object-super-7.25.9.tgz",
+      "integrity": "sha512-Kj/Gh+Rw2RNLbCK1VAWj2U48yxxqL2x0k10nPtSdRa0O2xnHXalD0s+o1A6a0W43gJ00ANo38jxkQreckOzv5A==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7",
-        "@babel/helper-replace-supers": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9",
+        "@babel/helper-replace-supers": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3098,12 +3098,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-optional-catch-binding": {
-      "version": "7.25.8",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-catch-binding/-/plugin-transform-optional-catch-binding-7.25.8.tgz",
-      "integrity": "sha512-EbQYweoMAHOn7iJ9GgZo14ghhb9tTjgOc88xFgYngifx7Z9u580cENCV159M4xDh3q/irbhSjZVpuhpC2gKBbg==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-catch-binding/-/plugin-transform-optional-catch-binding-7.25.9.tgz",
+      "integrity": "sha512-qM/6m6hQZzDcZF3onzIhZeDHDO43bkNNlOX0i8n3lR6zLbu0GN2d8qfM/IERJZYauhAHSLHy39NF0Ctdvcid7g==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3113,13 +3113,13 @@
       }
     },
     "node_modules/@babel/plugin-transform-optional-chaining": {
-      "version": "7.25.8",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.25.8.tgz",
-      "integrity": "sha512-q05Bk7gXOxpTHoQ8RSzGSh/LHVB9JEIkKnk3myAWwZHnYiTGYtbdrYkIsS8Xyh4ltKf7GNUSgzs/6P2bJtBAQg==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.25.9.tgz",
+      "integrity": "sha512-6AvV0FsLULbpnXeBjrY4dmWF8F7gf8QnvTEoO/wX/5xm/xE1Xo8oPuD3MPS+KS9f9XBEAWN7X1aWr4z9HdOr7A==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7",
-        "@babel/helper-skip-transparent-expression-wrappers": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9",
+        "@babel/helper-skip-transparent-expression-wrappers": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3129,12 +3129,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-parameters": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.25.7.tgz",
-      "integrity": "sha512-FYiTvku63me9+1Nz7TOx4YMtW3tWXzfANZtrzHhUZrz4d47EEtMQhzFoZWESfXuAMMT5mwzD4+y1N8ONAX6lMQ==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.25.9.tgz",
+      "integrity": "sha512-wzz6MKwpnshBAiRmn4jR8LYz/g8Ksg0o80XmwZDlordjwEk9SxBzTWC7F5ef1jhbrbOW2DJ5J6ayRukrJmnr0g==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3144,13 +3144,13 @@
       }
     },
     "node_modules/@babel/plugin-transform-private-methods": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-private-methods/-/plugin-transform-private-methods-7.25.7.tgz",
-      "integrity": "sha512-KY0hh2FluNxMLwOCHbxVOKfdB5sjWG4M183885FmaqWWiGMhRZq4DQRKH6mHdEucbJnyDyYiZNwNG424RymJjA==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-private-methods/-/plugin-transform-private-methods-7.25.9.tgz",
+      "integrity": "sha512-D/JUozNpQLAPUVusvqMxyvjzllRaF8/nSrP1s2YGQT/W4LHK4xxsMcHjhOGTS01mp9Hda8nswb+FblLdJornQw==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-create-class-features-plugin": "^7.25.7",
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-create-class-features-plugin": "^7.25.9",
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3160,14 +3160,14 @@
       }
     },
     "node_modules/@babel/plugin-transform-private-property-in-object": {
-      "version": "7.25.8",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-private-property-in-object/-/plugin-transform-private-property-in-object-7.25.8.tgz",
-      "integrity": "sha512-8Uh966svuB4V8RHHg0QJOB32QK287NBksJOByoKmHMp1TAobNniNalIkI2i5IPj5+S9NYCG4VIjbEuiSN8r+ow==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-private-property-in-object/-/plugin-transform-private-property-in-object-7.25.9.tgz",
+      "integrity": "sha512-Evf3kcMqzXA3xfYJmZ9Pg1OvKdtqsDMSWBDzZOPLvHiTt36E75jLDQo5w1gtRU95Q4E5PDttrTf25Fw8d/uWLw==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-annotate-as-pure": "^7.25.7",
-        "@babel/helper-create-class-features-plugin": "^7.25.7",
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-annotate-as-pure": "^7.25.9",
+        "@babel/helper-create-class-features-plugin": "^7.25.9",
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3177,12 +3177,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-property-literals": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-property-literals/-/plugin-transform-property-literals-7.25.7.tgz",
-      "integrity": "sha512-lQEeetGKfFi0wHbt8ClQrUSUMfEeI3MMm74Z73T9/kuz990yYVtfofjf3NuA42Jy3auFOpbjDyCSiIkTs1VIYw==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-property-literals/-/plugin-transform-property-literals-7.25.9.tgz",
+      "integrity": "sha512-IvIUeV5KrS/VPavfSM/Iu+RE6llrHrYIKY1yfCzyO/lMXHQ+p7uGhonmGVisv6tSBSVgWzMBohTcvkC9vQcQFA==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3192,12 +3192,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-regenerator": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.25.7.tgz",
-      "integrity": "sha512-mgDoQCRjrY3XK95UuV60tZlFCQGXEtMg8H+IsW72ldw1ih1jZhzYXbJvghmAEpg5UVhhnCeia1CkGttUvCkiMQ==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.25.9.tgz",
+      "integrity": "sha512-vwDcDNsgMPDGP0nMqzahDWE5/MLcX8sv96+wfX7as7LoF/kr97Bo/7fI00lXY4wUXYfVmwIIyG80fGZ1uvt2qg==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7",
+        "@babel/helper-plugin-utils": "^7.25.9",
         "regenerator-transform": "^0.15.2"
       },
       "engines": {
@@ -3208,12 +3208,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-reserved-words": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-reserved-words/-/plugin-transform-reserved-words-7.25.7.tgz",
-      "integrity": "sha512-3OfyfRRqiGeOvIWSagcwUTVk2hXBsr/ww7bLn6TRTuXnexA+Udov2icFOxFX9abaj4l96ooYkcNN1qi2Zvqwng==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-reserved-words/-/plugin-transform-reserved-words-7.25.9.tgz",
+      "integrity": "sha512-7DL7DKYjn5Su++4RXu8puKZm2XBPHyjWLUidaPEkCUBbE7IPcsrkRHggAOOKydH1dASWdcUBxrkOGNxUv5P3Jg==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3223,12 +3223,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-shorthand-properties": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.25.7.tgz",
-      "integrity": "sha512-uBbxNwimHi5Bv3hUccmOFlUy3ATO6WagTApenHz9KzoIdn0XeACdB12ZJ4cjhuB2WSi80Ez2FWzJnarccriJeA==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.25.9.tgz",
+      "integrity": "sha512-MUv6t0FhO5qHnS/W8XCbHmiRWOphNufpE1IVxhK5kuN3Td9FT1x4rx4K42s3RYdMXCXpfWkGSbCSd0Z64xA7Ng==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3238,13 +3238,13 @@
       }
     },
     "node_modules/@babel/plugin-transform-spread": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-spread/-/plugin-transform-spread-7.25.7.tgz",
-      "integrity": "sha512-Mm6aeymI0PBh44xNIv/qvo8nmbkpZze1KvR8MkEqbIREDxoiWTi18Zr2jryfRMwDfVZF9foKh060fWgni44luw==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-spread/-/plugin-transform-spread-7.25.9.tgz",
+      "integrity": "sha512-oNknIB0TbURU5pqJFVbOOFspVlrpVwo2H1+HUIsVDvp5VauGGDP1ZEvO8Nn5xyMEs3dakajOxlmkNW7kNgSm6A==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7",
-        "@babel/helper-skip-transparent-expression-wrappers": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9",
+        "@babel/helper-skip-transparent-expression-wrappers": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3254,12 +3254,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-sticky-regex": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.25.7.tgz",
-      "integrity": "sha512-ZFAeNkpGuLnAQ/NCsXJ6xik7Id+tHuS+NT+ue/2+rn/31zcdnupCdmunOizEaP0JsUmTFSTOPoQY7PkK2pttXw==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.25.9.tgz",
+      "integrity": "sha512-WqBUSgeVwucYDP9U/xNRQam7xV8W5Zf+6Eo7T2SRVUFlhRiMNFdFz58u0KZmCVVqs2i7SHgpRnAhzRNmKfi2uA==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3269,12 +3269,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-template-literals": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-template-literals/-/plugin-transform-template-literals-7.25.7.tgz",
-      "integrity": "sha512-SI274k0nUsFFmyQupiO7+wKATAmMFf8iFgq2O+vVFXZ0SV9lNfT1NGzBEhjquFmD8I9sqHLguH+gZVN3vww2AA==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-template-literals/-/plugin-transform-template-literals-7.25.9.tgz",
+      "integrity": "sha512-o97AE4syN71M/lxrCtQByzphAdlYluKPDBzDVzMmfCobUjjhAryZV0AIpRPrxN0eAkxXO6ZLEScmt+PNhj2OTw==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3284,12 +3284,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-typeof-symbol": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-typeof-symbol/-/plugin-transform-typeof-symbol-7.25.7.tgz",
-      "integrity": "sha512-OmWmQtTHnO8RSUbL0NTdtpbZHeNTnm68Gj5pA4Y2blFNh+V4iZR68V1qL9cI37J21ZN7AaCnkfdHtLExQPf2uA==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-typeof-symbol/-/plugin-transform-typeof-symbol-7.25.9.tgz",
+      "integrity": "sha512-v61XqUMiueJROUv66BVIOi0Fv/CUuZuZMl5NkRoCVxLAnMexZ0A3kMe7vvZ0nulxMuMp0Mk6S5hNh48yki08ZA==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3299,16 +3299,16 @@
       }
     },
     "node_modules/@babel/plugin-transform-typescript": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-typescript/-/plugin-transform-typescript-7.25.7.tgz",
-      "integrity": "sha512-VKlgy2vBzj8AmEzunocMun2fF06bsSWV+FvVXohtL6FGve/+L217qhHxRTVGHEDO/YR8IANcjzgJsd04J8ge5Q==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-typescript/-/plugin-transform-typescript-7.25.9.tgz",
+      "integrity": "sha512-7PbZQZP50tzv2KGGnhh82GSyMB01yKY9scIjf1a+GfZCtInOWqUH5+1EBU4t9fyR5Oykkkc9vFTs4OHrhHXljQ==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-annotate-as-pure": "^7.25.7",
-        "@babel/helper-create-class-features-plugin": "^7.25.7",
-        "@babel/helper-plugin-utils": "^7.25.7",
-        "@babel/helper-skip-transparent-expression-wrappers": "^7.25.7",
-        "@babel/plugin-syntax-typescript": "^7.25.7"
+        "@babel/helper-annotate-as-pure": "^7.25.9",
+        "@babel/helper-create-class-features-plugin": "^7.25.9",
+        "@babel/helper-plugin-utils": "^7.25.9",
+        "@babel/helper-skip-transparent-expression-wrappers": "^7.25.9",
+        "@babel/plugin-syntax-typescript": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3318,12 +3318,12 @@
       }
     },
     "node_modules/@babel/plugin-transform-unicode-escapes": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-escapes/-/plugin-transform-unicode-escapes-7.25.7.tgz",
-      "integrity": "sha512-BN87D7KpbdiABA+t3HbVqHzKWUDN3dymLaTnPFAMyc8lV+KN3+YzNhVRNdinaCPA4AUqx7ubXbQ9shRjYBl3SQ==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-escapes/-/plugin-transform-unicode-escapes-7.25.9.tgz",
+      "integrity": "sha512-s5EDrE6bW97LtxOcGj1Khcx5AaXwiMmi4toFWRDP9/y0Woo6pXC+iyPu/KuhKtfSrNFd7jJB+/fkOtZy6aIC6Q==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3333,13 +3333,13 @@
       }
     },
     "node_modules/@babel/plugin-transform-unicode-property-regex": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-property-regex/-/plugin-transform-unicode-property-regex-7.25.7.tgz",
-      "integrity": "sha512-IWfR89zcEPQGB/iB408uGtSPlQd3Jpq11Im86vUgcmSTcoWAiQMCTOa2K2yNNqFJEBVICKhayctee65Ka8OB0w==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-property-regex/-/plugin-transform-unicode-property-regex-7.25.9.tgz",
+      "integrity": "sha512-Jt2d8Ga+QwRluxRQ307Vlxa6dMrYEMZCgGxoPR8V52rxPyldHu3hdlHspxaqYmE7oID5+kB+UKUB/eWS+DkkWg==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-create-regexp-features-plugin": "^7.25.7",
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-create-regexp-features-plugin": "^7.25.9",
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3349,13 +3349,13 @@
       }
     },
     "node_modules/@babel/plugin-transform-unicode-regex": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-regex/-/plugin-transform-unicode-regex-7.25.7.tgz",
-      "integrity": "sha512-8JKfg/hiuA3qXnlLx8qtv5HWRbgyFx2hMMtpDDuU2rTckpKkGu4ycK5yYHwuEa16/quXfoxHBIApEsNyMWnt0g==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-regex/-/plugin-transform-unicode-regex-7.25.9.tgz",
+      "integrity": "sha512-yoxstj7Rg9dlNn9UQxzk4fcNivwv4nUYz7fYXBaKxvw/lnmPuOm/ikoELygbYq68Bls3D/D+NBPHiLwZdZZ4HA==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-create-regexp-features-plugin": "^7.25.7",
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-create-regexp-features-plugin": "^7.25.9",
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3365,13 +3365,13 @@
       }
     },
     "node_modules/@babel/plugin-transform-unicode-sets-regex": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-sets-regex/-/plugin-transform-unicode-sets-regex-7.25.7.tgz",
-      "integrity": "sha512-YRW8o9vzImwmh4Q3Rffd09bH5/hvY0pxg+1H1i0f7APoUeg12G7+HhLj9ZFNIrYkgBXhIijPJ+IXypN0hLTIbw==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-sets-regex/-/plugin-transform-unicode-sets-regex-7.25.9.tgz",
+      "integrity": "sha512-8BYqO3GeVNHtx69fdPshN3fnzUNLrWdHhk/icSwigksJGczKSizZ+Z6SBCxTs723Fr5VSNorTIK7a+R2tISvwQ==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-create-regexp-features-plugin": "^7.25.7",
-        "@babel/helper-plugin-utils": "^7.25.7"
+        "@babel/helper-create-regexp-features-plugin": "^7.25.9",
+        "@babel/helper-plugin-utils": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -3381,73 +3381,73 @@
       }
     },
     "node_modules/@babel/preset-env": {
-      "version": "7.25.8",
-      "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.25.8.tgz",
-      "integrity": "sha512-58T2yulDHMN8YMUxiLq5YmWUnlDCyY1FsHM+v12VMx+1/FlrUj5tY50iDCpofFQEM8fMYOaY9YRvym2jcjn1Dg==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.25.9.tgz",
+      "integrity": "sha512-XqDEt+hfsQukahSX9JOBDHhpUHDhj2zGSxoqWQFCMajOSBnbhBdgON/bU/5PkBA1yX5tqW6tTzuIPVsZTQ7h5Q==",
       "license": "MIT",
       "dependencies": {
-        "@babel/compat-data": "^7.25.8",
-        "@babel/helper-compilation-targets": "^7.25.7",
-        "@babel/helper-plugin-utils": "^7.25.7",
-        "@babel/helper-validator-option": "^7.25.7",
-        "@babel/plugin-bugfix-firefox-class-in-computed-class-key": "^7.25.7",
-        "@babel/plugin-bugfix-safari-class-field-initializer-scope": "^7.25.7",
-        "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": "^7.25.7",
-        "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": "^7.25.7",
-        "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly": "^7.25.7",
+        "@babel/compat-data": "^7.25.9",
+        "@babel/helper-compilation-targets": "^7.25.9",
+        "@babel/helper-plugin-utils": "^7.25.9",
+        "@babel/helper-validator-option": "^7.25.9",
+        "@babel/plugin-bugfix-firefox-class-in-computed-class-key": "^7.25.9",
+        "@babel/plugin-bugfix-safari-class-field-initializer-scope": "^7.25.9",
+        "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": "^7.25.9",
+        "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": "^7.25.9",
+        "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly": "^7.25.9",
         "@babel/plugin-proposal-private-property-in-object": "7.21.0-placeholder-for-preset-env.2",
-        "@babel/plugin-syntax-import-assertions": "^7.25.7",
-        "@babel/plugin-syntax-import-attributes": "^7.25.7",
+        "@babel/plugin-syntax-import-assertions": "^7.25.9",
+        "@babel/plugin-syntax-import-attributes": "^7.25.9",
         "@babel/plugin-syntax-unicode-sets-regex": "^7.18.6",
-        "@babel/plugin-transform-arrow-functions": "^7.25.7",
-        "@babel/plugin-transform-async-generator-functions": "^7.25.8",
-        "@babel/plugin-transform-async-to-generator": "^7.25.7",
-        "@babel/plugin-transform-block-scoped-functions": "^7.25.7",
-        "@babel/plugin-transform-block-scoping": "^7.25.7",
-        "@babel/plugin-transform-class-properties": "^7.25.7",
-        "@babel/plugin-transform-class-static-block": "^7.25.8",
-        "@babel/plugin-transform-classes": "^7.25.7",
-        "@babel/plugin-transform-computed-properties": "^7.25.7",
-        "@babel/plugin-transform-destructuring": "^7.25.7",
-        "@babel/plugin-transform-dotall-regex": "^7.25.7",
-        "@babel/plugin-transform-duplicate-keys": "^7.25.7",
-        "@babel/plugin-transform-duplicate-named-capturing-groups-regex": "^7.25.7",
-        "@babel/plugin-transform-dynamic-import": "^7.25.8",
-        "@babel/plugin-transform-exponentiation-operator": "^7.25.7",
-        "@babel/plugin-transform-export-namespace-from": "^7.25.8",
-        "@babel/plugin-transform-for-of": "^7.25.7",
-        "@babel/plugin-transform-function-name": "^7.25.7",
-        "@babel/plugin-transform-json-strings": "^7.25.8",
-        "@babel/plugin-transform-literals": "^7.25.7",
-        "@babel/plugin-transform-logical-assignment-operators": "^7.25.8",
-        "@babel/plugin-transform-member-expression-literals": "^7.25.7",
-        "@babel/plugin-transform-modules-amd": "^7.25.7",
-        "@babel/plugin-transform-modules-commonjs": "^7.25.7",
-        "@babel/plugin-transform-modules-systemjs": "^7.25.7",
-        "@babel/plugin-transform-modules-umd": "^7.25.7",
-        "@babel/plugin-transform-named-capturing-groups-regex": "^7.25.7",
-        "@babel/plugin-transform-new-target": "^7.25.7",
-        "@babel/plugin-transform-nullish-coalescing-operator": "^7.25.8",
-        "@babel/plugin-transform-numeric-separator": "^7.25.8",
-        "@babel/plugin-transform-object-rest-spread": "^7.25.8",
-        "@babel/plugin-transform-object-super": "^7.25.7",
-        "@babel/plugin-transform-optional-catch-binding": "^7.25.8",
-        "@babel/plugin-transform-optional-chaining": "^7.25.8",
-        "@babel/plugin-transform-parameters": "^7.25.7",
-        "@babel/plugin-transform-private-methods": "^7.25.7",
-        "@babel/plugin-transform-private-property-in-object": "^7.25.8",
-        "@babel/plugin-transform-property-literals": "^7.25.7",
-        "@babel/plugin-transform-regenerator": "^7.25.7",
-        "@babel/plugin-transform-reserved-words": "^7.25.7",
-        "@babel/plugin-transform-shorthand-properties": "^7.25.7",
-        "@babel/plugin-transform-spread": "^7.25.7",
-        "@babel/plugin-transform-sticky-regex": "^7.25.7",
-        "@babel/plugin-transform-template-literals": "^7.25.7",
-        "@babel/plugin-transform-typeof-symbol": "^7.25.7",
-        "@babel/plugin-transform-unicode-escapes": "^7.25.7",
-        "@babel/plugin-transform-unicode-property-regex": "^7.25.7",
-        "@babel/plugin-transform-unicode-regex": "^7.25.7",
-        "@babel/plugin-transform-unicode-sets-regex": "^7.25.7",
+        "@babel/plugin-transform-arrow-functions": "^7.25.9",
+        "@babel/plugin-transform-async-generator-functions": "^7.25.9",
+        "@babel/plugin-transform-async-to-generator": "^7.25.9",
+        "@babel/plugin-transform-block-scoped-functions": "^7.25.9",
+        "@babel/plugin-transform-block-scoping": "^7.25.9",
+        "@babel/plugin-transform-class-properties": "^7.25.9",
+        "@babel/plugin-transform-class-static-block": "^7.25.9",
+        "@babel/plugin-transform-classes": "^7.25.9",
+        "@babel/plugin-transform-computed-properties": "^7.25.9",
+        "@babel/plugin-transform-destructuring": "^7.25.9",
+        "@babel/plugin-transform-dotall-regex": "^7.25.9",
+        "@babel/plugin-transform-duplicate-keys": "^7.25.9",
+        "@babel/plugin-transform-duplicate-named-capturing-groups-regex": "^7.25.9",
+        "@babel/plugin-transform-dynamic-import": "^7.25.9",
+        "@babel/plugin-transform-exponentiation-operator": "^7.25.9",
+        "@babel/plugin-transform-export-namespace-from": "^7.25.9",
+        "@babel/plugin-transform-for-of": "^7.25.9",
+        "@babel/plugin-transform-function-name": "^7.25.9",
+        "@babel/plugin-transform-json-strings": "^7.25.9",
+        "@babel/plugin-transform-literals": "^7.25.9",
+        "@babel/plugin-transform-logical-assignment-operators": "^7.25.9",
+        "@babel/plugin-transform-member-expression-literals": "^7.25.9",
+        "@babel/plugin-transform-modules-amd": "^7.25.9",
+        "@babel/plugin-transform-modules-commonjs": "^7.25.9",
+        "@babel/plugin-transform-modules-systemjs": "^7.25.9",
+        "@babel/plugin-transform-modules-umd": "^7.25.9",
+        "@babel/plugin-transform-named-capturing-groups-regex": "^7.25.9",
+        "@babel/plugin-transform-new-target": "^7.25.9",
+        "@babel/plugin-transform-nullish-coalescing-operator": "^7.25.9",
+        "@babel/plugin-transform-numeric-separator": "^7.25.9",
+        "@babel/plugin-transform-object-rest-spread": "^7.25.9",
+        "@babel/plugin-transform-object-super": "^7.25.9",
+        "@babel/plugin-transform-optional-catch-binding": "^7.25.9",
+        "@babel/plugin-transform-optional-chaining": "^7.25.9",
+        "@babel/plugin-transform-parameters": "^7.25.9",
+        "@babel/plugin-transform-private-methods": "^7.25.9",
+        "@babel/plugin-transform-private-property-in-object": "^7.25.9",
+        "@babel/plugin-transform-property-literals": "^7.25.9",
+        "@babel/plugin-transform-regenerator": "^7.25.9",
+        "@babel/plugin-transform-reserved-words": "^7.25.9",
+        "@babel/plugin-transform-shorthand-properties": "^7.25.9",
+        "@babel/plugin-transform-spread": "^7.25.9",
+        "@babel/plugin-transform-sticky-regex": "^7.25.9",
+        "@babel/plugin-transform-template-literals": "^7.25.9",
+        "@babel/plugin-transform-typeof-symbol": "^7.25.9",
+        "@babel/plugin-transform-unicode-escapes": "^7.25.9",
+        "@babel/plugin-transform-unicode-property-regex": "^7.25.9",
+        "@babel/plugin-transform-unicode-regex": "^7.25.9",
+        "@babel/plugin-transform-unicode-sets-regex": "^7.25.9",
         "@babel/preset-modules": "0.1.6-no-external-plugins",
         "babel-plugin-polyfill-corejs2": "^0.4.10",
         "babel-plugin-polyfill-corejs3": "^0.10.6",
@@ -3476,9 +3476,9 @@
       }
     },
     "node_modules/@babel/register": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/register/-/register-7.25.7.tgz",
-      "integrity": "sha512-qHTd2Rhn/rKhSUwdY6+n98FmwXN+N+zxSVx3zWqRe9INyvTpv+aQ5gDV2+43ACd3VtMBzPPljbb0gZb8u5ma6Q==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/register/-/register-7.25.9.tgz",
+      "integrity": "sha512-8D43jXtGsYmEeDvm4MWHYUpWf8iiXgWYx3fW7E7Wb7Oe6FWqJPl5K6TuFW0dOwNZzEE5rjlaSJYH9JjrUKJszA==",
       "license": "MIT",
       "dependencies": {
         "clone-deep": "^4.0.1",
@@ -3506,30 +3506,30 @@
       }
     },
     "node_modules/@babel/template": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.25.7.tgz",
-      "integrity": "sha512-wRwtAgI3bAS+JGU2upWNL9lSlDcRCqD05BZ1n3X2ONLH1WilFP6O1otQjeMK/1g0pvYcXC7b/qVUB1keofjtZA==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.25.9.tgz",
+      "integrity": "sha512-9DGttpmPvIxBb/2uwpVo3dqJ+O6RooAFOS+lB+xDqoE2PVCE8nfoHMdZLpfCQRLwvohzXISPZcgxt80xLfsuwg==",
       "license": "MIT",
       "dependencies": {
-        "@babel/code-frame": "^7.25.7",
-        "@babel/parser": "^7.25.7",
-        "@babel/types": "^7.25.7"
+        "@babel/code-frame": "^7.25.9",
+        "@babel/parser": "^7.25.9",
+        "@babel/types": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/traverse": {
-      "version": "7.25.7",
-      "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.25.7.tgz",
-      "integrity": "sha512-jatJPT1Zjqvh/1FyJs6qAHL+Dzb7sTb+xr7Q+gM1b+1oBsMsQQ4FkVKb6dFlJvLlVssqkRzV05Jzervt9yhnzg==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.25.9.tgz",
+      "integrity": "sha512-ZCuvfwOwlz/bawvAuvcj8rrithP2/N55Tzz342AkTvq4qaWbGfmCk/tKhNaV2cthijKrPAA8SRJV5WWe7IBMJw==",
       "license": "MIT",
       "dependencies": {
-        "@babel/code-frame": "^7.25.7",
-        "@babel/generator": "^7.25.7",
-        "@babel/parser": "^7.25.7",
-        "@babel/template": "^7.25.7",
-        "@babel/types": "^7.25.7",
+        "@babel/code-frame": "^7.25.9",
+        "@babel/generator": "^7.25.9",
+        "@babel/parser": "^7.25.9",
+        "@babel/template": "^7.25.9",
+        "@babel/types": "^7.25.9",
         "debug": "^4.3.1",
         "globals": "^11.1.0"
       },
@@ -3538,14 +3538,13 @@
       }
     },
     "node_modules/@babel/types": {
-      "version": "7.25.8",
-      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.25.8.tgz",
-      "integrity": "sha512-JWtuCu8VQsMladxVz/P4HzHUGCAwpuqacmowgXFs5XjxIgKuNjnLokQzuVjlTvIzODaDmpjT3oxcC48vyk9EWg==",
+      "version": "7.25.9",
+      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.25.9.tgz",
+      "integrity": "sha512-OwS2CM5KocvQ/k7dFJa8i5bNGJP0hXWfVCfDkqRFP1IreH1JDC7wG6eCYCi0+McbfT8OR/kNqsI0UU0xP9H6PQ==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-string-parser": "^7.25.7",
-        "@babel/helper-validator-identifier": "^7.25.7",
-        "to-fast-properties": "^2.0.0"
+        "@babel/helper-string-parser": "^7.25.9",
+        "@babel/helper-validator-identifier": "^7.25.9"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -22417,14 +22416,6 @@
         "node": ">=0.6.0"
       }
     },
-    "node_modules/to-fast-properties": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz",
-      "integrity": "sha512-/OaKK0xYrs3DmxRYqL/yDc+FxFUVYhDlXMhRmv3z915w2HF1tnN1omB354j8VUGO/hbRzyD6Y3sA7v7GS/ceog==",
-      "engines": {
-        "node": ">=4"
-      }
-    },
     "node_modules/to-regex-range": {
       "version": "5.0.1",
       "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
diff --git a/package.json b/package.json
index 697767f354b..d805e9ca433 100644
--- a/package.json
+++ b/package.json
@@ -31,10 +31,10 @@
   "dependencies": {
     "@apollo/server": "4.11.0",
     "@aws-sdk/client-s3": "3.678.0",
-    "@babel/core": "7.25.8",
-    "@babel/node": "7.25.7",
-    "@babel/plugin-transform-typescript": "7.25.7",
-    "@babel/preset-env": "7.25.8",
+    "@babel/core": "7.25.9",
+    "@babel/node": "7.25.9",
+    "@babel/plugin-transform-typescript": "7.25.9",
+    "@babel/preset-env": "7.25.9",
     "@elastic/elasticsearch": "8.15.1",
     "@escape.tech/graphql-armor": "3.0.1",
     "@hyperwatch/hyperwatch": "4.0.0",

From c5f423b086d21ef85c85b39e44bbf1c00ba00f21 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Thu, 24 Oct 2024 13:57:24 +0200
Subject: [PATCH 010/129] enhancement(Expense): do not send draft email on
 staging (#10420)

---
 server/lib/notifications/email.ts | 1 -
 1 file changed, 1 deletion(-)

diff --git a/server/lib/notifications/email.ts b/server/lib/notifications/email.ts
index f4c52fda59f..0e51289b9ed 100644
--- a/server/lib/notifications/email.ts
+++ b/server/lib/notifications/email.ts
@@ -644,7 +644,6 @@ export const notifyByEmail = async (activity: Activity) => {
         const collectiveId = activity.data.user?.id; // TODO: It's confusing that we store a collective ID in `data.user.id`, should rather be a User id
         const sender = collectiveId && (await models.User.findOne({ where: { CollectiveId: collectiveId } }));
         await emailLib.send(activity.type, activity.data.payee.email, activity.data, {
-          sendEvenIfNotProduction: true,
           replyTo: sender?.email,
         });
       } else if (activity.data.payee.id) {

From f216173e45bccbd23ea62d2ce5244ea820625728 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 25 Oct 2024 09:24:21 +0200
Subject: [PATCH 011/129] chore(deps): update dependency @types/graphql-upload
 to v16 (#10405)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 12 +++++++-----
 package.json      |  2 +-
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 52f31bbe7b1..cb326256e44 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -126,7 +126,7 @@
         "@opentelemetry/sdk-trace-base": "^1.20.0",
         "@opentelemetry/sdk-trace-node": "^1.20.0",
         "@types/express": "^4.17.21",
-        "@types/graphql-upload": "15.0.2",
+        "@types/graphql-upload": "16.0.7",
         "@types/jsonwebtoken": "^9.0.5",
         "@types/lodash": "^4.14.202",
         "@types/mocha": "^10.0.6",
@@ -8994,15 +8994,17 @@
       }
     },
     "node_modules/@types/graphql-upload": {
-      "version": "15.0.2",
-      "resolved": "https://registry.npmjs.org/@types/graphql-upload/-/graphql-upload-15.0.2.tgz",
-      "integrity": "sha512-dK4GN/JbMmgHbsKZaUWVYwaLMCwIR0QMBcFz+jb4xj/cRLq1yo2VfnoFvnP5yCw7W4IgGgW7JRwEvM4jn0ahlA==",
+      "version": "16.0.7",
+      "resolved": "https://registry.npmjs.org/@types/graphql-upload/-/graphql-upload-16.0.7.tgz",
+      "integrity": "sha512-7vCoxIv2pVTvV8n+miYyfkINdguWsYomAkPlOfHoM6z/qzsiBAdfRb6lNc8PvEUhe7TXaxX4+LHubejw1og1DQ==",
       "dev": true,
+      "license": "MIT",
       "dependencies": {
         "@types/express": "*",
         "@types/koa": "*",
+        "@types/node": "*",
         "fs-capacitor": "^8.0.0",
-        "graphql": "0.13.1 - 16"
+        "graphql": "^16.3.0"
       }
     },
     "node_modules/@types/http-assert": {
diff --git a/package.json b/package.json
index d805e9ca433..174098dc514 100644
--- a/package.json
+++ b/package.json
@@ -147,7 +147,7 @@
     "@opentelemetry/sdk-trace-base": "^1.20.0",
     "@opentelemetry/sdk-trace-node": "^1.20.0",
     "@types/express": "^4.17.21",
-    "@types/graphql-upload": "15.0.2",
+    "@types/graphql-upload": "16.0.7",
     "@types/jsonwebtoken": "^9.0.5",
     "@types/lodash": "^4.14.202",
     "@types/mocha": "^10.0.6",

From 00cbc942061538b886ae837a643e16a6aa50d889 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Fri, 25 Oct 2024 16:19:58 +0200
Subject: [PATCH 012/129] release(Plaid): enable for 1rd party hosts (#10423)

---
 server/constants/platform.ts                  |  9 ++++++++
 server/graphql/v2/mutation/PlaidMutations.ts  | 22 ++++++++++++++-----
 .../v2/mutation/PlaidMutations.test.ts        |  8 +++----
 3 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/server/constants/platform.ts b/server/constants/platform.ts
index a087d0de6fd..0cf7173cc3c 100644
--- a/server/constants/platform.ts
+++ b/server/constants/platform.ts
@@ -67,6 +67,15 @@ const getPlatformConstants = (checkIfMigrated: () => boolean) => ({
   get AllPlatformCollectiveIds() {
     return [8686, 835523];
   },
+
+  get FirstPartyHostCollectiveIds() {
+    return [
+      11004, // opensource
+      9807, // europe
+      729588, // oce-foundation-eur
+      696998, // oce-foundation-usd
+    ];
+  },
 });
 
 let __testingMigration = false;
diff --git a/server/graphql/v2/mutation/PlaidMutations.ts b/server/graphql/v2/mutation/PlaidMutations.ts
index 866ceae6fc9..bb96bfac5d1 100644
--- a/server/graphql/v2/mutation/PlaidMutations.ts
+++ b/server/graphql/v2/mutation/PlaidMutations.ts
@@ -1,10 +1,11 @@
 import { GraphQLNonNull, GraphQLObjectType, GraphQLString } from 'graphql';
 import { pick } from 'lodash';
 
+import PlatformConstants from '../../../constants/platform';
 import { connectPlaidAccount, generatePlaidLinkToken } from '../../../lib/plaid/connect';
 import { requestPlaidAccountSync } from '../../../lib/plaid/sync';
 import RateLimit from '../../../lib/rate-limit';
-import { checkRemoteUserCanRoot } from '../../common/scope-check';
+import { checkRemoteUserCanUseTransactions } from '../../common/scope-check';
 import { Forbidden, RateLimitExceeded } from '../../errors';
 import { fetchAccountWithReference, GraphQLAccountReferenceInput } from '../input/AccountReferenceInput';
 import {
@@ -55,8 +56,15 @@ export const plaidMutations = {
   generatePlaidLinkToken: {
     type: new GraphQLNonNull(GraphQLPlaidLinkTokenCreateResponse),
     description: 'Generate a Plaid Link token',
-    resolve: async (_, _args, req) => {
-      checkRemoteUserCanRoot(req);
+    resolve: async (_, _args, req: Express.Request) => {
+      checkRemoteUserCanUseTransactions(req);
+
+      // Check if user is an admin of any third party host or platform
+      const allowedIds = [...PlatformConstants.FirstPartyHostCollectiveIds, PlatformConstants.PlatformCollectiveId];
+      if (!allowedIds.some(id => req.remoteUser.isAdmin(id))) {
+        throw new Forbidden('You do not have permission to connect a Plaid account');
+      }
+
       const tokenData = await generatePlaidLinkToken(req.remoteUser, ['auth', 'transactions'], ['US']);
       return {
         linkToken: tokenData['link_token'],
@@ -88,8 +96,12 @@ export const plaidMutations = {
       },
     },
     resolve: async (_, args, req) => {
-      checkRemoteUserCanRoot(req);
+      checkRemoteUserCanUseTransactions(req);
       const host = await fetchAccountWithReference(args.host, { throwIfMissing: true });
+      if (!req.remoteUser.isAdminOfCollective(host)) {
+        throw new Forbidden('You do not have permission to connect a Plaid account');
+      }
+
       const accountInfo = pick(args, ['sourceName', 'name']);
       return connectPlaidAccount(req.remoteUser, host, args.publicToken, accountInfo);
     },
@@ -104,7 +116,7 @@ export const plaidMutations = {
       },
     },
     resolve: async (_, args, req) => {
-      checkRemoteUserCanRoot(req);
+      checkRemoteUserCanUseTransactions(req);
       const connectedAccount = await fetchConnectedAccountWithReference(args.connectedAccount, {
         throwIfMissing: true,
       });
diff --git a/test/server/graphql/v2/mutation/PlaidMutations.test.ts b/test/server/graphql/v2/mutation/PlaidMutations.test.ts
index 5e9b08d08a2..c9a4a8334c1 100644
--- a/test/server/graphql/v2/mutation/PlaidMutations.test.ts
+++ b/test/server/graphql/v2/mutation/PlaidMutations.test.ts
@@ -48,11 +48,11 @@ describe('server/graphql/v2/mutation/PlaidMutations', () => {
       }
     `;
 
-    it('must be root', async () => {
+    it('must be the member of a 1st party host or platform', async () => {
       const remoteUser = await fakeUser();
       const result = await graphqlQueryV2(GENERATE_PLAID_LINK_TOKEN_MUTATION, {}, remoteUser);
       expect(result.errors).to.exist;
-      expect(result.errors[0].message).to.equal('You need to be logged in as root.');
+      expect(result.errors[0].message).to.equal('You do not have permission to connect a Plaid account');
     });
 
     it('should generate a Plaid Link token', async () => {
@@ -103,7 +103,7 @@ describe('server/graphql/v2/mutation/PlaidMutations', () => {
       }
     `;
 
-    it('must be root', async () => {
+    it('must be the member of a 1st party host or platform', async () => {
       const remoteUser = await fakeUser();
       const result = await graphqlQueryV2(
         CONNECT_PLAID_ACCOUNT_MUTATION,
@@ -111,7 +111,7 @@ describe('server/graphql/v2/mutation/PlaidMutations', () => {
         remoteUser,
       );
       expect(result.errors).to.exist;
-      expect(result.errors[0].message).to.equal('You need to be logged in as root.');
+      expect(result.errors[0].message).to.equal('You do not have permission to connect a Plaid account');
     });
 
     it('should connect a Plaid account', async () => {

From d7c58acab20ad5334fe566e15537e8b0e77b77a3 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Mon, 28 Oct 2024 09:37:00 +0100
Subject: [PATCH 013/129] chore: Fix typo in fraud protection message (#10421)

---
 server/lib/security/order.ts           |  4 ++--
 test/server/lib/security/order.test.ts | 18 +++++++++---------
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/server/lib/security/order.ts b/server/lib/security/order.ts
index 65d72f1c3a9..a28d5457566 100644
--- a/server/lib/security/order.ts
+++ b/server/lib/security/order.ts
@@ -114,9 +114,9 @@ const makeStatLimitChecker =
     const stat = await statFn(...args);
     const statArray = [stat.numberOfOrders, stat.errorRate, stat.paymentMethodRate];
     const fail = limits.every((limit, index) => limit <= statArray[index]);
-    debug(`Checking ${statArray.join()} below treshold ${limitParams.join()}: ${fail ? 'FAIL' : 'PASS'}`);
+    debug(`Checking ${statArray.join()} below threshold ${limitParams.join()}: ${fail ? 'FAIL' : 'PASS'}`);
     if (fail) {
-      throw new Error(`Stat ${statArray.join()} above treshold ${limitParams.join()}`);
+      throw new Error(`Stat ${statArray.join()} above threshold ${limitParams.join()}`);
     }
   };
 
diff --git a/test/server/lib/security/order.test.ts b/test/server/lib/security/order.test.ts
index d92da367b97..902b49896ea 100644
--- a/test/server/lib/security/order.test.ts
+++ b/test/server/lib/security/order.test.ts
@@ -81,13 +81,13 @@ describe('lib/security/order', () => {
         config.fraud.order.user = defaultuser;
       });
 
-      it('should pass if user stats are below treshold', async () => {
+      it('should pass if user stats are below threshold', async () => {
         await expect(checkUser(user)).to.be.fulfilled;
       });
 
-      it('should throw if user stats hit the treshold', async () => {
+      it('should throw if user stats hit the threshold', async () => {
         config.fraud.order.user = '[["1 month", 5, 0.8, 0.2]]';
-        await expect(checkUser(user)).to.be.rejectedWith('above treshold');
+        await expect(checkUser(user)).to.be.rejectedWith('above threshold');
       });
     });
 
@@ -98,13 +98,13 @@ describe('lib/security/order', () => {
         config.fraud.order.ip = defaultip;
       });
 
-      it('should pass if ip stats are below treshold', async () => {
+      it('should pass if ip stats are below threshold', async () => {
         await expect(checkIP('127.0.0.1')).to.be.fulfilled;
       });
 
-      it('should throw if ip stats hit the treshold', async () => {
+      it('should throw if ip stats hit the threshold', async () => {
         config.fraud.order.ip = '[["5 days", 5, 0.8, 0.2]]';
-        await expect(checkIP('127.0.0.1')).to.be.rejectedWith('above treshold');
+        await expect(checkIP('127.0.0.1')).to.be.rejectedWith('above threshold');
       });
     });
 
@@ -115,13 +115,13 @@ describe('lib/security/order', () => {
         config.fraud.order.email = defaultemail;
       });
 
-      it('should pass if email stats are below treshold', async () => {
+      it('should pass if email stats are below threshold', async () => {
         await expect(checkEmail('crook@tempmail.com')).to.be.fulfilled;
       });
 
-      it('should throw if email stats hit the treshold', async () => {
+      it('should throw if email stats hit the threshold', async () => {
         config.fraud.order.email = '[["1 month", 5, 0.8, 0.2]]';
-        await expect(checkEmail('crook@tempmail.com')).to.be.rejectedWith('above treshold');
+        await expect(checkEmail('crook@tempmail.com')).to.be.rejectedWith('above threshold');
       });
     });
   });

From 6ae149b87ccfeca9d6fb101a3ae5cddcdc920f0e Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 28 Oct 2024 09:40:44 +0100
Subject: [PATCH 014/129] fix(deps): update dependency
 @escape.tech/graphql-armor to v3.1.1 (#10392)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 66 +++++++++++++++++++++++------------------------
 package.json      |  2 +-
 2 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index cb326256e44..dd03bdfe2d8 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -15,7 +15,7 @@
         "@babel/plugin-transform-typescript": "7.25.9",
         "@babel/preset-env": "7.25.9",
         "@elastic/elasticsearch": "8.15.1",
-        "@escape.tech/graphql-armor": "3.0.1",
+        "@escape.tech/graphql-armor": "3.1.1",
         "@hyperwatch/hyperwatch": "4.0.0",
         "@json2csv/plainjs": "^7.0.6",
         "@node-oauth/oauth2-server": "4.3.3",
@@ -3878,17 +3878,17 @@
       }
     },
     "node_modules/@escape.tech/graphql-armor": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/@escape.tech/graphql-armor/-/graphql-armor-3.0.1.tgz",
-      "integrity": "sha512-NdlpdFojylmze1uXSzQ1gcOXy3mSAMIoftNe1wh5tBSyyeHxpiGb0AUpL7VlfOqe1UXilCX+3xr1vAHburrNDA==",
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/@escape.tech/graphql-armor/-/graphql-armor-3.1.1.tgz",
+      "integrity": "sha512-hEzpCYQkr9LPLUkra01WqN9SNt1hlM5bbDbBoJhNPfzEE4TNUMx3cBUVyT8ZNznWrFlzLdggGPWBBid7psQgcA==",
       "license": "MIT",
       "dependencies": {
         "@escape.tech/graphql-armor-block-field-suggestions": "2.2.0",
-        "@escape.tech/graphql-armor-cost-limit": "2.2.0",
-        "@escape.tech/graphql-armor-max-aliases": "2.5.0",
-        "@escape.tech/graphql-armor-max-depth": "2.3.0",
-        "@escape.tech/graphql-armor-max-directives": "2.2.0",
-        "@escape.tech/graphql-armor-max-tokens": "2.4.0",
+        "@escape.tech/graphql-armor-cost-limit": "2.4.0",
+        "@escape.tech/graphql-armor-max-aliases": "2.6.0",
+        "@escape.tech/graphql-armor-max-depth": "2.4.0",
+        "@escape.tech/graphql-armor-max-directives": "2.3.0",
+        "@escape.tech/graphql-armor-max-tokens": "2.5.0",
         "graphql": "^16.0.0"
       },
       "engines": {
@@ -3897,7 +3897,7 @@
       "peerDependencies": {
         "@apollo/server": "^4.0.0",
         "@envelop/core": "^5.0.0",
-        "@escape.tech/graphql-armor-types": "0.6.0"
+        "@escape.tech/graphql-armor-types": "0.7.0"
       },
       "peerDependenciesMeta": {
         "@apollo/server": {
@@ -3927,9 +3927,9 @@
       }
     },
     "node_modules/@escape.tech/graphql-armor-cost-limit": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/@escape.tech/graphql-armor-cost-limit/-/graphql-armor-cost-limit-2.2.0.tgz",
-      "integrity": "sha512-26y2WOg7tTtgGthbmGF1HEIhyG+MCTmf6Kzk5uEbNKE6ct+RV/VwNXs8mb0DJPc3xpYHtnJWO8NiJMVRDre6Sw==",
+      "version": "2.4.0",
+      "resolved": "https://registry.npmjs.org/@escape.tech/graphql-armor-cost-limit/-/graphql-armor-cost-limit-2.4.0.tgz",
+      "integrity": "sha512-B1s95ZFG1Xv4RtkQxpSe/tkFP2b0Cprvt8ZDnY7NddjRoI5kHy5aQt6n3g0erB9eMKXm17e0h+TcurMhVSTaPw==",
       "license": "MIT",
       "dependencies": {
         "graphql": "^16.0.0"
@@ -3939,13 +3939,13 @@
       },
       "optionalDependencies": {
         "@envelop/core": "^5.0.0",
-        "@escape.tech/graphql-armor-types": "0.6.0"
+        "@escape.tech/graphql-armor-types": "0.7.0"
       }
     },
     "node_modules/@escape.tech/graphql-armor-max-aliases": {
-      "version": "2.5.0",
-      "resolved": "https://registry.npmjs.org/@escape.tech/graphql-armor-max-aliases/-/graphql-armor-max-aliases-2.5.0.tgz",
-      "integrity": "sha512-deaLZF3ASfJY9jUbBzoZW9IUHWqAVorpDR9Yez4mxk8iFltwCpgtJfVEb57T+R0RyiFrtjdUM5SQpNZJxhie7w==",
+      "version": "2.6.0",
+      "resolved": "https://registry.npmjs.org/@escape.tech/graphql-armor-max-aliases/-/graphql-armor-max-aliases-2.6.0.tgz",
+      "integrity": "sha512-9dwRC5+dl986byBD9QRYRUrLALa7awpUe4aIM1j7StZHGJgmYRj3LZaWQM3JyI8j2FXg4rqBC4FJAiVYpRyWqw==",
       "license": "MIT",
       "dependencies": {
         "graphql": "^16.0.0"
@@ -3955,13 +3955,13 @@
       },
       "optionalDependencies": {
         "@envelop/core": "^5.0.0",
-        "@escape.tech/graphql-armor-types": "0.6.0"
+        "@escape.tech/graphql-armor-types": "0.7.0"
       }
     },
     "node_modules/@escape.tech/graphql-armor-max-depth": {
-      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/@escape.tech/graphql-armor-max-depth/-/graphql-armor-max-depth-2.3.0.tgz",
-      "integrity": "sha512-EgqJU2yOaKaFeNDqMn18fIOI6UNjboWV950G9I39ebXyxsQmIaAx0Hs9hJoCBEHdLY9SCKWsEZFipHXqvaphdw==",
+      "version": "2.4.0",
+      "resolved": "https://registry.npmjs.org/@escape.tech/graphql-armor-max-depth/-/graphql-armor-max-depth-2.4.0.tgz",
+      "integrity": "sha512-4sQkvPITjkSW4mReGyBT5A4qFkBTzyK9HGOLm8Rrte/JrulVAsokK8HWDr/2Yw0KqSFBMCAmy575YMaYoTHLvQ==",
       "license": "MIT",
       "dependencies": {
         "graphql": "^16.0.0"
@@ -3971,13 +3971,13 @@
       },
       "optionalDependencies": {
         "@envelop/core": "^5.0.0",
-        "@escape.tech/graphql-armor-types": "0.6.0"
+        "@escape.tech/graphql-armor-types": "0.7.0"
       }
     },
     "node_modules/@escape.tech/graphql-armor-max-directives": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/@escape.tech/graphql-armor-max-directives/-/graphql-armor-max-directives-2.2.0.tgz",
-      "integrity": "sha512-DYU2Y2Qiq5Ui+NhDpdN22eU9jvxSnbCborrhdCO1ISzgCyYyCqiYBLBt0KRsEuIr4fpIpA3zBzzT97Y2qcj7Vw==",
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/@escape.tech/graphql-armor-max-directives/-/graphql-armor-max-directives-2.3.0.tgz",
+      "integrity": "sha512-8tCJ5pymEOp6niKqqyWdiiuY2GDaei02FNj2Vx0dg/1uCnJbUcOZoL7YaAW6W7e3raY2kOWTK2wF4L/KY+fINw==",
       "license": "MIT",
       "dependencies": {
         "graphql": "^16.0.0"
@@ -3987,13 +3987,13 @@
       },
       "optionalDependencies": {
         "@envelop/core": "^5.0.0",
-        "@escape.tech/graphql-armor-types": "0.6.0"
+        "@escape.tech/graphql-armor-types": "0.7.0"
       }
     },
     "node_modules/@escape.tech/graphql-armor-max-tokens": {
-      "version": "2.4.0",
-      "resolved": "https://registry.npmjs.org/@escape.tech/graphql-armor-max-tokens/-/graphql-armor-max-tokens-2.4.0.tgz",
-      "integrity": "sha512-apKQBcYc6vsrITR+uKGXTC9yWV4zUEP4usb5zO0vebYT6e4KLcS2gwIQOsDLCnD5IyU5sUOzHBWmkFyBPz5keQ==",
+      "version": "2.5.0",
+      "resolved": "https://registry.npmjs.org/@escape.tech/graphql-armor-max-tokens/-/graphql-armor-max-tokens-2.5.0.tgz",
+      "integrity": "sha512-XypQs0NELYwmz/Mx9wVjw1riI3bvZyU2Ya4BnV0AIFLd9UYYl0BzuI4BSR46t5V2Sh73ePl6Ru1jj5rb4nfVOw==",
       "license": "MIT",
       "dependencies": {
         "graphql": "^16.0.0"
@@ -4003,13 +4003,13 @@
       },
       "optionalDependencies": {
         "@envelop/core": "^5.0.0",
-        "@escape.tech/graphql-armor-types": "0.6.0"
+        "@escape.tech/graphql-armor-types": "0.7.0"
       }
     },
     "node_modules/@escape.tech/graphql-armor-types": {
-      "version": "0.6.0",
-      "resolved": "https://registry.npmjs.org/@escape.tech/graphql-armor-types/-/graphql-armor-types-0.6.0.tgz",
-      "integrity": "sha512-Y3X6JgkB1N1MMaHNXaE2IeJWIs6wT4XcPvXM8PRWmT2DblZfY4NYiV1mh0GTInKdlnrEr5hquOR9XV+M3Da43w==",
+      "version": "0.7.0",
+      "resolved": "https://registry.npmjs.org/@escape.tech/graphql-armor-types/-/graphql-armor-types-0.7.0.tgz",
+      "integrity": "sha512-RHxyyp6PDgS6NAPnnmB6JdmUJ6oqhpSHFbsglGWeCcnNzceA5AkQFpir7VIDbVyS8LNC1xhipOtk7f9ycrIemQ==",
       "license": "MIT",
       "optional": true,
       "dependencies": {
diff --git a/package.json b/package.json
index 174098dc514..2ecbfb58a09 100644
--- a/package.json
+++ b/package.json
@@ -36,7 +36,7 @@
     "@babel/plugin-transform-typescript": "7.25.9",
     "@babel/preset-env": "7.25.9",
     "@elastic/elasticsearch": "8.15.1",
-    "@escape.tech/graphql-armor": "3.0.1",
+    "@escape.tech/graphql-armor": "3.1.1",
     "@hyperwatch/hyperwatch": "4.0.0",
     "@json2csv/plainjs": "^7.0.6",
     "@node-oauth/oauth2-server": "4.3.3",

From d284d9496f1775d77e03b032b2b41cb2543369b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Hodierne?= <francois@hodierne.net>
Date: Wed, 30 Oct 2024 10:23:52 +0100
Subject: [PATCH 015/129] add the ability to pass kinds in contribution stats,
 default to CONTRIBUTION (#10430)

backward compatible way to count ADDED_FUNDS in there
---
 server/graphql/v2/object/AccountStats.js | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/server/graphql/v2/object/AccountStats.js b/server/graphql/v2/object/AccountStats.js
index 5b3c8503b19..cb1c2559e3e 100644
--- a/server/graphql/v2/object/AccountStats.js
+++ b/server/graphql/v2/object/AccountStats.js
@@ -1,8 +1,9 @@
 import { GraphQLBoolean, GraphQLInt, GraphQLList, GraphQLNonNull, GraphQLObjectType, GraphQLString } from 'graphql';
 import { GraphQLDateTime, GraphQLJSON } from 'graphql-scalars';
-import { get, has, pick } from 'lodash';
+import { get, has, intersection, pick } from 'lodash';
 import moment from 'moment';
 
+import { TransactionKind } from '../../../constants/transaction-kind';
 import { getCollectiveIds } from '../../../lib/budget';
 import queries from '../../../lib/queries';
 import sequelize, { QueryTypes } from '../../../lib/sequelize';
@@ -17,6 +18,8 @@ import { GraphQLAmount } from '../object/Amount';
 import { GraphQLAmountStats } from '../object/AmountStats';
 import { getNumberOfDays, getTimeUnit, GraphQLTimeSeriesAmount, TimeSeriesArgs } from '../object/TimeSeriesAmount';
 
+const { ADDED_FUNDS, CONTRIBUTION } = TransactionKind;
+
 const TransactionArgs = {
   net: {
     type: GraphQLBoolean,
@@ -532,12 +535,13 @@ export const GraphQLAccountStats = new GraphQLObjectType({
         type: new GraphQLList(GraphQLAmountStats),
         description: 'Return amount stats for contributions (default, and only for now: one-time vs recurring)',
         args: {
-          ...pick(TransactionArgs, ['dateFrom', 'dateTo', 'includeChildren']),
+          ...pick(TransactionArgs, ['dateFrom', 'dateTo', 'includeChildren', 'kind']),
         },
         async resolve(collective, args) {
           const dateFrom = args.dateFrom ? moment(args.dateFrom) : null;
           const dateTo = args.dateTo ? moment(args.dateTo) : null;
           const collectiveIds = await getCollectiveIds(collective, args.includeChildren);
+          const kinds = args.kind ? intersection(args.kind, [CONTRIBUTION, ADDED_FUNDS]) : [CONTRIBUTION];
           return sequelize.query(
             `
             SELECT
@@ -553,7 +557,7 @@ export const GraphQLAccountStats = new GraphQLObjectType({
               AND o."CollectiveId" IN (:collectiveIds)
               AND o."FromCollectiveId" NOT IN (:collectiveIds)
               AND t."type" = 'CREDIT'
-              AND t."kind" = 'CONTRIBUTION'
+              AND t."kind" IN (:kinds)
               ${dateFrom ? `AND t."createdAt" >= :startDate` : ``}
               ${dateTo ? `AND t."createdAt" <= :endDate` : ``}
             GROUP BY "label", t."currency"
@@ -563,6 +567,7 @@ export const GraphQLAccountStats = new GraphQLObjectType({
               type: QueryTypes.SELECT,
               replacements: {
                 collectiveIds,
+                kinds,
                 ...computeDatesAsISOStrings(dateFrom, dateTo),
               },
             },
@@ -575,12 +580,14 @@ export const GraphQLAccountStats = new GraphQLObjectType({
         args: {
           ...TimeSeriesArgs, // dateFrom / dateTo / timeUnit
           includeChildren: TransactionArgs.includeChildren,
+          kind: TransactionArgs.kind,
         },
         async resolve(collective, args) {
           const dateFrom = args.dateFrom ? moment(args.dateFrom) : moment(collective.createdAt || new Date(2015, 1, 1));
           const dateTo = args.dateTo ? moment(args.dateTo) : moment();
           const timeUnit = args.timeUnit || getTimeUnit(getNumberOfDays(dateFrom, dateTo, collective) || 1);
           const collectiveIds = await getCollectiveIds(collective, args.includeChildren);
+          const kinds = args.kind ? intersection(args.kind, [CONTRIBUTION, ADDED_FUNDS]) : [CONTRIBUTION];
           const results = await sequelize.query(
             `
             SELECT
@@ -607,6 +614,7 @@ export const GraphQLAccountStats = new GraphQLObjectType({
               replacements: {
                 collectiveIds,
                 timeUnit,
+                kinds,
                 ...computeDatesAsISOStrings(dateFrom, dateTo),
               },
             },

From 3c48e8a20805ebfca2f0f325fd3cd9277dbd75e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Hodierne?= <francois@hodierne.net>
Date: Wed, 30 Oct 2024 10:24:35 +0100
Subject: [PATCH 016/129] selected fixes on amount raised and spent (#10432)

---
 ...1652-collective-transaction-stats-fixes.js | 338 ++++++++++++++++++
 server/lib/budget.js                          |  40 ++-
 2 files changed, 367 insertions(+), 11 deletions(-)
 create mode 100644 migrations/20241029071652-collective-transaction-stats-fixes.js

diff --git a/migrations/20241029071652-collective-transaction-stats-fixes.js b/migrations/20241029071652-collective-transaction-stats-fixes.js
new file mode 100644
index 00000000000..dc6b10b9099
--- /dev/null
+++ b/migrations/20241029071652-collective-transaction-stats-fixes.js
@@ -0,0 +1,338 @@
+'use strict';
+
+/** @type {import('sequelize-cli').Migration} */
+module.exports = {
+  async up(queryInterface) {
+    await queryInterface.sequelize.query(`DROP VIEW IF EXISTS "CurrentCollectiveTransactionStats"`);
+
+    await queryInterface.sequelize.query(`DROP MATERIALIZED VIEW IF EXISTS "CollectiveTransactionStats"`);
+
+    await queryInterface.sequelize.query(`
+      CREATE MATERIALIZED VIEW "CollectiveTransactionStats" AS
+
+        WITH "ActiveCollectives" AS (
+          SELECT c."id" as "CollectiveId"
+          FROM "Transactions" t
+          LEFT JOIN "Collectives" c ON c."id" = t."CollectiveId" AND c."deletedAt" IS NULL
+          WHERE t."deletedAt" IS NULL
+            AND t."hostCurrency" IS NOT NULL
+            AND c."deactivatedAt" IS NULL
+            -- TODO: not sure why we have those conditions on guest/incognito, too many accounts?
+            AND (c."data" ->> 'isGuest')::boolean IS NOT TRUE
+            AND c.name != 'incognito'
+            AND c.name != 'anonymous'
+            AND c."isIncognito" = FALSE
+          GROUP BY c."id"
+          HAVING COUNT(DISTINCT t."hostCurrency") = 1 -- no hostCurrency mismatch please!
+        )
+        SELECT
+          ac."CollectiveId" as "id",
+          MAX(t."createdAt") as "LatestTransactionCreatedAt",
+          COUNT(DISTINCT t.id) AS "count",
+
+          SUM(t."amountInHostCurrency")
+            FILTER (
+              -- Get all credits
+              WHERE (t.type = 'CREDIT'
+                AND NOT (t.kind = 'PAYMENT_PROCESSOR_COVER')
+              )
+            )
+            AS "totalAmountReceivedInHostCurrency",
+
+          SUM(
+            COALESCE(t."amountInHostCurrency", 0) +
+            COALESCE(t."platformFeeInHostCurrency", 0) +
+            COALESCE(t."hostFeeInHostCurrency", 0) +
+            COALESCE(t."paymentProcessorFeeInHostCurrency", 0) +
+            COALESCE(t."taxAmount" * t."hostCurrencyFxRate", 0)
+          )
+            FILTER (
+              -- Get all credits except PAYMENT_PROCESSOR_COVER from expenses or from before split fees
+              WHERE (t.type = 'CREDIT' AND NOT (
+                t.kind = 'PAYMENT_PROCESSOR_COVER' AND (t."OrderId" IS NULL OR t."createdAt" < '2024-01-01')
+              ))
+              -- Deduct host fees and payment processor fees that are related to orders
+              OR (t.type = 'DEBIT' AND (
+                t.kind IN ('HOST_FEE', 'PAYMENT_PROCESSOR_FEE') AND t."OrderId" IS NOT NULL
+              ))
+            )
+            AS "totalNetAmountReceivedInHostCurrency",
+
+          SUM(t."amountInHostCurrency")
+            FILTER (
+              WHERE t.type = 'DEBIT' AND NOT (
+                -- Do not include for orders or expenses
+                t.kind IN ('HOST_FEE', 'PAYMENT_PROCESSOR_FEE')
+              )
+            )
+            AS "totalAmountSpentInHostCurrency",
+
+          SUM(
+            COALESCE(t."amountInHostCurrency", 0) +
+            COALESCE(t."platformFeeInHostCurrency", 0) +
+            COALESCE(t."hostFeeInHostCurrency", 0) +
+            COALESCE(t."paymentProcessorFeeInHostCurrency", 0) +
+            COALESCE(t."taxAmount" * t."hostCurrencyFxRate", 0)
+          )
+            FILTER (
+              WHERE (t.type = 'DEBIT' AND NOT (
+               -- Do not include fees for orders, include for expenses
+                t.kind IN ('HOST_FEE', 'PAYMENT_PROCESSOR_FEE') AND t."OrderId" IS NOT NULL
+              )) OR (
+                t.type = 'CREDIT' AND t.kind = 'PAYMENT_PROCESSOR_COVER' AND t."OrderId" IS NULL
+              )
+            )
+            AS "totalNetAmountSpentInHostCurrency",
+
+          MAX(t."hostCurrency") as "hostCurrency"
+
+        FROM "ActiveCollectives" ac
+
+        INNER JOIN "Transactions" t ON t."CollectiveId" = ac."CollectiveId"
+          AND t."deletedAt" IS NULL
+          AND t."RefundTransactionId" IS NULL
+          AND (t."isRefund" IS NOT TRUE OR t."kind" = 'PAYMENT_PROCESSOR_COVER')
+          AND t."isInternal" IS NOT TRUE
+
+        GROUP BY ac."CollectiveId";
+    `);
+
+    await queryInterface.sequelize.query(
+      `CREATE UNIQUE INDEX CONCURRENTLY IF NOT EXISTS "collective_transaction_stats__id" ON "CollectiveTransactionStats" (id);`,
+    );
+
+    await queryInterface.sequelize.query(`
+      CREATE OR REPLACE VIEW "CurrentCollectiveTransactionStats" as (
+        SELECT
+          cts."id" as "CollectiveId",
+
+          COALESCE(cts."totalAmountReceivedInHostCurrency", 0) + COALESCE(t."totalAmountReceivedInHostCurrency", 0)
+            AS "totalAmountReceivedInHostCurrency",
+          COALESCE(cts."totalNetAmountReceivedInHostCurrency", 0) + COALESCE(t."totalNetAmountReceivedInHostCurrency", 0)
+            AS "totalNetAmountReceivedInHostCurrency",
+          COALESCE(cts."totalAmountSpentInHostCurrency", 0) + COALESCE(t."totalAmountSpentInHostCurrency", 0)
+            AS "totalAmountSpentInHostCurrency",
+          COALESCE(cts."totalNetAmountSpentInHostCurrency", 0) + COALESCE(t."totalNetAmountSpentInHostCurrency", 0)
+            AS "totalNetAmountSpentInHostCurrency",
+
+          cts."hostCurrency"
+
+        FROM "CollectiveTransactionStats" cts
+
+        LEFT JOIN LATERAL (
+          SELECT
+
+          SUM(t."amountInHostCurrency")
+            FILTER (
+              -- Get all credits
+              WHERE (t.type = 'CREDIT'
+                AND NOT (t.kind = 'PAYMENT_PROCESSOR_COVER')
+              )
+            )
+            AS "totalAmountReceivedInHostCurrency",
+
+          SUM(
+            COALESCE(t."amountInHostCurrency", 0) +
+            COALESCE(t."platformFeeInHostCurrency", 0) +
+            COALESCE(t."hostFeeInHostCurrency", 0) +
+            COALESCE(t."paymentProcessorFeeInHostCurrency", 0) +
+            COALESCE(t."taxAmount" * t."hostCurrencyFxRate", 0)
+          )
+            FILTER (
+              -- Get all credits except PAYMENT_PROCESSOR_COVER from expenses or from before split fees
+              WHERE (t.type = 'CREDIT' AND NOT (
+                t.kind = 'PAYMENT_PROCESSOR_COVER' AND (t."OrderId" IS NULL OR t."createdAt" < '2024-01-01')
+              ))
+              -- Deduct host fees and payment processor fees that are related to orders
+              OR (t.type = 'DEBIT' AND (
+                t.kind IN ('HOST_FEE', 'PAYMENT_PROCESSOR_FEE') AND t."OrderId" IS NOT NULL
+              ))
+            )
+            AS "totalNetAmountReceivedInHostCurrency",
+
+          SUM(t."amountInHostCurrency")
+            FILTER (
+              WHERE t.type = 'DEBIT' AND NOT (
+                -- Do not include for orders or expenses
+                t.kind IN ('HOST_FEE', 'PAYMENT_PROCESSOR_FEE')
+              )
+            )
+            AS "totalAmountSpentInHostCurrency",
+
+          SUM(
+            COALESCE(t."amountInHostCurrency", 0) +
+            COALESCE(t."platformFeeInHostCurrency", 0) +
+            COALESCE(t."hostFeeInHostCurrency", 0) +
+            COALESCE(t."paymentProcessorFeeInHostCurrency", 0) +
+            COALESCE(t."taxAmount" * t."hostCurrencyFxRate", 0)
+          )
+            FILTER (
+              WHERE (t.type = 'DEBIT' AND NOT (
+                -- Do not include fees for orders, include for expenses
+                t.kind IN ('HOST_FEE', 'PAYMENT_PROCESSOR_FEE') AND t."OrderId" IS NOT NULL
+              )) OR (
+                t.type = 'CREDIT' AND t.kind = 'PAYMENT_PROCESSOR_COVER' AND t."OrderId" IS NULL
+              )
+            )
+            AS "totalNetAmountSpentInHostCurrency"
+
+          FROM "Transactions" t
+          WHERE t."CollectiveId" = cts."id"
+            AND ROUND(EXTRACT(epoch FROM t."createdAt" AT TIME ZONE 'UTC') / 10) > ROUND(EXTRACT(epoch FROM cts."LatestTransactionCreatedAt" AT TIME ZONE 'UTC') / 10)
+            AND t."deletedAt" is null
+            AND t."RefundTransactionId" IS NULL
+            AND (t."isRefund" IS NOT TRUE OR t."kind" = 'PAYMENT_PROCESSOR_COVER')
+            AND t."isInternal" IS NOT TRUE
+
+          GROUP by t."CollectiveId"
+        ) as t ON TRUE
+      );
+    `);
+  },
+
+  async down(queryInterface) {
+    await queryInterface.sequelize.query(`DROP VIEW IF EXISTS "CurrentCollectiveTransactionStats"`);
+
+    await queryInterface.sequelize.query(`DROP MATERIALIZED VIEW IF EXISTS "CollectiveTransactionStats"`);
+
+    await queryInterface.sequelize.query(`
+      CREATE MATERIALIZED VIEW "CollectiveTransactionStats" AS
+
+        WITH "ActiveCollectives" AS (
+          SELECT c."id" as "CollectiveId"
+          FROM "Transactions" t
+          LEFT JOIN "Collectives" c ON c."id" = t."CollectiveId" AND c."deletedAt" IS NULL
+          WHERE t."deletedAt" IS NULL
+            AND t."hostCurrency" IS NOT NULL
+            AND c."deactivatedAt" IS NULL
+            -- TODO: not sure why we have those conditions on guest/incognito, too many accounts?
+            AND (c."data" ->> 'isGuest')::boolean IS NOT TRUE
+            AND c.name != 'incognito'
+            AND c.name != 'anonymous'
+            AND c."isIncognito" = FALSE
+          GROUP BY c."id"
+          HAVING COUNT(DISTINCT t."hostCurrency") = 1 -- no hostCurrency mismatch please!
+        )
+        SELECT
+          ac."CollectiveId" as "id",
+          MAX(t."createdAt") as "LatestTransactionCreatedAt",
+          COUNT(DISTINCT t.id) AS "count",
+
+          SUM(t."amountInHostCurrency")
+            FILTER (WHERE t.type = 'CREDIT' AND t."kind" NOT IN ('PAYMENT_PROCESSOR_COVER'))
+            AS "totalAmountReceivedInHostCurrency",
+
+          SUM(
+            COALESCE(t."amountInHostCurrency", 0) +
+            COALESCE(t."platformFeeInHostCurrency", 0) +
+            COALESCE(t."hostFeeInHostCurrency", 0) +
+            COALESCE(t."paymentProcessorFeeInHostCurrency", 0) +
+            COALESCE(t."taxAmount" * t."hostCurrencyFxRate", 0)
+          )
+            FILTER (
+              -- Get all credits except PAYMENT_PROCESSOR_COVER from expenses
+              WHERE (t.type = 'CREDIT' AND NOT (t.kind = 'PAYMENT_PROCESSOR_COVER' AND t."OrderId" IS NULL))
+              -- Deduct host fees and payment processor fees that are related to orders
+              OR (t.type = 'DEBIT' AND t.kind IN ('HOST_FEE', 'PAYMENT_PROCESSOR_FEE') AND t."OrderId" IS NOT NULL)
+            )
+            AS "totalNetAmountReceivedInHostCurrency",
+
+          SUM(t."amountInHostCurrency")
+            FILTER (WHERE t.type = 'DEBIT' AND t.kind != 'HOST_FEE' AND t.kind != 'PAYMENT_PROCESSOR_FEE')
+            AS "totalAmountSpentInHostCurrency",
+
+          SUM(
+            COALESCE(t."amountInHostCurrency", 0) +
+            COALESCE(t."platformFeeInHostCurrency", 0) +
+            COALESCE(t."hostFeeInHostCurrency", 0) +
+            COALESCE(t."paymentProcessorFeeInHostCurrency", 0) +
+            COALESCE(t."taxAmount" * t."hostCurrencyFxRate", 0)
+          )
+            FILTER (WHERE (t.type = 'DEBIT' AND t.kind != 'HOST_FEE') OR (t.type = 'CREDIT' AND t.kind = 'PAYMENT_PROCESSOR_COVER'))
+            AS "totalNetAmountSpentInHostCurrency",
+
+          MAX(t."hostCurrency") as "hostCurrency"
+
+        FROM "ActiveCollectives" ac
+
+        INNER JOIN "Transactions" t ON t."CollectiveId" = ac."CollectiveId"
+          AND t."deletedAt" IS NULL
+          AND t."RefundTransactionId" IS NULL
+          AND (t."isRefund" IS NOT TRUE OR t."kind" = 'PAYMENT_PROCESSOR_COVER')
+          AND t."isInternal" IS NOT TRUE
+
+        GROUP BY ac."CollectiveId";
+    `);
+
+    await queryInterface.sequelize.query(
+      `CREATE UNIQUE INDEX CONCURRENTLY IF NOT EXISTS "collective_transaction_stats__id" ON "CollectiveTransactionStats" (id);`,
+    );
+
+    await queryInterface.sequelize.query(`
+      CREATE OR REPLACE VIEW "CurrentCollectiveTransactionStats" as (
+        SELECT
+          cts."id" as "CollectiveId",
+
+          COALESCE(cts."totalAmountReceivedInHostCurrency", 0) + COALESCE(t."totalAmountReceivedInHostCurrency", 0)
+            AS "totalAmountReceivedInHostCurrency",
+          COALESCE(cts."totalNetAmountReceivedInHostCurrency", 0) + COALESCE(t."totalNetAmountReceivedInHostCurrency", 0)
+            AS "totalNetAmountReceivedInHostCurrency",
+          COALESCE(cts."totalAmountSpentInHostCurrency", 0) + COALESCE(t."totalAmountSpentInHostCurrency", 0)
+            AS "totalAmountSpentInHostCurrency",
+          COALESCE(cts."totalNetAmountSpentInHostCurrency", 0) + COALESCE(t."totalNetAmountSpentInHostCurrency", 0)
+            AS "totalNetAmountSpentInHostCurrency",
+
+          cts."hostCurrency"
+
+        FROM "CollectiveTransactionStats" cts
+
+        LEFT JOIN LATERAL (
+          SELECT
+
+          SUM(t."amountInHostCurrency")
+            FILTER (WHERE t.type = 'CREDIT' AND t."kind" NOT IN ('PAYMENT_PROCESSOR_COVER'))
+            AS "totalAmountReceivedInHostCurrency",
+
+          SUM(
+            COALESCE(t."amountInHostCurrency", 0) +
+            COALESCE(t."platformFeeInHostCurrency", 0) +
+            COALESCE(t."hostFeeInHostCurrency", 0) +
+            COALESCE(t."paymentProcessorFeeInHostCurrency", 0) +
+            COALESCE(t."taxAmount" * t."hostCurrencyFxRate", 0)
+          )
+            FILTER (
+              -- Get all credits except PAYMENT_PROCESSOR_COVER from expenses
+              WHERE (t.type = 'CREDIT' AND NOT (t.kind = 'PAYMENT_PROCESSOR_COVER' AND t."OrderId" IS NULL))
+              -- Deduct host fees and payment processor fees that are related to orders
+              OR (t.type = 'DEBIT' AND t.kind IN ('HOST_FEE', 'PAYMENT_PROCESSOR_FEE') AND t."OrderId" IS NOT NULL)
+            )
+            AS "totalNetAmountReceivedInHostCurrency",
+
+          SUM(t."amountInHostCurrency")
+            FILTER (WHERE t.type = 'DEBIT' AND t.kind != 'HOST_FEE' AND t.kind != 'PAYMENT_PROCESSOR_FEE')
+            AS "totalAmountSpentInHostCurrency",
+
+          SUM(
+            COALESCE(t."amountInHostCurrency", 0) +
+            COALESCE(t."platformFeeInHostCurrency", 0) +
+            COALESCE(t."hostFeeInHostCurrency", 0) +
+            COALESCE(t."paymentProcessorFeeInHostCurrency", 0) +
+            COALESCE(t."taxAmount" * t."hostCurrencyFxRate", 0)
+          )
+            FILTER (WHERE (t.type = 'DEBIT' AND t.kind != 'HOST_FEE') OR (t.type = 'CREDIT' AND t.kind = 'PAYMENT_PROCESSOR_COVER'))
+            AS "totalNetAmountSpentInHostCurrency"
+
+          FROM "Transactions" t
+          WHERE t."CollectiveId" = cts."id"
+            AND ROUND(EXTRACT(epoch FROM t."createdAt" AT TIME ZONE 'UTC') / 10) > ROUND(EXTRACT(epoch FROM cts."LatestTransactionCreatedAt" AT TIME ZONE 'UTC') / 10)
+            AND t."deletedAt" is null
+            AND t."RefundTransactionId" IS NULL
+            AND (t."isRefund" IS NOT TRUE OR t."kind" = 'PAYMENT_PROCESSOR_COVER')
+            AND t."isInternal" IS NOT TRUE
+
+          GROUP by t."CollectiveId"
+        ) as t ON TRUE
+      );
+    `);
+  },
+};
diff --git a/server/lib/budget.js b/server/lib/budget.js
index 40746133245..e4394e4f452 100644
--- a/server/lib/budget.js
+++ b/server/lib/budget.js
@@ -543,6 +543,8 @@ export async function sumCollectivesTransactions(
     extraAttributes = [],
   } = {},
 ) {
+  const separatePaymentProcessorFees = parseToBoolean(config.ledger.separatePaymentProcessorFees) === true;
+
   if (withBlockedFunds) {
     if (startDate || endDate || groupByAttributes.length) {
       throw new Error('withBlockedFunds is not supported together with startDate, endDate or groupByAttributes');
@@ -634,8 +636,11 @@ export async function sumCollectivesTransactions(
       if (['netAmountInCollectiveCurrency', 'netAmountInHostCurrency'].includes(column)) {
         where[Op.and].push({
           [Op.or]: [
-            { type: DEBIT, [Op.not]: { kind: ['HOST_FEE', 'PAYMENT_PROCESSOR_FEE'], OrderId: { [Op.not]: null } } },
-            { type: CREDIT, kind: 'PAYMENT_PROCESSOR_COVER' },
+            {
+              type: DEBIT,
+              [Op.not]: { [Op.and]: { kind: ['HOST_FEE', 'PAYMENT_PROCESSOR_FEE'], OrderId: { [Op.not]: null } } },
+            },
+            { type: CREDIT, kind: 'PAYMENT_PROCESSOR_COVER', OrderId: null },
           ],
         });
       } else {
@@ -646,8 +651,19 @@ export async function sumCollectivesTransactions(
       where = {
         ...where,
         [Op.or]: [
-          // Get all credits except PAYMENT_PROCESSOR_COVER from expenses
-          { type: CREDIT, [Op.not]: { kind: 'PAYMENT_PROCESSOR_COVER', OrderId: null } },
+          // Get all credits except PAYMENT_PROCESSOR_COVER from expenses or before separate fees
+          {
+            type: CREDIT,
+            [Op.not]: [
+              {
+                kind: 'PAYMENT_PROCESSOR_COVER',
+                [Op.or]: {
+                  OrderId: null,
+                  ...(separatePaymentProcessorFees && { createdAt: { [Op.lt]: '2024-01-01' } }),
+                },
+              },
+            ],
+          },
           // Deduct host fees and payment processor fees that are related to orders
           { type: DEBIT, kind: ['HOST_FEE', 'PAYMENT_PROCESSOR_FEE'], OrderId: { [Op.not]: null } },
         ],
@@ -669,13 +685,15 @@ export async function sumCollectivesTransactions(
     // Exclude refunded transactions
     where[Op.and].push({ RefundTransactionId: { [Op.is]: null } });
     // Also exclude anything with isRefund=true (PAYMENT_PROCESSOR_COVER doesn't have RefundTransactionId set)
-    const separateFees = parseToBoolean(config.ledger.separatePaymentProcessorFees) === true;
-    if (separateFees && transactionType === 'CREDIT_WITH_CONTRIBUTIONS_HOST_FEE_AND_PAYMENT_PROCESSOR_FEE') {
-      where[Op.and].push({
-        [Op.or]: [{ isRefund: { [Op.not]: true } }, { kind: 'PAYMENT_PROCESSOR_COVER' }],
-        OrderId: { [Op.not]: null },
-      });
-    } else if (separateFees && transactionType === 'DEBIT_WITHOUT_CONTRIBUTIONS_HOST_FEE_AND_PAYMENT_PROCESSOR_FEE') {
+    if (
+      separatePaymentProcessorFees &&
+      transactionType === 'CREDIT_WITH_CONTRIBUTIONS_HOST_FEE_AND_PAYMENT_PROCESSOR_FEE'
+    ) {
+      where[Op.and].push({ [Op.or]: [{ isRefund: { [Op.not]: true } }, { kind: 'PAYMENT_PROCESSOR_COVER' }] });
+    } else if (
+      separatePaymentProcessorFees &&
+      transactionType === 'DEBIT_WITHOUT_CONTRIBUTIONS_HOST_FEE_AND_PAYMENT_PROCESSOR_FEE'
+    ) {
       where[Op.and].push({ [Op.or]: [{ isRefund: { [Op.not]: true } }, { kind: 'PAYMENT_PROCESSOR_COVER' }] });
     } else {
       where[Op.and].push({ isRefund: { [Op.not]: true } });

From 4c34c22f92920099c7f69644c95ceba72396cf36 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Hodierne?= <francois@hodierne.net>
Date: Wed, 30 Oct 2024 17:32:50 +0100
Subject: [PATCH 017/129] Don't include PAYMENT_PROCESSOR_FEE in expense tag
 stats (#10429)

* don't include PAYMENT_PROCESSOR_FEE in expense tag stats

It's mostly used in the new budget view and we agreed that those stats should be before fees.

* update tests
---
 server/models/Expense.ts           |  2 ++
 test/server/models/Expense.test.js | 30 +++++++++++++++---------------
 2 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/server/models/Expense.ts b/server/models/Expense.ts
index 1b3fd2ff6ca..bf3aaf69d17 100644
--- a/server/models/Expense.ts
+++ b/server/models/Expense.ts
@@ -527,6 +527,7 @@ class Expense extends Model<InferAttributes<Expense>, InferCreationAttributes<Ex
         CollectiveId: { [Op.in]: collectiveIds },
         FromCollectiveId: { [Op.notIn]: collectiveIds },
         type: 'DEBIT',
+        kind: 'EXPENSE', // net=false don't include related PAYMENT_PROCESSOR_FEE
         RefundTransactionId: null,
       },
     ];
@@ -594,6 +595,7 @@ class Expense extends Model<InferAttributes<Expense>, InferCreationAttributes<Ex
         CollectiveId: { [Op.in]: collectiveIds },
         FromCollectiveId: { [Op.notIn]: collectiveIds },
         type: 'DEBIT',
+        kind: 'EXPENSE', // net=false don't include related PAYMENT_PROCESSOR_FEE
         RefundTransactionId: null,
       },
     ];
diff --git a/test/server/models/Expense.test.js b/test/server/models/Expense.test.js
index b27cb1b4665..834271ec10d 100644
--- a/test/server/models/Expense.test.js
+++ b/test/server/models/Expense.test.js
@@ -137,9 +137,9 @@ describe('test/server/models/Expense', () => {
       const tags = await Expense.getCollectiveExpensesTags(collective);
 
       expect(tags).to.deep.eq([
-        { label: 'team', count: 3, amount: 1470, currency: 'USD' },
-        { label: 'office', count: 1, amount: 840, currency: 'USD' },
-        { label: 'food', count: 2, amount: 630, currency: 'USD' },
+        { label: 'team', count: 3, amount: 1400, currency: 'USD' },
+        { label: 'office', count: 1, amount: 800, currency: 'USD' },
+        { label: 'food', count: 2, amount: 600, currency: 'USD' },
       ]);
     });
 
@@ -149,8 +149,8 @@ describe('test/server/models/Expense', () => {
       });
 
       expect(tags).to.deep.eq([
-        { label: 'food', count: 2, amount: 630, currency: 'USD' },
-        { label: 'team', count: 2, amount: 630, currency: 'USD' },
+        { label: 'food', count: 2, amount: 600, currency: 'USD' },
+        { label: 'team', count: 2, amount: 600, currency: 'USD' },
       ]);
     });
 
@@ -162,42 +162,42 @@ describe('test/server/models/Expense', () => {
           date: moment.utc().subtract(1, 'days').startOf('day').toDate(),
           label: 'food',
           count: 1,
-          amount: 210,
+          amount: 200,
           currency: 'USD',
         },
         {
           date: moment.utc().subtract(1, 'days').startOf('day').toDate(),
           label: 'team',
           count: 1,
-          amount: 210,
+          amount: 200,
           currency: 'USD',
         },
         {
           date: moment.utc().subtract(2, 'days').startOf('day').toDate(),
           label: 'food',
           count: 1,
-          amount: 420,
+          amount: 400,
           currency: 'USD',
         },
         {
           date: moment.utc().subtract(2, 'days').startOf('day').toDate(),
           label: 'team',
           count: 1,
-          amount: 420,
+          amount: 400,
           currency: 'USD',
         },
         {
           date: moment.utc().subtract(3, 'days').startOf('day').toDate(),
           label: 'office',
           count: 1,
-          amount: 840,
+          amount: 800,
           currency: 'USD',
         },
         {
           date: moment.utc().subtract(3, 'days').startOf('day').toDate(),
           label: 'team',
           count: 1,
-          amount: 840,
+          amount: 800,
           currency: 'USD',
         },
       ]);
@@ -213,28 +213,28 @@ describe('test/server/models/Expense', () => {
           date: moment.utc().subtract(1, 'days').startOf('day').toDate(),
           label: 'food',
           count: 1,
-          amount: 210,
+          amount: 200,
           currency: 'USD',
         },
         {
           date: moment.utc().subtract(1, 'days').startOf('day').toDate(),
           label: 'team',
           count: 1,
-          amount: 210,
+          amount: 200,
           currency: 'USD',
         },
         {
           date: moment.utc().subtract(2, 'days').startOf('day').toDate(),
           label: 'food',
           count: 1,
-          amount: 420,
+          amount: 400,
           currency: 'USD',
         },
         {
           date: moment.utc().subtract(2, 'days').startOf('day').toDate(),
           label: 'team',
           count: 1,
-          amount: 420,
+          amount: 400,
           currency: 'USD',
         },
       ]);

From da9a7698859f9f84305bc96cefd179b583538c98 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Thu, 31 Oct 2024 09:19:08 +0100
Subject: [PATCH 018/129] fix(TransactionsImport): sort rows by imported date
 DESC (#10433)

---
 server/graphql/v2/object/TransactionsImport.ts | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/server/graphql/v2/object/TransactionsImport.ts b/server/graphql/v2/object/TransactionsImport.ts
index f715168aad8..ef3be8a7487 100644
--- a/server/graphql/v2/object/TransactionsImport.ts
+++ b/server/graphql/v2/object/TransactionsImport.ts
@@ -138,8 +138,9 @@ export const GraphQLTransactionsImport = new GraphQLObjectType({
               limit: args.limit,
               offset: args.offset,
               order: [
-                ['createdAt', 'ASC'],
-                ['id', 'ASC'],
+                ['date', 'DESC'],
+                ['createdAt', 'DESC'],
+                ['id', 'DESC'],
               ],
             }),
         };

From 7e3a61d84b37e083435d700dc49c2754ff35135f Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Thu, 31 Oct 2024 09:31:58 +0100
Subject: [PATCH 019/129] fix(Expense): chargeHasReceipts performance (#10431)

---
 .../collection/ExpensesCollectionQuery.ts     | 19 +++---
 .../collection/ExpenseCollectionQuery.test.ts | 62 +++++++++++++++++++
 2 files changed, 71 insertions(+), 10 deletions(-)

diff --git a/server/graphql/v2/query/collection/ExpensesCollectionQuery.ts b/server/graphql/v2/query/collection/ExpensesCollectionQuery.ts
index 59f6594e867..014677bf091 100644
--- a/server/graphql/v2/query/collection/ExpensesCollectionQuery.ts
+++ b/server/graphql/v2/query/collection/ExpensesCollectionQuery.ts
@@ -293,17 +293,16 @@ export const ExpensesCollectionQueryResolver = async (
   }
 
   if (!isNil(args.chargeHasReceipts)) {
-    where[Op.and].push({
-      [Op.or]: [
-        { type: { [Op.ne]: ExpenseType.CHARGE } },
-        sequelize.where(
-          sequelize.literal(`
-                 NOT EXISTS (SELECT id from "ExpenseItems" ei where ei."ExpenseId" = "Expense".id and ei.url IS NULL)`),
-          Op.eq,
-          args.chargeHasReceipts,
+    where[Op.and].push(
+      { type: ExpenseType.CHARGE },
+      sequelize.where(
+        sequelize.literal(
+          `NOT EXISTS (SELECT id from "ExpenseItems" ei WHERE ei."ExpenseId" = "Expense".id and ei.url IS NULL AND ei."deletedAt" IS NULL)`,
         ),
-      ],
-    });
+        Op.eq,
+        args.chargeHasReceipts,
+      ),
+    );
   }
 
   if (!isEmpty(args.virtualCards)) {
diff --git a/test/server/graphql/v2/collection/ExpenseCollectionQuery.test.ts b/test/server/graphql/v2/collection/ExpenseCollectionQuery.test.ts
index db7a00070d9..414cb56c507 100644
--- a/test/server/graphql/v2/collection/ExpenseCollectionQuery.test.ts
+++ b/test/server/graphql/v2/collection/ExpenseCollectionQuery.test.ts
@@ -28,6 +28,7 @@ const expensesQuery = gql`
     $status: [ExpenseStatusFilter]
     $searchTerm: String
     $customData: JSON
+    $chargeHasReceipts: Boolean
   ) {
     expenses(
       fromAccount: $fromAccount
@@ -36,6 +37,7 @@ const expensesQuery = gql`
       status: $status
       searchTerm: $searchTerm
       customData: $customData
+      chargeHasReceipts: $chargeHasReceipts
     ) {
       totalCount
       totalAmount {
@@ -464,4 +466,64 @@ describe('server/graphql/v2/collection/ExpenseCollection', () => {
       expect(result.data.expenses.nodes[0].legacyId).to.eq(expenseTwo.id);
     });
   });
+
+  describe('chargeHasReceipts', () => {
+    it('Returns virtual card expenses with receipts', async () => {
+      const collective = await fakeCollective();
+      await fakeExpense({ type: 'INVOICE', CollectiveId: collective.id }); // random Expense
+      const virtualCardWithReceipt = await fakeExpense({
+        type: 'CHARGE',
+        CollectiveId: collective.id,
+        items: [{ description: 'item 1', amount: 1000, currency: 'USD', url: 'http://example.com' }],
+      });
+
+      await fakeExpense({
+        type: 'CHARGE',
+        CollectiveId: collective.id,
+        items: [
+          {
+            description: 'item 1',
+            amount: 1000,
+            currency: 'USD',
+            url: null,
+          },
+        ],
+      });
+
+      const queryParams = { account: { legacyId: collective.id }, chargeHasReceipts: true };
+      const result = await graphqlQueryV2(expensesQuery, queryParams);
+      expect(result.errors).to.not.exist;
+      expect(result.data.expenses.totalCount).to.eq(1);
+      expect(result.data.expenses.nodes[0].legacyId).to.eq(virtualCardWithReceipt.id);
+    });
+
+    it('Returns virtual card expenses without receipts', async () => {
+      const collective = await fakeCollective();
+      await fakeExpense({ type: 'INVOICE', CollectiveId: collective.id }); // random Expense
+      const virtualCardWithoutReceipt = await fakeExpense({
+        type: 'CHARGE',
+        CollectiveId: collective.id,
+        items: [{ description: 'item 1', amount: 1000, currency: 'USD', url: null }],
+      });
+
+      await fakeExpense({
+        type: 'CHARGE',
+        CollectiveId: collective.id,
+        items: [
+          {
+            description: 'item 1',
+            amount: 1000,
+            currency: 'USD',
+            url: 'http://example.com',
+          },
+        ],
+      });
+
+      const queryParams = { account: { legacyId: collective.id }, chargeHasReceipts: false };
+      const result = await graphqlQueryV2(expensesQuery, queryParams);
+      expect(result.errors).to.not.exist;
+      expect(result.data.expenses.totalCount).to.eq(1);
+      expect(result.data.expenses.nodes[0].legacyId).to.eq(virtualCardWithoutReceipt.id);
+    });
+  });
 });

From 3cb52cf373c0b841b0dd7df8db821f462aadc3d4 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 31 Oct 2024 09:32:33 +0100
Subject: [PATCH 020/129] fix(deps): update dependency intl-messageformat to
 v10.7.3 (#10426)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 66 +++++++++++++++++++++++------------------------
 package.json      |  2 +-
 2 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index dd03bdfe2d8..cd7ce10e907 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -73,7 +73,7 @@
         "html-pdf": "3.0.1",
         "html-to-text": "9.0.5",
         "ics": "3.8.1",
-        "intl-messageformat": "10.7.1",
+        "intl-messageformat": "10.7.3",
         "jsonwebtoken": "9.0.2",
         "juice": "10.0.1",
         "limax": "4.1.0",
@@ -4146,53 +4146,53 @@
       }
     },
     "node_modules/@formatjs/ecma402-abstract": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/@formatjs/ecma402-abstract/-/ecma402-abstract-2.2.0.tgz",
-      "integrity": "sha512-IpM+ev1E4QLtstniOE29W1rqH9eTdx5hQdNL8pzrflMj/gogfaoONZqL83LUeQScHAvyMbpqP5C9MzNf+fFwhQ==",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmjs.org/@formatjs/ecma402-abstract/-/ecma402-abstract-2.2.1.tgz",
+      "integrity": "sha512-O4ywpkdJybrjFc9zyL8qK5aklleIAi5O4nYhBVJaOFtCkNrnU+lKFeJOFC48zpsZQmR8Aok2V79hGpHnzbmFpg==",
       "license": "MIT",
       "dependencies": {
-        "@formatjs/fast-memoize": "2.2.1",
-        "@formatjs/intl-localematcher": "0.5.5",
-        "tslib": "^2.7.0"
+        "@formatjs/fast-memoize": "2.2.2",
+        "@formatjs/intl-localematcher": "0.5.6",
+        "tslib": "2"
       }
     },
     "node_modules/@formatjs/fast-memoize": {
-      "version": "2.2.1",
-      "resolved": "https://registry.npmjs.org/@formatjs/fast-memoize/-/fast-memoize-2.2.1.tgz",
-      "integrity": "sha512-XS2RcOSyWxmUB7BUjj3mlPH0exsUzlf6QfhhijgI941WaJhVxXQ6mEWkdUFIdnKi3TuTYxRdelsgv3mjieIGIA==",
+      "version": "2.2.2",
+      "resolved": "https://registry.npmjs.org/@formatjs/fast-memoize/-/fast-memoize-2.2.2.tgz",
+      "integrity": "sha512-mzxZcS0g1pOzwZTslJOBTmLzDXseMLLvnh25ymRilCm8QLMObsQ7x/rj9GNrH0iUhZMlFisVOD6J1n6WQqpKPQ==",
       "license": "MIT",
       "dependencies": {
-        "tslib": "^2.7.0"
+        "tslib": "2"
       }
     },
     "node_modules/@formatjs/icu-messageformat-parser": {
-      "version": "2.8.0",
-      "resolved": "https://registry.npmjs.org/@formatjs/icu-messageformat-parser/-/icu-messageformat-parser-2.8.0.tgz",
-      "integrity": "sha512-r2un3fmF9oJv3mOkH+wwQZ037VpqmdfahbcCZ9Lh+p6Sx+sNsonI7Zcr6jNMm1s+Si7ejQORS4Ezlh05mMPAXA==",
+      "version": "2.9.1",
+      "resolved": "https://registry.npmjs.org/@formatjs/icu-messageformat-parser/-/icu-messageformat-parser-2.9.1.tgz",
+      "integrity": "sha512-7AYk4tjnLi5wBkxst2w7qFj38JLMJoqzj7BhdEl7oTlsWMlqwgx4p9oMmmvpXWTSDGNwOKBRc1SfwMh5MOHeNg==",
       "license": "MIT",
       "dependencies": {
-        "@formatjs/ecma402-abstract": "2.2.0",
-        "@formatjs/icu-skeleton-parser": "1.8.4",
-        "tslib": "^2.7.0"
+        "@formatjs/ecma402-abstract": "2.2.1",
+        "@formatjs/icu-skeleton-parser": "1.8.5",
+        "tslib": "2"
       }
     },
     "node_modules/@formatjs/icu-skeleton-parser": {
-      "version": "1.8.4",
-      "resolved": "https://registry.npmjs.org/@formatjs/icu-skeleton-parser/-/icu-skeleton-parser-1.8.4.tgz",
-      "integrity": "sha512-LMQ1+Wk1QSzU4zpd5aSu7+w5oeYhupRwZnMQckLPRYhSjf2/8JWQ882BauY9NyHxs5igpuQIXZDgfkaH3PoATg==",
+      "version": "1.8.5",
+      "resolved": "https://registry.npmjs.org/@formatjs/icu-skeleton-parser/-/icu-skeleton-parser-1.8.5.tgz",
+      "integrity": "sha512-zRZ/e3B5qY2+JCLs7puTzWS1Jb+t/K+8Jur/gEZpA2EjWeLDE17nsx8thyo9P48Mno7UmafnPupV2NCJXX17Dg==",
       "license": "MIT",
       "dependencies": {
-        "@formatjs/ecma402-abstract": "2.2.0",
-        "tslib": "^2.7.0"
+        "@formatjs/ecma402-abstract": "2.2.1",
+        "tslib": "2"
       }
     },
     "node_modules/@formatjs/intl-localematcher": {
-      "version": "0.5.5",
-      "resolved": "https://registry.npmjs.org/@formatjs/intl-localematcher/-/intl-localematcher-0.5.5.tgz",
-      "integrity": "sha512-t5tOGMgZ/i5+ALl2/offNqAQq/lfUnKLEw0mXQI4N4bqpedhrSE+fyKLpwnd22sK0dif6AV+ufQcTsKShB9J1g==",
+      "version": "0.5.6",
+      "resolved": "https://registry.npmjs.org/@formatjs/intl-localematcher/-/intl-localematcher-0.5.6.tgz",
+      "integrity": "sha512-roz1+Ba5e23AHX6KUAWmLEyTRZegM5YDuxuvkHCyK3RJddf/UXB2f+s7pOMm9ktfPGla0g+mQXOn5vsuYirnaA==",
       "license": "MIT",
       "dependencies": {
-        "tslib": "^2.7.0"
+        "tslib": "2"
       }
     },
     "node_modules/@graphql-eslint/eslint-plugin": {
@@ -15428,15 +15428,15 @@
       }
     },
     "node_modules/intl-messageformat": {
-      "version": "10.7.1",
-      "resolved": "https://registry.npmjs.org/intl-messageformat/-/intl-messageformat-10.7.1.tgz",
-      "integrity": "sha512-xQuJW2WcyzNJZWUu5xTVPOmNSA1Sowuu/NKFdUid5Fxx/Yl6/s4DefTU/y7zy+irZLDmFGmTLtnM8FqpN05wlA==",
+      "version": "10.7.3",
+      "resolved": "https://registry.npmjs.org/intl-messageformat/-/intl-messageformat-10.7.3.tgz",
+      "integrity": "sha512-AAo/3oyh7ROfPhDuh7DxTTydh97OC+lv7h1Eq5LuHWuLsUMKOhtzTYuyXlUReuwZ9vANDHo4CS1bGRrn7TZRtg==",
       "license": "BSD-3-Clause",
       "dependencies": {
-        "@formatjs/ecma402-abstract": "2.2.0",
-        "@formatjs/fast-memoize": "2.2.1",
-        "@formatjs/icu-messageformat-parser": "2.8.0",
-        "tslib": "^2.7.0"
+        "@formatjs/ecma402-abstract": "2.2.1",
+        "@formatjs/fast-memoize": "2.2.2",
+        "@formatjs/icu-messageformat-parser": "2.9.1",
+        "tslib": "2"
       }
     },
     "node_modules/ip-address": {
diff --git a/package.json b/package.json
index 2ecbfb58a09..e9b3b637c68 100644
--- a/package.json
+++ b/package.json
@@ -94,7 +94,7 @@
     "html-pdf": "3.0.1",
     "html-to-text": "9.0.5",
     "ics": "3.8.1",
-    "intl-messageformat": "10.7.1",
+    "intl-messageformat": "10.7.3",
     "jsonwebtoken": "9.0.2",
     "juice": "10.0.1",
     "limax": "4.1.0",

From db3122dfe09b9a5d32239e6eaeefd1d79709416c Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 31 Oct 2024 10:55:45 +0100
Subject: [PATCH 021/129] fix(deps): update babel monorepo to v7.26.0 (#10436)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 152 ++++++++++++++++++++++++----------------------
 package.json      |   6 +-
 2 files changed, 83 insertions(+), 75 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index cd7ce10e907..0c4305ba57f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,10 +10,10 @@
       "dependencies": {
         "@apollo/server": "4.11.0",
         "@aws-sdk/client-s3": "3.678.0",
-        "@babel/core": "7.25.9",
-        "@babel/node": "7.25.9",
+        "@babel/core": "7.26.0",
+        "@babel/node": "7.26.0",
         "@babel/plugin-transform-typescript": "7.25.9",
-        "@babel/preset-env": "7.25.9",
+        "@babel/preset-env": "7.26.0",
         "@elastic/elasticsearch": "8.15.1",
         "@escape.tech/graphql-armor": "3.1.1",
         "@hyperwatch/hyperwatch": "4.0.0",
@@ -2023,12 +2023,13 @@
       }
     },
     "node_modules/@babel/code-frame": {
-      "version": "7.25.9",
-      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.25.9.tgz",
-      "integrity": "sha512-z88xeGxnzehn2sqZ8UdGQEvYErF1odv2CftxInpSYJt6uHuPe9YjahKZITGs3l5LeI9d2ROG+obuDAoSlqbNfQ==",
+      "version": "7.26.2",
+      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.26.2.tgz",
+      "integrity": "sha512-RJlIHRueQgwWitWgF8OdFYGZX328Ax5BCemNGlqHfplnRT9ESi8JkFlvaVYbS+UubVY6dpv87Fs2u5M29iNFVQ==",
       "license": "MIT",
       "dependencies": {
-        "@babel/highlight": "^7.25.9",
+        "@babel/helper-validator-identifier": "^7.25.9",
+        "js-tokens": "^4.0.0",
         "picocolors": "^1.0.0"
       },
       "engines": {
@@ -2036,30 +2037,30 @@
       }
     },
     "node_modules/@babel/compat-data": {
-      "version": "7.25.9",
-      "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.25.9.tgz",
-      "integrity": "sha512-yD+hEuJ/+wAJ4Ox2/rpNv5HIuPG82x3ZlQvYVn8iYCprdxzE7P1udpGF1jyjQVBU4dgznN+k2h103vxZ7NdPyw==",
+      "version": "7.26.2",
+      "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.26.2.tgz",
+      "integrity": "sha512-Z0WgzSEa+aUcdiJuCIqgujCshpMWgUpgOxXotrYPSA53hA3qopNaqcJpyr0hVb1FeWdnqFA35/fUtXgBK8srQg==",
       "license": "MIT",
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/core": {
-      "version": "7.25.9",
-      "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.25.9.tgz",
-      "integrity": "sha512-WYvQviPw+Qyib0v92AwNIrdLISTp7RfDkM7bPqBvpbnhY4wq8HvHBZREVdYDXk98C8BkOIVnHAY3yvj7AVISxQ==",
+      "version": "7.26.0",
+      "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.26.0.tgz",
+      "integrity": "sha512-i1SLeK+DzNnQ3LL/CswPCa/E5u4lh1k6IAEphON8F+cXt0t9euTshDru0q7/IqMa1PMPz5RnHuHscF8/ZJsStg==",
       "license": "MIT",
       "dependencies": {
         "@ampproject/remapping": "^2.2.0",
-        "@babel/code-frame": "^7.25.9",
-        "@babel/generator": "^7.25.9",
+        "@babel/code-frame": "^7.26.0",
+        "@babel/generator": "^7.26.0",
         "@babel/helper-compilation-targets": "^7.25.9",
-        "@babel/helper-module-transforms": "^7.25.9",
-        "@babel/helpers": "^7.25.9",
-        "@babel/parser": "^7.25.9",
+        "@babel/helper-module-transforms": "^7.26.0",
+        "@babel/helpers": "^7.26.0",
+        "@babel/parser": "^7.26.0",
         "@babel/template": "^7.25.9",
         "@babel/traverse": "^7.25.9",
-        "@babel/types": "^7.25.9",
+        "@babel/types": "^7.26.0",
         "convert-source-map": "^2.0.0",
         "debug": "^4.1.0",
         "gensync": "^1.0.0-beta.2",
@@ -2075,12 +2076,13 @@
       }
     },
     "node_modules/@babel/generator": {
-      "version": "7.25.9",
-      "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.25.9.tgz",
-      "integrity": "sha512-omlUGkr5EaoIJrhLf9CJ0TvjBRpd9+AXRG//0GEQ9THSo8wPiTlbpy1/Ow8ZTrbXpjd9FHXfbFQx32I04ht0FA==",
+      "version": "7.26.2",
+      "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.26.2.tgz",
+      "integrity": "sha512-zevQbhbau95nkoxSq3f/DC/SC+EEOUZd3DYqfSkMhY2/wfSeaHV1Ew4vk8e+x8lja31IbyuUa2uQ3JONqKbysw==",
       "license": "MIT",
       "dependencies": {
-        "@babel/types": "^7.25.9",
+        "@babel/parser": "^7.26.2",
+        "@babel/types": "^7.26.0",
         "@jridgewell/gen-mapping": "^0.3.5",
         "@jridgewell/trace-mapping": "^0.3.25",
         "jsesc": "^3.0.2"
@@ -2224,13 +2226,12 @@
       }
     },
     "node_modules/@babel/helper-module-transforms": {
-      "version": "7.25.9",
-      "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.25.9.tgz",
-      "integrity": "sha512-TvLZY/F3+GvdRYFZFyxMvnsKi+4oJdgZzU3BoGN9Uc2d9C6zfNwJcKKhjqLAhK8i46mv93jsO74fDh3ih6rpHA==",
+      "version": "7.26.0",
+      "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.26.0.tgz",
+      "integrity": "sha512-xO+xu6B5K2czEnQye6BHA7DolFFmS3LB7stHZFaOLb1pAwO1HWLS8fXA+eh0A2yIvltPVmx3eNNDBJA2SLHXFw==",
       "license": "MIT",
       "dependencies": {
         "@babel/helper-module-imports": "^7.25.9",
-        "@babel/helper-simple-access": "^7.25.9",
         "@babel/helper-validator-identifier": "^7.25.9",
         "@babel/traverse": "^7.25.9"
       },
@@ -2364,37 +2365,22 @@
       }
     },
     "node_modules/@babel/helpers": {
-      "version": "7.25.9",
-      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.25.9.tgz",
-      "integrity": "sha512-oKWp3+usOJSzDZOucZUAMayhPz/xVjzymyDzUN8dk0Wd3RWMlGLXi07UCQ/CgQVb8LvXx3XBajJH4XGgkt7H7g==",
+      "version": "7.26.0",
+      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.26.0.tgz",
+      "integrity": "sha512-tbhNuIxNcVb21pInl3ZSjksLCvgdZy9KwJ8brv993QtIVKJBBkYXz4q4ZbAv31GdnC+R90np23L5FbEBlthAEw==",
       "license": "MIT",
       "dependencies": {
         "@babel/template": "^7.25.9",
-        "@babel/types": "^7.25.9"
-      },
-      "engines": {
-        "node": ">=6.9.0"
-      }
-    },
-    "node_modules/@babel/highlight": {
-      "version": "7.25.9",
-      "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.25.9.tgz",
-      "integrity": "sha512-llL88JShoCsth8fF8R4SJnIn+WLvR6ccFxu1H3FlMhDontdcmZWf2HgIZ7AIqV3Xcck1idlohrN4EUBQz6klbw==",
-      "license": "MIT",
-      "dependencies": {
-        "@babel/helper-validator-identifier": "^7.25.9",
-        "chalk": "^2.4.2",
-        "js-tokens": "^4.0.0",
-        "picocolors": "^1.0.0"
+        "@babel/types": "^7.26.0"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/node": {
-      "version": "7.25.9",
-      "resolved": "https://registry.npmjs.org/@babel/node/-/node-7.25.9.tgz",
-      "integrity": "sha512-EvwozHOSnCWZYb96f5i4eRF0Lbsyh/YbOUx8fbpiOXTALDexM3SMQ1KTAbWdtKNsIybG9cAJKMcML+YfT30w5A==",
+      "version": "7.26.0",
+      "resolved": "https://registry.npmjs.org/@babel/node/-/node-7.26.0.tgz",
+      "integrity": "sha512-5ASMjh42hbnqyCOK68Q5chh1jKAqn91IswFTN+niwt4FLABhEWCT1tEuuo6mlNQ4WG/oFQLvJ71PaHAKtWtJyA==",
       "license": "MIT",
       "dependencies": {
         "@babel/register": "^7.25.9",
@@ -2424,12 +2410,12 @@
       }
     },
     "node_modules/@babel/parser": {
-      "version": "7.25.9",
-      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.25.9.tgz",
-      "integrity": "sha512-aI3jjAAO1fh7vY/pBGsn1i9LDbRP43+asrRlkPuTXW5yHXtd1NgTEMudbBoDDxrf1daEEfPJqR+JBMakzrR4Dg==",
+      "version": "7.26.2",
+      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.26.2.tgz",
+      "integrity": "sha512-DWMCZH9WA4Maitz2q21SRKHo9QXZxkDsbNZoVD62gusNtNBBqDg9i7uOhASfTfIGNzW+O+r7+jAlM8dwphcJKQ==",
       "license": "MIT",
       "dependencies": {
-        "@babel/types": "^7.25.9"
+        "@babel/types": "^7.26.0"
       },
       "bin": {
         "parser": "bin/babel-parser.js"
@@ -2529,9 +2515,9 @@
       }
     },
     "node_modules/@babel/plugin-syntax-import-assertions": {
-      "version": "7.25.9",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.25.9.tgz",
-      "integrity": "sha512-4GHX5uzr5QMOOuzV0an9MFju4hKlm0OyePl/lHhcsTVae5t/IKVHnb8W67Vr6FuLlk5lPqLB7n7O+K5R46emYg==",
+      "version": "7.26.0",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.26.0.tgz",
+      "integrity": "sha512-QCWT5Hh830hK5EQa7XzuqIkQU9tT/whqbDz7kuaZMHFl1inRRg7JnuAEOQ0Ur0QUl0NufCk1msK2BeY79Aj/eg==",
       "license": "MIT",
       "dependencies": {
         "@babel/helper-plugin-utils": "^7.25.9"
@@ -2544,9 +2530,9 @@
       }
     },
     "node_modules/@babel/plugin-syntax-import-attributes": {
-      "version": "7.25.9",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-attributes/-/plugin-syntax-import-attributes-7.25.9.tgz",
-      "integrity": "sha512-u3EN9ub8LyYvgTnrgp8gboElouayiwPdnM7x5tcnW3iSt09/lQYPwMNK40I9IUxo7QOZhAsPHCmmuO7EPdruqg==",
+      "version": "7.26.0",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-attributes/-/plugin-syntax-import-attributes-7.26.0.tgz",
+      "integrity": "sha512-e2dttdsJ1ZTpi3B9UYGLw41hifAubg19AtCu/2I/F1QNVclOBr1dYpTdmdyZ84Xiz43BS/tCUkMAZNLv12Pi+A==",
       "license": "MIT",
       "dependencies": {
         "@babel/helper-plugin-utils": "^7.25.9"
@@ -2684,9 +2670,9 @@
       }
     },
     "node_modules/@babel/plugin-transform-class-static-block": {
-      "version": "7.25.9",
-      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.25.9.tgz",
-      "integrity": "sha512-UIf+72C7YJ+PJ685/PpATbCz00XqiFEzHX5iysRwfvNT0Ko+FaXSvRgLytFSp8xUItrG9pFM/KoBBZDrY/cYyg==",
+      "version": "7.26.0",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.26.0.tgz",
+      "integrity": "sha512-6J2APTs7BDDm+UMqP1useWqhcRAXo0WIoVj26N7kPFB6S73Lgvyka4KTZYIxtgYXiN5HTyRObA72N2iu628iTQ==",
       "license": "MIT",
       "dependencies": {
         "@babel/helper-create-class-features-plugin": "^7.25.9",
@@ -3207,6 +3193,22 @@
         "@babel/core": "^7.0.0-0"
       }
     },
+    "node_modules/@babel/plugin-transform-regexp-modifiers": {
+      "version": "7.26.0",
+      "resolved": "https://registry.npmjs.org/@babel/plugin-transform-regexp-modifiers/-/plugin-transform-regexp-modifiers-7.26.0.tgz",
+      "integrity": "sha512-vN6saax7lrA2yA/Pak3sCxuD6F5InBjn9IcrIKQPjpsLvuHYLVroTxjdlVRHjjBWxKOqIwpTXDkOssYT4BFdRw==",
+      "license": "MIT",
+      "dependencies": {
+        "@babel/helper-create-regexp-features-plugin": "^7.25.9",
+        "@babel/helper-plugin-utils": "^7.25.9"
+      },
+      "engines": {
+        "node": ">=6.9.0"
+      },
+      "peerDependencies": {
+        "@babel/core": "^7.0.0"
+      }
+    },
     "node_modules/@babel/plugin-transform-reserved-words": {
       "version": "7.25.9",
       "resolved": "https://registry.npmjs.org/@babel/plugin-transform-reserved-words/-/plugin-transform-reserved-words-7.25.9.tgz",
@@ -3381,12 +3383,12 @@
       }
     },
     "node_modules/@babel/preset-env": {
-      "version": "7.25.9",
-      "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.25.9.tgz",
-      "integrity": "sha512-XqDEt+hfsQukahSX9JOBDHhpUHDhj2zGSxoqWQFCMajOSBnbhBdgON/bU/5PkBA1yX5tqW6tTzuIPVsZTQ7h5Q==",
+      "version": "7.26.0",
+      "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.26.0.tgz",
+      "integrity": "sha512-H84Fxq0CQJNdPFT2DrfnylZ3cf5K43rGfWK4LJGPpjKHiZlk0/RzwEus3PDDZZg+/Er7lCA03MVacueUuXdzfw==",
       "license": "MIT",
       "dependencies": {
-        "@babel/compat-data": "^7.25.9",
+        "@babel/compat-data": "^7.26.0",
         "@babel/helper-compilation-targets": "^7.25.9",
         "@babel/helper-plugin-utils": "^7.25.9",
         "@babel/helper-validator-option": "^7.25.9",
@@ -3396,8 +3398,8 @@
         "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": "^7.25.9",
         "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly": "^7.25.9",
         "@babel/plugin-proposal-private-property-in-object": "7.21.0-placeholder-for-preset-env.2",
-        "@babel/plugin-syntax-import-assertions": "^7.25.9",
-        "@babel/plugin-syntax-import-attributes": "^7.25.9",
+        "@babel/plugin-syntax-import-assertions": "^7.26.0",
+        "@babel/plugin-syntax-import-attributes": "^7.26.0",
         "@babel/plugin-syntax-unicode-sets-regex": "^7.18.6",
         "@babel/plugin-transform-arrow-functions": "^7.25.9",
         "@babel/plugin-transform-async-generator-functions": "^7.25.9",
@@ -3405,7 +3407,7 @@
         "@babel/plugin-transform-block-scoped-functions": "^7.25.9",
         "@babel/plugin-transform-block-scoping": "^7.25.9",
         "@babel/plugin-transform-class-properties": "^7.25.9",
-        "@babel/plugin-transform-class-static-block": "^7.25.9",
+        "@babel/plugin-transform-class-static-block": "^7.26.0",
         "@babel/plugin-transform-classes": "^7.25.9",
         "@babel/plugin-transform-computed-properties": "^7.25.9",
         "@babel/plugin-transform-destructuring": "^7.25.9",
@@ -3438,6 +3440,7 @@
         "@babel/plugin-transform-private-property-in-object": "^7.25.9",
         "@babel/plugin-transform-property-literals": "^7.25.9",
         "@babel/plugin-transform-regenerator": "^7.25.9",
+        "@babel/plugin-transform-regexp-modifiers": "^7.26.0",
         "@babel/plugin-transform-reserved-words": "^7.25.9",
         "@babel/plugin-transform-shorthand-properties": "^7.25.9",
         "@babel/plugin-transform-spread": "^7.25.9",
@@ -3538,9 +3541,9 @@
       }
     },
     "node_modules/@babel/types": {
-      "version": "7.25.9",
-      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.25.9.tgz",
-      "integrity": "sha512-OwS2CM5KocvQ/k7dFJa8i5bNGJP0hXWfVCfDkqRFP1IreH1JDC7wG6eCYCi0+McbfT8OR/kNqsI0UU0xP9H6PQ==",
+      "version": "7.26.0",
+      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.26.0.tgz",
+      "integrity": "sha512-Z/yiTPj+lDVnF7lWeKCIJzaIkI0vYO87dMpZ4bg4TDrFe4XXLFWL1TbXU27gBP3QccxV9mZICCrnjnYlJjXHOA==",
       "license": "MIT",
       "dependencies": {
         "@babel/helper-string-parser": "^7.25.9",
@@ -9715,6 +9718,7 @@
       "version": "3.2.1",
       "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
       "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
+      "dev": true,
       "dependencies": {
         "color-convert": "^1.9.0"
       },
@@ -10776,6 +10780,7 @@
       "version": "2.4.2",
       "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
       "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
+      "dev": true,
       "dependencies": {
         "ansi-styles": "^3.2.1",
         "escape-string-regexp": "^1.0.5",
@@ -12514,6 +12519,7 @@
       "version": "1.0.5",
       "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
       "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==",
+      "dev": true,
       "engines": {
         "node": ">=0.8.0"
       }
@@ -14856,6 +14862,7 @@
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
       "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==",
+      "dev": true,
       "engines": {
         "node": ">=4"
       }
@@ -22262,6 +22269,7 @@
       "version": "5.5.0",
       "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
       "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+      "dev": true,
       "dependencies": {
         "has-flag": "^3.0.0"
       },
diff --git a/package.json b/package.json
index e9b3b637c68..e5f7dafa742 100644
--- a/package.json
+++ b/package.json
@@ -31,10 +31,10 @@
   "dependencies": {
     "@apollo/server": "4.11.0",
     "@aws-sdk/client-s3": "3.678.0",
-    "@babel/core": "7.25.9",
-    "@babel/node": "7.25.9",
+    "@babel/core": "7.26.0",
+    "@babel/node": "7.26.0",
     "@babel/plugin-transform-typescript": "7.25.9",
-    "@babel/preset-env": "7.25.9",
+    "@babel/preset-env": "7.26.0",
     "@elastic/elasticsearch": "8.15.1",
     "@escape.tech/graphql-armor": "3.1.1",
     "@hyperwatch/hyperwatch": "4.0.0",

From 2b592d5db328b7f75a453801ccb31d8703a7eff1 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 31 Oct 2024 10:56:15 +0100
Subject: [PATCH 022/129] chore(deps): update opentelemetry-js monorepo to
 ^0.54.0 (#10435)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 2139 ++++++++++++++++++++++++++++++++++++++-------
 package.json      |    4 +-
 2 files changed, 1841 insertions(+), 302 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 0c4305ba57f..189de84881d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -120,8 +120,8 @@
         "@graphql-eslint/eslint-plugin": "^3.20.1",
         "@opentelemetry/api": "^1.7.0",
         "@opentelemetry/auto-instrumentations-node": "^0.51.0",
-        "@opentelemetry/exporter-trace-otlp-proto": "^0.53.0",
-        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/exporter-trace-otlp-proto": "^0.54.0",
+        "@opentelemetry/instrumentation": "^0.54.0",
         "@opentelemetry/resources": "^1.20.0",
         "@opentelemetry/sdk-trace-base": "^1.20.0",
         "@opentelemetry/sdk-trace-node": "^1.20.0",
@@ -6235,6 +6235,40 @@
         "@opentelemetry/api": "^1.4.1"
       }
     },
+    "node_modules/@opentelemetry/auto-instrumentations-node/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/auto-instrumentations-node/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/@opentelemetry/context-async-hooks": {
       "version": "1.26.0",
       "resolved": "https://registry.npmjs.org/@opentelemetry/context-async-hooks/-/context-async-hooks-1.26.0.tgz",
@@ -6368,57 +6402,63 @@
       }
     },
     "node_modules/@opentelemetry/exporter-trace-otlp-proto": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-trace-otlp-proto/-/exporter-trace-otlp-proto-0.53.0.tgz",
-      "integrity": "sha512-T/bdXslwRKj23S96qbvGtaYOdfyew3TjPEKOk5mHjkCmkVl1O9C/YMdejwSsdLdOq2YW30KjR9kVi0YMxZushQ==",
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-trace-otlp-proto/-/exporter-trace-otlp-proto-0.54.0.tgz",
+      "integrity": "sha512-cpDQj5wl7G8pLu3lW94SnMpn0C85A9Ehe7+JBow2IL5DGPWXTkynFngMtCC3PpQzQgzlyOVe0MVZfoBB3M5ECA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "1.26.0",
-        "@opentelemetry/otlp-exporter-base": "0.53.0",
-        "@opentelemetry/otlp-transformer": "0.53.0",
-        "@opentelemetry/resources": "1.26.0",
-        "@opentelemetry/sdk-trace-base": "1.26.0"
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/otlp-exporter-base": "0.54.0",
+        "@opentelemetry/otlp-transformer": "0.54.0",
+        "@opentelemetry/resources": "1.27.0",
+        "@opentelemetry/sdk-trace-base": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.0.0"
+        "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/exporter-zipkin": {
-      "version": "1.26.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-zipkin/-/exporter-zipkin-1.26.0.tgz",
-      "integrity": "sha512-PW5R34n3SJHO4t0UetyHKiXL6LixIqWN6lWncg3eRXhKuT30x+b7m5sDJS0kEWRfHeS+kG7uCw2vBzmB2lk3Dw==",
+    "node_modules/@opentelemetry/exporter-trace-otlp-proto/node_modules/@opentelemetry/api-logs": {
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.54.0.tgz",
+      "integrity": "sha512-9HhEh5GqFrassUndqJsyW7a0PzfyWr2eV2xwzHLIS+wX3125+9HE9FMRAKmJRwxZhgZGwH3HNQQjoMGZqmOeVA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/exporter-trace-otlp-proto/node_modules/@opentelemetry/core": {
+      "version": "1.27.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-1.27.0.tgz",
+      "integrity": "sha512-yQPKnK5e+76XuiqUH/gKyS8wv/7qITd5ln56QkBTf3uggr0VkXOXfcaAuG330UfdYu83wsyoBwqwxigpIG+Jkg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "1.26.0",
-        "@opentelemetry/resources": "1.26.0",
-        "@opentelemetry/sdk-trace-base": "1.26.0",
         "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.0.0"
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+    "node_modules/@opentelemetry/exporter-trace-otlp-proto/node_modules/@opentelemetry/otlp-exporter-base": {
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-exporter-base/-/otlp-exporter-base-0.54.0.tgz",
+      "integrity": "sha512-g+H7+QleVF/9lz4zhaR9Dt4VwApjqG5WWupy5CTMpWJfHB/nLxBbX73GBZDgdiNfh08nO3rNa6AS7fK8OhgF5g==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/otlp-transformer": "0.54.0"
       },
       "engines": {
         "node": ">=14"
@@ -6427,16 +6467,20 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-amqplib": {
-      "version": "0.42.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-amqplib/-/instrumentation-amqplib-0.42.0.tgz",
-      "integrity": "sha512-fiuU6OKsqHJiydHWgTRQ7MnIrJ2lEqsdgFtNIH4LbAUJl/5XmrIeoDzDnox+hfkgWK65jsleFuQDtYb5hW1koQ==",
+    "node_modules/@opentelemetry/exporter-trace-otlp-proto/node_modules/@opentelemetry/otlp-transformer": {
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-transformer/-/otlp-transformer-0.54.0.tgz",
+      "integrity": "sha512-jRexIASQQzdK4AjfNIBfn94itAq4Q8EXR9d3b/OVbhd3kKQKvMr7GkxYDjbeTbY7hHCOLcLfJ3dpYQYGOe8qOQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/api-logs": "0.54.0",
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/resources": "1.27.0",
+        "@opentelemetry/sdk-logs": "0.54.0",
+        "@opentelemetry/sdk-metrics": "1.27.0",
+        "@opentelemetry/sdk-trace-base": "1.27.0",
+        "protobufjs": "^7.3.0"
       },
       "engines": {
         "node": ">=14"
@@ -6445,124 +6489,126 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-aws-lambda": {
-      "version": "0.45.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-aws-lambda/-/instrumentation-aws-lambda-0.45.0.tgz",
-      "integrity": "sha512-22ZnmYftKjFoiqC1k3tu2AVKiXSZv+ohuHWk4V4MdJpPuNkadY624aDkv5BmwDeavDxVFgqE9nGgDM9s3Q94mg==",
+    "node_modules/@opentelemetry/exporter-trace-otlp-proto/node_modules/@opentelemetry/resources": {
+      "version": "1.27.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resources/-/resources-1.27.0.tgz",
+      "integrity": "sha512-jOwt2VJ/lUD5BLc+PMNymDrUCpm5PKi1E9oSVYAvz01U/VdndGmrtV3DU1pG4AwlYhJRHbHfOUIlpBeXCPw6QQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/propagator-aws-xray": "^1.3.1",
-        "@opentelemetry/resources": "^1.8.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0",
-        "@types/aws-lambda": "8.10.143"
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-aws-sdk": {
-      "version": "0.44.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-aws-sdk/-/instrumentation-aws-sdk-0.44.0.tgz",
-      "integrity": "sha512-HIWFg4TDQsayceiikOnruMmyQ0SZYW6WiR+wknWwWVLHC3lHTCpAnqzp5V42ckArOdlwHZu2Jvq2GMSM4Myx3w==",
+    "node_modules/@opentelemetry/exporter-trace-otlp-proto/node_modules/@opentelemetry/sdk-logs": {
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-logs/-/sdk-logs-0.54.0.tgz",
+      "integrity": "sha512-HeWvOPiWhEw6lWvg+lCIi1WhJnIPbI4/OFZgHq9tKfpwF3LX6/kk3+GR8sGUGAEZfbjPElkkngzvd2s03zbD7Q==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/propagation-utils": "^0.30.11",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/api-logs": "0.54.0",
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/resources": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api": ">=1.4.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-bunyan": {
-      "version": "0.41.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-bunyan/-/instrumentation-bunyan-0.41.0.tgz",
-      "integrity": "sha512-NoQS+gcwQ7pzb2PZFyra6bAxDAVXBMmpKxBblEuXJWirGrAksQllg9XTdmqhrwT/KxUYrbVca/lMams7e51ysg==",
+    "node_modules/@opentelemetry/exporter-trace-otlp-proto/node_modules/@opentelemetry/sdk-metrics": {
+      "version": "1.27.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-metrics/-/sdk-metrics-1.27.0.tgz",
+      "integrity": "sha512-JzWgzlutoXCydhHWIbLg+r76m+m3ncqvkCcsswXAQ4gqKS+LOHKhq+t6fx1zNytvLuaOUBur7EvWxECc4jPQKg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "^0.53.0",
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@types/bunyan": "1.8.9"
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/resources": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api": ">=1.3.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-cassandra-driver": {
-      "version": "0.41.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-cassandra-driver/-/instrumentation-cassandra-driver-0.41.0.tgz",
-      "integrity": "sha512-hvTNcC8qjCQEHZTLAlTmDptjsEGqCKpN+90hHH8Nn/GwilGr5TMSwGrlfstdJuZWyw8HAnRUed6bcjvmHHk2Xw==",
+    "node_modules/@opentelemetry/exporter-trace-otlp-proto/node_modules/@opentelemetry/sdk-trace-base": {
+      "version": "1.27.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-base/-/sdk-trace-base-1.27.0.tgz",
+      "integrity": "sha512-btz6XTQzwsyJjombpeqCX6LhiMQYpzt2pIYNPnw0IPO/3AhT6yjnf8Mnv3ZC2A4eRYOjqrg+bfaXg9XHDRJDWQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/resources": "1.27.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-connect": {
-      "version": "0.39.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-connect/-/instrumentation-connect-0.39.0.tgz",
-      "integrity": "sha512-pGBiKevLq7NNglMgqzmeKczF4XQMTOUOTkK8afRHMZMnrK3fcETyTH7lVaSozwiOM3Ws+SuEmXZT7DYrrhxGlg==",
+    "node_modules/@opentelemetry/exporter-zipkin": {
+      "version": "1.26.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-zipkin/-/exporter-zipkin-1.26.0.tgz",
+      "integrity": "sha512-PW5R34n3SJHO4t0UetyHKiXL6LixIqWN6lWncg3eRXhKuT30x+b7m5sDJS0kEWRfHeS+kG7uCw2vBzmB2lk3Dw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0",
-        "@types/connect": "3.4.36"
+        "@opentelemetry/core": "1.26.0",
+        "@opentelemetry/resources": "1.26.0",
+        "@opentelemetry/sdk-trace-base": "1.26.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api": "^1.0.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-cucumber": {
-      "version": "0.9.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-cucumber/-/instrumentation-cucumber-0.9.0.tgz",
-      "integrity": "sha512-4PQNFnIqnA2WM3ZHpr0xhZpHSqJ5xJ6ppTIzZC7wPqe+ZBpj41vG8B6ieqiPfq+im4QdqbYnzLb3rj48GDEN9g==",
+    "node_modules/@opentelemetry/instrumentation": {
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.54.0.tgz",
+      "integrity": "sha512-B0Ydo9g9ehgNHwtpc97XivEzjz0XBKR6iQ83NTENIxEEf5NHE0otZQuZLgDdey1XNk+bP1cfRpIkSFWM5YlSyg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/api-logs": "0.54.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.0.0"
+        "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-dataloader": {
-      "version": "0.12.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-dataloader/-/instrumentation-dataloader-0.12.0.tgz",
-      "integrity": "sha512-pnPxatoFE0OXIZDQhL2okF//dmbiWFzcSc8pUg9TqofCLYZySSxDCgQc69CJBo5JnI3Gz1KP+mOjS4WAeRIH4g==",
+    "node_modules/@opentelemetry/instrumentation-amqplib": {
+      "version": "0.42.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-amqplib/-/instrumentation-amqplib-0.42.0.tgz",
+      "integrity": "sha512-fiuU6OKsqHJiydHWgTRQ7MnIrJ2lEqsdgFtNIH4LbAUJl/5XmrIeoDzDnox+hfkgWK65jsleFuQDtYb5hW1koQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0"
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
         "node": ">=14"
@@ -6571,15 +6617,19 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-dns": {
-      "version": "0.39.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-dns/-/instrumentation-dns-0.39.0.tgz",
-      "integrity": "sha512-+iPzvXqVdJa67QBuz2tuP0UI3LS1/cMMo6dS7360DDtOQX+sQzkiN+mo3Omn4T6ZRhkTDw6c7uwsHBcmL31+1g==",
+    "node_modules/@opentelemetry/instrumentation-amqplib/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "semver": "^7.5.4"
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
       },
       "engines": {
         "node": ">=14"
@@ -6588,7 +6638,7 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-dns/node_modules/semver": {
+    "node_modules/@opentelemetry/instrumentation-amqplib/node_modules/semver": {
       "version": "7.6.3",
       "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
       "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
@@ -6601,16 +6651,18 @@
         "node": ">=10"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-express": {
-      "version": "0.43.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-express/-/instrumentation-express-0.43.0.tgz",
-      "integrity": "sha512-bxTIlzn9qPXJgrhz8/Do5Q3jIlqfpoJrSUtVGqH+90eM1v2PkPHc+SdE+zSqe4q9Y1UQJosmZ4N4bm7Zj/++MA==",
+    "node_modules/@opentelemetry/instrumentation-aws-lambda": {
+      "version": "0.45.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-aws-lambda/-/instrumentation-aws-lambda-0.45.0.tgz",
+      "integrity": "sha512-22ZnmYftKjFoiqC1k3tu2AVKiXSZv+ohuHWk4V4MdJpPuNkadY624aDkv5BmwDeavDxVFgqE9nGgDM9s3Q94mg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
         "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/propagator-aws-xray": "^1.3.1",
+        "@opentelemetry/resources": "^1.8.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0",
+        "@types/aws-lambda": "8.10.143"
       },
       "engines": {
         "node": ">=14"
@@ -6619,16 +6671,19 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-fastify": {
-      "version": "0.40.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-fastify/-/instrumentation-fastify-0.40.0.tgz",
-      "integrity": "sha512-74qj4nG3zPtU7g2x4sm2T4R3/pBMyrYstTsqSZwdlhQk1SD4l8OSY9sPRX1qkhfxOuW3U4KZQAV/Cymb3fB6hg==",
+    "node_modules/@opentelemetry/instrumentation-aws-lambda/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
       },
       "engines": {
         "node": ">=14"
@@ -6637,15 +6692,30 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-fs": {
-      "version": "0.15.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-fs/-/instrumentation-fs-0.15.0.tgz",
-      "integrity": "sha512-JWVKdNLpu1skqZQA//jKOcKdJC66TWKqa2FUFq70rKohvaSq47pmXlnabNO+B/BvLfmidfiaN35XakT5RyMl2Q==",
+    "node_modules/@opentelemetry/instrumentation-aws-lambda/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-aws-sdk": {
+      "version": "0.44.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-aws-sdk/-/instrumentation-aws-sdk-0.44.0.tgz",
+      "integrity": "sha512-HIWFg4TDQsayceiikOnruMmyQ0SZYW6WiR+wknWwWVLHC3lHTCpAnqzp5V42ckArOdlwHZu2Jvq2GMSM4Myx3w==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
         "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.53.0"
+        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/propagation-utils": "^0.30.11",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
         "node": ">=14"
@@ -6654,14 +6724,19 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-generic-pool": {
-      "version": "0.39.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-generic-pool/-/instrumentation-generic-pool-0.39.0.tgz",
-      "integrity": "sha512-y4v8Y+tSfRB3NNBvHjbjrn7rX/7sdARG7FuK6zR8PGb28CTa0kHpEGCJqvL9L8xkTNvTXo+lM36ajFGUaK1aNw==",
+    "node_modules/@opentelemetry/instrumentation-aws-sdk/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0"
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
       },
       "engines": {
         "node": ">=14"
@@ -6670,14 +6745,29 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-graphql": {
-      "version": "0.43.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-graphql/-/instrumentation-graphql-0.43.0.tgz",
-      "integrity": "sha512-aI3YMmC2McGd8KW5du1a2gBA0iOMOGLqg4s9YjzwbjFwjlmMNFSK1P3AIg374GWg823RPUGfVTIgZ/juk9CVOA==",
-      "dev": true,
+    "node_modules/@opentelemetry/instrumentation-aws-sdk/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-bunyan": {
+      "version": "0.41.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-bunyan/-/instrumentation-bunyan-0.41.0.tgz",
+      "integrity": "sha512-NoQS+gcwQ7pzb2PZFyra6bAxDAVXBMmpKxBblEuXJWirGrAksQllg9XTdmqhrwT/KxUYrbVca/lMams7e51ysg==",
+      "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0"
+        "@opentelemetry/api-logs": "^0.53.0",
+        "@opentelemetry/instrumentation": "^0.53.0",
+        "@types/bunyan": "1.8.9"
       },
       "engines": {
         "node": ">=14"
@@ -6686,15 +6776,19 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-grpc": {
+    "node_modules/@opentelemetry/instrumentation-bunyan/node_modules/@opentelemetry/instrumentation": {
       "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-grpc/-/instrumentation-grpc-0.53.0.tgz",
-      "integrity": "sha512-Ss338T92yE1UCgr9zXSY3cPuaAy27uQw+wAC5IwsQKCXL5wwkiOgkd+2Ngksa9EGsgUEMwGeHi76bDdHFJ5Rrw==",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "0.53.0",
-        "@opentelemetry/semantic-conventions": "1.27.0"
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
       },
       "engines": {
         "node": ">=14"
@@ -6703,14 +6797,26 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-hapi": {
+    "node_modules/@opentelemetry/instrumentation-bunyan/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-cassandra-driver": {
       "version": "0.41.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-hapi/-/instrumentation-hapi-0.41.0.tgz",
-      "integrity": "sha512-jKDrxPNXDByPlYcMdZjNPYCvw0SQJjN+B1A+QH+sx+sAHsKSAf9hwFiJSrI6C4XdOls43V/f/fkp9ITkHhKFbQ==",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-cassandra-driver/-/instrumentation-cassandra-driver-0.41.0.tgz",
+      "integrity": "sha512-hvTNcC8qjCQEHZTLAlTmDptjsEGqCKpN+90hHH8Nn/GwilGr5TMSwGrlfstdJuZWyw8HAnRUed6bcjvmHHk2Xw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
         "@opentelemetry/instrumentation": "^0.53.0",
         "@opentelemetry/semantic-conventions": "^1.27.0"
       },
@@ -6721,17 +6827,19 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-http": {
+    "node_modules/@opentelemetry/instrumentation-cassandra-driver/node_modules/@opentelemetry/instrumentation": {
       "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-http/-/instrumentation-http-0.53.0.tgz",
-      "integrity": "sha512-H74ErMeDuZfj7KgYCTOFGWF5W9AfaPnqLQQxeFq85+D29wwV2yqHbz2IKLYpkOh7EI6QwDEl7rZCIxjJLyc/CQ==",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "1.26.0",
-        "@opentelemetry/instrumentation": "0.53.0",
-        "@opentelemetry/semantic-conventions": "1.27.0",
-        "semver": "^7.5.2"
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
       },
       "engines": {
         "node": ">=14"
@@ -6740,7 +6848,7 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-http/node_modules/semver": {
+    "node_modules/@opentelemetry/instrumentation-cassandra-driver/node_modules/semver": {
       "version": "7.6.3",
       "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
       "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
@@ -6753,16 +6861,17 @@
         "node": ">=10"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-ioredis": {
-      "version": "0.43.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-ioredis/-/instrumentation-ioredis-0.43.0.tgz",
-      "integrity": "sha512-i3Dke/LdhZbiUAEImmRG3i7Dimm/BD7t8pDDzwepSvIQ6s2X6FPia7561gw+64w+nx0+G9X14D7rEfaMEmmjig==",
+    "node_modules/@opentelemetry/instrumentation-connect": {
+      "version": "0.39.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-connect/-/instrumentation-connect-0.39.0.tgz",
+      "integrity": "sha512-pGBiKevLq7NNglMgqzmeKczF4XQMTOUOTkK8afRHMZMnrK3fcETyTH7lVaSozwiOM3Ws+SuEmXZT7DYrrhxGlg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
+        "@opentelemetry/core": "^1.8.0",
         "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/redis-common": "^0.36.2",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/semantic-conventions": "^1.27.0",
+        "@types/connect": "3.4.36"
       },
       "engines": {
         "node": ">=14"
@@ -6771,15 +6880,19 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-kafkajs": {
-      "version": "0.3.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-kafkajs/-/instrumentation-kafkajs-0.3.0.tgz",
-      "integrity": "sha512-UnkZueYK1ise8FXQeKlpBd7YYUtC7mM8J0wzUSccEfc/G8UqHQqAzIyYCUOUPUKp8GsjLnWOOK/3hJc4owb7Jg==",
+    "node_modules/@opentelemetry/instrumentation-connect/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
       },
       "engines": {
         "node": ">=14"
@@ -6788,10 +6901,23 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-knex": {
-      "version": "0.40.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-knex/-/instrumentation-knex-0.40.0.tgz",
-      "integrity": "sha512-6jka2jfX8+fqjEbCn6hKWHVWe++mHrIkLQtaJqUkBt3ZBs2xn1+y0khxiDS0v/mNb0bIKDJWwtpKFfsQDM1Geg==",
+    "node_modules/@opentelemetry/instrumentation-connect/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-cucumber": {
+      "version": "0.9.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-cucumber/-/instrumentation-cucumber-0.9.0.tgz",
+      "integrity": "sha512-4PQNFnIqnA2WM3ZHpr0xhZpHSqJ5xJ6ppTIzZC7wPqe+ZBpj41vG8B6ieqiPfq+im4QdqbYnzLb3rj48GDEN9g==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -6802,19 +6928,22 @@
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api": "^1.0.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-koa": {
-      "version": "0.43.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-koa/-/instrumentation-koa-0.43.0.tgz",
-      "integrity": "sha512-lDAhSnmoTIN6ELKmLJBplXzT/Jqs5jGZehuG22EdSMaTwgjMpxMDI1YtlKEhiWPWkrz5LUsd0aOO0ZRc9vn3AQ==",
+    "node_modules/@opentelemetry/instrumentation-cucumber/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
       },
       "engines": {
         "node": ">=14"
@@ -6823,10 +6952,23 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-lru-memoizer": {
-      "version": "0.40.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-lru-memoizer/-/instrumentation-lru-memoizer-0.40.0.tgz",
-      "integrity": "sha512-21xRwZsEdMPnROu/QsaOIODmzw59IYpGFmuC4aFWvMj6stA8+Ei1tX67nkarJttlNjoM94um0N4X26AD7ff54A==",
+    "node_modules/@opentelemetry/instrumentation-cucumber/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-dataloader": {
+      "version": "0.12.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-dataloader/-/instrumentation-dataloader-0.12.0.tgz",
+      "integrity": "sha512-pnPxatoFE0OXIZDQhL2okF//dmbiWFzcSc8pUg9TqofCLYZySSxDCgQc69CJBo5JnI3Gz1KP+mOjS4WAeRIH4g==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -6839,16 +6981,49 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-memcached": {
+    "node_modules/@opentelemetry/instrumentation-dataloader/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-dataloader/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-dns": {
       "version": "0.39.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-memcached/-/instrumentation-memcached-0.39.0.tgz",
-      "integrity": "sha512-WfwvKAZ9I1qILRP5EUd88HQjwAAL+trXpCpozjBi4U6a0A07gB3fZ5PFAxbXemSjF5tHk9KVoROnqHvQ+zzFSQ==",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-dns/-/instrumentation-dns-0.39.0.tgz",
+      "integrity": "sha512-+iPzvXqVdJa67QBuz2tuP0UI3LS1/cMMo6dS7360DDtOQX+sQzkiN+mo3Omn4T6ZRhkTDw6c7uwsHBcmL31+1g==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
         "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0",
-        "@types/memcached": "^2.2.6"
+        "semver": "^7.5.4"
       },
       "engines": {
         "node": ">=14"
@@ -6857,16 +7032,19 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-mongodb": {
-      "version": "0.47.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mongodb/-/instrumentation-mongodb-0.47.0.tgz",
-      "integrity": "sha512-yqyXRx2SulEURjgOQyJzhCECSh5i1uM49NUaq9TqLd6fA7g26OahyJfsr9NE38HFqGRHpi4loyrnfYGdrsoVjQ==",
+    "node_modules/@opentelemetry/instrumentation-dns/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/sdk-metrics": "^1.9.1",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
       },
       "engines": {
         "node": ">=14"
@@ -6875,10 +7053,23 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-mongoose": {
-      "version": "0.42.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mongoose/-/instrumentation-mongoose-0.42.0.tgz",
-      "integrity": "sha512-AnWv+RaR86uG3qNEMwt3plKX1ueRM7AspfszJYVkvkehiicC3bHQA6vWdb6Zvy5HAE14RyFbu9+2hUUjR2NSyg==",
+    "node_modules/@opentelemetry/instrumentation-dns/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-express": {
+      "version": "0.43.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-express/-/instrumentation-express-0.43.0.tgz",
+      "integrity": "sha512-bxTIlzn9qPXJgrhz8/Do5Q3jIlqfpoJrSUtVGqH+90eM1v2PkPHc+SdE+zSqe4q9Y1UQJosmZ4N4bm7Zj/++MA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -6893,16 +7084,19 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-mysql": {
-      "version": "0.41.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mysql/-/instrumentation-mysql-0.41.0.tgz",
-      "integrity": "sha512-jnvrV6BsQWyHS2qb2fkfbfSb1R/lmYwqEZITwufuRl37apTopswu9izc0b1CYRp/34tUG/4k/V39PND6eyiNvw==",
+    "node_modules/@opentelemetry/instrumentation-express/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0",
-        "@types/mysql": "2.15.26"
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
       },
       "engines": {
         "node": ">=14"
@@ -6911,16 +7105,1289 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-mysql2": {
-      "version": "0.41.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mysql2/-/instrumentation-mysql2-0.41.0.tgz",
-      "integrity": "sha512-REQB0x+IzVTpoNgVmy5b+UnH1/mDByrneimP6sbDHkp1j8QOl1HyWOrBH/6YWR0nrbU3l825Em5PlybjT3232g==",
+    "node_modules/@opentelemetry/instrumentation-express/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-fastify": {
+      "version": "0.40.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-fastify/-/instrumentation-fastify-0.40.0.tgz",
+      "integrity": "sha512-74qj4nG3zPtU7g2x4sm2T4R3/pBMyrYstTsqSZwdlhQk1SD4l8OSY9sPRX1qkhfxOuW3U4KZQAV/Cymb3fB6hg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-fastify/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-fastify/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-fs": {
+      "version": "0.15.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-fs/-/instrumentation-fs-0.15.0.tgz",
+      "integrity": "sha512-JWVKdNLpu1skqZQA//jKOcKdJC66TWKqa2FUFq70rKohvaSq47pmXlnabNO+B/BvLfmidfiaN35XakT5RyMl2Q==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.53.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-fs/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-fs/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-generic-pool": {
+      "version": "0.39.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-generic-pool/-/instrumentation-generic-pool-0.39.0.tgz",
+      "integrity": "sha512-y4v8Y+tSfRB3NNBvHjbjrn7rX/7sdARG7FuK6zR8PGb28CTa0kHpEGCJqvL9L8xkTNvTXo+lM36ajFGUaK1aNw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.53.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-generic-pool/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-generic-pool/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-graphql": {
+      "version": "0.43.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-graphql/-/instrumentation-graphql-0.43.0.tgz",
+      "integrity": "sha512-aI3YMmC2McGd8KW5du1a2gBA0iOMOGLqg4s9YjzwbjFwjlmMNFSK1P3AIg374GWg823RPUGfVTIgZ/juk9CVOA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.53.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-graphql/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-graphql/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-grpc": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-grpc/-/instrumentation-grpc-0.53.0.tgz",
+      "integrity": "sha512-Ss338T92yE1UCgr9zXSY3cPuaAy27uQw+wAC5IwsQKCXL5wwkiOgkd+2Ngksa9EGsgUEMwGeHi76bDdHFJ5Rrw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "0.53.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-grpc/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-grpc/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-hapi": {
+      "version": "0.41.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-hapi/-/instrumentation-hapi-0.41.0.tgz",
+      "integrity": "sha512-jKDrxPNXDByPlYcMdZjNPYCvw0SQJjN+B1A+QH+sx+sAHsKSAf9hwFiJSrI6C4XdOls43V/f/fkp9ITkHhKFbQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-hapi/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-hapi/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-http": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-http/-/instrumentation-http-0.53.0.tgz",
+      "integrity": "sha512-H74ErMeDuZfj7KgYCTOFGWF5W9AfaPnqLQQxeFq85+D29wwV2yqHbz2IKLYpkOh7EI6QwDEl7rZCIxjJLyc/CQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "1.26.0",
+        "@opentelemetry/instrumentation": "0.53.0",
+        "@opentelemetry/semantic-conventions": "1.27.0",
+        "semver": "^7.5.2"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-http/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-http/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-ioredis": {
+      "version": "0.43.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-ioredis/-/instrumentation-ioredis-0.43.0.tgz",
+      "integrity": "sha512-i3Dke/LdhZbiUAEImmRG3i7Dimm/BD7t8pDDzwepSvIQ6s2X6FPia7561gw+64w+nx0+G9X14D7rEfaMEmmjig==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/redis-common": "^0.36.2",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-ioredis/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-ioredis/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-kafkajs": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-kafkajs/-/instrumentation-kafkajs-0.3.0.tgz",
+      "integrity": "sha512-UnkZueYK1ise8FXQeKlpBd7YYUtC7mM8J0wzUSccEfc/G8UqHQqAzIyYCUOUPUKp8GsjLnWOOK/3hJc4owb7Jg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-kafkajs/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-kafkajs/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-knex": {
+      "version": "0.40.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-knex/-/instrumentation-knex-0.40.0.tgz",
+      "integrity": "sha512-6jka2jfX8+fqjEbCn6hKWHVWe++mHrIkLQtaJqUkBt3ZBs2xn1+y0khxiDS0v/mNb0bIKDJWwtpKFfsQDM1Geg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-knex/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-knex/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-koa": {
+      "version": "0.43.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-koa/-/instrumentation-koa-0.43.0.tgz",
+      "integrity": "sha512-lDAhSnmoTIN6ELKmLJBplXzT/Jqs5jGZehuG22EdSMaTwgjMpxMDI1YtlKEhiWPWkrz5LUsd0aOO0ZRc9vn3AQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-koa/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-koa/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-lru-memoizer": {
+      "version": "0.40.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-lru-memoizer/-/instrumentation-lru-memoizer-0.40.0.tgz",
+      "integrity": "sha512-21xRwZsEdMPnROu/QsaOIODmzw59IYpGFmuC4aFWvMj6stA8+Ei1tX67nkarJttlNjoM94um0N4X26AD7ff54A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.53.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-lru-memoizer/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-lru-memoizer/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-memcached": {
+      "version": "0.39.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-memcached/-/instrumentation-memcached-0.39.0.tgz",
+      "integrity": "sha512-WfwvKAZ9I1qILRP5EUd88HQjwAAL+trXpCpozjBi4U6a0A07gB3fZ5PFAxbXemSjF5tHk9KVoROnqHvQ+zzFSQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0",
+        "@types/memcached": "^2.2.6"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-memcached/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-memcached/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mongodb": {
+      "version": "0.47.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mongodb/-/instrumentation-mongodb-0.47.0.tgz",
+      "integrity": "sha512-yqyXRx2SulEURjgOQyJzhCECSh5i1uM49NUaq9TqLd6fA7g26OahyJfsr9NE38HFqGRHpi4loyrnfYGdrsoVjQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/sdk-metrics": "^1.9.1",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mongodb/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mongodb/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mongoose": {
+      "version": "0.42.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mongoose/-/instrumentation-mongoose-0.42.0.tgz",
+      "integrity": "sha512-AnWv+RaR86uG3qNEMwt3plKX1ueRM7AspfszJYVkvkehiicC3bHQA6vWdb6Zvy5HAE14RyFbu9+2hUUjR2NSyg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mongoose/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mongoose/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mysql": {
+      "version": "0.41.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mysql/-/instrumentation-mysql-0.41.0.tgz",
+      "integrity": "sha512-jnvrV6BsQWyHS2qb2fkfbfSb1R/lmYwqEZITwufuRl37apTopswu9izc0b1CYRp/34tUG/4k/V39PND6eyiNvw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0",
+        "@types/mysql": "2.15.26"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mysql/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mysql/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mysql2": {
+      "version": "0.41.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mysql2/-/instrumentation-mysql2-0.41.0.tgz",
+      "integrity": "sha512-REQB0x+IzVTpoNgVmy5b+UnH1/mDByrneimP6sbDHkp1j8QOl1HyWOrBH/6YWR0nrbU3l825Em5PlybjT3232g==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0",
+        "@opentelemetry/sql-common": "^0.40.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mysql2/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mysql2/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-nestjs-core": {
+      "version": "0.40.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-nestjs-core/-/instrumentation-nestjs-core-0.40.0.tgz",
+      "integrity": "sha512-WF1hCUed07vKmf5BzEkL0wSPinqJgH7kGzOjjMAiTGacofNXjb/y4KQ8loj2sNsh5C/NN7s1zxQuCgbWbVTGKg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-nestjs-core/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-nestjs-core/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-net": {
+      "version": "0.39.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-net/-/instrumentation-net-0.39.0.tgz",
+      "integrity": "sha512-rixHoODfI/Cx1B0mH1BpxCT0bRSxktuBDrt9IvpT2KSEutK5hR0RsRdgdz/GKk+BQ4u+IG6godgMSGwNQCueEA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-net/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-net/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-pg": {
+      "version": "0.46.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-pg/-/instrumentation-pg-0.46.0.tgz",
+      "integrity": "sha512-PLbYYC7EIoigh9uzhBrDjyL4yhH9akjV2Mln3ci9+lD7p9HE5nUUgYCgcUasyr4bz99c8xy9ErzKLt38Y7Kodg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "^1.26.0",
+        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/semantic-conventions": "1.27.0",
+        "@opentelemetry/sql-common": "^0.40.1",
+        "@types/pg": "8.6.1",
+        "@types/pg-pool": "2.0.6"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-pg/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-pg/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-pino": {
+      "version": "0.42.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-pino/-/instrumentation-pino-0.42.0.tgz",
+      "integrity": "sha512-SoX6FzucBfTuFNMZjdurJhcYWq2ve8/LkhmyVLUW31HpIB45RF1JNum0u4MkGisosDmXlK4njomcgUovShI+WA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "^0.53.0",
+        "@opentelemetry/core": "^1.25.0",
+        "@opentelemetry/instrumentation": "^0.53.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-pino/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-pino/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-redis": {
+      "version": "0.42.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-redis/-/instrumentation-redis-0.42.0.tgz",
+      "integrity": "sha512-jZBoqve0rEC51q0HuhjtZVq1DtUvJHzEJ3YKGvzGar2MU1J4Yt5+pQAQYh1W4jSoDyKeaI4hyeUdWM5N0c2lqA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
         "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0",
-        "@opentelemetry/sql-common": "^0.40.1"
+        "@opentelemetry/redis-common": "^0.36.2",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-redis-4": {
+      "version": "0.42.1",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-redis-4/-/instrumentation-redis-4-0.42.1.tgz",
+      "integrity": "sha512-xm17LJhDfQzQo4wkM/zFwh6wk3SNN/FBFGkscI9Kj4efrb/o5p8Z3yE6ldBPNdIZ6RAwg2p3DL7fvE3DuUDJWA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/redis-common": "^0.36.2",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-redis-4/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-redis-4/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-redis/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-redis/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-restify": {
+      "version": "0.41.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-restify/-/instrumentation-restify-0.41.0.tgz",
+      "integrity": "sha512-gKEo+X/wVKUBuD2WDDlF7SlDNBHMWjSQoLxFCsGqeKgHR0MGtwMel8uaDGg9LJ83nKqYy+7Vl/cDFxjba6H+/w==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-restify/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-restify/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-router": {
+      "version": "0.40.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-router/-/instrumentation-router-0.40.0.tgz",
+      "integrity": "sha512-bRo4RaclGFiKtmv/N1D0MuzO7DuxbeqMkMCbPPng6mDwzpHAMpHz/K/IxJmF+H1Hi/NYXVjCKvHGClageLe9eA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-router/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
       },
       "engines": {
         "node": ">=14"
@@ -6929,27 +8396,23 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-nestjs-core": {
-      "version": "0.40.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-nestjs-core/-/instrumentation-nestjs-core-0.40.0.tgz",
-      "integrity": "sha512-WF1hCUed07vKmf5BzEkL0wSPinqJgH7kGzOjjMAiTGacofNXjb/y4KQ8loj2sNsh5C/NN7s1zxQuCgbWbVTGKg==",
+    "node_modules/@opentelemetry/instrumentation-router/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
       "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
       },
       "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "node": ">=10"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-net": {
-      "version": "0.39.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-net/-/instrumentation-net-0.39.0.tgz",
-      "integrity": "sha512-rixHoODfI/Cx1B0mH1BpxCT0bRSxktuBDrt9IvpT2KSEutK5hR0RsRdgdz/GKk+BQ4u+IG6godgMSGwNQCueEA==",
+    "node_modules/@opentelemetry/instrumentation-socket.io": {
+      "version": "0.42.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-socket.io/-/instrumentation-socket.io-0.42.0.tgz",
+      "integrity": "sha512-xB5tdsBzuZyicQTO3hDzJIpHQ7V1BYJ6vWPWgl19gWZDBdjEGc3HOupjkd3BUJyDoDhbMEHGk2nNlkUU99EfkA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -6963,19 +8426,19 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-pg": {
-      "version": "0.46.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-pg/-/instrumentation-pg-0.46.0.tgz",
-      "integrity": "sha512-PLbYYC7EIoigh9uzhBrDjyL4yhH9akjV2Mln3ci9+lD7p9HE5nUUgYCgcUasyr4bz99c8xy9ErzKLt38Y7Kodg==",
+    "node_modules/@opentelemetry/instrumentation-socket.io/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "^1.26.0",
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "1.27.0",
-        "@opentelemetry/sql-common": "^0.40.1",
-        "@types/pg": "8.6.1",
-        "@types/pg-pool": "2.0.6"
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
       },
       "engines": {
         "node": ">=14"
@@ -6984,34 +8447,29 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-pino": {
-      "version": "0.42.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-pino/-/instrumentation-pino-0.42.0.tgz",
-      "integrity": "sha512-SoX6FzucBfTuFNMZjdurJhcYWq2ve8/LkhmyVLUW31HpIB45RF1JNum0u4MkGisosDmXlK4njomcgUovShI+WA==",
+    "node_modules/@opentelemetry/instrumentation-socket.io/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
       "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "^0.53.0",
-        "@opentelemetry/core": "^1.25.0",
-        "@opentelemetry/instrumentation": "^0.53.0"
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
       },
       "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "node": ">=10"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-redis": {
-      "version": "0.42.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-redis/-/instrumentation-redis-0.42.0.tgz",
-      "integrity": "sha512-jZBoqve0rEC51q0HuhjtZVq1DtUvJHzEJ3YKGvzGar2MU1J4Yt5+pQAQYh1W4jSoDyKeaI4hyeUdWM5N0c2lqA==",
+    "node_modules/@opentelemetry/instrumentation-tedious": {
+      "version": "0.14.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-tedious/-/instrumentation-tedious-0.14.0.tgz",
+      "integrity": "sha512-ofq7pPhSqvRDvD2FVx3RIWPj76wj4QubfrbqJtEx0A+fWoaYxJOCIQ92tYJh28elAmjMmgF/XaYuJuBhBv5J3A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
         "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/redis-common": "^0.36.2",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/semantic-conventions": "^1.27.0",
+        "@types/tedious": "^4.0.14"
       },
       "engines": {
         "node": ">=14"
@@ -7020,16 +8478,19 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-redis-4": {
-      "version": "0.42.1",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-redis-4/-/instrumentation-redis-4-0.42.1.tgz",
-      "integrity": "sha512-xm17LJhDfQzQo4wkM/zFwh6wk3SNN/FBFGkscI9Kj4efrb/o5p8Z3yE6ldBPNdIZ6RAwg2p3DL7fvE3DuUDJWA==",
+    "node_modules/@opentelemetry/instrumentation-tedious/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/redis-common": "^0.36.2",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
       },
       "engines": {
         "node": ">=14"
@@ -7038,33 +8499,49 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-restify": {
-      "version": "0.41.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-restify/-/instrumentation-restify-0.41.0.tgz",
-      "integrity": "sha512-gKEo+X/wVKUBuD2WDDlF7SlDNBHMWjSQoLxFCsGqeKgHR0MGtwMel8uaDGg9LJ83nKqYy+7Vl/cDFxjba6H+/w==",
+    "node_modules/@opentelemetry/instrumentation-tedious/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-undici": {
+      "version": "0.6.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-undici/-/instrumentation-undici-0.6.0.tgz",
+      "integrity": "sha512-ABJBhm5OdhGmbh0S/fOTE4N69IZ00CsHC5ijMYfzbw3E5NwLgpQk5xsljaECrJ8wz1SfXbO03FiSuu5AyRAkvQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
         "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/instrumentation": "^0.53.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api": "^1.7.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-router": {
-      "version": "0.40.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-router/-/instrumentation-router-0.40.0.tgz",
-      "integrity": "sha512-bRo4RaclGFiKtmv/N1D0MuzO7DuxbeqMkMCbPPng6mDwzpHAMpHz/K/IxJmF+H1Hi/NYXVjCKvHGClageLe9eA==",
+    "node_modules/@opentelemetry/instrumentation-undici/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
       },
       "engines": {
         "node": ">=14"
@@ -7073,15 +8550,28 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-socket.io": {
-      "version": "0.42.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-socket.io/-/instrumentation-socket.io-0.42.0.tgz",
-      "integrity": "sha512-xB5tdsBzuZyicQTO3hDzJIpHQ7V1BYJ6vWPWgl19gWZDBdjEGc3HOupjkd3BUJyDoDhbMEHGk2nNlkUU99EfkA==",
+    "node_modules/@opentelemetry/instrumentation-undici/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-winston": {
+      "version": "0.40.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-winston/-/instrumentation-winston-0.40.0.tgz",
+      "integrity": "sha512-eMk2tKl86YJ8/yHvtDbyhrE35/R0InhO9zuHTflPx8T0+IvKVUhPV71MsJr32sImftqeOww92QHt4Jd+a5db4g==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/api-logs": "^0.53.0",
+        "@opentelemetry/instrumentation": "^0.53.0"
       },
       "engines": {
         "node": ">=14"
@@ -7090,16 +8580,19 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-tedious": {
-      "version": "0.14.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-tedious/-/instrumentation-tedious-0.14.0.tgz",
-      "integrity": "sha512-ofq7pPhSqvRDvD2FVx3RIWPj76wj4QubfrbqJtEx0A+fWoaYxJOCIQ92tYJh28elAmjMmgF/XaYuJuBhBv5J3A==",
+    "node_modules/@opentelemetry/instrumentation-winston/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0",
-        "@types/tedious": "^4.0.14"
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
       },
       "engines": {
         "node": ">=14"
@@ -7108,38 +8601,30 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-undici": {
-      "version": "0.6.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-undici/-/instrumentation-undici-0.6.0.tgz",
-      "integrity": "sha512-ABJBhm5OdhGmbh0S/fOTE4N69IZ00CsHC5ijMYfzbw3E5NwLgpQk5xsljaECrJ8wz1SfXbO03FiSuu5AyRAkvQ==",
+    "node_modules/@opentelemetry/instrumentation-winston/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
       "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.53.0"
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
       },
       "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.7.0"
+        "node": ">=10"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-winston": {
-      "version": "0.40.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-winston/-/instrumentation-winston-0.40.0.tgz",
-      "integrity": "sha512-eMk2tKl86YJ8/yHvtDbyhrE35/R0InhO9zuHTflPx8T0+IvKVUhPV71MsJr32sImftqeOww92QHt4Jd+a5db4g==",
+    "node_modules/@opentelemetry/instrumentation/node_modules/@opentelemetry/api-logs": {
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.54.0.tgz",
+      "integrity": "sha512-9HhEh5GqFrassUndqJsyW7a0PzfyWr2eV2xwzHLIS+wX3125+9HE9FMRAKmJRwxZhgZGwH3HNQQjoMGZqmOeVA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "^0.53.0",
-        "@opentelemetry/instrumentation": "^0.53.0"
+        "@opentelemetry/api": "^1.3.0"
       },
       "engines": {
         "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
       }
     },
     "node_modules/@opentelemetry/instrumentation/node_modules/semver": {
@@ -7457,6 +8942,60 @@
         "@opentelemetry/api": ">=1.3.0 <1.10.0"
       }
     },
+    "node_modules/@opentelemetry/sdk-node/node_modules/@opentelemetry/exporter-trace-otlp-proto": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-trace-otlp-proto/-/exporter-trace-otlp-proto-0.53.0.tgz",
+      "integrity": "sha512-T/bdXslwRKj23S96qbvGtaYOdfyew3TjPEKOk5mHjkCmkVl1O9C/YMdejwSsdLdOq2YW30KjR9kVi0YMxZushQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "1.26.0",
+        "@opentelemetry/otlp-exporter-base": "0.53.0",
+        "@opentelemetry/otlp-transformer": "0.53.0",
+        "@opentelemetry/resources": "1.26.0",
+        "@opentelemetry/sdk-trace-base": "1.26.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.0.0"
+      }
+    },
+    "node_modules/@opentelemetry/sdk-node/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
+      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.53.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/sdk-node/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/@opentelemetry/sdk-trace-base": {
       "version": "1.26.0",
       "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-base/-/sdk-trace-base-1.26.0.tgz",
diff --git a/package.json b/package.json
index e5f7dafa742..772e67d62fb 100644
--- a/package.json
+++ b/package.json
@@ -141,8 +141,8 @@
     "@graphql-eslint/eslint-plugin": "^3.20.1",
     "@opentelemetry/api": "^1.7.0",
     "@opentelemetry/auto-instrumentations-node": "^0.51.0",
-    "@opentelemetry/exporter-trace-otlp-proto": "^0.53.0",
-    "@opentelemetry/instrumentation": "^0.53.0",
+    "@opentelemetry/exporter-trace-otlp-proto": "^0.54.0",
+    "@opentelemetry/instrumentation": "^0.54.0",
     "@opentelemetry/resources": "^1.20.0",
     "@opentelemetry/sdk-trace-base": "^1.20.0",
     "@opentelemetry/sdk-trace-node": "^1.20.0",

From fcdefb5eaad8cc27949d10545b6d969954eba519 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 31 Oct 2024 10:56:32 +0100
Subject: [PATCH 023/129] fix(deps): update dependency @apollo/server to
 v4.11.2 (#10434)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 10 +++++-----
 package.json      |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 189de84881d..ab9a1abae40 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -8,7 +8,7 @@
       "hasInstallScript": true,
       "license": "MIT",
       "dependencies": {
-        "@apollo/server": "4.11.0",
+        "@apollo/server": "4.11.2",
         "@aws-sdk/client-s3": "3.678.0",
         "@babel/core": "7.26.0",
         "@babel/node": "7.26.0",
@@ -229,9 +229,9 @@
       }
     },
     "node_modules/@apollo/server": {
-      "version": "4.11.0",
-      "resolved": "https://registry.npmjs.org/@apollo/server/-/server-4.11.0.tgz",
-      "integrity": "sha512-SWDvbbs0wl2zYhKG6aGLxwTJ72xpqp0awb2lotNpfezd9VcAvzaUizzKQqocephin2uMoaA8MguoyBmgtPzNWw==",
+      "version": "4.11.2",
+      "resolved": "https://registry.npmjs.org/@apollo/server/-/server-4.11.2.tgz",
+      "integrity": "sha512-WUTHY7DDek8xAMn4Woa9Bl8duQUDzRYQkosX/d1DtCsBWESZyApR7ndnI5d6+W4KSTtqBHhJFkusEI7CWuIJXg==",
       "license": "MIT",
       "dependencies": {
         "@apollo/cache-control-types": "^1.0.3",
@@ -250,7 +250,7 @@
         "@types/node-fetch": "^2.6.1",
         "async-retry": "^1.2.1",
         "cors": "^2.8.5",
-        "express": "^4.17.1",
+        "express": "^4.21.1",
         "loglevel": "^1.6.8",
         "lru-cache": "^7.10.1",
         "negotiator": "^0.6.3",
diff --git a/package.json b/package.json
index 772e67d62fb..d58d1bb7de7 100644
--- a/package.json
+++ b/package.json
@@ -29,7 +29,7 @@
     }
   },
   "dependencies": {
-    "@apollo/server": "4.11.0",
+    "@apollo/server": "4.11.2",
     "@aws-sdk/client-s3": "3.678.0",
     "@babel/core": "7.26.0",
     "@babel/node": "7.26.0",

From 3c09c64bf8312faceee5859c29411c135eb1440f Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 31 Oct 2024 11:28:36 +0100
Subject: [PATCH 024/129] fix(deps): update dependency nodemailer to v6.9.16
 (#10438)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index ab9a1abae40..995790940af 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -84,7 +84,7 @@
         "multer": "1.4.5-lts.1",
         "node-fetch": "2.7.0",
         "node-statsd": "0.1.1",
-        "nodemailer": "6.9.15",
+        "nodemailer": "6.9.16",
         "p-filter": "2.1.0",
         "p-map": "4.0.0",
         "p-queue": "6.6.2",
@@ -20033,9 +20033,9 @@
       }
     },
     "node_modules/nodemailer": {
-      "version": "6.9.15",
-      "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-6.9.15.tgz",
-      "integrity": "sha512-AHf04ySLC6CIfuRtRiEYtGEXgRfa6INgWGluDhnxTZhHSKvrBu7lc1VVchQ0d8nPc4cFaZoPq8vkyNoZr0TpGQ==",
+      "version": "6.9.16",
+      "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-6.9.16.tgz",
+      "integrity": "sha512-psAuZdTIRN08HKVd/E8ObdV6NO7NTBY3KsC30F7M4H1OnmLCUNaS56FpYxyb26zWLSyYF9Ozch9KYHhHegsiOQ==",
       "license": "MIT-0",
       "engines": {
         "node": ">=6.0.0"
diff --git a/package.json b/package.json
index d58d1bb7de7..81e85a14be9 100644
--- a/package.json
+++ b/package.json
@@ -105,7 +105,7 @@
     "multer": "1.4.5-lts.1",
     "node-fetch": "2.7.0",
     "node-statsd": "0.1.1",
-    "nodemailer": "6.9.15",
+    "nodemailer": "6.9.16",
     "p-filter": "2.1.0",
     "p-map": "4.0.0",
     "p-queue": "6.6.2",

From 25aeb403a26540d2619573e8f07088db0e925edc Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Fri, 1 Nov 2024 09:18:14 +0100
Subject: [PATCH 025/129] chore(PayPal): update sync script (#10440)

---
 cron/daily/51-synchronize-paypal-ledger.ts | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/cron/daily/51-synchronize-paypal-ledger.ts b/cron/daily/51-synchronize-paypal-ledger.ts
index ea4afd9f146..be01c0004da 100644
--- a/cron/daily/51-synchronize-paypal-ledger.ts
+++ b/cron/daily/51-synchronize-paypal-ledger.ts
@@ -25,6 +25,8 @@ const EXCLUDED_HOST_SLUGS = process.env.EXCLUDED_HOST ? process.env.EXCLUDED_HOS
 const START_DATE = process.env.START_DATE ? moment.utc(process.env.START_DATE) : moment.utc().subtract(2, 'day');
 const END_DATE = process.env.END_DATE ? moment.utc(process.env.END_DATE) : moment(START_DATE).add(1, 'day');
 const DRY_RUN = process.env.DRY_RUN ? parseToBoolean(process.env.DRY_RUN) : false;
+const ONLY_CHECK_PAYPAL = process.env.ONLY_CHECK_PAYPAL ? parseToBoolean(process.env.ONLY_CHECK_PAYPAL) : false;
+const IGNORE_ERRORS = process.env.IGNORE_ERRORS ? parseToBoolean(process.env.IGNORE_ERRORS) : false;
 
 // Filter out transactions that are not related to contributions
 // See https://developer.paypal.com/docs/transaction-search/transaction-event-codes/
@@ -41,26 +43,18 @@ const WATCHED_EVENT_TYPES = [
 const IGNORED_HOSTS = [
   // Token is invalid
   'access2perspectives',
+  'foundation',
   // Transactions search API is not enabled
-  'allforclimate',
-  'arcadianodes',
-  'better-together',
+  'blackqueerlife',
   'bruijnlogistics',
-  'deeptimewalk-cic',
   'cct',
-  'heroes-of-newerth-community',
+  'kragelund-developments',
   'lucy-parsons-labs',
   'madeinjlm',
-  'monachelle',
-  'nfsc',
   'osgeo-foundation',
   'ppy',
   'proofing-future',
   'secdsm',
-  'stroud-district-community-hubs',
-  'the-book-haven-npc',
-  'thenewoilmedia',
-  'wildseed-society',
 ];
 
 /**
@@ -265,10 +259,16 @@ const processHost = async (host, periodStart: moment.Moment, periodEnd: moment.M
           fields: 'transaction_info',
           currentPage,
         }));
+        if (ONLY_CHECK_PAYPAL) {
+          return;
+        }
       } catch (e) {
         if (e.message.includes('Authorization failed due to insufficient permissions')) {
           logger.warn(`Skipping @${host.slug} because Transactions Search API is not enabled`);
           return;
+        } else if (IGNORE_ERRORS) {
+          console.error(`Error while fetching transactions for @${host.slug}: ${e.message}`);
+          return;
         } else {
           throw e;
         }

From 6afe354928e1b7a9ac07e32cefaccd6c7accc533 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Mon, 4 Nov 2024 09:11:04 +0100
Subject: [PATCH 026/129] fix(HostApplication): main button URL (#10441)

---
 templates/emails/host.application.comment.created.hbs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/emails/host.application.comment.created.hbs b/templates/emails/host.application.comment.created.hbs
index 4b9120c547d..51564e71228 100644
--- a/templates/emails/host.application.comment.created.hbs
+++ b/templates/emails/host.application.comment.created.hbs
@@ -20,7 +20,7 @@ Subject: New message about your application to {{{host.name}}} on Open Collectiv
 
 <p>
   <center>
-    <a href="{{config.host.website}}/dashboard/{{collective.slug}}/host-application-requests?hostApplicationId={{idEncode HostApplicationId "host-application"}}" class="btn blue"><div>View or Reply</div></a>
+    <a href="{{config.host.website}}/dashboard/{{collective.slug}}/host?hostApplicationId={{idEncode HostApplicationId "host-application"}}" class="btn blue"><div>View or Reply</div></a>
   </center>
 </p>
 

From fe9412574ffddaf636ddd046453650f94a6ec283 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 4 Nov 2024 18:02:57 -0300
Subject: [PATCH 027/129] chore(deps): update dependency typescript to v5.6.3
 (#10340)

* chore(deps): update dependency typescript to v5.6.3

* Adjust typed buffer types

* Fix code scanning alert no. 126: Uncontrolled data used in path expression

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Henrique <hdiniz@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 package-lock.json                                    |  8 ++++----
 package.json                                         |  2 +-
 .../graphql/v2/mutation/LegalDocumentsMutations.ts   |  4 +++-
 server/lib/awsS3.ts                                  | 12 ++++++++++--
 server/lib/budget.js                                 |  2 +-
 server/lib/encryption.ts                             |  6 +++---
 server/lib/stream-to-buffer.ts                       |  2 +-
 .../lib/two-factor-authentication/fido-metadata.ts   |  2 +-
 server/lib/two-factor-authentication/webauthn.ts     |  6 +++---
 9 files changed, 27 insertions(+), 17 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 995790940af..52bccf3a599 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -168,7 +168,7 @@
         "sinon-chai": "^3.7.0",
         "supertest": "^7.0.0",
         "ts-unused-exports": "^10.1.0",
-        "typescript": "5.5.4"
+        "typescript": "5.6.3"
       },
       "engines": {
         "node": "20.x",
@@ -24334,9 +24334,9 @@
       }
     },
     "node_modules/typescript": {
-      "version": "5.5.4",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.5.4.tgz",
-      "integrity": "sha512-Mtq29sKDAEYP7aljRgtPOpTvOfbwRWlS6dPRzwjdE+C0R4brX/GUyhHSecbHMFLNBLcJIPt9nl9yG5TZ1weH+Q==",
+      "version": "5.6.3",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.6.3.tgz",
+      "integrity": "sha512-hjcS1mhfuyi4WW8IWtjP7brDrG2cuDZukyrYrSauoXGNgx0S7zceP07adYkJycEr56BOUTNPzbInooiN3fn1qw==",
       "dev": true,
       "license": "Apache-2.0",
       "bin": {
diff --git a/package.json b/package.json
index 81e85a14be9..0a0aacc1888 100644
--- a/package.json
+++ b/package.json
@@ -189,7 +189,7 @@
     "sinon-chai": "^3.7.0",
     "supertest": "^7.0.0",
     "ts-unused-exports": "^10.1.0",
-    "typescript": "5.5.4"
+    "typescript": "5.6.3"
   },
   "scripts": {
     "build": "npm run build:clean && npm run build:updates && npm run build:server",
diff --git a/server/graphql/v2/mutation/LegalDocumentsMutations.ts b/server/graphql/v2/mutation/LegalDocumentsMutations.ts
index b6e56c24381..d2b3c96bd51 100644
--- a/server/graphql/v2/mutation/LegalDocumentsMutations.ts
+++ b/server/graphql/v2/mutation/LegalDocumentsMutations.ts
@@ -119,7 +119,9 @@ export const legalDocumentsMutations = {
         data: {
           ...legalDocument.data,
           valuesHash,
-          encryptedFormData: encodeBase64(LegalDocument.encrypt(Buffer.from(JSON.stringify(args.formData)))),
+          encryptedFormData: encodeBase64(
+            new Uint8Array(LegalDocument.encrypt(Buffer.from(JSON.stringify(args.formData)))),
+          ),
         },
       });
 
diff --git a/server/lib/awsS3.ts b/server/lib/awsS3.ts
index ae6c93bff6d..120c29599ac 100644
--- a/server/lib/awsS3.ts
+++ b/server/lib/awsS3.ts
@@ -1,4 +1,5 @@
 import fs from 'fs';
+import path from 'path';
 
 import {
   CopyObjectCommand,
@@ -57,10 +58,17 @@ export const uploadToS3 = async (
       }
     }
   } else if (config.env === 'development') {
-    const filePath = `/tmp/${params.Key}`;
+    const filePath = path.resolve('/tmp', params.Key);
+    if (!filePath.startsWith('/tmp')) {
+      throw new Error('Invalid file path');
+    }
     logger.warn(`S3 is not set, saving file to ${filePath}. This should only be done in development.`);
     const isBuffer = params.Body instanceof Buffer;
-    fs.writeFile(filePath, isBuffer ? <Buffer>params.Body : params.Body.toString('utf8'), logger.info);
+    fs.writeFile(
+      filePath,
+      isBuffer ? new Uint8Array(params.Body as Buffer) : params.Body.toString('utf8'),
+      logger.info,
+    );
     return { url: `file://${filePath}` };
   }
 };
diff --git a/server/lib/budget.js b/server/lib/budget.js
index e4394e4f452..078614cc064 100644
--- a/server/lib/budget.js
+++ b/server/lib/budget.js
@@ -528,7 +528,7 @@ export async function getTotalMoneyManagedAmount(
 export async function sumCollectivesTransactions(
   ids,
   {
-    column,
+    column = '',
     transactionType = null,
     kind = null,
     startDate = null,
diff --git a/server/lib/encryption.ts b/server/lib/encryption.ts
index a4ccdaa7174..8688aa2fb94 100644
--- a/server/lib/encryption.ts
+++ b/server/lib/encryption.ts
@@ -17,7 +17,7 @@ export const secretbox = {
     const keyUint8Array = decodeBase64(key);
 
     const nonce = Nonce();
-    const box = _secretbox(buff, nonce, keyUint8Array);
+    const box = _secretbox(new Uint8Array(buff), nonce, keyUint8Array);
 
     const fullMessage = new Uint8Array(nonce.length + box.length);
     fullMessage.set(nonce);
@@ -29,7 +29,7 @@ export const secretbox = {
     const keyUint8Array = decodeBase64(key);
     const nonce = buffWithNonce.slice(0, nonceLength);
     const message = buffWithNonce.slice(nonceLength, buffWithNonce.length);
-    const decrypted = _secretbox.open(message, nonce, keyUint8Array);
+    const decrypted = _secretbox.open(new Uint8Array(message), new Uint8Array(nonce), keyUint8Array);
 
     if (!decrypted) {
       throw new Error('Could not decrypt message');
@@ -44,7 +44,7 @@ export const secretbox = {
     const keyUint8Array = decodeBase64(key);
     const nonce = buffWithNonce.slice(0, nonceLength);
     const message = buffWithNonce.slice(nonceLength, buffWithNonce.length);
-    const decrypted = _secretbox.open(message, nonce, keyUint8Array);
+    const decrypted = _secretbox.open(new Uint8Array(message), new Uint8Array(nonce), keyUint8Array);
     if (!decrypted) {
       throw new Error('Could not decrypt message');
     }
diff --git a/server/lib/stream-to-buffer.ts b/server/lib/stream-to-buffer.ts
index 9062d66b195..0c3482c496b 100644
--- a/server/lib/stream-to-buffer.ts
+++ b/server/lib/stream-to-buffer.ts
@@ -16,7 +16,7 @@ export default function streamToBuffer(stream: Readable): Promise<Buffer> {
       })
       .pipe(writable)
       .on('finish', (): void => {
-        resolve(Buffer.concat(data));
+        resolve(Buffer.concat(data.map(d => new Uint8Array(d))));
       })
       .on('error', (error: Error): void => {
         reject(error);
diff --git a/server/lib/two-factor-authentication/fido-metadata.ts b/server/lib/two-factor-authentication/fido-metadata.ts
index f4125609bfe..a7aee83d38b 100644
--- a/server/lib/two-factor-authentication/fido-metadata.ts
+++ b/server/lib/two-factor-authentication/fido-metadata.ts
@@ -63,7 +63,7 @@ export async function downloadFidoMetadata(): Promise<Metadata> {
   const certs = (
     typeof decodedMetadataJwt.header.x5c === 'string' ? [decodedMetadataJwt.header.x5c] : decodedMetadataJwt.header.x5c
   )
-    .map(base64Pem => new crypto.X509Certificate(Buffer.from(base64Pem, 'base64')))
+    .map(base64Pem => new crypto.X509Certificate(new Uint8Array(Buffer.from(base64Pem, 'base64'))))
     .join('\n');
 
   return jwt.verify(text, certs) as Metadata;
diff --git a/server/lib/two-factor-authentication/webauthn.ts b/server/lib/two-factor-authentication/webauthn.ts
index 715a471ba52..6519c793e50 100644
--- a/server/lib/two-factor-authentication/webauthn.ts
+++ b/server/lib/two-factor-authentication/webauthn.ts
@@ -186,8 +186,8 @@ export async function verifyAuthenticationResponse(user: User, response: Authent
   const verificationResponse = await simplewebauthn.verifyAuthenticationResponse({
     authenticator: {
       counter: method.data.counter,
-      credentialID: Buffer.from(method.data.credentialId, 'base64url'),
-      credentialPublicKey: Buffer.from(method.data.credentialPublicKey, 'base64url'),
+      credentialID: new Uint8Array(Buffer.from(method.data.credentialId, 'base64url')),
+      credentialPublicKey: new Uint8Array(Buffer.from(method.data.credentialPublicKey, 'base64url')),
     },
     expectedChallenge,
     expectedOrigin: config.webauthn.expectedOrigins,
@@ -242,7 +242,7 @@ async function getAuthenticatorMetadata(
   // The fido aaguid can be present on the Extension OID 1.3.6.1.4.1.45724.1.1.4 (id-fido-gen-ce-aaguid)
   // https://www.w3.org/Submission/2015/SUBM-fido-key-attestation-20151120/
   const attestationObject = decodeAttestationObject(
-    Buffer.from(registrationResponse.registrationInfo?.attestationObject),
+    new Uint8Array(Buffer.from(registrationResponse.registrationInfo?.attestationObject)),
   );
   const attestationStatement = attestationObject.get('attStmt');
   if (!attestationStatement) {

From e1c4d603af1932bc31e2de507ac1767afc845e12 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 4 Nov 2024 18:10:20 -0300
Subject: [PATCH 028/129] fix(deps): update dependency stripe to v17 (#10416)

* fix(deps): update dependency stripe to v17

* adjust test data fixture type

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Henrique <hdiniz@users.noreply.github.com>
---
 package-lock.json    | 9 +++++----
 package.json         | 2 +-
 test/mocks/stripe.ts | 6 +++---
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 52bccf3a599..7f4a5600bf3 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -104,7 +104,7 @@
         "sharp": "0.33.4",
         "spdx-license-list": "6.9.0",
         "speakeasy": "2.0.0",
-        "stripe": "14.25.0",
+        "stripe": "17.3.1",
         "throng": "5.0.0",
         "tweetnacl": "1.0.3",
         "tweetnacl-util": "0.15.1",
@@ -23740,9 +23740,10 @@
       }
     },
     "node_modules/stripe": {
-      "version": "14.25.0",
-      "resolved": "https://registry.npmjs.org/stripe/-/stripe-14.25.0.tgz",
-      "integrity": "sha512-wQS3GNMofCXwH8TSje8E1SE8zr6ODiGtHQgPtO95p9Mb4FhKC9jvXR2NUTpZ9ZINlckJcFidCmaTFV4P6vsb9g==",
+      "version": "17.3.1",
+      "resolved": "https://registry.npmjs.org/stripe/-/stripe-17.3.1.tgz",
+      "integrity": "sha512-E9/u+GFBPkYnTmfFCoKX3+gP4R3SkZoGunHe4cw9J+sqkj5uxpLFf1LscuI9BuEyIQ0PFAgPTHavgQwRtOvnag==",
+      "license": "MIT",
       "dependencies": {
         "@types/node": ">=8.1.0",
         "qs": "^6.11.0"
diff --git a/package.json b/package.json
index 0a0aacc1888..37244e05df7 100644
--- a/package.json
+++ b/package.json
@@ -125,7 +125,7 @@
     "sharp": "0.33.4",
     "spdx-license-list": "6.9.0",
     "speakeasy": "2.0.0",
-    "stripe": "14.25.0",
+    "stripe": "17.3.1",
     "throng": "5.0.0",
     "tweetnacl": "1.0.3",
     "tweetnacl-util": "0.15.1",
diff --git a/test/mocks/stripe.ts b/test/mocks/stripe.ts
index 518b715427f..4a0c84e6a80 100644
--- a/test/mocks/stripe.ts
+++ b/test/mocks/stripe.ts
@@ -435,7 +435,7 @@ export default {
         payment_intent: null,
         reason: 'fraudulent',
         status: 'warning_needs_response',
-      } as Stripe.Dispute,
+      } as unknown as Stripe.Dispute,
     },
     livemode: false,
     pending_webhooks: 0,
@@ -493,7 +493,7 @@ export default {
       idempotency_key: 'edac8120-a02b-4136-9e4d-295c2f506b95',
     },
     type: 'charge.dispute.closed',
-  } as Stripe.Event,
+  } as unknown as Stripe.Event,
 
   webhook_dispute_won: {
     id: 'evt_3LpcvEJKGTeo5jKp1P6hkDxm',
@@ -542,7 +542,7 @@ export default {
       idempotency_key: 'edac8120-a02b-4136-9e4d-295c2f506b95',
     },
     type: 'charge.dispute.closed',
-  } as Stripe.Event,
+  } as unknown as Stripe.Event,
 
   webhook_review_opened: {
     id: 'evt_1LxBZNJKGTeo5jKpolE0e9UC',

From f78db65d1cc3c6e73017df5af75598b9d643f354 Mon Sep 17 00:00:00 2001
From: Henrique <hdiniz@users.noreply.github.com>
Date: Mon, 4 Nov 2024 18:11:39 -0300
Subject: [PATCH 029/129] Add field to query pledged contributions timeseries
 (#10424)

* wip

* Remove test code

* Add argument to include expected funds in pledged contributions

* Update graphql
---
 server/graphql/schemaV2.graphql              |  80 +++++++-
 server/graphql/v2/object/AccountStats.js     | 189 ++++++++++++++++++-
 server/graphql/v2/object/TimeSeriesAmount.ts |   3 +-
 3 files changed, 268 insertions(+), 4 deletions(-)

diff --git a/server/graphql/schemaV2.graphql b/server/graphql/schemaV2.graphql
index 25158e8d0fc..64133e915e4 100644
--- a/server/graphql/schemaV2.graphql
+++ b/server/graphql/schemaV2.graphql
@@ -5159,6 +5159,31 @@ type AccountStats {
       @deprecated(reason: "2022-12-14: this is not used anymore as results should be fast by default")
   ): Amount!
 
+  """
+  Amount pledged time series
+  """
+  amountPledgedTimeSeries(
+    """
+    The start date of the time series
+    """
+    dateFrom: DateTime
+
+    """
+    The end date of the time series
+    """
+    dateTo: DateTime
+
+    """
+    The time unit of the time series (such as MONTH, YEAR, WEEK etc). If no value is provided this is calculated using the dateFrom and dateTo values.
+    """
+    timeUnit: TimeUnit
+
+    """
+    Include expected funds.
+    """
+    includeExpectedFunds: Boolean = false
+  ): TimeSeriesAmount!
+
   """
   Total amount received time series
   """
@@ -5553,6 +5578,7 @@ enum TimeUnit {
 type TimeSeriesAmountNode {
   date: DateTime!
   amount: Amount!
+  count: Int
   label: String
 }
 
@@ -6928,7 +6954,27 @@ type TransactionsImport {
   """
   List of rows in the import
   """
-  rows: TransactionsImportRowCollection!
+  rows(
+    """
+    The number of results to fetch (default 10, max 1000)
+    """
+    limit: Int! = 100
+
+    """
+    The offset to use to fetch
+    """
+    offset: Int! = 0
+
+    """
+    Filter rows by status
+    """
+    status: TransactionsImportRowStatus
+
+    """
+    Search by text
+    """
+    searchTerm: String
+  ): TransactionsImportRowCollection!
   stats: TransactionsImportStats
 }
 
@@ -7011,6 +7057,26 @@ The `JSONObject` scalar type represents JSON objects as specified by [ECMA-404](
 """
 scalar JSONObject
 
+"""
+The status of a row in a transactions import
+"""
+enum TransactionsImportRowStatus {
+  """
+  The row has not been processed yet
+  """
+  PENDING
+
+  """
+  The row has been linked to an existing expense or order
+  """
+  LINKED
+
+  """
+  The row has been ignored
+  """
+  IGNORED
+}
+
 type TransactionsImportStats {
   """
   Total number of rows in the import
@@ -20222,7 +20288,17 @@ type Mutation {
     """
     Rows to update
     """
-    rows: [TransactionsImportRowUpdateInput!]!
+    rows: [TransactionsImportRowUpdateInput!]
+
+    """
+    Whether to ignore all non-processed rows
+    """
+    dismissAll: Boolean
+
+    """
+    Whether to restore all dismissed rows
+    """
+    restoreAll: Boolean
   ): TransactionsImport!
 
   """
diff --git a/server/graphql/v2/object/AccountStats.js b/server/graphql/v2/object/AccountStats.js
index cb1c2559e3e..2b4d570778d 100644
--- a/server/graphql/v2/object/AccountStats.js
+++ b/server/graphql/v2/object/AccountStats.js
@@ -1,14 +1,16 @@
 import { GraphQLBoolean, GraphQLInt, GraphQLList, GraphQLNonNull, GraphQLObjectType, GraphQLString } from 'graphql';
 import { GraphQLDateTime, GraphQLJSON } from 'graphql-scalars';
-import { get, has, intersection, pick } from 'lodash';
+import { get, has, intersection, memoize, pick, sortBy } from 'lodash';
 import moment from 'moment';
 
 import { TransactionKind } from '../../../constants/transaction-kind';
 import { getCollectiveIds } from '../../../lib/budget';
+import { getFxRate } from '../../../lib/currency';
 import queries from '../../../lib/queries';
 import sequelize, { QueryTypes } from '../../../lib/sequelize';
 import { computeDatesAsISOStrings } from '../../../lib/utils';
 import models from '../../../models';
+import { ValidationFailed } from '../../errors';
 import { GraphQLContributionFrequency } from '../enum/ContributionFrequency';
 import { GraphQLCurrency } from '../enum/Currency';
 import { GraphQLExpenseType } from '../enum/ExpenseType';
@@ -202,6 +204,191 @@ export const GraphQLAccountStats = new GraphQLObjectType({
           });
         },
       },
+      amountPledgedTimeSeries: {
+        description: 'Amount pledged time series',
+        type: new GraphQLNonNull(GraphQLTimeSeriesAmount),
+        args: {
+          ...TimeSeriesArgs,
+          includeExpectedFunds: {
+            type: GraphQLBoolean,
+            defaultValue: false,
+            description: 'Include expected funds.',
+          },
+        },
+        /**
+         * @param {import('../../../models').Collective} account
+         */
+        async resolve(account, args) {
+          const dateFrom = args.dateFrom || moment().toDate();
+          const dateTo = args.dateTo || moment().add(24, 'month').toDate();
+          const timeUnit = args.timeUnit || getTimeUnit(getNumberOfDays(dateFrom, dateTo, account) || 1);
+
+          if (moment(dateFrom).isAfter(dateTo)) {
+            throw new ValidationFailed("'dateFrom' must be before 'dateTo'");
+          }
+
+          /**
+           * @type {{pledges: number; nextChargeAt: Date; currency: string; totalAmount: number}[]}
+           */
+          const currentMonthPledges = await sequelize.query(
+            `
+            SELECT
+                DATE_TRUNC('day', s."nextChargeDate") as "nextChargeAt",
+                count(1) as "pledges",
+                o."currency",
+                sum(o."totalAmount") as "totalAmount"
+            FROM "Orders" o
+            JOIN "Subscriptions" s on s.id = o."SubscriptionId"
+            WHERE TRUE
+            AND s."isActive"
+            AND s."nextChargeDate" > NOW()
+            AND s."nextChargeDate" <= DATE_TRUNC('month', NOW()) + interval '1 month' - interval '1 day'
+            AND o."CollectiveId" = :collectiveId
+            AND o."deletedAt" IS NULL
+            GROUP BY DATE_TRUNC('day', s."nextChargeDate"), o."currency";
+          `,
+            {
+              type: QueryTypes.SELECT,
+              replacements: {
+                collectiveId: account.id,
+              },
+            },
+          );
+
+          /**
+           * @type {{pledges: number; interval: string; nextChargeAt: Date; currency: string; totalAmount: number}[]}
+           */
+          const activePledges = await sequelize.query(
+            `
+            SELECT
+                DATE_TRUNC('day', s."nextChargeDate") as "nextChargeAt",
+                count(1) as "pledges",
+                o."interval",
+                o."currency",
+                sum(o."totalAmount") as "totalAmount"
+            FROM "Orders" o
+            JOIN "Subscriptions" s on s.id = o."SubscriptionId"
+            WHERE TRUE
+            AND s."isActive"
+            AND o."CollectiveId" = :collectiveId
+            AND o."deletedAt" IS NULL
+            GROUP BY DATE_TRUNC('day', s."nextChargeDate"), o."interval", o."currency";
+          `,
+            {
+              type: QueryTypes.SELECT,
+              replacements: {
+                collectiveId: account.id,
+              },
+            },
+          );
+
+          const years = moment(dateTo).diff(moment(), 'years').toFixed(0);
+          const months = moment(dateTo).diff(moment(), 'month').toFixed(0);
+          const projectedPledges = [];
+          activePledges.forEach(pledge => {
+            if (pledge.interval === 'year') {
+              for (let i = 0; i <= years; i++) {
+                projectedPledges.push({
+                  ...pledge,
+                  nextChargeAt: moment(pledge.nextChargeAt).add(i, 'year').toISOString(),
+                });
+              }
+            } else if (pledge.interval === 'month') {
+              for (let i = 0; i <= months; i++) {
+                projectedPledges.push({
+                  ...pledge,
+                  nextChargeAt: moment(pledge.nextChargeAt).add(i, 'month').toISOString(),
+                });
+              }
+            }
+          });
+          const futureProjectedPledges = projectedPledges.filter(p =>
+            moment(p.nextChargeAt).isAfter(moment().add(1, 'month').startOf('month')),
+          );
+
+          const toCurrency = account.currency;
+          const getFxForCurrency = memoize(
+            fromCurrency => {
+              return getFxRate(fromCurrency, toCurrency);
+            },
+            fromCurrency => fromCurrency,
+          );
+
+          let expectedFunds = [];
+
+          if (args.includeExpectedFunds) {
+            /**
+             * @type {{pledges: number; nextChargeAt: Date; currency: string; totalAmount: number}[]}
+             */
+            expectedFunds = await sequelize.query(
+              `
+            SELECT
+                DATE_TRUNC('day', date(o."data"#>>'{expectedAt}')) as "nextChargeAt",
+                count(1) as "pledges",
+                o."currency",
+                sum(o."totalAmount") as "totalAmount"
+            FROM "Orders" o
+            WHERE TRUE
+            AND o."status" = 'PENDING'
+            AND o."data"#>>'{isPendingContribution}' = 'true'
+            AND o."deletedAt" IS NULL
+            AND date(o."data"#>>'{expectedAt}') <= :dateTo
+            AND date(o."data"#>>'{expectedAt}') >= :dateFrom
+            AND o."CollectiveId" = :collectiveId
+            GROUP BY DATE_TRUNC('day', date(o."data"#>>'{expectedAt}')), o."currency";
+          `,
+              {
+                type: QueryTypes.SELECT,
+                replacements: {
+                  collectiveId: account.id,
+                  dateFrom,
+                  dateTo,
+                },
+              },
+            );
+          }
+
+          const pledges = [...currentMonthPledges, ...futureProjectedPledges, ...expectedFunds].filter(
+            p => moment(p.nextChargeAt).isAfter(dateFrom) && moment(p.nextChargeAt).isBefore(dateTo),
+          );
+          const perPeriod = {};
+
+          for (const pledge of pledges) {
+            const period = moment(pledge.nextChargeAt).startOf(timeUnit.toLowerCase()).toISOString();
+            perPeriod[period] = perPeriod[period]
+              ? {
+                  ...perPeriod[period],
+                  pledges: perPeriod[period].pledges + pledge.pledges,
+                  totalAmount:
+                    perPeriod[period].totalAmount + pledge.totalAmount * (await getFxForCurrency(pledge.currency)),
+                }
+              : {
+                  date: moment(period).toDate(),
+                  pledges: pledge.pledges,
+                  totalAmount: pledge.totalAmount * (await getFxForCurrency(pledge.currency)),
+                };
+          }
+
+          const nodes = sortBy(
+            Object.values(perPeriod).map(p => ({
+              date: p.date,
+              amount: {
+                value: p.totalAmount,
+                currency: account.currency,
+              },
+              count: p.pledges,
+            })),
+            'date',
+          );
+
+          return {
+            nodes,
+            timeUnit,
+            dateFrom,
+            dateTo,
+          };
+        },
+      },
       totalAmountReceivedTimeSeries: {
         description: 'Total amount received time series',
         type: new GraphQLNonNull(GraphQLTimeSeriesAmount),
diff --git a/server/graphql/v2/object/TimeSeriesAmount.ts b/server/graphql/v2/object/TimeSeriesAmount.ts
index 1b210bbabf5..93cfda62a73 100644
--- a/server/graphql/v2/object/TimeSeriesAmount.ts
+++ b/server/graphql/v2/object/TimeSeriesAmount.ts
@@ -1,4 +1,4 @@
-import { GraphQLList, GraphQLNonNull, GraphQLObjectType, GraphQLString } from 'graphql';
+import { GraphQLInt, GraphQLList, GraphQLNonNull, GraphQLObjectType, GraphQLString } from 'graphql';
 import { GraphQLDateTime } from 'graphql-scalars';
 import moment from 'moment';
 
@@ -44,6 +44,7 @@ const GraphQLTimeSeriesAmountNodes = new GraphQLObjectType({
   fields: () => ({
     date: { type: new GraphQLNonNull(GraphQLDateTime) },
     amount: { type: new GraphQLNonNull(GraphQLAmount) },
+    count: { type: GraphQLInt },
     label: { type: GraphQLString },
   }),
 });

From 01dc105259d10b3d524c500c8a20bd2279523f78 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Tue, 5 Nov 2024 15:11:55 +0100
Subject: [PATCH 030/129] fix(createVendor): allow null vendor info (#10449)

---
 server/graphql/v2/mutation/VendorMutations.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/graphql/v2/mutation/VendorMutations.ts b/server/graphql/v2/mutation/VendorMutations.ts
index 3724ce1eff4..46eb48e564e 100644
--- a/server/graphql/v2/mutation/VendorMutations.ts
+++ b/server/graphql/v2/mutation/VendorMutations.ts
@@ -55,7 +55,7 @@ const vendorMutations = {
         settings: {},
       };
 
-      if (['EIN', 'VAT', 'GST'].includes(vendorInfo.taxType)) {
+      if (['EIN', 'VAT', 'GST'].includes(vendorInfo?.taxType)) {
         assert(vendorInfo.taxId, new BadRequest('taxId is required when taxType is provided'));
         // Store Tax id in settings, to be consistent with other types of collectives
         vendorData.settings[vendorInfo.taxType] = { number: vendorInfo.taxId, type: 'OWN' };
@@ -67,13 +67,13 @@ const vendorMutations = {
         await vendor.setLocation(args.vendor.location);
       }
 
-      if (args.vendor.vendorInfo?.taxFormUrl) {
+      if (vendorInfo?.taxFormUrl) {
         const requiredTaxForms = await host.getRequiredLegalDocuments({ where: { documentType: 'US_TAX_FORM' } });
         if (!requiredTaxForms.length) {
           throw new BadRequest('Host does not require tax forms');
         }
 
-        await LegalDocument.manuallyMarkTaxFormAsReceived(vendor, req.remoteUser, args.vendor.vendorInfo.taxFormUrl, {
+        await LegalDocument.manuallyMarkTaxFormAsReceived(vendor, req.remoteUser, vendorInfo.taxFormUrl, {
           UserTokenId: req.userToken?.id,
         });
       }

From bf38f35279e97f58668ccc2417fd2ba96c41a3ed Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Tue, 5 Nov 2024 15:12:04 +0100
Subject: [PATCH 031/129] fix(subscriptions): include active collective check
 in reactivation query (#10448)

---
 cron/10mn/00-handle-batch-subscriptions-update.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cron/10mn/00-handle-batch-subscriptions-update.ts b/cron/10mn/00-handle-batch-subscriptions-update.ts
index e6ee568953c..a67e5c5d938 100644
--- a/cron/10mn/00-handle-batch-subscriptions-update.ts
+++ b/cron/10mn/00-handle-batch-subscriptions-update.ts
@@ -110,7 +110,7 @@ export async function run() {
       [Op.or]: [
         { data: { needsAsyncDeactivation: true }, '$Subscription.isActive$': true },
         { data: { needsAsyncPause: true }, '$Subscription.isActive$': true },
-        { data: { needsAsyncReactivation: true }, '$Subscription.isActive$': false },
+        { data: { needsAsyncReactivation: true }, '$Subscription.isActive$': false, '$collective.isActive$': true },
       ],
       updatedAt: {
         [Op.gt]: moment().subtract(1, 'month').toDate(), // For performance, only look at orders updated recently

From e2282a9540a116f1922f4ff1edc57ebbbc09112f Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Tue, 5 Nov 2024 15:12:21 +0100
Subject: [PATCH 032/129] chore(Contributors): do not include followers
 (#10446)

---
 server/lib/contributors.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/server/lib/contributors.ts b/server/lib/contributors.ts
index 189f681167f..2f7f8215229 100644
--- a/server/lib/contributors.ts
+++ b/server/lib/contributors.ts
@@ -135,6 +135,7 @@ const contributorsQuery = `
     m."CollectiveId" = :collectiveId
     AND m."MemberCollectiveId" != :collectiveId
     AND m."deletedAt" IS NULL
+    AND m."role" != 'FOLLOWER'
     AND c."deletedAt" IS NULL
     AND (transactions."ExpenseId" IS NULL OR e."type" != 'SETTLEMENT')
   GROUP BY

From baa6e1fb4144ea9a7dae54863e1e206f16816b6e Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Wed, 6 Nov 2024 11:11:21 +0100
Subject: [PATCH 033/129] fix(paypal): handle errors when fetching capture
 details for missing transactions (#10451)

---
 cron/daily/51-synchronize-paypal-ledger.ts | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/cron/daily/51-synchronize-paypal-ledger.ts b/cron/daily/51-synchronize-paypal-ledger.ts
index be01c0004da..2b0fe29b216 100644
--- a/cron/daily/51-synchronize-paypal-ledger.ts
+++ b/cron/daily/51-synchronize-paypal-ledger.ts
@@ -293,8 +293,18 @@ const processHost = async (host, periodStart: moment.Moment, periodEnd: moment.M
       // Fetch missing transactions details from PayPal
       logger.info(`${missingTransactions.length} transactions seems missing from @${host.slug}'s ledger`);
       for (const transaction of missingTransactions) {
+        let captureDetails;
         const captureUrl = `payments/captures/${transaction.transaction_info.transaction_id}`;
-        const captureDetails = (await paypalRequestV2(captureUrl, host, 'GET')) as PaypalCapture;
+        try {
+          captureDetails = (await paypalRequestV2(captureUrl, host, 'GET')) as PaypalCapture;
+        } catch (e) {
+          logger.error(
+            `Error while fetching capture details for ${transaction.transaction_info.transaction_id}: ${e.message}`,
+          );
+          reportErrorToSentry(e, { extra: { transaction, hostSlug: host.slug } });
+          continue;
+        }
+
         if (captureDetails.status !== 'COMPLETED') {
           // TODO: if status is REFUNDED, we should record the transaction + its refund
           logger.debug(

From 9c9c497e19d50300ba1547d028633b3a8194266c Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 6 Nov 2024 07:48:28 -0300
Subject: [PATCH 034/129] fix(deps): update dependency @simplewebauthn/server
 to v11 (#10410)

* fix(deps): update dependency @simplewebauthn/server to v11

* Update webauthn package

* Fix credentialId type

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Henrique <hdiniz@users.noreply.github.com>
---
 package-lock.json                             | 21 ++++++-----
 package.json                                  |  4 +-
 .../lib/two-factor-authentication/webauthn.ts | 37 +++++++++----------
 3 files changed, 30 insertions(+), 32 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 7f4a5600bf3..79265c7f53e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -28,8 +28,8 @@
         "@sentry/node": "7.119.2",
         "@sentry/types": "7.119.2",
         "@shopify/address": "4.3.0",
-        "@simplewebauthn/server": "9.0.3",
-        "@simplewebauthn/types": "9.0.1",
+        "@simplewebauthn/server": "11.0.0",
+        "@simplewebauthn/types": "11.0.0",
         "@superfaceai/passport-twitter-oauth2": "1.2.4",
         "argparse": "2.0.1",
         "async-mutex": "0.5.0",
@@ -9425,9 +9425,10 @@
       }
     },
     "node_modules/@simplewebauthn/server": {
-      "version": "9.0.3",
-      "resolved": "https://registry.npmjs.org/@simplewebauthn/server/-/server-9.0.3.tgz",
-      "integrity": "sha512-FMZieoBosrVLFxCnxPFD9Enhd1U7D8nidVDT4MsHc6l4fdVcjoeHjDueeXCloO1k5O/fZg1fsSXXPKbY2XTzDA==",
+      "version": "11.0.0",
+      "resolved": "https://registry.npmjs.org/@simplewebauthn/server/-/server-11.0.0.tgz",
+      "integrity": "sha512-zu8dxKcPiRUNSN2kmrnNOzNbRI8VaR/rL4ENCHUfC6PEE7SAAdIql9g5GBOd/wOVZolIsaZz3ccFxuGoVP0iaw==",
+      "license": "MIT",
       "dependencies": {
         "@hexagon/base64": "^1.1.27",
         "@levischuck/tiny-cbor": "^0.2.2",
@@ -9436,17 +9437,17 @@
         "@peculiar/asn1-rsa": "^2.3.8",
         "@peculiar/asn1-schema": "^2.3.8",
         "@peculiar/asn1-x509": "^2.3.8",
-        "@simplewebauthn/types": "^9.0.1",
+        "@simplewebauthn/types": "^11.0.0",
         "cross-fetch": "^4.0.0"
       },
       "engines": {
-        "node": ">=16.0.0"
+        "node": ">=20.0.0"
       }
     },
     "node_modules/@simplewebauthn/types": {
-      "version": "9.0.1",
-      "resolved": "https://registry.npmjs.org/@simplewebauthn/types/-/types-9.0.1.tgz",
-      "integrity": "sha512-tGSRP1QvsAvsJmnOlRQyw/mvK9gnPtjEc5fg2+m8n+QUa+D7rvrKkOYyfpy42GTs90X3RDOnqJgfHt+qO67/+w=="
+      "version": "11.0.0",
+      "resolved": "https://registry.npmjs.org/@simplewebauthn/types/-/types-11.0.0.tgz",
+      "integrity": "sha512-b2o0wC5u2rWts31dTgBkAtSNKGX0cvL6h8QedNsKmj8O4QoLFQFR3DBVBUlpyVEhYKA+mXGUaXbcOc4JdQ3HzA=="
     },
     "node_modules/@sinonjs/commons": {
       "version": "3.0.1",
diff --git a/package.json b/package.json
index 37244e05df7..2b294b03e0f 100644
--- a/package.json
+++ b/package.json
@@ -49,8 +49,8 @@
     "@sentry/node": "7.119.2",
     "@sentry/types": "7.119.2",
     "@shopify/address": "4.3.0",
-    "@simplewebauthn/server": "9.0.3",
-    "@simplewebauthn/types": "9.0.1",
+    "@simplewebauthn/server": "11.0.0",
+    "@simplewebauthn/types": "11.0.0",
     "@superfaceai/passport-twitter-oauth2": "1.2.4",
     "argparse": "2.0.1",
     "async-mutex": "0.5.0",
diff --git a/server/lib/two-factor-authentication/webauthn.ts b/server/lib/two-factor-authentication/webauthn.ts
index 6519c793e50..571a3742116 100644
--- a/server/lib/two-factor-authentication/webauthn.ts
+++ b/server/lib/two-factor-authentication/webauthn.ts
@@ -8,7 +8,6 @@ import { decodeAttestationObject } from '@simplewebauthn/server/helpers';
 import type {
   AuthenticationResponseJSON,
   PublicKeyCredentialCreationOptionsJSON,
-  PublicKeyCredentialDescriptorFuture,
   RegistrationResponseJSON,
   // eslint-disable-next-line import/no-unresolved, n/no-missing-import
 } from '@simplewebauthn/types';
@@ -64,18 +63,17 @@ export async function generateRegistrationOptions(user: User, req): Promise<Publ
     },
   });
 
-  const excludeCredentials = methods.map(
-    method =>
-      <PublicKeyCredentialDescriptorFuture>{
-        id: Buffer.from(method.data.credentialId, 'base64url'),
-        type: 'public-key',
-      },
+  const excludeCredentials: simplewebauthn.GenerateRegistrationOptionsOpts['excludeCredentials'] = methods.map(
+    method => ({
+      id: method.data.credentialId,
+      type: 'public-key',
+    }),
   );
 
   const options = await simplewebauthn.generateRegistrationOptions({
     rpName: config.webauthn.rpName,
     rpID: config.webauthn.rpId,
-    userID: idEncode(user.id, IDENTIFIER_TYPES.USER),
+    userID: new Uint8Array(Buffer.from(idEncode(user.id, IDENTIFIER_TYPES.USER))),
     userName: collective.slug,
     userDisplayName: collective.name,
     attestationType: 'direct',
@@ -135,12 +133,11 @@ export async function authenticationOptions(user: User, req) {
     },
   });
 
-  const allowCredentials = methods.map(
-    method =>
-      <PublicKeyCredentialDescriptorFuture>{
-        id: Buffer.from(method.data.credentialId, 'base64url'),
-        type: 'public-key',
-      },
+  const allowCredentials: simplewebauthn.GenerateAuthenticationOptionsOpts['allowCredentials'] = methods.map(
+    method => ({
+      id: method.data.credentialId,
+      type: 'public-key',
+    }),
   );
 
   const options = await simplewebauthn.generateAuthenticationOptions({
@@ -184,10 +181,10 @@ export async function verifyAuthenticationResponse(user: User, response: Authent
   }
 
   const verificationResponse = await simplewebauthn.verifyAuthenticationResponse({
-    authenticator: {
+    credential: {
       counter: method.data.counter,
-      credentialID: new Uint8Array(Buffer.from(method.data.credentialId, 'base64url')),
-      credentialPublicKey: new Uint8Array(Buffer.from(method.data.credentialPublicKey, 'base64url')),
+      id: method.data.credentialId,
+      publicKey: new Uint8Array(Buffer.from(method.data.credentialPublicKey, 'base64url')),
     },
     expectedChallenge,
     expectedOrigin: config.webauthn.expectedOrigins,
@@ -285,9 +282,9 @@ export async function getWebauthDeviceData(
     aaguid: registrationResponse.registrationInfo.aaguid,
     description: metadata?.metadataStatement?.description,
     icon: metadata?.metadataStatement?.icon,
-    credentialPublicKey: Buffer.from(registrationResponse.registrationInfo.credentialPublicKey).toString('base64url'),
-    credentialId: Buffer.from(registrationResponse.registrationInfo.credentialID).toString('base64url'),
-    counter: registrationResponse.registrationInfo.counter,
+    credentialPublicKey: Buffer.from(registrationResponse.registrationInfo.credential.publicKey).toString('base64url'),
+    credentialId: registrationResponse.registrationInfo.credential.id,
+    counter: registrationResponse.registrationInfo.credential.counter,
     credentialDeviceType: registrationResponse.registrationInfo.credentialDeviceType,
     credentialType: registrationResponse.registrationInfo.credentialType,
     fmt: registrationResponse.registrationInfo.fmt,

From 18abbfbcb69388e41411877c1ab925d4d76a41f5 Mon Sep 17 00:00:00 2001
From: Leo Kewitz <leo@opencollective.com>
Date: Wed, 6 Nov 2024 14:36:52 +0100
Subject: [PATCH 035/129] Wise: partial refunds Refactor (#10329)

* refact: Wise to use transfers#refund event and support partial refunds

* test: add tests to cover feesPayer = PAYEE

* refact: add mutex lock and env variable to choose handler

* docs: improve feesPayer=PAYEE comments

* refact: reorder partial refund conditionals

So we can absorb an eventual refund > paid condition whitout any issues

* fix: transferwise.createWebhooksForHost() function

Co-authored-by: Benjamin Piouffle <benjamin@opencollective.com>

* refact: log ignored refund event

---------

Co-authored-by: Benjamin Piouffle <benjamin@opencollective.com>
---
 config/custom-environment-variables.json      |   3 +-
 config/default.json                           |   3 +-
 scripts/setup-transferwise-webhook.js         |   6 +-
 server/lib/transactions.ts                    |   4 +-
 server/models/Transaction.ts                  |   1 +
 server/paymentProviders/transferwise/index.ts |  53 +-
 .../paymentProviders/transferwise/webhook.ts  | 361 +++++---
 server/types/transferwise.ts                  |  18 +-
 .../transferwise/webhook.test.ts              | 810 +++++++++++++++---
 .../transferwise/webhook.test.ts.snap         | 109 +++
 test/test-helpers/fake-data.ts                |   2 +-
 11 files changed, 1112 insertions(+), 258 deletions(-)
 create mode 100644 test/server/paymentProviders/transferwise/webhook.test.ts.snap

diff --git a/config/custom-environment-variables.json b/config/custom-environment-variables.json
index cd012f598a3..447fe0b320b 100644
--- a/config/custom-environment-variables.json
+++ b/config/custom-environment-variables.json
@@ -187,7 +187,8 @@
     "blockedCountries": "TRANSFERWISE_BLOCKED_COUNTRIES",
     "blockedCurrencies": "TRANSFERWISE_BLOCKED_CURRENCIES",
     "blockedCurrenciesForBusinessProfiles": "TRANSFERWISE_BLOCKED_CURRENCIES_BUSINESS",
-    "blockedCurrenciesForNonProfits": "TRANSFERWISE_BLOCKED_CURRENCIES_NONPROFIT"
+    "blockedCurrenciesForNonProfits": "TRANSFERWISE_BLOCKED_CURRENCIES_NONPROFIT",
+    "useTransferRefundHandler": "TRANSFERWISE_USE_TRANSFER_REFUND_HANDLER"
   },
   "hyperwatch": {
     "enabled": "HYPERWATCH_ENABLED",
diff --git a/config/default.json b/config/default.json
index 05e1e772b37..3295e0cd1a0 100644
--- a/config/default.json
+++ b/config/default.json
@@ -173,7 +173,8 @@
     "blockedCurrenciesForBusinessProfiles": "PKR, CNY",
     "blockedCurrenciesForNonProfits": "INR",
     "currenciesThatRequireReference": "RUB",
-    "blockedCountries": "SS, SD, BI, CF, TD, CG, CD, SO, CU, IR, VE, SY, KP, AF, ER, IQ, LY, MM, YE, RU, BY"
+    "blockedCountries": "SS, SD, BI, CF, TD, CG, CD, SO, CU, IR, VE, SY, KP, AF, ER, IQ, LY, MM, YE, RU, BY",
+    "useTransferRefundHandler": false
   },
   "hyperwatch": {
     "enabled": false,
diff --git a/scripts/setup-transferwise-webhook.js b/scripts/setup-transferwise-webhook.js
index 05089e166e0..124778d1d6b 100644
--- a/scripts/setup-transferwise-webhook.js
+++ b/scripts/setup-transferwise-webhook.js
@@ -7,8 +7,10 @@ const run = async () => {
   const action = process.argv?.[2];
   if (action === 'up') {
     console.log('Creating TransferWise app webhook...');
-    const webhook = await transferwise.setUpWebhook();
-    console.log(`Webhook created: ${webhook.id} -> ${webhook.delivery.url}`);
+    const webhooks = await transferwise.createWebhooksForHost();
+    webhooks.forEach(webhook => {
+      console.log(`Webhook created: ${webhook.id} -> ${webhook.trigger_on} ${webhook.delivery.url}`);
+    });
   } else if (action === 'list') {
     console.log('Listing app webhooks...');
     const hooks = await listApplicationWebhooks();
diff --git a/server/lib/transactions.ts b/server/lib/transactions.ts
index f44695a5196..7e68638dbfa 100644
--- a/server/lib/transactions.ts
+++ b/server/lib/transactions.ts
@@ -251,7 +251,9 @@ export async function createTransactionsFromPaidExpense(
     },
   };
 
-  // If the payee is assuming the fees, we adapt the amounts
+  // Since both EXPENSE and PAYMENT_PROCESSOR_FEES are attributed to the collective,
+  // here we deduct the fees from the EXPENSE DEBIT amount so it sums up correctly to
+  // the full amount when combined with the PAYMENT_PROCESSOR_FEES DEBIT.
   if (expense.feesPayer === 'PAYEE') {
     transaction.amount += processedAmounts.paymentProcessorFee.inCollectiveCurrency;
     transaction.amountInHostCurrency += processedAmounts.paymentProcessorFee.inHostCurrency;
diff --git a/server/models/Transaction.ts b/server/models/Transaction.ts
index 1a51b7b9ebe..5e2dfba0ac2 100644
--- a/server/models/Transaction.ts
+++ b/server/models/Transaction.ts
@@ -101,6 +101,7 @@ export type TransactionData = {
   transaction?: Record<string, unknown>; // This field is used by `persistVirtualCardTransaction` to store the provider's transaction data
   id?: string; // Up to 2021-06-08, this field was used to store the external IDs of virtual card transactions
   token?: string; // Up to 2021-11-19, this field was used to store the external IDs of privacy.com transactions
+  refundWiseEventTimestamp?: string; // This field is used to guarantee that the Wise refund event is processed only once
 };
 
 class Transaction extends Model<InferAttributes<Transaction>, InferCreationAttributes<Transaction>> {
diff --git a/server/paymentProviders/transferwise/index.ts b/server/paymentProviders/transferwise/index.ts
index 0ea825c7d22..4e4c20dbc6f 100644
--- a/server/paymentProviders/transferwise/index.ts
+++ b/server/paymentProviders/transferwise/index.ts
@@ -1,3 +1,4 @@
+/* eslint-disable camelcase */
 import assert from 'assert';
 import crypto from 'crypto';
 
@@ -788,25 +789,46 @@ const oauth = {
   },
 };
 
-async function setUpWebhook(): Promise<Webhook> {
+const APPLICATION_TRIGGERS = ['transfers#state-change', 'transfers#refund'] as const;
+
+async function createWebhooksForHost(): Promise<Webhook[]> {
   const url = `${config.host.api}/webhooks/transferwise`;
   const existingWebhooks = await transferwise.listApplicationWebhooks();
 
-  if (existingWebhooks?.find(w => w.trigger_on === 'transfers#state-change' && w.delivery.url === url)) {
-    logger.info(`TransferWise App Webhook already exists for ${url}.`);
-    return;
+  const webhooks = [];
+  for (const trigger_on of APPLICATION_TRIGGERS) {
+    const existingWebhook = existingWebhooks?.find(w => w.trigger_on === trigger_on && w.delivery.url === url);
+    if (existingWebhook) {
+      logger.info(`TransferWise App Webhook already exists for ${url}.`);
+      webhooks.push(existingWebhook);
+      continue;
+    }
+
+    logger.info(`Creating TransferWise App Webhook on ${url} for ${trigger_on} events...`);
+    const webhook = await transferwise.createApplicationWebhook({
+      name: 'Open Collective',
+      trigger_on,
+      delivery: {
+        version: '2.0.0',
+        url,
+      },
+    });
+    webhooks.push(webhook);
   }
+  return webhooks;
+}
 
-  logger.info(`Creating TransferWise App Webhook on ${url}...`);
-  return await transferwise.createApplicationWebhook({
-    name: 'Open Collective',
-    // eslint-disable-next-line camelcase
-    trigger_on: 'transfers#state-change',
-    delivery: {
-      version: '2.0.0',
-      url,
-    },
-  });
+async function removeWebhooksForHost() {
+  logger.info(`Removing TransferWise Webhooks for ${config.host.api}...`);
+  const existingWebhooks = (await transferwise.listApplicationWebhooks()) || [];
+  await Promise.all(
+    existingWebhooks
+      .filter(w => w.delivery.url.includes(config.host.api))
+      .map(async w => {
+        await transferwise.deleteApplicationWebhook(w.id);
+        logger.info(`Removed TransferWise Webhook for event ${w.trigger_on} ${w.delivery.url}`);
+      }),
+  );
 }
 
 export default {
@@ -818,10 +840,11 @@ export default {
   quoteExpense,
   payExpense,
   payExpensesBatchGroup,
-  setUpWebhook,
+  createWebhooksForHost,
   validatePayoutMethod,
   scheduleExpenseForPayment,
   unscheduleExpenseForPayment,
   validateTransferRequirements,
+  removeWebhooksForHost,
   oauth,
 };
diff --git a/server/paymentProviders/transferwise/webhook.ts b/server/paymentProviders/transferwise/webhook.ts
index 38ca087d795..ebe9e9e30fc 100644
--- a/server/paymentProviders/transferwise/webhook.ts
+++ b/server/paymentProviders/transferwise/webhook.ts
@@ -1,25 +1,34 @@
 import assert from 'assert';
 
+import config from 'config';
 import { Request } from 'express';
 import { omit, pick, toString } from 'lodash';
 
 import activities from '../../constants/activities';
 import { Service } from '../../constants/connected-account';
 import expenseStatus from '../../constants/expense-status';
+import FEATURE from '../../constants/feature';
 import { TransactionKind } from '../../constants/transaction-kind';
+import { TransactionTypes } from '../../constants/transactions';
 import logger from '../../lib/logger';
+import { lockUntilResolved } from '../../lib/mutex';
 import { createRefundTransaction } from '../../lib/payments';
+import { reportErrorToSentry } from '../../lib/sentry';
 import { createTransactionsFromPaidExpense } from '../../lib/transactions';
 import { getQuote, getTransfer, verifyEvent } from '../../lib/transferwise';
+import { parseToBoolean } from '../../lib/utils';
 import models from '../../models';
 import {
   ExpenseDataQuoteV3,
   QuoteV2PaymentOption,
   QuoteV3PaymentOption,
+  TransferRefundEvent,
   TransferStateChangeEvent,
 } from '../../types/transferwise';
 
 export async function handleTransferStateChange(event: TransferStateChangeEvent): Promise<void> {
+  const isUsingTransferRefundHandler = parseToBoolean(config.transferwise.useTransferRefundHandler);
+
   const expense = await models.Expense.findOne({
     where: {
       status: [expenseStatus.PROCESSING, expenseStatus.PAID],
@@ -33,126 +42,280 @@ export async function handleTransferStateChange(event: TransferStateChangeEvent)
 
   if (!expense) {
     // This is probably some other transfer not executed through our platform.
-    logger.debug('Ignoring transferwise event.', event);
+    logger.debug('Wise: Could not find related Expense, ignoring event.', event);
     return;
   }
 
-  const connectedAccount = await expense.host.getAccountForPaymentProvider(Service.TRANSFERWISE, {
-    throwIfMissing: false,
-  });
+  const MUTEX_LOCK_KEY = `wise-webhook-${expense.id}`;
+  return lockUntilResolved(MUTEX_LOCK_KEY, async () => {
+    await expense.reload();
+    const connectedAccount = await expense.host.getAccountForPaymentProvider(Service.TRANSFERWISE, {
+      throwIfMissing: false,
+    });
 
-  let transfer;
-  if (!connectedAccount) {
-    logger.error(`Wise: No connected account found for host ${expense.host.slug}.`);
-    transfer = expense.data.transfer;
-  } else {
-    transfer = await getTransfer(connectedAccount, event.data.resource.id).catch(e => {
-      logger.error(`Wise: Failed to fetch transfer ${event.data.resource.id} from Wise`, e);
-      return expense.data.transfer;
+    let transfer;
+    if (!connectedAccount) {
+      logger.error(`Wise: No connected account found for host ${expense.host.slug}.`);
+      transfer = expense.data.transfer;
+    } else {
+      transfer = await getTransfer(connectedAccount, event.data.resource.id).catch(e => {
+        logger.error(`Wise: Failed to fetch transfer ${event.data.resource.id} from Wise`, e);
+        return expense.data.transfer;
+      });
+    }
+
+    const transaction = await models.Transaction.findOne({
+      where: {
+        ExpenseId: expense.id,
+        data: { transfer: { id: toString(event.data.resource.id) } },
+      },
     });
+    if (
+      transaction &&
+      expense.status === expenseStatus.PROCESSING &&
+      event.data.current_state === 'outgoing_payment_sent'
+    ) {
+      logger.info(`Wise: Transfer sent, marking expense as paid.`, event);
+      // Mark Expense as Paid, create activity and send notifications
+      await expense.markAsPaid();
+    } else if (expense.status === expenseStatus.PROCESSING && event.data.current_state === 'outgoing_payment_sent') {
+      logger.info(`Wise: Transfer sent, marking expense as paid and creating transactions.`, event);
+      const feesInHostCurrency = (expense.data.feesInHostCurrency || {}) as {
+        paymentProcessorFeeInHostCurrency: number;
+        hostFeeInHostCurrency: number;
+        platformFeeInHostCurrency: number;
+      };
+
+      let paymentOption = expense.data.paymentOption as QuoteV2PaymentOption | QuoteV3PaymentOption;
+      // Fetch up-to-date quote to check if payment option has changed
+      const quote = await getQuote(connectedAccount, transfer.quoteUuid);
+      assert(quote, 'Failed to fetch quote from Wise');
+      const wisePaymentOption = quote.paymentOptions.find(p => p.payIn === 'BALANCE' && p.payOut === quote.payOut);
+      if (
+        // Check if existing quote is QuoteV3
+        'price' in paymentOption &&
+        // Check if the priceDecisionReferenceId has changed
+        paymentOption.price.priceDecisionReferenceId !== wisePaymentOption.price?.priceDecisionReferenceId
+      ) {
+        logger.warn(`Wise: updated the payment option for expense ${expense.id}, updating existing values...`);
+        paymentOption = wisePaymentOption;
+        const expenseDataQuote = { ...omit(quote, ['paymentOptions']), paymentOption } as ExpenseDataQuoteV3;
+        await expense.update({ data: { ...expense.data, quote: expenseDataQuote, paymentOption } });
+      }
+
+      if (expense.host?.settings?.transferwise?.ignorePaymentProcessorFees) {
+        // TODO: We should not just ignore fees, they should be recorded as a transaction from the host to the collective
+        // See https://github.com/opencollective/opencollective/issues/5113
+        feesInHostCurrency.paymentProcessorFeeInHostCurrency = 0;
+      } else {
+        // This is simplified because we enforce sourceCurrency to be the same as hostCurrency
+        feesInHostCurrency.paymentProcessorFeeInHostCurrency = Math.round(paymentOption.fee.total * 100);
+      }
+
+      const hostAmount =
+        expense.feesPayer === 'PAYEE'
+          ? paymentOption.sourceAmount
+          : paymentOption.sourceAmount - paymentOption.fee.total;
+      assert(hostAmount, 'Expense is missing paymentOption information');
+      const expenseToHostRate = hostAmount ? (hostAmount * 100) / expense.amount : 'auto';
+
+      // This will detect that payoutMethodType=BANK_ACCOUNT and set service=wise AND type=bank_transfer
+      await expense.setAndSavePaymentMethodIfMissing();
+
+      await createTransactionsFromPaidExpense(expense.host, expense, feesInHostCurrency, expenseToHostRate, {
+        ...pick(expense.data, ['fund']),
+        transfer,
+        clearedAt: event.data?.occurred_at && new Date(event.data.occurred_at),
+      });
+      await expense.update({ data: { ...expense.data, feesInHostCurrency, transfer } });
+
+      // Mark Expense as Paid, create activity and send notifications
+      await expense.markAsPaid();
+    }
+    // Legacy refund handler
+    else if (
+      !isUsingTransferRefundHandler &&
+      (expense.status === expenseStatus.PROCESSING || expense.status === expenseStatus.PAID) &&
+      (event.data.current_state === 'funds_refunded' || event.data.current_state === 'cancelled')
+    ) {
+      logger.info(`Wise: Transfer failed, setting status to error and refunding existing transactions.`, event);
+      const transaction = await models.Transaction.findOne({
+        where: {
+          ExpenseId: expense.id,
+          RefundTransactionId: null,
+          kind: TransactionKind.EXPENSE,
+          isRefund: false,
+          data: { transfer: { id: toString(event.data.resource.id) } },
+        },
+        include: [{ model: models.Expense }],
+      });
+      if (transaction) {
+        await createRefundTransaction(transaction, transaction.paymentProcessorFeeInHostCurrency, null, expense.User);
+        logger.info(`Wise: Refunded transactions for Wise transfer #${event.data.resource.id}.`);
+      } else {
+        logger.info(`Wise: Wise transfer #${event.data.resource.id} has no transactions, skipping refund.`);
+      }
+      await expense.update({ data: { ...expense.data, transfer } });
+      await expense.setError(expense.lastEditedById);
+      await expense.createActivity(activities.COLLECTIVE_EXPENSE_ERROR, null, { isSystem: true, event });
+    } else if (
+      isUsingTransferRefundHandler &&
+      expense.status === expenseStatus.PROCESSING &&
+      event.data.current_state === 'cancelled'
+    ) {
+      logger.info(`Wise: Transfer failed, setting status to error.`, event);
+      await expense.update({ data: { ...expense.data, transfer } });
+      await expense.setError(expense.lastEditedById);
+      await expense.createActivity(activities.COLLECTIVE_EXPENSE_ERROR, null, { isSystem: true, event });
+    }
+  });
+}
+
+const handleTransferRefund = async (event: TransferRefundEvent): Promise<void> => {
+  const isUsingTransferRefundHandler = parseToBoolean(config.transferwise.useTransferRefundHandler);
+  if (!isUsingTransferRefundHandler) {
+    logger.debug('Wise: Ignoring refund event, transfers#refund handler is disabled.', event);
+    return;
   }
 
-  const transaction = await models.Transaction.findOne({
+  const transferId = event.data.resource.id;
+  const refundWiseEventTimestamp = event.data.occurred_at;
+  const expense = await models.Expense.findOne({
     where: {
-      ExpenseId: expense.id,
-      data: { transfer: { id: toString(event.data.resource.id) } },
+      status: [expenseStatus.PROCESSING, expenseStatus.PAID, expenseStatus.ERROR],
+      data: { transfer: { id: transferId } },
     },
+    include: [
+      {
+        model: models.Collective,
+        as: 'collective',
+        include: [{ model: models.Collective, as: 'host', required: true }],
+        required: true,
+      },
+      { model: models.User, as: 'User' },
+      { model: models.Transaction },
+    ],
   });
-  if (
-    transaction &&
-    expense.status === expenseStatus.PROCESSING &&
-    event.data.current_state === 'outgoing_payment_sent'
-  ) {
-    logger.info(`Wise: Transfer sent, marking expense as paid.`, event);
-    // Mark Expense as Paid, create activity and send notifications
-    await expense.markAsPaid();
-  } else if (expense.status === expenseStatus.PROCESSING && event.data.current_state === 'outgoing_payment_sent') {
-    logger.info(`Wise: Transfer sent, marking expense as paid and creating transactions.`, event);
-    const feesInHostCurrency = (expense.data.feesInHostCurrency || {}) as {
-      paymentProcessorFeeInHostCurrency: number;
-      hostFeeInHostCurrency: number;
-      platformFeeInHostCurrency: number;
-    };
-
-    let paymentOption = expense.data.paymentOption as QuoteV2PaymentOption | QuoteV3PaymentOption;
-    // Fetch up-to-date quote to check if payment option has changed
-    const quote = await getQuote(connectedAccount, transfer.quoteUuid);
-    assert(quote, 'Failed to fetch quote from Wise');
-    const wisePaymentOption = quote.paymentOptions.find(p => p.payIn === 'BALANCE' && p.payOut === quote.payOut);
-    if (
-      // Check if existing quote is QuoteV3
-      'price' in paymentOption &&
-      // Check if the priceDecisionReferenceId has changed
-      paymentOption.price.priceDecisionReferenceId !== wisePaymentOption.price?.priceDecisionReferenceId
-    ) {
-      logger.warn(`Wise updated the payment option for expense ${expense.id}, updating existing values...`);
-      paymentOption = wisePaymentOption;
-      const expenseDataQuote = { ...omit(quote, ['paymentOptions']), paymentOption } as ExpenseDataQuoteV3;
-      await expense.update({ data: { ...expense.data, quote: expenseDataQuote, paymentOption } });
-    }
 
-    if (expense.host?.settings?.transferwise?.ignorePaymentProcessorFees) {
-      // TODO: We should not just ignore fees, they should be recorded as a transaction from the host to the collective
-      // See https://github.com/opencollective/opencollective/issues/5113
-      feesInHostCurrency.paymentProcessorFeeInHostCurrency = 0;
-    } else {
-      // This is simplified because we enforce sourceCurrency to be the same as hostCurrency
-      feesInHostCurrency.paymentProcessorFeeInHostCurrency = Math.round(paymentOption.fee.total * 100);
+  if (!expense) {
+    // This is probably some other transfer not executed through our platform.
+    logger.warn('Wise: Could not find related Expense, ignoring transferwise event.', event);
+    return;
+  } else if (expense.data.refundWiseEventTimestamp === refundWiseEventTimestamp) {
+    logger.debug('Wise: Ignoring duplicate refund event.', event);
+    return;
+  }
+
+  const MUTEX_LOCK_KEY = `wise-webhook-${expense.id}`;
+  return lockUntilResolved(MUTEX_LOCK_KEY, async () => {
+    await expense.reload();
+    const collective = expense.collective;
+    const host = collective.host;
+
+    const refundCurrency = event.data.resource.refund_currency;
+    if (refundCurrency !== expense.data.transfer.sourceCurrency) {
+      // This condition is guaranteed by Wise, but we should still check it
+      // Can we recover from this? How to infer the correct FX Rate so we know if this is a partial refund or not?
+      logger.warn('Wise: Refund currency does not match transfer source currency', event);
+      throw new Error('Refund currency does not match transfer source currency.');
     }
 
-    const hostAmount =
-      expense.feesPayer === 'PAYEE' ? paymentOption.sourceAmount : paymentOption.sourceAmount - paymentOption.fee.total;
-    assert(hostAmount, 'Expense is missing paymentOption information');
-    const expenseToHostRate = hostAmount ? (hostAmount * 100) / expense.amount : 'auto';
+    const refundedAmount = event.data.resource.refund_amount;
+    const sourceAmount = expense.data.transfer.sourceValue;
+    const relatedTransferTransactions = expense.Transactions.filter(t => t.data?.transfer?.id === transferId);
+    const hasTransactions = relatedTransferTransactions.some(t => t.kind === TransactionKind.EXPENSE);
 
-    // This will detect that payoutMethodType=BANK_ACCOUNT and set service=wise AND type=bank_transfer
-    await expense.setAndSavePaymentMethodIfMissing();
+    if (hasTransactions) {
+      assert.equal(refundCurrency, host.currency, 'Refund currency does not match host currency');
+      const creditTransaction = relatedTransferTransactions.find(
+        t => t.type === TransactionTypes.CREDIT && t.kind === TransactionKind.EXPENSE,
+      );
+      assert(creditTransaction, 'Could not find related CREDIT transaction');
+      const paymentProcessorFee = expense.data.paymentOption.fee.total;
+      if (refundedAmount < sourceAmount) {
+        logger.verbose('Wise: Paid Expense was partially refunded', event);
+        const difference = sourceAmount - refundedAmount;
+        const paymentProcessorFee = expense.data.paymentOption.fee.total;
+        await createRefundTransaction(
+          creditTransaction,
+          Math.round((paymentProcessorFee - difference) * 100),
+          pick(creditTransaction.data, ['transfer']),
+          expense.User,
+        );
+      } else {
+        logger.verbose('Wise: Paid Expense was fully refunded', event);
+        await createRefundTransaction(
+          creditTransaction,
+          paymentProcessorFee * 100,
+          pick(creditTransaction.data, ['transfer']),
+          expense.User,
+        );
+      }
 
-    await createTransactionsFromPaidExpense(expense.host, expense, feesInHostCurrency, expenseToHostRate, {
-      ...pick(expense.data, ['fund']),
-      transfer,
-      clearedAt: event.data?.occurred_at && new Date(event.data.occurred_at),
-    });
-    await expense.update({ data: { ...expense.data, feesInHostCurrency, transfer } });
-
-    // Mark Expense as Paid, create activity and send notifications
-    await expense.markAsPaid();
-  } else if (
-    (expense.status === expenseStatus.PROCESSING || expense.status === expenseStatus.PAID) &&
-    (event.data.current_state === 'funds_refunded' || event.data.current_state === 'cancelled')
-  ) {
-    logger.info(`Wise: Transfer failed, setting status to error and refunding existing transactions.`, event);
-    const transaction = await models.Transaction.findOne({
-      where: {
-        ExpenseId: expense.id,
-        RefundTransactionId: null,
-        kind: TransactionKind.EXPENSE,
-        isRefund: false,
-        data: { transfer: { id: toString(event.data.resource.id) } },
-      },
-      include: [{ model: models.Expense }],
-    });
-    if (transaction) {
-      await createRefundTransaction(transaction, transaction.paymentProcessorFeeInHostCurrency, null, expense.User);
-      logger.info(`Wise: Refunded transactions for Wise transfer #${event.data.resource.id}.`);
+      await expense.update({ data: { ...expense.data, refundWiseEventTimestamp, refundEvent: event } });
+      await relatedTransferTransactions.map(t => t.update({ data: { ...t.data, refundWiseEventTimestamp } }));
+      if (expense.status !== expenseStatus.ERROR) {
+        await expense.setError(expense.lastEditedById);
+        await expense.createActivity(activities.COLLECTIVE_EXPENSE_ERROR, null, { isSystem: true, event });
+      }
     } else {
-      logger.info(`Wise: Wise transfer #${event.data.resource.id} has no transactions, skipping refund.`);
+      if (refundedAmount < sourceAmount) {
+        logger.verbose(
+          'Wise: Expense was never marked as Paid and it was just partially refunded, creating Payment Processor Fee transaction',
+          event,
+        );
+        assert.equal(refundCurrency, host.currency, 'Refund currency does not match host currency');
+        const hostCurrency = host.currency;
+        const difference = sourceAmount - refundedAmount;
+        const paymentProcessorFeeInHostCurrency = difference * 100;
+        const hostCurrencyFxRate = await models.Transaction.getFxRate(collective.currency, hostCurrency);
+        await models.Transaction.createPaymentProcessorFeeTransactions({
+          amount: 0,
+          paymentProcessorFeeInHostCurrency,
+          currency: collective.currency,
+          hostCurrencyFxRate,
+          hostCurrency,
+          CollectiveId: expense.CollectiveId,
+          ExpenseId: expense.id,
+          HostCollectiveId: host.id,
+          PayoutMethodId: expense.PayoutMethodId,
+        });
+        await expense.update({ data: { ...expense.data, refundWiseEventTimestamp, refundEvent: event } });
+        if (expense.status !== expenseStatus.ERROR) {
+          await expense.setError(expense.lastEditedById);
+          await expense.createActivity(activities.COLLECTIVE_EXPENSE_ERROR, null, { isSystem: true, event });
+        }
+      } else {
+        logger.verbose('Wise: Expense was never marked as Paid, marking it as error', event);
+        await expense.update({ data: { ...expense.data, refundWiseEventTimestamp, refundEvent: event } });
+        if (expense.status !== expenseStatus.ERROR) {
+          await expense.setError(expense.lastEditedById);
+          await expense.createActivity(activities.COLLECTIVE_EXPENSE_ERROR, null, { isSystem: true, event });
+        }
+      }
     }
-    await expense.update({ data: { ...expense.data, transfer } });
-    await expense.setError(expense.lastEditedById);
-    await expense.createActivity(activities.COLLECTIVE_EXPENSE_ERROR, null, { isSystem: true, event });
-  }
-}
+  });
+};
 
 async function webhook(req: Request & { rawBody: string }): Promise<void> {
   const event = verifyEvent(req);
 
-  switch (event.event_type) {
-    case 'transfers#state-change':
-      await handleTransferStateChange(event as TransferStateChangeEvent);
-      break;
-    default:
-      break;
+  try {
+    switch (event.event_type) {
+      case 'transfers#state-change':
+        await handleTransferStateChange(event as TransferStateChangeEvent);
+        break;
+      case 'transfers#refund':
+        await handleTransferRefund(event as TransferRefundEvent);
+        break;
+      default:
+        logger.debug('Wise: Ignoring unknown event.', event.event_type);
+        break;
+    }
+  } catch (error) {
+    logger.error('Wise: Error processing event', error);
+    reportErrorToSentry(error, { extra: { event }, feature: FEATURE.TRANSFERWISE });
+    throw error;
   }
 }
 
diff --git a/server/types/transferwise.ts b/server/types/transferwise.ts
index a1fd9ea8dc3..9c23420d7db 100644
--- a/server/types/transferwise.ts
+++ b/server/types/transferwise.ts
@@ -280,7 +280,7 @@ export type TransferStatus =
 export interface WebhookEvent {
   data: Record<string, unknown>;
   subscription_id: string;
-  event_type: string;
+  event_type: 'transfers#refund' | 'transfers#state-change';
   schema_version: '2.0.0';
   sent_at: string;
 }
@@ -300,6 +300,21 @@ export interface TransferStateChangeEvent extends WebhookEvent {
   event_type: 'transfers#state-change';
 }
 
+export interface TransferRefundEvent extends WebhookEvent {
+  data: {
+    resource: {
+      type: 'transfer';
+      id: number;
+      profile_id: number;
+      account_id: number;
+      refund_amount: number;
+      refund_currency: string;
+    };
+    occurred_at: string;
+  };
+  event_type: 'transfers#refund';
+}
+
 export type Transfer = {
   id: number;
   user: number;
@@ -407,6 +422,7 @@ export type Webhook = {
   trigger_on:
     | 'transfers#state-change' // Profile and Application
     | 'transfers#active-cases' // Profile
+    | 'transfers#refund'
     | 'balances#credit' // Profile
     | 'profiles#verification-state-change'; // Application
   scope: {
diff --git a/test/server/paymentProviders/transferwise/webhook.test.ts b/test/server/paymentProviders/transferwise/webhook.test.ts
index 7f672cc0fcd..5c319879498 100644
--- a/test/server/paymentProviders/transferwise/webhook.test.ts
+++ b/test/server/paymentProviders/transferwise/webhook.test.ts
@@ -1,197 +1,733 @@
 /* eslint-disable camelcase */
 
 import { expect } from 'chai';
+import config from 'config';
 import { defaultsDeep } from 'lodash';
 import { assert, createSandbox } from 'sinon';
 import request from 'supertest';
 
 import { roles } from '../../../../server/constants';
+import { SupportedCurrency } from '../../../../server/constants/currencies';
 import status from '../../../../server/constants/expense-status';
 import app from '../../../../server/index';
+import { getFxRate } from '../../../../server/lib/currency';
 import emailLib from '../../../../server/lib/email';
 import * as transferwiseLib from '../../../../server/lib/transferwise';
+import models from '../../../../server/models';
 import { PayoutMethodTypes } from '../../../../server/models/PayoutMethod';
+import { handleTransferStateChange } from '../../../../server/paymentProviders/transferwise/webhook';
+import { TransferRefundEvent } from '../../../../server/types/transferwise';
 import {
+  fakeActiveHost,
   fakeCollective,
   fakeConnectedAccount,
   fakeExpense,
   fakeMember,
   fakePayoutMethod,
   fakeUser,
+  randNumber,
 } from '../../../test-helpers/fake-data';
 import * as utils from '../../../utils';
 
+const RATES = {
+  USD: { EUR: 0.84, JPY: 110.94 },
+  EUR: { USD: 1.19, JPY: 132.45 },
+  JPY: { EUR: 0.0075, USD: 0.009 },
+};
+
 describe('server/paymentProviders/transferwise/webhook', () => {
   let expressApp, api;
   before(async () => {
     expressApp = await app();
     api = request(expressApp);
+    utils.nockFixerRates(RATES);
   });
 
   const sandbox = createSandbox();
+  afterEach(sandbox.restore);
 
-  const event = {
-    data: {
-      resource: {
-        id: 1234,
-        profile_id: 0,
-        account_id: 0,
-        type: 'transfer',
+  describe('handleTransferStateChange', () => {
+    const event = {
+      data: {
+        resource: {
+          id: 1234,
+          profile_id: 0,
+          account_id: 0,
+          type: 'transfer',
+        },
+        current_state: 'outgoing_payment_sent',
+        previous_state: 'processing',
+        occurred_at: '2020-03-02T13:37:54Z',
       },
-      current_state: 'outgoing_payment_sent',
-      previous_state: 'processing',
-      occurred_at: '2020-03-02T13:37:54Z',
-    },
-    subscription_id: '00000000-0000-0000-0000-000000000000',
-    event_type: 'transfers#state-change',
-    schema_version: '2.0.0',
-    sent_at: '2020-03-02T13:37:54Z',
-  };
-  let verifyEvent, sendMessage;
-  let expense, host, collective;
+      subscription_id: '00000000-0000-0000-0000-000000000000',
+      event_type: 'transfers#state-change',
+      schema_version: '2.0.0',
+      sent_at: '2020-03-02T13:37:54Z',
+    };
+    let verifyEvent, sendMessage;
+    let expense, host, collective;
 
-  afterEach(sandbox.restore);
-  beforeEach(utils.resetTestDB);
-  beforeEach(() => {
-    verifyEvent = sandbox.stub(transferwiseLib, 'verifyEvent').returns(event);
-    sendMessage = sandbox.spy(emailLib, 'sendMessage');
-    sandbox.stub(transferwiseLib, 'getQuote').resolves({ paymentOptions: [{ fee: { total: 10 }, sourceAmount: 110 }] });
-  });
-  beforeEach(async () => {
-    host = await fakeCollective({ isHostAccount: true });
-    await fakeConnectedAccount({
-      CollectiveId: host.id,
-      service: 'transferwise',
-      token: '33b5e94d-9815-4ebc-b970-3612b6aec332',
-      data: { type: 'business', id: 0 },
-    });
-    collective = await fakeCollective({
-      HostCollectiveId: host.id,
+    beforeEach(utils.resetTestDB);
+    beforeEach(() => {
+      verifyEvent = sandbox
+        .stub(transferwiseLib, 'getToken')
+        .callsFake(async connectedAccount => connectedAccount.token);
+      verifyEvent = sandbox.stub(transferwiseLib, 'getTransfer').resolves({ id: event.data.resource.id });
+      verifyEvent = sandbox.stub(transferwiseLib, 'verifyEvent').returns(event);
+      sendMessage = sandbox.spy(emailLib, 'sendMessage');
+      sandbox
+        .stub(transferwiseLib, 'getQuote')
+        .resolves({ paymentOptions: [{ fee: { total: 10 }, sourceAmount: 110 }] });
     });
-    const payoutMethod = await fakePayoutMethod({
-      type: PayoutMethodTypes.BANK_ACCOUNT,
-      data: {
-        id: 123,
-        accountHolderName: 'Leo Kewitz',
-        currency: 'EUR',
-        type: 'iban',
-        legalType: 'PRIVATE',
-        details: {
-          IBAN: 'DE89370400440532013000',
+    beforeEach(async () => {
+      host = await fakeCollective({ isHostAccount: true });
+      await fakeConnectedAccount({
+        CollectiveId: host.id,
+        service: 'transferwise',
+        token: '33b5e94d-9815-4ebc-b970-3612b6aec332',
+        data: { type: 'business', id: 0 },
+      });
+      collective = await fakeCollective({
+        HostCollectiveId: host.id,
+      });
+      const payoutMethod = await fakePayoutMethod({
+        type: PayoutMethodTypes.BANK_ACCOUNT,
+        data: {
+          id: 123,
+          accountHolderName: 'Leo Kewitz',
+          currency: 'EUR',
+          type: 'iban',
+          legalType: 'PRIVATE',
+          details: {
+            IBAN: 'DE89370400440532013000',
+          },
         },
-      },
+      });
+      expense = await fakeExpense({
+        status: status.PROCESSING,
+        amount: 10000,
+        CollectiveId: collective.id,
+        currency: 'USD',
+        PayoutMethodId: payoutMethod.id,
+        HostCollectiveId: host.id,
+        category: 'Engineering',
+        type: 'INVOICE',
+        description: 'January Invoice',
+        data: {
+          recipient: payoutMethod.data,
+          transfer: { id: event.data.resource.id },
+          quote: { fee: 10, rate: 1, targetAccount: 123 },
+          paymentOption: { fee: { total: 10 }, sourceAmount: 110 },
+        },
+      });
     });
-    expense = await fakeExpense({
-      status: status.PROCESSING,
-      amount: 10000,
-      CollectiveId: collective.id,
-      currency: 'USD',
-      PayoutMethodId: payoutMethod.id,
-      HostCollectiveId: host.id,
-      category: 'Engineering',
-      type: 'INVOICE',
-      description: 'January Invoice',
-      data: {
-        recipient: payoutMethod.data,
-        transfer: { id: event.data.resource.id },
-        quote: { fee: 10, rate: 1, targetAccount: 123 },
-        paymentOption: { fee: { total: 10 }, sourceAmount: 110 },
-      },
+
+    it('assigns rawBody to request and verifies the event signature', async () => {
+      await api.post('/webhooks/transferwise').send(event).expect(200);
+
+      assert.calledOnce(verifyEvent);
+      const { args } = verifyEvent.getCall(0);
+      expect(args[0]).to.have.property('rawBody');
     });
-  });
 
-  it('assigns rawBody to request and verifies the event signature', async () => {
-    await api.post('/webhooks/transferwise').send(event).expect(200);
+    it('should mark expense as paid and create transactions if transfer was sent', async () => {
+      await api.post('/webhooks/transferwise').send(event).expect(200);
 
-    assert.calledOnce(verifyEvent);
-    const { args } = verifyEvent.getCall(0);
-    expect(args[0]).to.have.property('rawBody');
-  });
+      await expense.reload();
+      expect(expense).to.have.property('status', status.PAID);
+      const [debitTransaction] = await expense.getTransactions({ where: { type: 'DEBIT' } });
+      expect(debitTransaction).to.be.have.property('paymentProcessorFeeInHostCurrency', -1000);
+      expect(debitTransaction).to.be.have.property('netAmountInCollectiveCurrency', -11000);
+      expect(debitTransaction).to.be.have.nested.property('data.transfer.id', 1234);
+    });
 
-  it('should mark expense as paid and create transactions if transfer was sent', async () => {
-    await api.post('/webhooks/transferwise').send(event).expect(200);
+    it('should ignore payment processor fee if host.settings.transferwise.ignorePaymentProcessorFees is true', async () => {
+      await host.update({
+        settings: defaultsDeep(host.settings, { transferwise: { ignorePaymentProcessorFees: true } }),
+      });
 
-    await expense.reload();
-    expect(expense).to.have.property('status', status.PAID);
-    const [debitTransaction] = await expense.getTransactions({ where: { type: 'DEBIT' } });
-    expect(debitTransaction).to.be.have.property('paymentProcessorFeeInHostCurrency', -1000);
-    expect(debitTransaction).to.be.have.property('netAmountInCollectiveCurrency', -11000);
-    expect(debitTransaction).to.be.have.nested.property('data.transfer.id', 1234);
-  });
+      await api.post('/webhooks/transferwise').send(event).expect(200);
+      await expense.reload();
+      expect(expense).to.have.property('status', status.PAID);
 
-  it('should ignore payment processor fee if host.settings.transferwise.ignorePaymentProcessorFees is true', async () => {
-    await host.update({
-      settings: defaultsDeep(host.settings, { transferwise: { ignorePaymentProcessorFees: true } }),
+      const [debitTransaction] = await expense.getTransactions({ where: { type: 'DEBIT' } });
+      expect(debitTransaction).to.be.have.property('paymentProcessorFeeInHostCurrency', 0);
+      expect(debitTransaction).to.be.have.property('netAmountInCollectiveCurrency', -10000);
     });
 
-    await api.post('/webhooks/transferwise').send(event).expect(200);
-    await expense.reload();
-    expect(expense).to.have.property('status', status.PAID);
+    it('should set expense as error when the transfer fails', async () => {
+      const refundEvent = { ...event, data: { ...event.data, current_state: 'cancelled' } };
+      verifyEvent.returns(refundEvent);
 
-    const [debitTransaction] = await expense.getTransactions({ where: { type: 'DEBIT' } });
-    expect(debitTransaction).to.be.have.property('paymentProcessorFeeInHostCurrency', 0);
-    expect(debitTransaction).to.be.have.property('netAmountInCollectiveCurrency', -10000);
-  });
+      await api.post('/webhooks/transferwise').send(event).expect(200);
 
-  it('should set expense as error when funds are refunded', async () => {
-    const refundEvent = { ...event, data: { ...event.data, current_state: 'funds_refunded' } };
-    verifyEvent.returns(refundEvent);
+      await expense.reload();
+      expect(expense).to.have.property('status', status.ERROR);
+    });
 
-    await api.post('/webhooks/transferwise').send(event).expect(200);
+    it('should send a notification email to the payee and the host when the transfer fails', async () => {
+      const admin = await fakeUser({ email: 'admin@oc.com' });
+      await fakeMember({ CollectiveId: host.id, MemberCollectiveId: admin.CollectiveId, role: roles.ADMIN });
+      const refundEvent = { ...event, data: { ...event.data, current_state: 'cancelled' } };
+      verifyEvent.returns(refundEvent);
 
-    await expense.reload();
-    expect(expense).to.have.property('status', status.ERROR);
-  });
+      await api.post('/webhooks/transferwise').send(event).expect(200);
 
-  it('should send a notification email to the payee and the host when funds are refunded', async () => {
-    const admin = await fakeUser({ email: 'admin@oc.com' });
-    await fakeMember({ CollectiveId: host.id, MemberCollectiveId: admin.CollectiveId, role: roles.ADMIN });
-    const refundEvent = { ...event, data: { ...event.data, current_state: 'funds_refunded' } };
-    verifyEvent.returns(refundEvent);
+      await utils.waitForCondition(() => sendMessage.callCount === 2);
 
-    await api.post('/webhooks/transferwise').send(event).expect(200);
+      expect(sendMessage.args[0][0]).to.equal(expense.User.email);
+      expect(sendMessage.args[0][1]).to.contain(
+        `Payment from ${collective.name} for ${expense.description} expense failed`,
+      );
+      expect(sendMessage.args[1][0]).to.equal(admin.email);
+      expect(sendMessage.args[1][1]).to.contain(`🚨 Transaction failed on ${collective.name}`);
+    });
 
-    await utils.waitForCondition(() => sendMessage.callCount === 2);
+    it('should return 200 OK if the transaction is not associated to any expense', async () => {
+      const refundEvent = { ...event, data: { ...event.data, resource: { id: 0 } } };
+      verifyEvent.returns(refundEvent);
 
-    expect(sendMessage.args[0][0]).to.equal(expense.User.email);
-    expect(sendMessage.args[0][1]).to.contain(
-      `Payment from ${collective.name} for ${expense.description} expense failed`,
-    );
-    expect(sendMessage.args[1][0]).to.equal(admin.email);
-    expect(sendMessage.args[1][1]).to.contain(`🚨 Transaction failed on ${collective.name}`);
-  });
+      await api.post('/webhooks/transferwise').send(event).expect(200);
+    });
 
-  it('should return 200 OK if the transaction is not associated to any expense', async () => {
-    const refundEvent = { ...event, data: { ...event.data, resource: { id: 0 } } };
-    verifyEvent.returns(refundEvent);
+    it('works with Expenses with feesPayer = PAYEE', async () => {
+      await expense.update({
+        feesPayer: 'PAYEE',
+        data: {
+          ...expense.data,
+          paymentOption: { fee: { total: 10 }, sourceAmount: 100 },
+        },
+      });
+      await api.post('/webhooks/transferwise').send(event).expect(200);
+
+      await expense.reload();
+      expect(expense).to.have.property('status', status.PAID);
+      const [debit, credit] = await expense.getTransactions();
+
+      expect(debit).to.have.property('paymentProcessorFeeInHostCurrency', -1000);
+      expect(debit).to.have.property('netAmountInCollectiveCurrency', -10000);
+      expect(debit).to.have.property('amountInHostCurrency', -9000);
+      expect(debit).to.have.property('amount', -9000);
+      expect(debit).to.have.nested.property('data.expenseToHostFxRate', 1);
+      expect(debit).to.have.nested.property('data.transfer.id', 1234);
 
-    await api.post('/webhooks/transferwise').send(event).expect(200);
+      expect(credit).to.have.property('paymentProcessorFeeInHostCurrency', -1000);
+      expect(credit).to.have.property('netAmountInCollectiveCurrency', 9000);
+      expect(credit).to.have.property('amountInHostCurrency', 10000);
+      expect(credit).to.have.property('amount', 10000);
+    });
   });
 
-  it('works with Expenses with feesPayer = PAYEE', async () => {
-    await expense.update({
-      feesPayer: 'PAYEE',
-      data: {
-        ...expense.data,
-        paymentOption: { fee: { total: 10 }, sourceAmount: 100 },
-      },
+  describe('handleTransferRefund', () => {
+    let host, collective, payoutMethod;
+    let getTransfer, getQuote, verifyEvent;
+
+    beforeEach(utils.resetTestDB);
+    beforeEach(async () => {
+      sandbox
+        .stub(config, 'ledger')
+        .value({ ...config.ledger, separatePaymentProcessorFees: true, separateTaxes: true });
+      sandbox.stub(config, 'transferwise').value({ ...config.transferwise, useTransferRefundHandler: 'true' });
+      sandbox.stub(transferwiseLib, 'getToken').callsFake(async connectedAccount => connectedAccount.token);
+
+      getTransfer = sandbox.stub(transferwiseLib, 'getTransfer');
+      verifyEvent = sandbox.stub(transferwiseLib, 'verifyEvent');
+      getQuote = sandbox.stub(transferwiseLib, 'getQuote');
+
+      await utils.seedDefaultVendors();
+      host = await fakeActiveHost({ isHostAccount: true, currency: 'USD', name: 'Fiscal Host' });
+      await fakeConnectedAccount({
+        CollectiveId: host.id,
+        service: 'transferwise',
+        token: '33b5e94d-9815-4ebc-b970-3612b6aec332',
+        data: { type: 'business', id: 0 },
+      });
+      collective = await fakeCollective({
+        HostCollectiveId: host.id,
+        name: 'Collective',
+      });
+      payoutMethod = await fakePayoutMethod({
+        type: PayoutMethodTypes.BANK_ACCOUNT,
+        data: {
+          id: 123,
+          accountHolderName: 'Leo Kewitz',
+          currency: 'EUR',
+          type: 'iban',
+          legalType: 'PRIVATE',
+          details: {
+            IBAN: 'DE89370400440532013000',
+          },
+        },
+      });
+    });
+
+    const setup = async ({
+      amount,
+      fees,
+      refunded,
+      collectiveCurrency,
+      expense,
+      now = '2024-10-11T11:27:11.421Z',
+      feesPayer = 'COLLECTIVE',
+    }: {
+      amount: number;
+      fees: number;
+      refunded: number;
+      collectiveCurrency?: SupportedCurrency;
+      expense?: any;
+      now?: string;
+      feesPayer?: 'COLLECTIVE' | 'PAYEE';
+    }) => {
+      const transferId = randNumber();
+      const hostCurrencyFxRate = await getFxRate(collectiveCurrency || 'USD', 'USD');
+      const feesDecimal = (fees / 100) * hostCurrencyFxRate;
+      const totalDecimal = ((amount + fees) / 100) * hostCurrencyFxRate;
+      const refundedDecimal = (refunded / 100) * hostCurrencyFxRate;
+
+      const event: TransferRefundEvent = {
+        data: {
+          resource: {
+            id: transferId,
+            profile_id: 0,
+            account_id: 0,
+            type: 'transfer',
+            refund_amount: refundedDecimal,
+            refund_currency: 'USD',
+          },
+          occurred_at: now,
+        },
+        subscription_id: '00000000-0000-0000-0000-000000000000',
+        event_type: 'transfers#refund',
+        schema_version: '2.0.0',
+        sent_at: now,
+      };
+
+      getTransfer.resolves({ id: transferId, sourceCurrency: 'USD', sourceValue: totalDecimal });
+      verifyEvent.returns(event);
+      getQuote.resolves({ paymentOptions: [{ fee: { total: feesDecimal }, sourceAmount: totalDecimal }] });
+
+      const user = await fakeUser({
+        name: 'User',
+      });
+
+      if (expense) {
+        await expense.update({
+          status: status.PROCESSING,
+          feesPayer,
+          data: {
+            ...expense.data,
+            transfer: { id: transferId, sourceCurrency: 'USD', sourceValue: totalDecimal },
+            quote: { fee: feesDecimal, rate: 1, targetAccount: 123 },
+            paymentOption: { fee: { total: feesDecimal }, sourceAmount: totalDecimal },
+          },
+        });
+      } else {
+        expense = await fakeExpense({
+          status: status.PROCESSING,
+          amount,
+          description: 'Invoice',
+          CollectiveId: collective.id,
+          currency: collectiveCurrency,
+          PayoutMethodId: payoutMethod.id,
+          FromCollectiveId: user.collective.id,
+          HostCollectiveId: host.id,
+          type: 'INVOICE',
+          feesPayer,
+          data: {
+            recipient: payoutMethod.data,
+            transfer: { id: transferId, sourceCurrency: 'USD', sourceValue: totalDecimal },
+            quote: { fee: feesDecimal, rate: 1, targetAccount: 123 },
+            paymentOption: { fee: { total: feesDecimal }, sourceAmount: totalDecimal },
+          },
+        });
+      }
+
+      if (collectiveCurrency !== 'USD') {
+        await collective.update({ currency: collectiveCurrency });
+      }
+
+      return { expense, event };
+    };
+
+    describe('Expense was still in PROCESSING (has no Transactions)', () => {
+      it('should just mark the Expense as Error if it was fully refunded', async () => {
+        const { expense, event } = await setup({ amount: 10000, fees: 1000, refunded: 11000 });
+
+        await api.post('/webhooks/transferwise').send(event).expect(200);
+
+        await expense.reload({ include: [{ model: models.Transaction }] });
+
+        expect(expense).to.have.property('status', status.ERROR);
+        expect(expense).to.have.nested.property('data.transfer.id', event.data.resource.id);
+        expect(expense).to.have.nested.property('data.refundWiseEventTimestamp', event.data.occurred_at);
+        expect(expense.Transactions).to.have.length(0);
+      });
+
+      it('should create a Payment Processor Fee debit for the difference if partially refunded', async () => {
+        const { expense, event } = await setup({ amount: 10000, fees: 1000, refunded: 10000 });
+
+        await api.post('/webhooks/transferwise').send(event).expect(200);
+
+        await expense.reload({ include: [{ model: models.Transaction }] });
+        expect(expense).to.have.property('status', status.ERROR);
+        expect(expense).to.have.nested.property('data.transfer.id', event.data.resource.id);
+        expect(expense).to.have.nested.property('data.refundWiseEventTimestamp', event.data.occurred_at);
+        expect(expense.Transactions).to.have.length(2);
+
+        await utils.snapshotLedger([
+          'kind',
+          'description',
+          'type',
+          'amount',
+          'currency',
+          'amountInHostCurrency',
+          'hostCurrency',
+          'netAmountInCollectiveCurrency',
+          'CollectiveId',
+          'FromCollectiveId',
+          'HostCollectiveId',
+          'data.refundWiseEventTimestamp',
+        ]);
+      });
+    });
+
+    describe('Expense was already PAID (has Transactions)', () => {
+      it('should fully refund the transactions if refunded amount matches the amount paid', async () => {
+        const { expense, event } = await setup({ amount: 10000, fees: 1000, refunded: 11000 });
+        // Pay the Expense
+        await handleTransferStateChange({
+          data: {
+            resource: {
+              id: expense.data.transfer.id,
+              profile_id: 0,
+              account_id: 0,
+              type: 'transfer',
+            },
+            current_state: 'outgoing_payment_sent',
+            previous_state: 'processing',
+            occurred_at: '2020-03-02T13:37:54Z',
+          },
+          subscription_id: '00000000-0000-0000-0000-000000000000',
+          event_type: 'transfers#state-change',
+          schema_version: '2.0.0',
+          sent_at: '2020-03-02T13:37:54Z',
+        });
+        await expense.reload();
+        expect(expense).to.have.property('status', status.PAID);
+        expect(expense).to.have.nested.property('data.transfer.id', event.data.resource.id);
+
+        // Trigger the Refund event
+        await api.post('/webhooks/transferwise').send(event).expect(200);
+        await expense.reload({ include: [{ model: models.Transaction }] });
+        expect(expense).to.have.property('status', status.ERROR);
+        expect(expense).to.have.nested.property('data.transfer.id', event.data.resource.id);
+        expect(expense).to.have.nested.property('data.refundWiseEventTimestamp', event.data.occurred_at);
+
+        await utils.snapshotLedger([
+          'kind',
+          'description',
+          'type',
+          'amount',
+          'currency',
+          'amountInHostCurrency',
+          'hostCurrency',
+          'netAmountInCollectiveCurrency',
+          'CollectiveId',
+          'FromCollectiveId',
+          'HostCollectiveId',
+          'data.refundWiseEventTimestamp',
+        ]);
+      });
+
+      it('should partially refund the transactions if refunded amount is less than the amount paid', async () => {
+        const { expense, event } = await setup({ amount: 10000, fees: 1000, refunded: 10500 });
+        // Pay the Expense
+        await handleTransferStateChange({
+          data: {
+            resource: {
+              id: expense.data.transfer.id,
+              profile_id: 0,
+              account_id: 0,
+              type: 'transfer',
+            },
+            current_state: 'outgoing_payment_sent',
+            previous_state: 'processing',
+            occurred_at: '2020-03-02T13:37:54Z',
+          },
+          subscription_id: '00000000-0000-0000-0000-000000000000',
+          event_type: 'transfers#state-change',
+          schema_version: '2.0.0',
+          sent_at: '2020-03-02T13:37:54Z',
+        });
+        await expense.reload();
+        expect(expense).to.have.property('status', status.PAID);
+        expect(expense).to.have.nested.property('data.transfer.id', event.data.resource.id);
+
+        // Trigger the Refund event
+        await api.post('/webhooks/transferwise').send(event).expect(200);
+        await expense.reload({ include: [{ model: models.Transaction }] });
+        expect(expense).to.have.property('status', status.ERROR);
+        expect(expense).to.have.nested.property('data.transfer.id', event.data.resource.id);
+        expect(expense).to.have.nested.property('data.refundWiseEventTimestamp', event.data.occurred_at);
+
+        await utils.snapshotLedger([
+          'kind',
+          'description',
+          'type',
+          'amount',
+          'currency',
+          'amountInHostCurrency',
+          'hostCurrency',
+          'netAmountInCollectiveCurrency',
+          'CollectiveId',
+          'FromCollectiveId',
+          'HostCollectiveId',
+          'data.refundWiseEventTimestamp',
+        ]);
+      });
+
+      describe('feesPayer = PAYEE', () => {
+        it('should fully refund the transactions if refunded amount matches the amount paid', async () => {
+          const { expense, event } = await setup({ amount: 10000, fees: 1000, refunded: 11000, feesPayer: 'PAYEE' });
+          // Pay the Expense
+          await handleTransferStateChange({
+            data: {
+              resource: {
+                id: expense.data.transfer.id,
+                profile_id: 0,
+                account_id: 0,
+                type: 'transfer',
+              },
+              current_state: 'outgoing_payment_sent',
+              previous_state: 'processing',
+              occurred_at: '2020-03-02T13:37:54Z',
+            },
+            subscription_id: '00000000-0000-0000-0000-000000000000',
+            event_type: 'transfers#state-change',
+            schema_version: '2.0.0',
+            sent_at: '2020-03-02T13:37:54Z',
+          });
+          await expense.reload();
+          expect(expense).to.have.property('status', status.PAID);
+          expect(expense).to.have.nested.property('data.transfer.id', event.data.resource.id);
+
+          // Trigger the Refund event
+          await api.post('/webhooks/transferwise').send(event).expect(200);
+          await expense.reload({ include: [{ model: models.Transaction }] });
+          expect(expense).to.have.property('status', status.ERROR);
+          expect(expense).to.have.nested.property('data.transfer.id', event.data.resource.id);
+          expect(expense).to.have.nested.property('data.refundWiseEventTimestamp', event.data.occurred_at);
+
+          await utils.snapshotLedger([
+            'kind',
+            'description',
+            'type',
+            'amount',
+            'currency',
+            'amountInHostCurrency',
+            'hostCurrency',
+            'netAmountInCollectiveCurrency',
+            'CollectiveId',
+            'FromCollectiveId',
+            'HostCollectiveId',
+            'data.refundWiseEventTimestamp',
+          ]);
+        });
+
+        it('should partially refund the transactions if refunded amount is less than the amount paid', async () => {
+          const { expense, event } = await setup({ amount: 10000, fees: 1000, refunded: 10500, feesPayer: 'PAYEE' });
+          // Pay the Expense
+          await handleTransferStateChange({
+            data: {
+              resource: {
+                id: expense.data.transfer.id,
+                profile_id: 0,
+                account_id: 0,
+                type: 'transfer',
+              },
+              current_state: 'outgoing_payment_sent',
+              previous_state: 'processing',
+              occurred_at: '2020-03-02T13:37:54Z',
+            },
+            subscription_id: '00000000-0000-0000-0000-000000000000',
+            event_type: 'transfers#state-change',
+            schema_version: '2.0.0',
+            sent_at: '2020-03-02T13:37:54Z',
+          });
+          await expense.reload();
+          expect(expense).to.have.property('status', status.PAID);
+          expect(expense).to.have.nested.property('data.transfer.id', event.data.resource.id);
+
+          // Trigger the Refund event
+          await api.post('/webhooks/transferwise').send(event).expect(200);
+          await expense.reload({ include: [{ model: models.Transaction }] });
+          expect(expense).to.have.property('status', status.ERROR);
+          expect(expense).to.have.nested.property('data.transfer.id', event.data.resource.id);
+          expect(expense).to.have.nested.property('data.refundWiseEventTimestamp', event.data.occurred_at);
+
+          await utils.snapshotLedger([
+            'kind',
+            'description',
+            'type',
+            'amount',
+            'currency',
+            'amountInHostCurrency',
+            'hostCurrency',
+            'netAmountInCollectiveCurrency',
+            'CollectiveId',
+            'FromCollectiveId',
+            'HostCollectiveId',
+            'data.refundWiseEventTimestamp',
+          ]);
+        });
+      });
+
+      it('should work with an expense that was paid multiple times', async () => {
+        // eslint-disable-next-line prefer-const
+        let { expense, event } = await setup({ amount: 10000, fees: 1000, refunded: 10500 });
+        // Pay the Expense
+        await handleTransferStateChange({
+          data: {
+            resource: {
+              id: event.data.resource.id,
+              profile_id: 0,
+              account_id: 0,
+              type: 'transfer',
+            },
+            current_state: 'outgoing_payment_sent',
+            previous_state: 'processing',
+            occurred_at: '2020-03-02T13:37:54Z',
+          },
+          subscription_id: '00000000-0000-0000-0000-000000000000',
+          event_type: 'transfers#state-change',
+          schema_version: '2.0.0',
+          sent_at: '2020-03-02T13:37:54Z',
+        });
+        await expense.reload();
+        expect(expense).to.have.property('status', status.PAID);
+        expect(expense).to.have.nested.property('data.transfer.id', event.data.resource.id);
+
+        // Trigger the Refund event
+        await api.post('/webhooks/transferwise').send(event).expect(200);
+        await expense.reload({ include: [{ model: models.Transaction }] });
+        expect(expense).to.have.property('status', status.ERROR);
+        expect(expense).to.have.nested.property('data.transfer.id', event.data.resource.id);
+        expect(expense).to.have.nested.property('data.refundWiseEventTimestamp', event.data.occurred_at);
+
+        // Second payment Refund
+        event = (await setup({ amount: 10100, fees: 1000, refunded: 10600, expense, now: '2024-10-12T00:00:00.000Z' }))
+          .event;
+        await expense.reload({ include: [{ model: models.Transaction }] });
+        expect(expense).to.have.property('status', status.PROCESSING);
+        expect(expense).to.have.nested.property('data.transfer.id', event.data.resource.id);
+        // Pay the Expense
+        await handleTransferStateChange({
+          data: {
+            resource: {
+              id: event.data.resource.id,
+              profile_id: 0,
+              account_id: 0,
+              type: 'transfer',
+            },
+            current_state: 'outgoing_payment_sent',
+            previous_state: 'processing',
+            occurred_at: '2020-03-02T13:37:54Z',
+          },
+          subscription_id: '00000000-0000-0000-0000-000000000000',
+          event_type: 'transfers#state-change',
+          schema_version: '2.0.0',
+          sent_at: '2020-03-02T13:37:54Z',
+        });
+        await expense.reload();
+        expect(expense).to.have.property('status', status.PAID);
+        expect(expense).to.have.nested.property('data.transfer.id', event.data.resource.id);
+
+        await api.post('/webhooks/transferwise').send(event).expect(200);
+        await expense.reload({ include: [{ model: models.Transaction }] });
+        expect(expense).to.have.property('status', status.ERROR);
+        expect(expense).to.have.nested.property('data.transfer.id', event.data.resource.id);
+        expect(expense).to.have.nested.property('data.refundWiseEventTimestamp', event.data.occurred_at);
+
+        await utils.snapshotLedger([
+          'kind',
+          'description',
+          'type',
+          'amount',
+          'currency',
+          'amountInHostCurrency',
+          'hostCurrency',
+          'netAmountInCollectiveCurrency',
+          'CollectiveId',
+          'FromCollectiveId',
+          'HostCollectiveId',
+          'data.refundWiseEventTimestamp',
+        ]);
+      });
+
+      it('should work with Collectives that have a different currency than the Host', async () => {
+        const { expense, event } = await setup({
+          amount: 10000,
+          fees: 1000,
+          refunded: 10500,
+          collectiveCurrency: 'EUR',
+        });
+        // Pay the Expense
+        await handleTransferStateChange({
+          data: {
+            resource: {
+              id: expense.data.transfer.id,
+              profile_id: 0,
+              account_id: 0,
+              type: 'transfer',
+            },
+            current_state: 'outgoing_payment_sent',
+            previous_state: 'processing',
+            occurred_at: '2020-03-02T13:37:54Z',
+          },
+          subscription_id: '00000000-0000-0000-0000-000000000000',
+          event_type: 'transfers#state-change',
+          schema_version: '2.0.0',
+          sent_at: '2020-03-02T13:37:54Z',
+        });
+        await expense.reload();
+        expect(expense).to.have.property('status', status.PAID);
+        expect(expense).to.have.nested.property('data.transfer.id', event.data.resource.id);
+
+        // Trigger the Refund event
+        await api.post('/webhooks/transferwise').send(event).expect(200);
+        await expense.reload({ include: [{ model: models.Transaction }] });
+        expect(expense).to.have.property('status', status.ERROR);
+        expect(expense).to.have.nested.property('data.transfer.id', event.data.resource.id);
+        expect(expense).to.have.nested.property('data.refundWiseEventTimestamp', event.data.occurred_at);
+
+        await utils.snapshotLedger([
+          'kind',
+          'description',
+          'type',
+          'amount',
+          'currency',
+          'amountInHostCurrency',
+          'hostCurrency',
+          'netAmountInCollectiveCurrency',
+          'CollectiveId',
+          'FromCollectiveId',
+          'HostCollectiveId',
+          'data.refundWiseEventTimestamp',
+        ]);
+      });
+    });
+
+    it('should ignore if the Expense was already refunded', async () => {
+      const { expense, event } = await setup({ amount: 10000, fees: 1000, refunded: 10000 });
+
+      await api.post('/webhooks/transferwise').send(event).expect(200);
+      await api.post('/webhooks/transferwise').send(event).expect(200);
+
+      await expense.reload({ include: [{ model: models.Transaction }] });
+      expect(expense).to.have.property('status', status.ERROR);
+      expect(expense).to.have.nested.property('data.transfer.id', event.data.resource.id);
+      expect(expense).to.have.nested.property('data.refundWiseEventTimestamp', event.data.occurred_at);
+      expect(expense.Transactions).to.have.length(2);
     });
-    await api.post('/webhooks/transferwise').send(event).expect(200);
-
-    await expense.reload();
-    expect(expense).to.have.property('status', status.PAID);
-    const [debit, credit] = await expense.getTransactions();
-
-    expect(debit).to.have.property('paymentProcessorFeeInHostCurrency', -1000);
-    expect(debit).to.have.property('netAmountInCollectiveCurrency', -10000);
-    expect(debit).to.have.property('amountInHostCurrency', -9000);
-    expect(debit).to.have.property('amount', -9000);
-    expect(debit).to.have.nested.property('data.expenseToHostFxRate', 1);
-    expect(debit).to.have.nested.property('data.transfer.id', 1234);
-
-    expect(credit).to.have.property('paymentProcessorFeeInHostCurrency', -1000);
-    expect(credit).to.have.property('netAmountInCollectiveCurrency', 9000);
-    expect(credit).to.have.property('amountInHostCurrency', 10000);
-    expect(credit).to.have.property('amount', 10000);
   });
 });
diff --git a/test/server/paymentProviders/transferwise/webhook.test.ts.snap b/test/server/paymentProviders/transferwise/webhook.test.ts.snap
new file mode 100644
index 00000000000..8c562ba639e
--- /dev/null
+++ b/test/server/paymentProviders/transferwise/webhook.test.ts.snap
@@ -0,0 +1,109 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`server/paymentProviders/transferwise/webhook handleTransferRefund Expense was already PAID (has Transactions) feesPayer = PAYEE should fully refund the transactions if refunded amount matches the amount paid 1`] = `
+"
+| kind                  | description                                               | type   | amount | currency | amountInHostCurrency | hostCurrency | netAmountInCollectiveCurrency | To                      | From                    | Host        | data.refundWiseEventTimestamp |
+| --------------------- | --------------------------------------------------------- | ------ | ------ | -------- | -------------------- | ------------ | ----------------------------- | ----------------------- | ----------------------- | ----------- | ----------------------------- |
+| EXPENSE               | Refund of \\"Invoice\\"                                       | CREDIT | 10000  | USD      | 10000                | USD          | 10000                         | Collective              | User                    | Fiscal Host |                               |
+| EXPENSE               | Refund of \\"Invoice\\"                                       | DEBIT  | -10000 | USD      | -10000               | USD          | -10000                        | User                    | Collective              | NULL        |                               |
+| PAYMENT_PROCESSOR_FEE | Refund of \\"Other Payment Processor payment processor fee\\" | CREDIT | 1000   | USD      | 1000                 | USD          | 1000                          | Collective              | Other Payment Processor | Fiscal Host |                               |
+| PAYMENT_PROCESSOR_FEE | Refund of \\"Other Payment Processor payment processor fee\\" | DEBIT  | -1000  | USD      | -1000                | USD          | -1000                         | Other Payment Processor | Collective              | NULL        |                               |
+| EXPENSE               | Invoice                                                   | CREDIT | 10000  | USD      | 10000                | USD          | 10000                         | User                    | Collective              | NULL        | 2024-10-11T11:27:11.421Z      |
+| EXPENSE               | Invoice                                                   | DEBIT  | -10000 | USD      | -10000               | USD          | -10000                        | Collective              | User                    | Fiscal Host | 2024-10-11T11:27:11.421Z      |
+| PAYMENT_PROCESSOR_FEE | Other Payment Processor payment processor fee             | CREDIT | 1000   | USD      | 1000                 | USD          | 1000                          | Other Payment Processor | Collective              | NULL        |                               |
+| PAYMENT_PROCESSOR_FEE | Other Payment Processor payment processor fee             | DEBIT  | -1000  | USD      | -1000                | USD          | -1000                         | Collective              | Other Payment Processor | Fiscal Host |                               |"
+`;
+
+exports[`server/paymentProviders/transferwise/webhook handleTransferRefund Expense was already PAID (has Transactions) feesPayer = PAYEE should partially refund the transactions if refunded amount is less than the amount paid 1`] = `
+"
+| kind                  | description                                               | type   | amount | currency | amountInHostCurrency | hostCurrency | netAmountInCollectiveCurrency | To                      | From                    | Host        | data.refundWiseEventTimestamp |
+| --------------------- | --------------------------------------------------------- | ------ | ------ | -------- | -------------------- | ------------ | ----------------------------- | ----------------------- | ----------------------- | ----------- | ----------------------------- |
+| EXPENSE               | Refund of \\"Invoice\\"                                       | CREDIT | 10000  | USD      | 10000                | USD          | 10000                         | Collective              | User                    | Fiscal Host |                               |
+| EXPENSE               | Refund of \\"Invoice\\"                                       | DEBIT  | -10000 | USD      | -10000               | USD          | -10000                        | User                    | Collective              | NULL        |                               |
+| PAYMENT_PROCESSOR_FEE | Refund of \\"Other Payment Processor payment processor fee\\" | CREDIT | 500    | USD      | 500                  | USD          | 500                           | Collective              | Other Payment Processor | Fiscal Host |                               |
+| PAYMENT_PROCESSOR_FEE | Refund of \\"Other Payment Processor payment processor fee\\" | DEBIT  | -500   | USD      | -500                 | USD          | -500                          | Other Payment Processor | Collective              | NULL        |                               |
+| EXPENSE               | Invoice                                                   | CREDIT | 10000  | USD      | 10000                | USD          | 10000                         | User                    | Collective              | NULL        | 2024-10-11T11:27:11.421Z      |
+| EXPENSE               | Invoice                                                   | DEBIT  | -10000 | USD      | -10000               | USD          | -10000                        | Collective              | User                    | Fiscal Host | 2024-10-11T11:27:11.421Z      |
+| PAYMENT_PROCESSOR_FEE | Other Payment Processor payment processor fee             | CREDIT | 1000   | USD      | 1000                 | USD          | 1000                          | Other Payment Processor | Collective              | NULL        |                               |
+| PAYMENT_PROCESSOR_FEE | Other Payment Processor payment processor fee             | DEBIT  | -1000  | USD      | -1000                | USD          | -1000                         | Collective              | Other Payment Processor | Fiscal Host |                               |"
+`;
+
+exports[`server/paymentProviders/transferwise/webhook handleTransferRefund Expense was already PAID (has Transactions) should fully refund the transactions if refunded amount matches the amount paid 1`] = `
+"
+| kind                  | description                                               | type   | amount | currency | amountInHostCurrency | hostCurrency | netAmountInCollectiveCurrency | To                      | From                    | Host        | data.refundWiseEventTimestamp |
+| --------------------- | --------------------------------------------------------- | ------ | ------ | -------- | -------------------- | ------------ | ----------------------------- | ----------------------- | ----------------------- | ----------- | ----------------------------- |
+| EXPENSE               | Refund of \\"Invoice\\"                                       | CREDIT | 10000  | USD      | 10000                | USD          | 10000                         | Collective              | User                    | Fiscal Host |                               |
+| EXPENSE               | Refund of \\"Invoice\\"                                       | DEBIT  | -10000 | USD      | -10000               | USD          | -10000                        | User                    | Collective              | NULL        |                               |
+| PAYMENT_PROCESSOR_FEE | Refund of \\"Other Payment Processor payment processor fee\\" | CREDIT | 1000   | USD      | 1000                 | USD          | 1000                          | Collective              | Other Payment Processor | Fiscal Host |                               |
+| PAYMENT_PROCESSOR_FEE | Refund of \\"Other Payment Processor payment processor fee\\" | DEBIT  | -1000  | USD      | -1000                | USD          | -1000                         | Other Payment Processor | Collective              | NULL        |                               |
+| EXPENSE               | Invoice                                                   | CREDIT | 10000  | USD      | 10000                | USD          | 10000                         | User                    | Collective              | NULL        | 2024-10-11T11:27:11.421Z      |
+| EXPENSE               | Invoice                                                   | DEBIT  | -10000 | USD      | -10000               | USD          | -10000                        | Collective              | User                    | Fiscal Host | 2024-10-11T11:27:11.421Z      |
+| PAYMENT_PROCESSOR_FEE | Other Payment Processor payment processor fee             | CREDIT | 1000   | USD      | 1000                 | USD          | 1000                          | Other Payment Processor | Collective              | NULL        |                               |
+| PAYMENT_PROCESSOR_FEE | Other Payment Processor payment processor fee             | DEBIT  | -1000  | USD      | -1000                | USD          | -1000                         | Collective              | Other Payment Processor | Fiscal Host |                               |"
+`;
+
+exports[`server/paymentProviders/transferwise/webhook handleTransferRefund Expense was already PAID (has Transactions) should partially refund the transactions if refunded amount is less than the amount paid 1`] = `
+"
+| kind                    | description                                               | type   | amount | currency | amountInHostCurrency | hostCurrency | netAmountInCollectiveCurrency | To                      | From                    | Host        | data.refundWiseEventTimestamp |
+| ----------------------- | --------------------------------------------------------- | ------ | ------ | -------- | -------------------- | ------------ | ----------------------------- | ----------------------- | ----------------------- | ----------- | ----------------------------- |
+| EXPENSE                 | Refund of \\"Invoice\\"                                       | CREDIT | 10000  | USD      | 10000                | USD          | 10000                         | Collective              | User                    | Fiscal Host |                               |
+| EXPENSE                 | Refund of \\"Invoice\\"                                       | DEBIT  | -10000 | USD      | -10000               | USD          | -10000                        | User                    | Collective              | NULL        |                               |
+| PAYMENT_PROCESSOR_COVER | Cover of payment processor fee for refund                 | CREDIT | 500    | USD      | 500                  | USD          | 500                           | Collective              | Fiscal Host             | Fiscal Host |                               |
+| PAYMENT_PROCESSOR_COVER | Cover of payment processor fee for refund                 | DEBIT  | -500   | USD      | -500                 | USD          | -500                          | Fiscal Host             | Collective              | Fiscal Host |                               |
+| PAYMENT_PROCESSOR_FEE   | Refund of \\"Other Payment Processor payment processor fee\\" | CREDIT | 500    | USD      | 500                  | USD          | 500                           | Collective              | Other Payment Processor | Fiscal Host |                               |
+| PAYMENT_PROCESSOR_FEE   | Refund of \\"Other Payment Processor payment processor fee\\" | DEBIT  | -500   | USD      | -500                 | USD          | -500                          | Other Payment Processor | Collective              | NULL        |                               |
+| EXPENSE                 | Invoice                                                   | CREDIT | 10000  | USD      | 10000                | USD          | 10000                         | User                    | Collective              | NULL        | 2024-10-11T11:27:11.421Z      |
+| EXPENSE                 | Invoice                                                   | DEBIT  | -10000 | USD      | -10000               | USD          | -10000                        | Collective              | User                    | Fiscal Host | 2024-10-11T11:27:11.421Z      |
+| PAYMENT_PROCESSOR_FEE   | Other Payment Processor payment processor fee             | CREDIT | 1000   | USD      | 1000                 | USD          | 1000                          | Other Payment Processor | Collective              | NULL        |                               |
+| PAYMENT_PROCESSOR_FEE   | Other Payment Processor payment processor fee             | DEBIT  | -1000  | USD      | -1000                | USD          | -1000                         | Collective              | Other Payment Processor | Fiscal Host |                               |"
+`;
+
+exports[`server/paymentProviders/transferwise/webhook handleTransferRefund Expense was already PAID (has Transactions) should work with Collectives that have a different currency than the Host 1`] = `
+"
+| kind                    | description                                               | type   | amount | currency | amountInHostCurrency | hostCurrency | netAmountInCollectiveCurrency | To                      | From                    | Host        | data.refundWiseEventTimestamp |
+| ----------------------- | --------------------------------------------------------- | ------ | ------ | -------- | -------------------- | ------------ | ----------------------------- | ----------------------- | ----------------------- | ----------- | ----------------------------- |
+| EXPENSE                 | Refund of \\"Invoice\\"                                       | CREDIT | 10000  | EUR      | 11900                | USD          | 10000                         | Collective              | User                    | Fiscal Host |                               |
+| EXPENSE                 | Refund of \\"Invoice\\"                                       | DEBIT  | -10000 | EUR      | -11900               | USD          | -10000                        | User                    | Collective              | NULL        |                               |
+| PAYMENT_PROCESSOR_COVER | Cover of payment processor fee for refund                 | CREDIT | 500    | EUR      | 595                  | USD          | 500                           | Collective              | Fiscal Host             | Fiscal Host |                               |
+| PAYMENT_PROCESSOR_COVER | Cover of payment processor fee for refund                 | DEBIT  | -500   | EUR      | -595                 | USD          | -500                          | Fiscal Host             | Collective              | Fiscal Host |                               |
+| PAYMENT_PROCESSOR_FEE   | Refund of \\"Other Payment Processor payment processor fee\\" | CREDIT | 500    | EUR      | 595                  | USD          | 500                           | Collective              | Other Payment Processor | Fiscal Host |                               |
+| PAYMENT_PROCESSOR_FEE   | Refund of \\"Other Payment Processor payment processor fee\\" | DEBIT  | -500   | EUR      | -595                 | USD          | -500                          | Other Payment Processor | Collective              | NULL        |                               |
+| EXPENSE                 | Invoice                                                   | CREDIT | 10000  | EUR      | 11900                | USD          | 10000                         | User                    | Collective              | NULL        | 2024-10-11T11:27:11.421Z      |
+| EXPENSE                 | Invoice                                                   | DEBIT  | -10000 | EUR      | -11900               | USD          | -10000                        | Collective              | User                    | Fiscal Host | 2024-10-11T11:27:11.421Z      |
+| PAYMENT_PROCESSOR_FEE   | Other Payment Processor payment processor fee             | CREDIT | 1000   | EUR      | 1190                 | USD          | 1000                          | Other Payment Processor | Collective              | NULL        |                               |
+| PAYMENT_PROCESSOR_FEE   | Other Payment Processor payment processor fee             | DEBIT  | -1000  | EUR      | -1190                | USD          | -1000                         | Collective              | Other Payment Processor | Fiscal Host |                               |"
+`;
+
+exports[`server/paymentProviders/transferwise/webhook handleTransferRefund Expense was already PAID (has Transactions) should work with an expense that was paid multiple times 1`] = `
+"
+| kind                    | description                                               | type   | amount | currency | amountInHostCurrency | hostCurrency | netAmountInCollectiveCurrency | To                      | From                    | Host        | data.refundWiseEventTimestamp |
+| ----------------------- | --------------------------------------------------------- | ------ | ------ | -------- | -------------------- | ------------ | ----------------------------- | ----------------------- | ----------------------- | ----------- | ----------------------------- |
+| EXPENSE                 | Refund of \\"Invoice\\"                                       | CREDIT | 10100  | USD      | 10100                | USD          | 10100                         | Collective              | User                    | Fiscal Host |                               |
+| EXPENSE                 | Refund of \\"Invoice\\"                                       | DEBIT  | -10100 | USD      | -10100               | USD          | -10100                        | User                    | Collective              | NULL        |                               |
+| PAYMENT_PROCESSOR_COVER | Cover of payment processor fee for refund                 | CREDIT | 500    | USD      | 500                  | USD          | 500                           | Collective              | Fiscal Host             | Fiscal Host |                               |
+| PAYMENT_PROCESSOR_COVER | Cover of payment processor fee for refund                 | DEBIT  | -500   | USD      | -500                 | USD          | -500                          | Fiscal Host             | Collective              | Fiscal Host |                               |
+| PAYMENT_PROCESSOR_FEE   | Refund of \\"Other Payment Processor payment processor fee\\" | CREDIT | 500    | USD      | 500                  | USD          | 500                           | Collective              | Other Payment Processor | Fiscal Host |                               |
+| PAYMENT_PROCESSOR_FEE   | Refund of \\"Other Payment Processor payment processor fee\\" | DEBIT  | -500   | USD      | -500                 | USD          | -500                          | Other Payment Processor | Collective              | NULL        |                               |
+| EXPENSE                 | Invoice                                                   | CREDIT | 10100  | USD      | 10100                | USD          | 10100                         | User                    | Collective              | NULL        | 2024-10-12T00:00:00.000Z      |
+| EXPENSE                 | Invoice                                                   | DEBIT  | -10100 | USD      | -10100               | USD          | -10100                        | Collective              | User                    | Fiscal Host | 2024-10-12T00:00:00.000Z      |
+| PAYMENT_PROCESSOR_FEE   | Other Payment Processor payment processor fee             | CREDIT | 1000   | USD      | 1000                 | USD          | 1000                          | Other Payment Processor | Collective              | NULL        |                               |
+| PAYMENT_PROCESSOR_FEE   | Other Payment Processor payment processor fee             | DEBIT  | -1000  | USD      | -1000                | USD          | -1000                         | Collective              | Other Payment Processor | Fiscal Host |                               |
+| EXPENSE                 | Refund of \\"Invoice\\"                                       | CREDIT | 10000  | USD      | 10000                | USD          | 10000                         | Collective              | User                    | Fiscal Host |                               |
+| EXPENSE                 | Refund of \\"Invoice\\"                                       | DEBIT  | -10000 | USD      | -10000               | USD          | -10000                        | User                    | Collective              | NULL        |                               |
+| PAYMENT_PROCESSOR_COVER | Cover of payment processor fee for refund                 | CREDIT | 500    | USD      | 500                  | USD          | 500                           | Collective              | Fiscal Host             | Fiscal Host |                               |
+| PAYMENT_PROCESSOR_COVER | Cover of payment processor fee for refund                 | DEBIT  | -500   | USD      | -500                 | USD          | -500                          | Fiscal Host             | Collective              | Fiscal Host |                               |
+| PAYMENT_PROCESSOR_FEE   | Refund of \\"Other Payment Processor payment processor fee\\" | CREDIT | 500    | USD      | 500                  | USD          | 500                           | Collective              | Other Payment Processor | Fiscal Host |                               |
+| PAYMENT_PROCESSOR_FEE   | Refund of \\"Other Payment Processor payment processor fee\\" | DEBIT  | -500   | USD      | -500                 | USD          | -500                          | Other Payment Processor | Collective              | NULL        |                               |
+| EXPENSE                 | Invoice                                                   | CREDIT | 10000  | USD      | 10000                | USD          | 10000                         | User                    | Collective              | NULL        | 2024-10-11T11:27:11.421Z      |
+| EXPENSE                 | Invoice                                                   | DEBIT  | -10000 | USD      | -10000               | USD          | -10000                        | Collective              | User                    | Fiscal Host | 2024-10-11T11:27:11.421Z      |
+| PAYMENT_PROCESSOR_FEE   | Other Payment Processor payment processor fee             | CREDIT | 1000   | USD      | 1000                 | USD          | 1000                          | Other Payment Processor | Collective              | NULL        |                               |
+| PAYMENT_PROCESSOR_FEE   | Other Payment Processor payment processor fee             | DEBIT  | -1000  | USD      | -1000                | USD          | -1000                         | Collective              | Other Payment Processor | Fiscal Host |                               |"
+`;
+
+exports[`server/paymentProviders/transferwise/webhook handleTransferRefund Expense was still in PROCESSING (has no Transactions) should create a Payment Processor Fee debit for the difference if partially refunded 1`] = `
+"
+| kind                  | description                                   | type   | amount | currency | amountInHostCurrency | hostCurrency | netAmountInCollectiveCurrency | To                      | From                    | Host        | data.refundWiseEventTimestamp |
+| --------------------- | --------------------------------------------- | ------ | ------ | -------- | -------------------- | ------------ | ----------------------------- | ----------------------- | ----------------------- | ----------- | ----------------------------- |
+| PAYMENT_PROCESSOR_FEE | Other Payment Processor payment processor fee | CREDIT | 1000   | USD      | 1000                 | USD          | 1000                          | Other Payment Processor | Collective              | NULL        |                               |
+| PAYMENT_PROCESSOR_FEE | Other Payment Processor payment processor fee | DEBIT  | -1000  | USD      | -1000                | USD          | -1000                         | Collective              | Other Payment Processor | Fiscal Host |                               |"
+`;
diff --git a/test/test-helpers/fake-data.ts b/test/test-helpers/fake-data.ts
index f1af45fe620..717074ecf68 100644
--- a/test/test-helpers/fake-data.ts
+++ b/test/test-helpers/fake-data.ts
@@ -167,7 +167,7 @@ export const fakeUser = async (
 
   const userCollective = await fakeCollective({
     type: CollectiveType.USER,
-    name: randStr('User Name'),
+    name: (userData?.name as string) || randStr('User Name'),
     slug: randStr('user-'),
     data: { UserId: user.id },
     HostCollectiveId: null,

From 7eccd692376d2f3a686f4c6c07c6aecd7a8fb63d Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Thu, 7 Nov 2024 11:07:40 +0100
Subject: [PATCH 036/129] chore(Plaid): log unsupported events (#10453)

---
 server/lib/plaid/sync.ts | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/server/lib/plaid/sync.ts b/server/lib/plaid/sync.ts
index 185c8bc8a70..f898403b244 100644
--- a/server/lib/plaid/sync.ts
+++ b/server/lib/plaid/sync.ts
@@ -5,7 +5,7 @@ import ConnectedAccount from '../../models/ConnectedAccount';
 import { TransactionsImportLockedError } from '../../models/TransactionsImport';
 import logger from '../logger';
 import { floatAmountToCents } from '../math';
-import { reportErrorToSentry } from '../sentry';
+import { reportErrorToSentry, reportMessageToSentry } from '../sentry';
 
 import { getPlaidClient } from './client';
 
@@ -100,6 +100,16 @@ const syncTransactionsImport = async (
       });
 
       const data = response.data; // We're only interested in new transactions for now, but Plaid also returns `modified` and `removed` transactions
+      if (data.removed.length || data.modified.length) {
+        reportMessageToSentry('Plaid returned removed or modified transactions', {
+          extra: {
+            connectedAccountId: connectedAccount.id,
+            removed: data.removed,
+            modified: data.modified,
+          },
+        });
+      }
+
       const newTransactions = data.added.filter(transaction => !syncedTransactionIds.has(transaction.transaction_id));
       if (options.log) {
         logger.info(

From 0e2af17461c44ecb131ad6e0fa43c8a59b28f0a8 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 7 Nov 2024 12:34:06 +0100
Subject: [PATCH 037/129] fix(deps): update dependency intl-messageformat to
 v10.7.6 (#10443)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 54 +++++++++++++++++++++++------------------------
 package.json      |  2 +-
 2 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 79265c7f53e..e5ad8cdd1a2 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -73,7 +73,7 @@
         "html-pdf": "3.0.1",
         "html-to-text": "9.0.5",
         "ics": "3.8.1",
-        "intl-messageformat": "10.7.3",
+        "intl-messageformat": "10.7.6",
         "jsonwebtoken": "9.0.2",
         "juice": "10.0.1",
         "limax": "4.1.0",
@@ -4149,50 +4149,50 @@
       }
     },
     "node_modules/@formatjs/ecma402-abstract": {
-      "version": "2.2.1",
-      "resolved": "https://registry.npmjs.org/@formatjs/ecma402-abstract/-/ecma402-abstract-2.2.1.tgz",
-      "integrity": "sha512-O4ywpkdJybrjFc9zyL8qK5aklleIAi5O4nYhBVJaOFtCkNrnU+lKFeJOFC48zpsZQmR8Aok2V79hGpHnzbmFpg==",
+      "version": "2.2.3",
+      "resolved": "https://registry.npmjs.org/@formatjs/ecma402-abstract/-/ecma402-abstract-2.2.3.tgz",
+      "integrity": "sha512-aElGmleuReGnk2wtYOzYFmNWYoiWWmf1pPPCYg0oiIQSJj0mjc4eUfzUXaSOJ4S8WzI/cLqnCTWjqz904FT2OQ==",
       "license": "MIT",
       "dependencies": {
-        "@formatjs/fast-memoize": "2.2.2",
-        "@formatjs/intl-localematcher": "0.5.6",
+        "@formatjs/fast-memoize": "2.2.3",
+        "@formatjs/intl-localematcher": "0.5.7",
         "tslib": "2"
       }
     },
     "node_modules/@formatjs/fast-memoize": {
-      "version": "2.2.2",
-      "resolved": "https://registry.npmjs.org/@formatjs/fast-memoize/-/fast-memoize-2.2.2.tgz",
-      "integrity": "sha512-mzxZcS0g1pOzwZTslJOBTmLzDXseMLLvnh25ymRilCm8QLMObsQ7x/rj9GNrH0iUhZMlFisVOD6J1n6WQqpKPQ==",
+      "version": "2.2.3",
+      "resolved": "https://registry.npmjs.org/@formatjs/fast-memoize/-/fast-memoize-2.2.3.tgz",
+      "integrity": "sha512-3jeJ+HyOfu8osl3GNSL4vVHUuWFXR03Iz9jjgI7RwjG6ysu/Ymdr0JRCPHfF5yGbTE6JCrd63EpvX1/WybYRbA==",
       "license": "MIT",
       "dependencies": {
         "tslib": "2"
       }
     },
     "node_modules/@formatjs/icu-messageformat-parser": {
-      "version": "2.9.1",
-      "resolved": "https://registry.npmjs.org/@formatjs/icu-messageformat-parser/-/icu-messageformat-parser-2.9.1.tgz",
-      "integrity": "sha512-7AYk4tjnLi5wBkxst2w7qFj38JLMJoqzj7BhdEl7oTlsWMlqwgx4p9oMmmvpXWTSDGNwOKBRc1SfwMh5MOHeNg==",
+      "version": "2.9.3",
+      "resolved": "https://registry.npmjs.org/@formatjs/icu-messageformat-parser/-/icu-messageformat-parser-2.9.3.tgz",
+      "integrity": "sha512-9L99QsH14XjOCIp4TmbT8wxuffJxGK8uLNO1zNhLtcZaVXvv626N0s4A2qgRCKG3dfYWx9psvGlFmvyVBa6u/w==",
       "license": "MIT",
       "dependencies": {
-        "@formatjs/ecma402-abstract": "2.2.1",
-        "@formatjs/icu-skeleton-parser": "1.8.5",
+        "@formatjs/ecma402-abstract": "2.2.3",
+        "@formatjs/icu-skeleton-parser": "1.8.7",
         "tslib": "2"
       }
     },
     "node_modules/@formatjs/icu-skeleton-parser": {
-      "version": "1.8.5",
-      "resolved": "https://registry.npmjs.org/@formatjs/icu-skeleton-parser/-/icu-skeleton-parser-1.8.5.tgz",
-      "integrity": "sha512-zRZ/e3B5qY2+JCLs7puTzWS1Jb+t/K+8Jur/gEZpA2EjWeLDE17nsx8thyo9P48Mno7UmafnPupV2NCJXX17Dg==",
+      "version": "1.8.7",
+      "resolved": "https://registry.npmjs.org/@formatjs/icu-skeleton-parser/-/icu-skeleton-parser-1.8.7.tgz",
+      "integrity": "sha512-fI+6SmS2g7h3srfAKSWa5dwreU5zNEfon2uFo99OToiLF6yxGE+WikvFSbsvMAYkscucvVmTYNlWlaDPp0n5HA==",
       "license": "MIT",
       "dependencies": {
-        "@formatjs/ecma402-abstract": "2.2.1",
+        "@formatjs/ecma402-abstract": "2.2.3",
         "tslib": "2"
       }
     },
     "node_modules/@formatjs/intl-localematcher": {
-      "version": "0.5.6",
-      "resolved": "https://registry.npmjs.org/@formatjs/intl-localematcher/-/intl-localematcher-0.5.6.tgz",
-      "integrity": "sha512-roz1+Ba5e23AHX6KUAWmLEyTRZegM5YDuxuvkHCyK3RJddf/UXB2f+s7pOMm9ktfPGla0g+mQXOn5vsuYirnaA==",
+      "version": "0.5.7",
+      "resolved": "https://registry.npmjs.org/@formatjs/intl-localematcher/-/intl-localematcher-0.5.7.tgz",
+      "integrity": "sha512-GGFtfHGQVFe/niOZp24Kal5b2i36eE2bNL0xi9Sg/yd0TR8aLjcteApZdHmismP5QQax1cMnZM9yWySUUjJteA==",
       "license": "MIT",
       "dependencies": {
         "tslib": "2"
@@ -16975,14 +16975,14 @@
       }
     },
     "node_modules/intl-messageformat": {
-      "version": "10.7.3",
-      "resolved": "https://registry.npmjs.org/intl-messageformat/-/intl-messageformat-10.7.3.tgz",
-      "integrity": "sha512-AAo/3oyh7ROfPhDuh7DxTTydh97OC+lv7h1Eq5LuHWuLsUMKOhtzTYuyXlUReuwZ9vANDHo4CS1bGRrn7TZRtg==",
+      "version": "10.7.6",
+      "resolved": "https://registry.npmjs.org/intl-messageformat/-/intl-messageformat-10.7.6.tgz",
+      "integrity": "sha512-IsMU/hqyy3FJwNJ0hxDfY2heJ7MteSuFvcnCebxRp67di4Fhx1gKKE+qS0bBwUF8yXkX9SsPUhLeX/B6h5SKUA==",
       "license": "BSD-3-Clause",
       "dependencies": {
-        "@formatjs/ecma402-abstract": "2.2.1",
-        "@formatjs/fast-memoize": "2.2.2",
-        "@formatjs/icu-messageformat-parser": "2.9.1",
+        "@formatjs/ecma402-abstract": "2.2.3",
+        "@formatjs/fast-memoize": "2.2.3",
+        "@formatjs/icu-messageformat-parser": "2.9.3",
         "tslib": "2"
       }
     },
diff --git a/package.json b/package.json
index 2b294b03e0f..c9f8a01dca6 100644
--- a/package.json
+++ b/package.json
@@ -94,7 +94,7 @@
     "html-pdf": "3.0.1",
     "html-to-text": "9.0.5",
     "ics": "3.8.1",
-    "intl-messageformat": "10.7.3",
+    "intl-messageformat": "10.7.6",
     "jsonwebtoken": "9.0.2",
     "juice": "10.0.1",
     "limax": "4.1.0",

From 99b2a92cc1098fbf4a1f3688ef5aad46488dbf61 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 7 Nov 2024 12:34:50 +0100
Subject: [PATCH 038/129] chore(deps): update dependency
 @opentelemetry/auto-instrumentations-node to ^0.52.0 (#10444)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 2571 +++++++++------------------------------------
 package.json      |    2 +-
 2 files changed, 513 insertions(+), 2060 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index e5ad8cdd1a2..929f396cf0c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -119,7 +119,7 @@
         "@babel/register": "^7.23.7",
         "@graphql-eslint/eslint-plugin": "^3.20.1",
         "@opentelemetry/api": "^1.7.0",
-        "@opentelemetry/auto-instrumentations-node": "^0.51.0",
+        "@opentelemetry/auto-instrumentations-node": "^0.52.0",
         "@opentelemetry/exporter-trace-otlp-proto": "^0.54.0",
         "@opentelemetry/instrumentation": "^0.54.0",
         "@opentelemetry/resources": "^1.20.0",
@@ -4708,9 +4708,9 @@
       }
     },
     "node_modules/@grpc/grpc-js": {
-      "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.11.1.tgz",
-      "integrity": "sha512-gyt/WayZrVPH2w/UTLansS7F9Nwld472JxxaETamrM8HNlsa+jSLNyKAZmhxI2Me4c3mQHFiS1wWHDY1g1Kthw==",
+      "version": "1.12.2",
+      "resolved": "https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.12.2.tgz",
+      "integrity": "sha512-bgxdZmgTrJZX50OjyVwz3+mNEnCTNkh3cIqGPWVNeW9jX6bn1ZkU80uPd+67/ZpIJIjRQ9qaHCjhavyoWYxumg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -6161,72 +6161,72 @@
       }
     },
     "node_modules/@opentelemetry/api-logs": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.53.0.tgz",
-      "integrity": "sha512-8HArjKx+RaAI8uEIgcORbZIPklyh1YLjPSBus8hjRmvLi6DeFzgOcdZ7KwPabKj8mXF8dX0hyfAyGfycz0DbFw==",
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.54.0.tgz",
+      "integrity": "sha512-9HhEh5GqFrassUndqJsyW7a0PzfyWr2eV2xwzHLIS+wX3125+9HE9FMRAKmJRwxZhgZGwH3HNQQjoMGZqmOeVA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api": "^1.0.0"
+        "@opentelemetry/api": "^1.3.0"
       },
       "engines": {
         "node": ">=14"
       }
     },
     "node_modules/@opentelemetry/auto-instrumentations-node": {
-      "version": "0.51.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/auto-instrumentations-node/-/auto-instrumentations-node-0.51.0.tgz",
-      "integrity": "sha512-xsgydgtJiToxvFsDcmLDrHiFfHOmdomqk4KCnr40YZdsfw7KO4RJEU0om2f7pFh6WUI5q8nSQ53QgZ+DAz6TzA==",
+      "version": "0.52.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/auto-instrumentations-node/-/auto-instrumentations-node-0.52.0.tgz",
+      "integrity": "sha512-J9SgX7NOpTvQ7itvlOlHP3lTlsMWtVh5WQSHUSTlg2m3A9HlZBri2DtZ8QgNj8rYWe0EQxQ3TQ3H6vabfun4vw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/instrumentation-amqplib": "^0.42.0",
-        "@opentelemetry/instrumentation-aws-lambda": "^0.45.0",
-        "@opentelemetry/instrumentation-aws-sdk": "^0.44.0",
-        "@opentelemetry/instrumentation-bunyan": "^0.41.0",
-        "@opentelemetry/instrumentation-cassandra-driver": "^0.41.0",
-        "@opentelemetry/instrumentation-connect": "^0.39.0",
-        "@opentelemetry/instrumentation-cucumber": "^0.9.0",
-        "@opentelemetry/instrumentation-dataloader": "^0.12.0",
-        "@opentelemetry/instrumentation-dns": "^0.39.0",
-        "@opentelemetry/instrumentation-express": "^0.43.0",
-        "@opentelemetry/instrumentation-fastify": "^0.40.0",
-        "@opentelemetry/instrumentation-fs": "^0.15.0",
-        "@opentelemetry/instrumentation-generic-pool": "^0.39.0",
-        "@opentelemetry/instrumentation-graphql": "^0.43.0",
-        "@opentelemetry/instrumentation-grpc": "^0.53.0",
-        "@opentelemetry/instrumentation-hapi": "^0.41.0",
-        "@opentelemetry/instrumentation-http": "^0.53.0",
-        "@opentelemetry/instrumentation-ioredis": "^0.43.0",
-        "@opentelemetry/instrumentation-kafkajs": "^0.3.0",
-        "@opentelemetry/instrumentation-knex": "^0.40.0",
-        "@opentelemetry/instrumentation-koa": "^0.43.0",
-        "@opentelemetry/instrumentation-lru-memoizer": "^0.40.0",
-        "@opentelemetry/instrumentation-memcached": "^0.39.0",
-        "@opentelemetry/instrumentation-mongodb": "^0.47.0",
-        "@opentelemetry/instrumentation-mongoose": "^0.42.0",
-        "@opentelemetry/instrumentation-mysql": "^0.41.0",
-        "@opentelemetry/instrumentation-mysql2": "^0.41.0",
-        "@opentelemetry/instrumentation-nestjs-core": "^0.40.0",
-        "@opentelemetry/instrumentation-net": "^0.39.0",
-        "@opentelemetry/instrumentation-pg": "^0.46.0",
-        "@opentelemetry/instrumentation-pino": "^0.42.0",
-        "@opentelemetry/instrumentation-redis": "^0.42.0",
-        "@opentelemetry/instrumentation-redis-4": "^0.42.1",
-        "@opentelemetry/instrumentation-restify": "^0.41.0",
-        "@opentelemetry/instrumentation-router": "^0.40.0",
-        "@opentelemetry/instrumentation-socket.io": "^0.42.0",
-        "@opentelemetry/instrumentation-tedious": "^0.14.0",
-        "@opentelemetry/instrumentation-undici": "^0.6.0",
-        "@opentelemetry/instrumentation-winston": "^0.40.0",
-        "@opentelemetry/resource-detector-alibaba-cloud": "^0.29.3",
-        "@opentelemetry/resource-detector-aws": "^1.6.2",
-        "@opentelemetry/resource-detector-azure": "^0.2.11",
-        "@opentelemetry/resource-detector-container": "^0.4.4",
-        "@opentelemetry/resource-detector-gcp": "^0.29.12",
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/instrumentation-amqplib": "^0.43.0",
+        "@opentelemetry/instrumentation-aws-lambda": "^0.46.0",
+        "@opentelemetry/instrumentation-aws-sdk": "^0.45.0",
+        "@opentelemetry/instrumentation-bunyan": "^0.42.0",
+        "@opentelemetry/instrumentation-cassandra-driver": "^0.42.0",
+        "@opentelemetry/instrumentation-connect": "^0.40.0",
+        "@opentelemetry/instrumentation-cucumber": "^0.10.0",
+        "@opentelemetry/instrumentation-dataloader": "^0.13.0",
+        "@opentelemetry/instrumentation-dns": "^0.40.0",
+        "@opentelemetry/instrumentation-express": "^0.44.0",
+        "@opentelemetry/instrumentation-fastify": "^0.41.0",
+        "@opentelemetry/instrumentation-fs": "^0.16.0",
+        "@opentelemetry/instrumentation-generic-pool": "^0.40.0",
+        "@opentelemetry/instrumentation-graphql": "^0.44.0",
+        "@opentelemetry/instrumentation-grpc": "^0.54.0",
+        "@opentelemetry/instrumentation-hapi": "^0.42.0",
+        "@opentelemetry/instrumentation-http": "^0.54.0",
+        "@opentelemetry/instrumentation-ioredis": "^0.44.0",
+        "@opentelemetry/instrumentation-kafkajs": "^0.4.0",
+        "@opentelemetry/instrumentation-knex": "^0.41.0",
+        "@opentelemetry/instrumentation-koa": "^0.44.0",
+        "@opentelemetry/instrumentation-lru-memoizer": "^0.41.0",
+        "@opentelemetry/instrumentation-memcached": "^0.40.0",
+        "@opentelemetry/instrumentation-mongodb": "^0.48.0",
+        "@opentelemetry/instrumentation-mongoose": "^0.43.0",
+        "@opentelemetry/instrumentation-mysql": "^0.42.0",
+        "@opentelemetry/instrumentation-mysql2": "^0.42.0",
+        "@opentelemetry/instrumentation-nestjs-core": "^0.41.0",
+        "@opentelemetry/instrumentation-net": "^0.40.0",
+        "@opentelemetry/instrumentation-pg": "^0.47.0",
+        "@opentelemetry/instrumentation-pino": "^0.43.0",
+        "@opentelemetry/instrumentation-redis": "^0.43.0",
+        "@opentelemetry/instrumentation-redis-4": "^0.43.0",
+        "@opentelemetry/instrumentation-restify": "^0.42.0",
+        "@opentelemetry/instrumentation-router": "^0.41.0",
+        "@opentelemetry/instrumentation-socket.io": "^0.43.0",
+        "@opentelemetry/instrumentation-tedious": "^0.15.0",
+        "@opentelemetry/instrumentation-undici": "^0.7.0",
+        "@opentelemetry/instrumentation-winston": "^0.41.0",
+        "@opentelemetry/resource-detector-alibaba-cloud": "^0.29.4",
+        "@opentelemetry/resource-detector-aws": "^1.7.0",
+        "@opentelemetry/resource-detector-azure": "^0.2.12",
+        "@opentelemetry/resource-detector-container": "^0.5.0",
+        "@opentelemetry/resource-detector-gcp": "^0.29.13",
         "@opentelemetry/resources": "^1.24.0",
-        "@opentelemetry/sdk-node": "^0.53.0"
+        "@opentelemetry/sdk-node": "^0.54.0"
       },
       "engines": {
         "node": ">=14"
@@ -6235,44 +6235,10 @@
         "@opentelemetry/api": "^1.4.1"
       }
     },
-    "node_modules/@opentelemetry/auto-instrumentations-node/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/auto-instrumentations-node/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
     "node_modules/@opentelemetry/context-async-hooks": {
-      "version": "1.26.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/context-async-hooks/-/context-async-hooks-1.26.0.tgz",
-      "integrity": "sha512-HedpXXYzzbaoutw6DFLWLDket2FwLkLpil4hGCZ1xYEIMTcivdfwEOISgdbLEWyG3HW52gTq2V9mOVJrONgiwg==",
+      "version": "1.27.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/context-async-hooks/-/context-async-hooks-1.27.0.tgz",
+      "integrity": "sha512-CdZ3qmHCwNhFAzjTgHqrDQ44Qxcpz43cVxZRhOs+Ns/79ug+Mr84Bkb626bkJLkA3+BLimA5YAEVRlJC6pFb7g==",
       "dev": true,
       "license": "Apache-2.0",
       "engines": {
@@ -6283,9 +6249,9 @@
       }
     },
     "node_modules/@opentelemetry/core": {
-      "version": "1.26.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-1.26.0.tgz",
-      "integrity": "sha512-1iKxXXE8415Cdv0yjG3G6hQnB5eVEsJce3QaawX8SjDn0mAS0ZM8fAbZZJD4ajvhC15cePvosSCut404KrIIvQ==",
+      "version": "1.27.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-1.27.0.tgz",
+      "integrity": "sha512-yQPKnK5e+76XuiqUH/gKyS8wv/7qITd5ln56QkBTf3uggr0VkXOXfcaAuG330UfdYu83wsyoBwqwxigpIG+Jkg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -6299,106 +6265,106 @@
       }
     },
     "node_modules/@opentelemetry/exporter-logs-otlp-grpc": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-logs-otlp-grpc/-/exporter-logs-otlp-grpc-0.53.0.tgz",
-      "integrity": "sha512-x5ygAQgWAQOI+UOhyV3z9eW7QU2dCfnfOuIBiyYmC2AWr74f6x/3JBnP27IAcEx6aihpqBYWKnpoUTztkVPAZw==",
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-logs-otlp-grpc/-/exporter-logs-otlp-grpc-0.54.0.tgz",
+      "integrity": "sha512-CQC9xl9p8EIvx2KggdM7yffbpmUArKjiqAcjTTTEvqE8kOOf71NSuBU0FXs14FU8vBGTUlsr3oI4vGeWF8FakA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
         "@grpc/grpc-js": "^1.7.1",
-        "@opentelemetry/core": "1.26.0",
-        "@opentelemetry/otlp-grpc-exporter-base": "0.53.0",
-        "@opentelemetry/otlp-transformer": "0.53.0",
-        "@opentelemetry/sdk-logs": "0.53.0"
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/otlp-grpc-exporter-base": "0.54.0",
+        "@opentelemetry/otlp-transformer": "0.54.0",
+        "@opentelemetry/sdk-logs": "0.54.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.0.0"
+        "@opentelemetry/api": "^1.3.0"
       }
     },
     "node_modules/@opentelemetry/exporter-logs-otlp-http": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-logs-otlp-http/-/exporter-logs-otlp-http-0.53.0.tgz",
-      "integrity": "sha512-cSRKgD/n8rb+Yd+Cif6EnHEL/VZg1o8lEcEwFji1lwene6BdH51Zh3feAD9p2TyVoBKrl6Q9Zm2WltSp2k9gWQ==",
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-logs-otlp-http/-/exporter-logs-otlp-http-0.54.0.tgz",
+      "integrity": "sha512-EX/5YPtFw5hugURWSmOtJEGsjphkwTRAiv2yay40ADCLEzajhI/tM3v/7hFCj+rm37sGFMNawpi3mGLvfKGexQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@opentelemetry/core": "1.26.0",
-        "@opentelemetry/otlp-exporter-base": "0.53.0",
-        "@opentelemetry/otlp-transformer": "0.53.0",
-        "@opentelemetry/sdk-logs": "0.53.0"
+        "@opentelemetry/api-logs": "0.54.0",
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/otlp-exporter-base": "0.54.0",
+        "@opentelemetry/otlp-transformer": "0.54.0",
+        "@opentelemetry/sdk-logs": "0.54.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.0.0"
+        "@opentelemetry/api": "^1.3.0"
       }
     },
     "node_modules/@opentelemetry/exporter-logs-otlp-proto": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-logs-otlp-proto/-/exporter-logs-otlp-proto-0.53.0.tgz",
-      "integrity": "sha512-jhEcVL1deeWNmTUP05UZMriZPSWUBcfg94ng7JuBb1q2NExgnADQFl1VQQ+xo62/JepK+MxQe4xAwlsDQFbISA==",
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-logs-otlp-proto/-/exporter-logs-otlp-proto-0.54.0.tgz",
+      "integrity": "sha512-Q8p1eLP6BGu26VdiR8qBiyufXTZimUl2kv6EwZZPLRU0CJWAFR562UOyUtDxbwQioQFq57DVjCd6mQWBvydAlg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@opentelemetry/core": "1.26.0",
-        "@opentelemetry/otlp-exporter-base": "0.53.0",
-        "@opentelemetry/otlp-transformer": "0.53.0",
-        "@opentelemetry/resources": "1.26.0",
-        "@opentelemetry/sdk-logs": "0.53.0",
-        "@opentelemetry/sdk-trace-base": "1.26.0"
+        "@opentelemetry/api-logs": "0.54.0",
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/otlp-exporter-base": "0.54.0",
+        "@opentelemetry/otlp-transformer": "0.54.0",
+        "@opentelemetry/resources": "1.27.0",
+        "@opentelemetry/sdk-logs": "0.54.0",
+        "@opentelemetry/sdk-trace-base": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.0.0"
+        "@opentelemetry/api": "^1.3.0"
       }
     },
     "node_modules/@opentelemetry/exporter-trace-otlp-grpc": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-trace-otlp-grpc/-/exporter-trace-otlp-grpc-0.53.0.tgz",
-      "integrity": "sha512-m6KSh6OBDwfDjpzPVbuJbMgMbkoZfpxYH2r262KckgX9cMYvooWXEKzlJYsNDC6ADr28A1rtRoUVRwNfIN4tUg==",
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-trace-otlp-grpc/-/exporter-trace-otlp-grpc-0.54.0.tgz",
+      "integrity": "sha512-DOoK7yk/L/RHoyuYTxIyGY7PLFSTS7OGNks9htMS7eAFkm4Lsa6EtPlGANCT39NXWP4XIQR1c+Y+YIQ7lJdI+w==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
         "@grpc/grpc-js": "^1.7.1",
-        "@opentelemetry/core": "1.26.0",
-        "@opentelemetry/otlp-grpc-exporter-base": "0.53.0",
-        "@opentelemetry/otlp-transformer": "0.53.0",
-        "@opentelemetry/resources": "1.26.0",
-        "@opentelemetry/sdk-trace-base": "1.26.0"
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/otlp-grpc-exporter-base": "0.54.0",
+        "@opentelemetry/otlp-transformer": "0.54.0",
+        "@opentelemetry/resources": "1.27.0",
+        "@opentelemetry/sdk-trace-base": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.0.0"
+        "@opentelemetry/api": "^1.3.0"
       }
     },
     "node_modules/@opentelemetry/exporter-trace-otlp-http": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-trace-otlp-http/-/exporter-trace-otlp-http-0.53.0.tgz",
-      "integrity": "sha512-m7F5ZTq+V9mKGWYpX8EnZ7NjoqAU7VemQ1E2HAG+W/u0wpY1x0OmbxAXfGKFHCspdJk8UKlwPGrpcB8nay3P8A==",
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-trace-otlp-http/-/exporter-trace-otlp-http-0.54.0.tgz",
+      "integrity": "sha512-00X6rtr6Ew59+MM9pPSH7Ww5ScpWKBLiBA49awbPqQuVL/Bp0qp7O1cTxKHgjWdNkhsELzJxAEYwuRnDGrMXyA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "1.26.0",
-        "@opentelemetry/otlp-exporter-base": "0.53.0",
-        "@opentelemetry/otlp-transformer": "0.53.0",
-        "@opentelemetry/resources": "1.26.0",
-        "@opentelemetry/sdk-trace-base": "1.26.0"
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/otlp-exporter-base": "0.54.0",
+        "@opentelemetry/otlp-transformer": "0.54.0",
+        "@opentelemetry/resources": "1.27.0",
+        "@opentelemetry/sdk-trace-base": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.0.0"
+        "@opentelemetry/api": "^1.3.0"
       }
     },
     "node_modules/@opentelemetry/exporter-trace-otlp-proto": {
@@ -6421,44 +6387,56 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/exporter-trace-otlp-proto/node_modules/@opentelemetry/api-logs": {
-      "version": "0.54.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.54.0.tgz",
-      "integrity": "sha512-9HhEh5GqFrassUndqJsyW7a0PzfyWr2eV2xwzHLIS+wX3125+9HE9FMRAKmJRwxZhgZGwH3HNQQjoMGZqmOeVA==",
+    "node_modules/@opentelemetry/exporter-zipkin": {
+      "version": "1.27.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-zipkin/-/exporter-zipkin-1.27.0.tgz",
+      "integrity": "sha512-eGMY3s4QprspFZojqsuQyQpWNFpo+oNVE/aosTbtvAlrJBAlvXcwwsOROOHOd8Y9lkU4i0FpQW482rcXkgwCSw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/resources": "1.27.0",
+        "@opentelemetry/sdk-trace-base": "1.27.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
         "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.0.0"
       }
     },
-    "node_modules/@opentelemetry/exporter-trace-otlp-proto/node_modules/@opentelemetry/core": {
-      "version": "1.27.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-1.27.0.tgz",
-      "integrity": "sha512-yQPKnK5e+76XuiqUH/gKyS8wv/7qITd5ln56QkBTf3uggr0VkXOXfcaAuG330UfdYu83wsyoBwqwxigpIG+Jkg==",
+    "node_modules/@opentelemetry/instrumentation": {
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.54.0.tgz",
+      "integrity": "sha512-B0Ydo9g9ehgNHwtpc97XivEzjz0XBKR6iQ83NTENIxEEf5NHE0otZQuZLgDdey1XNk+bP1cfRpIkSFWM5YlSyg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/semantic-conventions": "1.27.0"
+        "@opentelemetry/api-logs": "0.54.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": ">=1.0.0 <1.10.0"
+        "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/exporter-trace-otlp-proto/node_modules/@opentelemetry/otlp-exporter-base": {
-      "version": "0.54.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-exporter-base/-/otlp-exporter-base-0.54.0.tgz",
-      "integrity": "sha512-g+H7+QleVF/9lz4zhaR9Dt4VwApjqG5WWupy5CTMpWJfHB/nLxBbX73GBZDgdiNfh08nO3rNa6AS7fK8OhgF5g==",
+    "node_modules/@opentelemetry/instrumentation-amqplib": {
+      "version": "0.43.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-amqplib/-/instrumentation-amqplib-0.43.0.tgz",
+      "integrity": "sha512-ALjfQC+0dnIEcvNYsbZl/VLh7D2P1HhFF4vicRKHhHFIUV3Shpg4kXgiek5PLhmeKSIPiUB25IYH5RIneclL4A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "1.27.0",
-        "@opentelemetry/otlp-transformer": "0.54.0"
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
         "node": ">=14"
@@ -6467,20 +6445,17 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/exporter-trace-otlp-proto/node_modules/@opentelemetry/otlp-transformer": {
-      "version": "0.54.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-transformer/-/otlp-transformer-0.54.0.tgz",
-      "integrity": "sha512-jRexIASQQzdK4AjfNIBfn94itAq4Q8EXR9d3b/OVbhd3kKQKvMr7GkxYDjbeTbY7hHCOLcLfJ3dpYQYGOe8qOQ==",
+    "node_modules/@opentelemetry/instrumentation-aws-lambda": {
+      "version": "0.46.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-aws-lambda/-/instrumentation-aws-lambda-0.46.0.tgz",
+      "integrity": "sha512-rNmhTC1e1qQD4jw+TZSHlpLYNhrkbKA0P5rlqPpTVHqZXHQctu9+dity2lLBh4DlFKt4p/ibVDLVDoBqjvetKA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.54.0",
-        "@opentelemetry/core": "1.27.0",
-        "@opentelemetry/resources": "1.27.0",
-        "@opentelemetry/sdk-logs": "0.54.0",
-        "@opentelemetry/sdk-metrics": "1.27.0",
-        "@opentelemetry/sdk-trace-base": "1.27.0",
-        "protobufjs": "^7.3.0"
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/propagator-aws-xray": "^1.3.1",
+        "@opentelemetry/semantic-conventions": "^1.27.0",
+        "@types/aws-lambda": "8.10.143"
       },
       "engines": {
         "node": ">=14"
@@ -6489,87 +6464,88 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/exporter-trace-otlp-proto/node_modules/@opentelemetry/resources": {
-      "version": "1.27.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/resources/-/resources-1.27.0.tgz",
-      "integrity": "sha512-jOwt2VJ/lUD5BLc+PMNymDrUCpm5PKi1E9oSVYAvz01U/VdndGmrtV3DU1pG4AwlYhJRHbHfOUIlpBeXCPw6QQ==",
+    "node_modules/@opentelemetry/instrumentation-aws-sdk": {
+      "version": "0.45.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-aws-sdk/-/instrumentation-aws-sdk-0.45.0.tgz",
+      "integrity": "sha512-3EGgC0LFZuFfXcOeslhXHhsiInVhhN046YQsYIPflsicAk7v0wN946sZKWuerEfmqx/kFXOsbOeI1SkkTRmqWQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "1.27.0",
-        "@opentelemetry/semantic-conventions": "1.27.0"
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/propagation-utils": "^0.30.12",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": ">=1.0.0 <1.10.0"
+        "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/exporter-trace-otlp-proto/node_modules/@opentelemetry/sdk-logs": {
-      "version": "0.54.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-logs/-/sdk-logs-0.54.0.tgz",
-      "integrity": "sha512-HeWvOPiWhEw6lWvg+lCIi1WhJnIPbI4/OFZgHq9tKfpwF3LX6/kk3+GR8sGUGAEZfbjPElkkngzvd2s03zbD7Q==",
+    "node_modules/@opentelemetry/instrumentation-bunyan": {
+      "version": "0.42.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-bunyan/-/instrumentation-bunyan-0.42.0.tgz",
+      "integrity": "sha512-GBh6ybwKmFZjc86SyHVx72jHg+4pFPaXT3IZgJ4QtnMsMf0/q5m2aHAjid+yakmEkApsnRWX8pJ8nkl1e+6mag==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.54.0",
-        "@opentelemetry/core": "1.27.0",
-        "@opentelemetry/resources": "1.27.0"
+        "@opentelemetry/api-logs": "^0.54.0",
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@types/bunyan": "1.8.9"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": ">=1.4.0 <1.10.0"
+        "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/exporter-trace-otlp-proto/node_modules/@opentelemetry/sdk-metrics": {
-      "version": "1.27.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-metrics/-/sdk-metrics-1.27.0.tgz",
-      "integrity": "sha512-JzWgzlutoXCydhHWIbLg+r76m+m3ncqvkCcsswXAQ4gqKS+LOHKhq+t6fx1zNytvLuaOUBur7EvWxECc4jPQKg==",
+    "node_modules/@opentelemetry/instrumentation-cassandra-driver": {
+      "version": "0.42.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-cassandra-driver/-/instrumentation-cassandra-driver-0.42.0.tgz",
+      "integrity": "sha512-35I9Gw4BeSs9NPe7fugu9e/mWKaapc/N1wounHnGt259/Q3ISGMOQRrOwIBw+x/XJygJvn4Ss1c+r5h89TsVAw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "1.27.0",
-        "@opentelemetry/resources": "1.27.0"
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": ">=1.3.0 <1.10.0"
+        "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/exporter-trace-otlp-proto/node_modules/@opentelemetry/sdk-trace-base": {
-      "version": "1.27.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-base/-/sdk-trace-base-1.27.0.tgz",
-      "integrity": "sha512-btz6XTQzwsyJjombpeqCX6LhiMQYpzt2pIYNPnw0IPO/3AhT6yjnf8Mnv3ZC2A4eRYOjqrg+bfaXg9XHDRJDWQ==",
+    "node_modules/@opentelemetry/instrumentation-connect": {
+      "version": "0.40.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-connect/-/instrumentation-connect-0.40.0.tgz",
+      "integrity": "sha512-3aR/3YBQ160siitwwRLjwqrv2KBT16897+bo6yz8wIfel6nWOxTZBJudcbsK3p42pTC7qrbotJ9t/1wRLpv79Q==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "1.27.0",
-        "@opentelemetry/resources": "1.27.0",
-        "@opentelemetry/semantic-conventions": "1.27.0"
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0",
+        "@types/connect": "3.4.36"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": ">=1.0.0 <1.10.0"
+        "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/exporter-zipkin": {
-      "version": "1.26.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-zipkin/-/exporter-zipkin-1.26.0.tgz",
-      "integrity": "sha512-PW5R34n3SJHO4t0UetyHKiXL6LixIqWN6lWncg3eRXhKuT30x+b7m5sDJS0kEWRfHeS+kG7uCw2vBzmB2lk3Dw==",
+    "node_modules/@opentelemetry/instrumentation-cucumber": {
+      "version": "0.10.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-cucumber/-/instrumentation-cucumber-0.10.0.tgz",
+      "integrity": "sha512-5sT6Ap3W7StEL0Oax/vd1YTEcTPTefx+9myzkKrr72hxzFzSooGRCxlU3sfPwZqWptUV7+QWTMd7SqGEEPnE/w==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "1.26.0",
-        "@opentelemetry/resources": "1.26.0",
-        "@opentelemetry/sdk-trace-base": "1.26.0",
-        "@opentelemetry/semantic-conventions": "1.27.0"
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
         "node": ">=14"
@@ -6578,19 +6554,14 @@
         "@opentelemetry/api": "^1.0.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation": {
-      "version": "0.54.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.54.0.tgz",
-      "integrity": "sha512-B0Ydo9g9ehgNHwtpc97XivEzjz0XBKR6iQ83NTENIxEEf5NHE0otZQuZLgDdey1XNk+bP1cfRpIkSFWM5YlSyg==",
+    "node_modules/@opentelemetry/instrumentation-dataloader": {
+      "version": "0.13.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-dataloader/-/instrumentation-dataloader-0.13.0.tgz",
+      "integrity": "sha512-wbU3WdgUAXljEIY2nfpkqID/VH70ThnES8mZZHKCZlV/Pl5T4+qmrVdT7U9/WUzz8flwsXfER6T6jl48Wbl+LQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.54.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
+        "@opentelemetry/instrumentation": "^0.54.0"
       },
       "engines": {
         "node": ">=14"
@@ -6599,16 +6570,14 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-amqplib": {
-      "version": "0.42.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-amqplib/-/instrumentation-amqplib-0.42.0.tgz",
-      "integrity": "sha512-fiuU6OKsqHJiydHWgTRQ7MnIrJ2lEqsdgFtNIH4LbAUJl/5XmrIeoDzDnox+hfkgWK65jsleFuQDtYb5hW1koQ==",
+    "node_modules/@opentelemetry/instrumentation-dns": {
+      "version": "0.40.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-dns/-/instrumentation-dns-0.40.0.tgz",
+      "integrity": "sha512-tLNR8XLPiYRKKk3/UqifXnPP2TVt1RcwvHU0R1ETL1xkZ1ZHMTmSC4x6TignnHOFtRixtJ05EgMGejnffaBXkQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/instrumentation": "^0.54.0"
       },
       "engines": {
         "node": ">=14"
@@ -6617,19 +6586,16 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-amqplib/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+    "node_modules/@opentelemetry/instrumentation-express": {
+      "version": "0.44.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-express/-/instrumentation-express-0.44.0.tgz",
+      "integrity": "sha512-GWgibp6Q0wxyFaaU8ERIgMMYgzcHmGrw3ILUtGchLtLncHNOKk0SNoWGqiylXWWT4HTn5XdV8MGawUgpZh80cA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
         "node": ">=14"
@@ -6638,31 +6604,33 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-amqplib/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+    "node_modules/@opentelemetry/instrumentation-fastify": {
+      "version": "0.41.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-fastify/-/instrumentation-fastify-0.41.0.tgz",
+      "integrity": "sha512-pNRjFvf0mvqfJueaeL/qEkuGJwgtE5pgjIHGYwjc2rMViNCrtY9/Sf+Nu8ww6dDd/Oyk2fwZZP7i0XZfCnETrA==",
       "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
-        "node": ">=10"
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-aws-lambda": {
-      "version": "0.45.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-aws-lambda/-/instrumentation-aws-lambda-0.45.0.tgz",
-      "integrity": "sha512-22ZnmYftKjFoiqC1k3tu2AVKiXSZv+ohuHWk4V4MdJpPuNkadY624aDkv5BmwDeavDxVFgqE9nGgDM9s3Q94mg==",
+    "node_modules/@opentelemetry/instrumentation-fs": {
+      "version": "0.16.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-fs/-/instrumentation-fs-0.16.0.tgz",
+      "integrity": "sha512-hMDRUxV38ln1R3lNz6osj3YjlO32ykbHqVrzG7gEhGXFQfu7LJUx8t9tEwE4r2h3CD4D0Rw4YGDU4yF4mP3ilg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/propagator-aws-xray": "^1.3.1",
-        "@opentelemetry/resources": "^1.8.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0",
-        "@types/aws-lambda": "8.10.143"
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.54.0"
       },
       "engines": {
         "node": ">=14"
@@ -6671,19 +6639,14 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-aws-lambda/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+    "node_modules/@opentelemetry/instrumentation-generic-pool": {
+      "version": "0.40.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-generic-pool/-/instrumentation-generic-pool-0.40.0.tgz",
+      "integrity": "sha512-k+/JlNDHN3bPi/Cir+Ew6tKHFVCa1ZFeQyGUw5HQkRX/twCRaN3kJFXJW+rDAN90XwK3RtC9AWwBihDGh/oSlQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
+        "@opentelemetry/instrumentation": "^0.54.0"
       },
       "engines": {
         "node": ">=14"
@@ -6692,1265 +6655,14 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-aws-lambda/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+    "node_modules/@opentelemetry/instrumentation-graphql": {
+      "version": "0.44.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-graphql/-/instrumentation-graphql-0.44.0.tgz",
+      "integrity": "sha512-FYXTe3Bv96aNpYktqm86BFUTpjglKD0kWI5T5bxYkLUPEPvFn38vWGMJTGrDMVou/i55E4jlWvcm6hFIqLsMbg==",
       "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-aws-sdk": {
-      "version": "0.44.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-aws-sdk/-/instrumentation-aws-sdk-0.44.0.tgz",
-      "integrity": "sha512-HIWFg4TDQsayceiikOnruMmyQ0SZYW6WiR+wknWwWVLHC3lHTCpAnqzp5V42ckArOdlwHZu2Jvq2GMSM4Myx3w==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/propagation-utils": "^0.30.11",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-aws-sdk/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-aws-sdk/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-bunyan": {
-      "version": "0.41.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-bunyan/-/instrumentation-bunyan-0.41.0.tgz",
-      "integrity": "sha512-NoQS+gcwQ7pzb2PZFyra6bAxDAVXBMmpKxBblEuXJWirGrAksQllg9XTdmqhrwT/KxUYrbVca/lMams7e51ysg==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "^0.53.0",
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@types/bunyan": "1.8.9"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-bunyan/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-bunyan/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-cassandra-driver": {
-      "version": "0.41.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-cassandra-driver/-/instrumentation-cassandra-driver-0.41.0.tgz",
-      "integrity": "sha512-hvTNcC8qjCQEHZTLAlTmDptjsEGqCKpN+90hHH8Nn/GwilGr5TMSwGrlfstdJuZWyw8HAnRUed6bcjvmHHk2Xw==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-cassandra-driver/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-cassandra-driver/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-connect": {
-      "version": "0.39.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-connect/-/instrumentation-connect-0.39.0.tgz",
-      "integrity": "sha512-pGBiKevLq7NNglMgqzmeKczF4XQMTOUOTkK8afRHMZMnrK3fcETyTH7lVaSozwiOM3Ws+SuEmXZT7DYrrhxGlg==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0",
-        "@types/connect": "3.4.36"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-connect/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-connect/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-cucumber": {
-      "version": "0.9.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-cucumber/-/instrumentation-cucumber-0.9.0.tgz",
-      "integrity": "sha512-4PQNFnIqnA2WM3ZHpr0xhZpHSqJ5xJ6ppTIzZC7wPqe+ZBpj41vG8B6ieqiPfq+im4QdqbYnzLb3rj48GDEN9g==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.0.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-cucumber/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-cucumber/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-dataloader": {
-      "version": "0.12.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-dataloader/-/instrumentation-dataloader-0.12.0.tgz",
-      "integrity": "sha512-pnPxatoFE0OXIZDQhL2okF//dmbiWFzcSc8pUg9TqofCLYZySSxDCgQc69CJBo5JnI3Gz1KP+mOjS4WAeRIH4g==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-dataloader/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-dataloader/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-dns": {
-      "version": "0.39.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-dns/-/instrumentation-dns-0.39.0.tgz",
-      "integrity": "sha512-+iPzvXqVdJa67QBuz2tuP0UI3LS1/cMMo6dS7360DDtOQX+sQzkiN+mo3Omn4T6ZRhkTDw6c7uwsHBcmL31+1g==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "semver": "^7.5.4"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-dns/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-dns/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-express": {
-      "version": "0.43.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-express/-/instrumentation-express-0.43.0.tgz",
-      "integrity": "sha512-bxTIlzn9qPXJgrhz8/Do5Q3jIlqfpoJrSUtVGqH+90eM1v2PkPHc+SdE+zSqe4q9Y1UQJosmZ4N4bm7Zj/++MA==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-express/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-express/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-fastify": {
-      "version": "0.40.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-fastify/-/instrumentation-fastify-0.40.0.tgz",
-      "integrity": "sha512-74qj4nG3zPtU7g2x4sm2T4R3/pBMyrYstTsqSZwdlhQk1SD4l8OSY9sPRX1qkhfxOuW3U4KZQAV/Cymb3fB6hg==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-fastify/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-fastify/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-fs": {
-      "version": "0.15.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-fs/-/instrumentation-fs-0.15.0.tgz",
-      "integrity": "sha512-JWVKdNLpu1skqZQA//jKOcKdJC66TWKqa2FUFq70rKohvaSq47pmXlnabNO+B/BvLfmidfiaN35XakT5RyMl2Q==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.53.0"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-fs/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-fs/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-generic-pool": {
-      "version": "0.39.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-generic-pool/-/instrumentation-generic-pool-0.39.0.tgz",
-      "integrity": "sha512-y4v8Y+tSfRB3NNBvHjbjrn7rX/7sdARG7FuK6zR8PGb28CTa0kHpEGCJqvL9L8xkTNvTXo+lM36ajFGUaK1aNw==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-generic-pool/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-generic-pool/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-graphql": {
-      "version": "0.43.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-graphql/-/instrumentation-graphql-0.43.0.tgz",
-      "integrity": "sha512-aI3YMmC2McGd8KW5du1a2gBA0iOMOGLqg4s9YjzwbjFwjlmMNFSK1P3AIg374GWg823RPUGfVTIgZ/juk9CVOA==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-graphql/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-graphql/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-grpc": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-grpc/-/instrumentation-grpc-0.53.0.tgz",
-      "integrity": "sha512-Ss338T92yE1UCgr9zXSY3cPuaAy27uQw+wAC5IwsQKCXL5wwkiOgkd+2Ngksa9EGsgUEMwGeHi76bDdHFJ5Rrw==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/instrumentation": "0.53.0",
-        "@opentelemetry/semantic-conventions": "1.27.0"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-grpc/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-grpc/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-hapi": {
-      "version": "0.41.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-hapi/-/instrumentation-hapi-0.41.0.tgz",
-      "integrity": "sha512-jKDrxPNXDByPlYcMdZjNPYCvw0SQJjN+B1A+QH+sx+sAHsKSAf9hwFiJSrI6C4XdOls43V/f/fkp9ITkHhKFbQ==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-hapi/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-hapi/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-http": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-http/-/instrumentation-http-0.53.0.tgz",
-      "integrity": "sha512-H74ErMeDuZfj7KgYCTOFGWF5W9AfaPnqLQQxeFq85+D29wwV2yqHbz2IKLYpkOh7EI6QwDEl7rZCIxjJLyc/CQ==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/core": "1.26.0",
-        "@opentelemetry/instrumentation": "0.53.0",
-        "@opentelemetry/semantic-conventions": "1.27.0",
-        "semver": "^7.5.2"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-http/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-http/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-ioredis": {
-      "version": "0.43.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-ioredis/-/instrumentation-ioredis-0.43.0.tgz",
-      "integrity": "sha512-i3Dke/LdhZbiUAEImmRG3i7Dimm/BD7t8pDDzwepSvIQ6s2X6FPia7561gw+64w+nx0+G9X14D7rEfaMEmmjig==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/redis-common": "^0.36.2",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-ioredis/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-ioredis/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-kafkajs": {
-      "version": "0.3.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-kafkajs/-/instrumentation-kafkajs-0.3.0.tgz",
-      "integrity": "sha512-UnkZueYK1ise8FXQeKlpBd7YYUtC7mM8J0wzUSccEfc/G8UqHQqAzIyYCUOUPUKp8GsjLnWOOK/3hJc4owb7Jg==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-kafkajs/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-kafkajs/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-knex": {
-      "version": "0.40.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-knex/-/instrumentation-knex-0.40.0.tgz",
-      "integrity": "sha512-6jka2jfX8+fqjEbCn6hKWHVWe++mHrIkLQtaJqUkBt3ZBs2xn1+y0khxiDS0v/mNb0bIKDJWwtpKFfsQDM1Geg==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-knex/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-knex/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-koa": {
-      "version": "0.43.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-koa/-/instrumentation-koa-0.43.0.tgz",
-      "integrity": "sha512-lDAhSnmoTIN6ELKmLJBplXzT/Jqs5jGZehuG22EdSMaTwgjMpxMDI1YtlKEhiWPWkrz5LUsd0aOO0ZRc9vn3AQ==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-koa/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-koa/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-lru-memoizer": {
-      "version": "0.40.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-lru-memoizer/-/instrumentation-lru-memoizer-0.40.0.tgz",
-      "integrity": "sha512-21xRwZsEdMPnROu/QsaOIODmzw59IYpGFmuC4aFWvMj6stA8+Ei1tX67nkarJttlNjoM94um0N4X26AD7ff54A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-lru-memoizer/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-lru-memoizer/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-memcached": {
-      "version": "0.39.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-memcached/-/instrumentation-memcached-0.39.0.tgz",
-      "integrity": "sha512-WfwvKAZ9I1qILRP5EUd88HQjwAAL+trXpCpozjBi4U6a0A07gB3fZ5PFAxbXemSjF5tHk9KVoROnqHvQ+zzFSQ==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0",
-        "@types/memcached": "^2.2.6"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-memcached/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-memcached/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-mongodb": {
-      "version": "0.47.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mongodb/-/instrumentation-mongodb-0.47.0.tgz",
-      "integrity": "sha512-yqyXRx2SulEURjgOQyJzhCECSh5i1uM49NUaq9TqLd6fA7g26OahyJfsr9NE38HFqGRHpi4loyrnfYGdrsoVjQ==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/sdk-metrics": "^1.9.1",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-mongodb/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-mongodb/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-mongoose": {
-      "version": "0.42.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mongoose/-/instrumentation-mongoose-0.42.0.tgz",
-      "integrity": "sha512-AnWv+RaR86uG3qNEMwt3plKX1ueRM7AspfszJYVkvkehiicC3bHQA6vWdb6Zvy5HAE14RyFbu9+2hUUjR2NSyg==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-mongoose/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-mongoose/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-mysql": {
-      "version": "0.41.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mysql/-/instrumentation-mysql-0.41.0.tgz",
-      "integrity": "sha512-jnvrV6BsQWyHS2qb2fkfbfSb1R/lmYwqEZITwufuRl37apTopswu9izc0b1CYRp/34tUG/4k/V39PND6eyiNvw==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0",
-        "@types/mysql": "2.15.26"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-mysql/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-mysql/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-mysql2": {
-      "version": "0.41.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mysql2/-/instrumentation-mysql2-0.41.0.tgz",
-      "integrity": "sha512-REQB0x+IzVTpoNgVmy5b+UnH1/mDByrneimP6sbDHkp1j8QOl1HyWOrBH/6YWR0nrbU3l825Em5PlybjT3232g==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0",
-        "@opentelemetry/sql-common": "^0.40.1"
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.54.0"
       },
       "engines": {
         "node": ">=14"
@@ -7959,19 +6671,15 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-mysql2/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+    "node_modules/@opentelemetry/instrumentation-grpc": {
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-grpc/-/instrumentation-grpc-0.54.0.tgz",
+      "integrity": "sha512-IwLwAf1uC6I5lYjUxfvG0jFuppqNuaBIiaDxYFHMWeRX1Rejh4eqtQi2u+VVtSOHsCn2sRnS9hOxQ2w7+zzPLw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
+        "@opentelemetry/instrumentation": "0.54.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
         "node": ">=14"
@@ -7980,27 +6688,15 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-mysql2/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-nestjs-core": {
-      "version": "0.40.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-nestjs-core/-/instrumentation-nestjs-core-0.40.0.tgz",
-      "integrity": "sha512-WF1hCUed07vKmf5BzEkL0wSPinqJgH7kGzOjjMAiTGacofNXjb/y4KQ8loj2sNsh5C/NN7s1zxQuCgbWbVTGKg==",
+    "node_modules/@opentelemetry/instrumentation-hapi": {
+      "version": "0.42.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-hapi/-/instrumentation-hapi-0.42.0.tgz",
+      "integrity": "sha512-TQC0BtIWLHrp6nKsYdZ5t5B7aiZ16BwbRqZtYYQxeJVsq/HQTANWpknjtA7KMxv5tAUMCrU/eDo8F3qioUOSZg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.54.0",
         "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
@@ -8010,19 +6706,18 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-nestjs-core/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+    "node_modules/@opentelemetry/instrumentation-http": {
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-http/-/instrumentation-http-0.54.0.tgz",
+      "integrity": "sha512-ovl0UrL+vGpi0O7fdZ1mHRdiQkuv6NGMRBRKZZygVCUFNXdoqTpvJRRbTYih5U5FC+PHIFssEordmlblRCaGUg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/instrumentation": "0.54.0",
+        "@opentelemetry/semantic-conventions": "1.27.0",
+        "forwarded-parse": "2.1.2",
+        "semver": "^7.5.2"
       },
       "engines": {
         "node": ">=14"
@@ -8031,7 +6726,7 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-nestjs-core/node_modules/semver": {
+    "node_modules/@opentelemetry/instrumentation-http/node_modules/semver": {
       "version": "7.6.3",
       "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
       "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
@@ -8044,14 +6739,15 @@
         "node": ">=10"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-net": {
-      "version": "0.39.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-net/-/instrumentation-net-0.39.0.tgz",
-      "integrity": "sha512-rixHoODfI/Cx1B0mH1BpxCT0bRSxktuBDrt9IvpT2KSEutK5hR0RsRdgdz/GKk+BQ4u+IG6godgMSGwNQCueEA==",
+    "node_modules/@opentelemetry/instrumentation-ioredis": {
+      "version": "0.44.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-ioredis/-/instrumentation-ioredis-0.44.0.tgz",
+      "integrity": "sha512-312pE2xc0ihX9haTf9WC4OF9in5EfVO1y5I8Ef9aMQKJNhuSe3IgzQAqGoLfaYajC+ig0IZ9SQKU8mRbFwHU+A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/redis-common": "^0.36.2",
         "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
@@ -8061,105 +6757,15 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-net/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-net/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-pg": {
-      "version": "0.46.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-pg/-/instrumentation-pg-0.46.0.tgz",
-      "integrity": "sha512-PLbYYC7EIoigh9uzhBrDjyL4yhH9akjV2Mln3ci9+lD7p9HE5nUUgYCgcUasyr4bz99c8xy9ErzKLt38Y7Kodg==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/core": "^1.26.0",
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "1.27.0",
-        "@opentelemetry/sql-common": "^0.40.1",
-        "@types/pg": "8.6.1",
-        "@types/pg-pool": "2.0.6"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-pg/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-pg/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-pino": {
-      "version": "0.42.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-pino/-/instrumentation-pino-0.42.0.tgz",
-      "integrity": "sha512-SoX6FzucBfTuFNMZjdurJhcYWq2ve8/LkhmyVLUW31HpIB45RF1JNum0u4MkGisosDmXlK4njomcgUovShI+WA==",
+    "node_modules/@opentelemetry/instrumentation-kafkajs": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-kafkajs/-/instrumentation-kafkajs-0.4.0.tgz",
+      "integrity": "sha512-I9VwDG314g7SDL4t8kD/7+1ytaDBRbZQjhVaQaVIDR8K+mlsoBhLsWH79yHxhHQKvwCSZwqXF+TiTOhoQVUt7A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "^0.53.0",
-        "@opentelemetry/core": "^1.25.0",
-        "@opentelemetry/instrumentation": "^0.53.0"
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
         "node": ">=14"
@@ -8168,19 +6774,15 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-pino/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+    "node_modules/@opentelemetry/instrumentation-knex": {
+      "version": "0.41.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-knex/-/instrumentation-knex-0.41.0.tgz",
+      "integrity": "sha512-OhI1SlLv5qnsnm2dOVrian/x3431P75GngSpnR7c4fcVFv7prXGYu29Z6ILRWJf/NJt6fkbySmwdfUUnFnHCTg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
         "node": ">=14"
@@ -8189,28 +6791,15 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-pino/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-redis": {
-      "version": "0.42.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-redis/-/instrumentation-redis-0.42.0.tgz",
-      "integrity": "sha512-jZBoqve0rEC51q0HuhjtZVq1DtUvJHzEJ3YKGvzGar2MU1J4Yt5+pQAQYh1W4jSoDyKeaI4hyeUdWM5N0c2lqA==",
+    "node_modules/@opentelemetry/instrumentation-koa": {
+      "version": "0.44.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-koa/-/instrumentation-koa-0.44.0.tgz",
+      "integrity": "sha512-ryPqGIQ4hpMGd85bAGjRMDAy/ic+Qdh1GtFGJo9KaXdzbcvZoF1ZgXVsKTYDxbD1n5C0BoQy6rcWg8Lu68iCJA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/redis-common": "^0.36.2",
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.54.0",
         "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
@@ -8220,16 +6809,14 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-redis-4": {
-      "version": "0.42.1",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-redis-4/-/instrumentation-redis-4-0.42.1.tgz",
-      "integrity": "sha512-xm17LJhDfQzQo4wkM/zFwh6wk3SNN/FBFGkscI9Kj4efrb/o5p8Z3yE6ldBPNdIZ6RAwg2p3DL7fvE3DuUDJWA==",
+    "node_modules/@opentelemetry/instrumentation-lru-memoizer": {
+      "version": "0.41.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-lru-memoizer/-/instrumentation-lru-memoizer-0.41.0.tgz",
+      "integrity": "sha512-6OePkk4RYCPVsnS0TroEK6UZzxxxjVWaE6EPdOn2qxGHMtm+Qb80tiBQ6BbmC+f7bjc27O85JY8gxeTybhHZXw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/redis-common": "^0.36.2",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/instrumentation": "^0.54.0"
       },
       "engines": {
         "node": ">=14"
@@ -8238,19 +6825,16 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-redis-4/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+    "node_modules/@opentelemetry/instrumentation-memcached": {
+      "version": "0.40.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-memcached/-/instrumentation-memcached-0.40.0.tgz",
+      "integrity": "sha512-VzJUUH6cVz8yrb25RvvjhxCpwu4vUk28I0m5nnnhebULOo8p9lda5PgQeVde2+jQAd977C/vN714fkbYOmwb+A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0",
+        "@types/memcached": "^2.2.6"
       },
       "engines": {
         "node": ">=14"
@@ -8259,32 +6843,15 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-redis-4/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-redis/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+    "node_modules/@opentelemetry/instrumentation-mongodb": {
+      "version": "0.48.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mongodb/-/instrumentation-mongodb-0.48.0.tgz",
+      "integrity": "sha512-9YWvaGvrrcrydMsYGLu0w+RgmosLMKe3kv/UNlsPy8RLnCkN2z+bhhbjjjuxtUmvEuKZMCoXFluABVuBr1yhjw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
         "node": ">=14"
@@ -8293,28 +6860,15 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-redis/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-restify": {
-      "version": "0.41.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-restify/-/instrumentation-restify-0.41.0.tgz",
-      "integrity": "sha512-gKEo+X/wVKUBuD2WDDlF7SlDNBHMWjSQoLxFCsGqeKgHR0MGtwMel8uaDGg9LJ83nKqYy+7Vl/cDFxjba6H+/w==",
+    "node_modules/@opentelemetry/instrumentation-mongoose": {
+      "version": "0.43.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mongoose/-/instrumentation-mongoose-0.43.0.tgz",
+      "integrity": "sha512-y1mWuL/zb6IKi199HkROgmStxF/ybEsnKYgx+/lpLATd57oZHOqrXP9tLmp9qRVI5c6P5XEWfe7ZCvrj07iDMQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
         "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/instrumentation": "^0.54.0",
         "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
@@ -8324,19 +6878,16 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-restify/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+    "node_modules/@opentelemetry/instrumentation-mysql": {
+      "version": "0.42.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mysql/-/instrumentation-mysql-0.42.0.tgz",
+      "integrity": "sha512-1GN2EBGVSZABGQ25MSz3faeBW/DwhzmE10aNW1/A2mvQAxF1CvpMk17YmNUzwapVt29iKsiU3SXQG7vjh/019A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0",
+        "@types/mysql": "2.15.26"
       },
       "engines": {
         "node": ">=14"
@@ -8345,28 +6896,16 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-restify/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-router": {
-      "version": "0.40.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-router/-/instrumentation-router-0.40.0.tgz",
-      "integrity": "sha512-bRo4RaclGFiKtmv/N1D0MuzO7DuxbeqMkMCbPPng6mDwzpHAMpHz/K/IxJmF+H1Hi/NYXVjCKvHGClageLe9eA==",
+    "node_modules/@opentelemetry/instrumentation-mysql2": {
+      "version": "0.42.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mysql2/-/instrumentation-mysql2-0.42.0.tgz",
+      "integrity": "sha512-CQqOjCbHwEnaC+Bd6Sms+82iJkSbPpd7jD7Jwif7q8qXo6yrKLVDYDVK+zKbfnmQtu2xHaHj+xiq4tyjb3sMfg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0",
+        "@opentelemetry/sql-common": "^0.40.1"
       },
       "engines": {
         "node": ">=14"
@@ -8375,19 +6914,15 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-router/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+    "node_modules/@opentelemetry/instrumentation-nestjs-core": {
+      "version": "0.41.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-nestjs-core/-/instrumentation-nestjs-core-0.41.0.tgz",
+      "integrity": "sha512-XCqtghFktpcJ2BOaJtFfqtTMsHffJADxfYhJl28WT6ygCChS2uZVxMKKLsy+i9VtPaw/i1IumPICL6mbhwq+Vw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
         "node": ">=14"
@@ -8396,27 +6931,14 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-router/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-socket.io": {
-      "version": "0.42.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-socket.io/-/instrumentation-socket.io-0.42.0.tgz",
-      "integrity": "sha512-xB5tdsBzuZyicQTO3hDzJIpHQ7V1BYJ6vWPWgl19gWZDBdjEGc3HOupjkd3BUJyDoDhbMEHGk2nNlkUU99EfkA==",
+    "node_modules/@opentelemetry/instrumentation-net": {
+      "version": "0.40.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-net/-/instrumentation-net-0.40.0.tgz",
+      "integrity": "sha512-abErnVRxTmtiF7EvBISW81Se2nj/j3Xtpfy//9++dgvDOXwbcD1Xz1via6ZHOm/VamboGhqPlYiO7ABzluPLwg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
+        "@opentelemetry/instrumentation": "^0.54.0",
         "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
@@ -8426,19 +6948,19 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-socket.io/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+    "node_modules/@opentelemetry/instrumentation-pg": {
+      "version": "0.47.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-pg/-/instrumentation-pg-0.47.0.tgz",
+      "integrity": "sha512-aKu5PCeUv3S8s1wq60JZ2o3DWV2wqvO7WAktjmkx5wXd2+tZRfyDCKFHbP90QuDG1HDzjJ138Ob4d4rJdPETCQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
+        "@opentelemetry/core": "^1.26.0",
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/semantic-conventions": "1.27.0",
+        "@opentelemetry/sql-common": "^0.40.1",
+        "@types/pg": "8.6.1",
+        "@types/pg-pool": "2.0.6"
       },
       "engines": {
         "node": ">=14"
@@ -8447,29 +6969,16 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-socket.io/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-tedious": {
-      "version": "0.14.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-tedious/-/instrumentation-tedious-0.14.0.tgz",
-      "integrity": "sha512-ofq7pPhSqvRDvD2FVx3RIWPj76wj4QubfrbqJtEx0A+fWoaYxJOCIQ92tYJh28elAmjMmgF/XaYuJuBhBv5J3A==",
+    "node_modules/@opentelemetry/instrumentation-pino": {
+      "version": "0.43.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-pino/-/instrumentation-pino-0.43.0.tgz",
+      "integrity": "sha512-jlOOgbODWRRNknWXY1VLgmqgG0SO4kLgU3XnejjO/3De4OisroAsMGk+1cRB5AQ6WZ8WLAMkMyTShaOe6j2Asw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.53.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0",
-        "@types/tedious": "^4.0.14"
+        "@opentelemetry/api-logs": "^0.54.0",
+        "@opentelemetry/core": "^1.25.0",
+        "@opentelemetry/instrumentation": "^0.54.0"
       },
       "engines": {
         "node": ">=14"
@@ -8478,19 +6987,16 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-tedious/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+    "node_modules/@opentelemetry/instrumentation-redis": {
+      "version": "0.43.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-redis/-/instrumentation-redis-0.43.0.tgz",
+      "integrity": "sha512-dufe08W3sCOjutbTJmV6tg2Y3+7IBe59oQrnIW2RCgjRhsW0Jjaenezt490eawO0MdXjUfFyrIUg8WetKhE4xA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/redis-common": "^0.36.2",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
         "node": ">=14"
@@ -8499,49 +7005,51 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-tedious/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+    "node_modules/@opentelemetry/instrumentation-redis-4": {
+      "version": "0.43.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-redis-4/-/instrumentation-redis-4-0.43.0.tgz",
+      "integrity": "sha512-6B2+CFRY9xRnkeZrSvlTyY2yB/zAgxjbXS5EwXhE3ZAKR1hWWoUzaTADIKT5xe9/VbDW42U3UoOPCcaCmeAXww==",
       "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/redis-common": "^0.36.2",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
-        "node": ">=10"
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-undici": {
-      "version": "0.6.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-undici/-/instrumentation-undici-0.6.0.tgz",
-      "integrity": "sha512-ABJBhm5OdhGmbh0S/fOTE4N69IZ00CsHC5ijMYfzbw3E5NwLgpQk5xsljaECrJ8wz1SfXbO03FiSuu5AyRAkvQ==",
+    "node_modules/@opentelemetry/instrumentation-restify": {
+      "version": "0.42.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-restify/-/instrumentation-restify-0.42.0.tgz",
+      "integrity": "sha512-ApDD9HNy6de6xrHmISEfkQHwwX1f1JrBj0ADnlk6tVdJ0j/vNmsZNLwaU2IA2K3mHqbp2YLarLgxAZp6rjcfWg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
         "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.53.0"
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.7.0"
+        "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-undici/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+    "node_modules/@opentelemetry/instrumentation-router": {
+      "version": "0.41.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-router/-/instrumentation-router-0.41.0.tgz",
+      "integrity": "sha512-IbvzgaoylMqStOOtwucEvSu5CDbfQN+H1ZZ2p6c9Kmvzptqh6G441GFy0FFVVqxOAHNhQm2w6n0Ag8trdBjCfw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
         "node": ">=14"
@@ -8550,28 +7058,15 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-undici/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-winston": {
-      "version": "0.40.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-winston/-/instrumentation-winston-0.40.0.tgz",
-      "integrity": "sha512-eMk2tKl86YJ8/yHvtDbyhrE35/R0InhO9zuHTflPx8T0+IvKVUhPV71MsJr32sImftqeOww92QHt4Jd+a5db4g==",
+    "node_modules/@opentelemetry/instrumentation-socket.io": {
+      "version": "0.43.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-socket.io/-/instrumentation-socket.io-0.43.0.tgz",
+      "integrity": "sha512-HAQoIZ6N/ey1L4jF69gmqo7RyeSv5rc4sZZAd1v6SVaB8ZolTEyWEzGlu1NRZZTnqfWNxDkX6J1/omWpDd9k0w==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "^0.53.0",
-        "@opentelemetry/instrumentation": "^0.53.0"
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
         "node": ">=14"
@@ -8580,19 +7075,16 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-winston/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
+    "node_modules/@opentelemetry/instrumentation-tedious": {
+      "version": "0.15.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-tedious/-/instrumentation-tedious-0.15.0.tgz",
+      "integrity": "sha512-Kb7yo8Zsq2TUwBbmwYgTAMPK0VbhoS8ikJ6Bup9KrDtCx2JC01nCb+M0VJWXt7tl0+5jARUbKWh5jRSoImxdCw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
+        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0",
+        "@types/tedious": "^4.0.14"
       },
       "engines": {
         "node": ">=14"
@@ -8601,30 +7093,38 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-winston/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+    "node_modules/@opentelemetry/instrumentation-undici": {
+      "version": "0.7.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-undici/-/instrumentation-undici-0.7.0.tgz",
+      "integrity": "sha512-1AAqbVt1QOLgnc9DEkHS2R/0FIPI74ud5qgitwP9sVYzRg6e66bPSoAIARCyuANJrWCUrfgI69vLTfRxhBM+3A==",
       "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.54.0"
       },
       "engines": {
-        "node": ">=10"
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.7.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation/node_modules/@opentelemetry/api-logs": {
-      "version": "0.54.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.54.0.tgz",
-      "integrity": "sha512-9HhEh5GqFrassUndqJsyW7a0PzfyWr2eV2xwzHLIS+wX3125+9HE9FMRAKmJRwxZhgZGwH3HNQQjoMGZqmOeVA==",
+    "node_modules/@opentelemetry/instrumentation-winston": {
+      "version": "0.41.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-winston/-/instrumentation-winston-0.41.0.tgz",
+      "integrity": "sha512-qtqGDx2Plu71s9xaeXut0YgZFG/y68ENG9vvo/SODeEC+4/APiS/htQ5YNJIxxjOuxYowdFYRqV9Kmef2EUzmw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api-logs": "^0.54.0",
+        "@opentelemetry/instrumentation": "^0.54.0"
       },
       "engines": {
         "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
       }
     },
     "node_modules/@opentelemetry/instrumentation/node_modules/semver": {
@@ -8641,54 +7141,54 @@
       }
     },
     "node_modules/@opentelemetry/otlp-exporter-base": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-exporter-base/-/otlp-exporter-base-0.53.0.tgz",
-      "integrity": "sha512-UCWPreGQEhD6FjBaeDuXhiMf6kkBODF0ZQzrk/tuQcaVDJ+dDQ/xhJp192H9yWnKxVpEjFrSSLnpqmX4VwX+eA==",
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-exporter-base/-/otlp-exporter-base-0.54.0.tgz",
+      "integrity": "sha512-g+H7+QleVF/9lz4zhaR9Dt4VwApjqG5WWupy5CTMpWJfHB/nLxBbX73GBZDgdiNfh08nO3rNa6AS7fK8OhgF5g==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "1.26.0",
-        "@opentelemetry/otlp-transformer": "0.53.0"
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/otlp-transformer": "0.54.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.0.0"
+        "@opentelemetry/api": "^1.3.0"
       }
     },
     "node_modules/@opentelemetry/otlp-grpc-exporter-base": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-grpc-exporter-base/-/otlp-grpc-exporter-base-0.53.0.tgz",
-      "integrity": "sha512-F7RCN8VN+lzSa4fGjewit8Z5fEUpY/lmMVy5EWn2ZpbAabg3EE3sCLuTNfOiooNGnmvzimUPruoeqeko/5/TzQ==",
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-grpc-exporter-base/-/otlp-grpc-exporter-base-0.54.0.tgz",
+      "integrity": "sha512-Yl2Dw0jlRWisEia9Hv/N8u2JLITCvzA6gAIKEvxpEu6nwHEftD2WhTJMIclkTtfmSW0rLmEEXymwmboG4xDN0Q==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
         "@grpc/grpc-js": "^1.7.1",
-        "@opentelemetry/core": "1.26.0",
-        "@opentelemetry/otlp-exporter-base": "0.53.0",
-        "@opentelemetry/otlp-transformer": "0.53.0"
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/otlp-exporter-base": "0.54.0",
+        "@opentelemetry/otlp-transformer": "0.54.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.0.0"
+        "@opentelemetry/api": "^1.3.0"
       }
     },
     "node_modules/@opentelemetry/otlp-transformer": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-transformer/-/otlp-transformer-0.53.0.tgz",
-      "integrity": "sha512-rM0sDA9HD8dluwuBxLetUmoqGJKSAbWenwD65KY9iZhUxdBHRLrIdrABfNDP7aiTjcgK8XFyTn5fhDz7N+W6DA==",
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-transformer/-/otlp-transformer-0.54.0.tgz",
+      "integrity": "sha512-jRexIASQQzdK4AjfNIBfn94itAq4Q8EXR9d3b/OVbhd3kKQKvMr7GkxYDjbeTbY7hHCOLcLfJ3dpYQYGOe8qOQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@opentelemetry/core": "1.26.0",
-        "@opentelemetry/resources": "1.26.0",
-        "@opentelemetry/sdk-logs": "0.53.0",
-        "@opentelemetry/sdk-metrics": "1.26.0",
-        "@opentelemetry/sdk-trace-base": "1.26.0",
+        "@opentelemetry/api-logs": "0.54.0",
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/resources": "1.27.0",
+        "@opentelemetry/sdk-logs": "0.54.0",
+        "@opentelemetry/sdk-metrics": "1.27.0",
+        "@opentelemetry/sdk-trace-base": "1.27.0",
         "protobufjs": "^7.3.0"
       },
       "engines": {
@@ -8699,9 +7199,9 @@
       }
     },
     "node_modules/@opentelemetry/propagation-utils": {
-      "version": "0.30.11",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/propagation-utils/-/propagation-utils-0.30.11.tgz",
-      "integrity": "sha512-rY4L/2LWNk5p/22zdunpqVmgz6uN419DsRTw5KFMa6u21tWhXS8devlMy4h8m8nnS20wM7r6yYweCNNKjgLYJw==",
+      "version": "0.30.12",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/propagation-utils/-/propagation-utils-0.30.12.tgz",
+      "integrity": "sha512-bgab3q/4dYUutUpQCEaSDa+mLoQJG3vJKeSiGuhM4iZaSpkz8ov0fs1MGil5PfxCo6Hhw3bB3bFYhUtnsfT/Pg==",
       "dev": true,
       "license": "Apache-2.0",
       "engines": {
@@ -8727,13 +7227,13 @@
       }
     },
     "node_modules/@opentelemetry/propagator-b3": {
-      "version": "1.26.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/propagator-b3/-/propagator-b3-1.26.0.tgz",
-      "integrity": "sha512-vvVkQLQ/lGGyEy9GT8uFnI047pajSOVnZI2poJqVGD3nJ+B9sFGdlHNnQKophE3lHfnIH0pw2ubrCTjZCgIj+Q==",
+      "version": "1.27.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/propagator-b3/-/propagator-b3-1.27.0.tgz",
+      "integrity": "sha512-pTsko3gnMioe3FeWcwTQR3omo5C35tYsKKwjgTCTVCgd3EOWL9BZrMfgLBmszrwXABDfUrlAEFN/0W0FfQGynQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "1.26.0"
+        "@opentelemetry/core": "1.27.0"
       },
       "engines": {
         "node": ">=14"
@@ -8743,13 +7243,13 @@
       }
     },
     "node_modules/@opentelemetry/propagator-jaeger": {
-      "version": "1.26.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/propagator-jaeger/-/propagator-jaeger-1.26.0.tgz",
-      "integrity": "sha512-DelFGkCdaxA1C/QA0Xilszfr0t4YbGd3DjxiCDPh34lfnFr+VkkrjV9S8ZTJvAzfdKERXhfOxIKBoGPJwoSz7Q==",
+      "version": "1.27.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/propagator-jaeger/-/propagator-jaeger-1.27.0.tgz",
+      "integrity": "sha512-EI1bbK0wn0yIuKlc2Qv2LKBRw6LiUWevrjCF80fn/rlaB+7StAi8Y5s8DBqAYNpY7v1q86+NjU18v7hj2ejU3A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "1.26.0"
+        "@opentelemetry/core": "1.27.0"
       },
       "engines": {
         "node": ">=14"
@@ -8769,9 +7269,9 @@
       }
     },
     "node_modules/@opentelemetry/resource-detector-alibaba-cloud": {
-      "version": "0.29.3",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-alibaba-cloud/-/resource-detector-alibaba-cloud-0.29.3.tgz",
-      "integrity": "sha512-jdnG/cYItxwKGRj2n3YsJn1+j3QsMRUfaH/mQSj2b6yULo7bKO4turvASwxy3GuSDH55VwrK+F8oIbanJk69ng==",
+      "version": "0.29.4",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-alibaba-cloud/-/resource-detector-alibaba-cloud-0.29.4.tgz",
+      "integrity": "sha512-U3sWPoBXiEE51jJGhRrW19hLvrRbBbZWTp3Yc7IaRVFODNNzmibOolyi2ow1XN68UgRT4BRuwgwbnM5GbG/E5Q==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -8787,9 +7287,9 @@
       }
     },
     "node_modules/@opentelemetry/resource-detector-aws": {
-      "version": "1.6.2",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-aws/-/resource-detector-aws-1.6.2.tgz",
-      "integrity": "sha512-xxT6PVmcBTtCo0rf4Bv/mnDMpVRITVt13bDX8mOqKVb0kr5EwIMabZS5EGJhXjP4nljrOIA7ZlOJgSX0Kehfkw==",
+      "version": "1.7.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-aws/-/resource-detector-aws-1.7.0.tgz",
+      "integrity": "sha512-VxrwUi/9QcVIV+40d/jOKQthfD/E4/ppQ9FsYpDH7qy16cOO5519QOdihCQJYpVNbgDqf6q3hVrCy1f8UuG8YA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -8805,9 +7305,9 @@
       }
     },
     "node_modules/@opentelemetry/resource-detector-azure": {
-      "version": "0.2.11",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-azure/-/resource-detector-azure-0.2.11.tgz",
-      "integrity": "sha512-XepvQfTXWyHAoAziCfXGwYbSZL0LHtFk5iuKKN2VE2vzcoiw5Tepi0Qafuwb7CCtpQRReao4H7E29MFbCmh47g==",
+      "version": "0.2.12",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-azure/-/resource-detector-azure-0.2.12.tgz",
+      "integrity": "sha512-iIarQu6MiCjEEp8dOzmBvCSlRITPFTinFB2oNKAjU6xhx8d7eUcjNOKhBGQTvuCriZrxrEvDaEEY9NfrPQ6uYQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -8823,9 +7323,9 @@
       }
     },
     "node_modules/@opentelemetry/resource-detector-container": {
-      "version": "0.4.4",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-container/-/resource-detector-container-0.4.4.tgz",
-      "integrity": "sha512-ZEN2mq7lIjQWJ8NTt1umtr6oT/Kb89856BOmESLSvgSHbIwOFYs7cSfSRH5bfiVw6dXTQAVbZA/wLgCHKrebJA==",
+      "version": "0.5.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-container/-/resource-detector-container-0.5.0.tgz",
+      "integrity": "sha512-ozp+ggcbl17xFfL91+DFgP8nmfzthNLxVTDOQUVgQgngVsSaBb5/I1Tnt63ZX2GCMdBJTxUBbFsqFvO0CjfGLg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -8841,9 +7341,9 @@
       }
     },
     "node_modules/@opentelemetry/resource-detector-gcp": {
-      "version": "0.29.12",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-gcp/-/resource-detector-gcp-0.29.12.tgz",
-      "integrity": "sha512-liFG9XTaFVyY9YdFy4r2qVNa4a+Mg3k+XoWzzq2F+/xR0hFLfL0H4k7CsMW+T4Vl+1Cvc9W9WEVt5VCF4u/SYw==",
+      "version": "0.29.13",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-gcp/-/resource-detector-gcp-0.29.13.tgz",
+      "integrity": "sha512-vdotx+l3Q+89PeyXMgKEGnZ/CwzwMtuMi/ddgD9/5tKZ08DfDGB2Npz9m2oXPHRCjc4Ro6ifMqFlRyzIvgOjhg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -8860,13 +7360,13 @@
       }
     },
     "node_modules/@opentelemetry/resources": {
-      "version": "1.26.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/resources/-/resources-1.26.0.tgz",
-      "integrity": "sha512-CPNYchBE7MBecCSVy0HKpUISEeJOniWqcHaAHpmasZ3j9o6V3AyBzhRc90jdmemq0HOxDr6ylhUbDhBqqPpeNw==",
+      "version": "1.27.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resources/-/resources-1.27.0.tgz",
+      "integrity": "sha512-jOwt2VJ/lUD5BLc+PMNymDrUCpm5PKi1E9oSVYAvz01U/VdndGmrtV3DU1pG4AwlYhJRHbHfOUIlpBeXCPw6QQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "1.26.0",
+        "@opentelemetry/core": "1.27.0",
         "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
@@ -8877,15 +7377,15 @@
       }
     },
     "node_modules/@opentelemetry/sdk-logs": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-logs/-/sdk-logs-0.53.0.tgz",
-      "integrity": "sha512-dhSisnEgIj/vJZXZV6f6KcTnyLDx/VuQ6l3ejuZpMpPlh9S1qMHiZU9NMmOkVkwwHkMy3G6mEBwdP23vUZVr4g==",
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-logs/-/sdk-logs-0.54.0.tgz",
+      "integrity": "sha512-HeWvOPiWhEw6lWvg+lCIi1WhJnIPbI4/OFZgHq9tKfpwF3LX6/kk3+GR8sGUGAEZfbjPElkkngzvd2s03zbD7Q==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@opentelemetry/core": "1.26.0",
-        "@opentelemetry/resources": "1.26.0"
+        "@opentelemetry/api-logs": "0.54.0",
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/resources": "1.27.0"
       },
       "engines": {
         "node": ">=14"
@@ -8895,14 +7395,14 @@
       }
     },
     "node_modules/@opentelemetry/sdk-metrics": {
-      "version": "1.26.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-metrics/-/sdk-metrics-1.26.0.tgz",
-      "integrity": "sha512-0SvDXmou/JjzSDOjUmetAAvcKQW6ZrvosU0rkbDGpXvvZN+pQF6JbK/Kd4hNdK4q/22yeruqvukXEJyySTzyTQ==",
+      "version": "1.27.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-metrics/-/sdk-metrics-1.27.0.tgz",
+      "integrity": "sha512-JzWgzlutoXCydhHWIbLg+r76m+m3ncqvkCcsswXAQ4gqKS+LOHKhq+t6fx1zNytvLuaOUBur7EvWxECc4jPQKg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "1.26.0",
-        "@opentelemetry/resources": "1.26.0"
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/resources": "1.27.0"
       },
       "engines": {
         "node": ">=14"
@@ -8912,27 +7412,27 @@
       }
     },
     "node_modules/@opentelemetry/sdk-node": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-node/-/sdk-node-0.53.0.tgz",
-      "integrity": "sha512-0hsxfq3BKy05xGktwG8YdGdxV978++x40EAKyKr1CaHZRh8uqVlXnclnl7OMi9xLMJEcXUw7lGhiRlArFcovyg==",
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-node/-/sdk-node-0.54.0.tgz",
+      "integrity": "sha512-F0mdwb4WPFJNypcmkxQnj3sIfh/73zkBgYePXMK8ghsBwYw4+PgM3/85WT6NzNUeOvWtiXacx5CFft2o7rGW3w==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@opentelemetry/core": "1.26.0",
-        "@opentelemetry/exporter-logs-otlp-grpc": "0.53.0",
-        "@opentelemetry/exporter-logs-otlp-http": "0.53.0",
-        "@opentelemetry/exporter-logs-otlp-proto": "0.53.0",
-        "@opentelemetry/exporter-trace-otlp-grpc": "0.53.0",
-        "@opentelemetry/exporter-trace-otlp-http": "0.53.0",
-        "@opentelemetry/exporter-trace-otlp-proto": "0.53.0",
-        "@opentelemetry/exporter-zipkin": "1.26.0",
-        "@opentelemetry/instrumentation": "0.53.0",
-        "@opentelemetry/resources": "1.26.0",
-        "@opentelemetry/sdk-logs": "0.53.0",
-        "@opentelemetry/sdk-metrics": "1.26.0",
-        "@opentelemetry/sdk-trace-base": "1.26.0",
-        "@opentelemetry/sdk-trace-node": "1.26.0",
+        "@opentelemetry/api-logs": "0.54.0",
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/exporter-logs-otlp-grpc": "0.54.0",
+        "@opentelemetry/exporter-logs-otlp-http": "0.54.0",
+        "@opentelemetry/exporter-logs-otlp-proto": "0.54.0",
+        "@opentelemetry/exporter-trace-otlp-grpc": "0.54.0",
+        "@opentelemetry/exporter-trace-otlp-http": "0.54.0",
+        "@opentelemetry/exporter-trace-otlp-proto": "0.54.0",
+        "@opentelemetry/exporter-zipkin": "1.27.0",
+        "@opentelemetry/instrumentation": "0.54.0",
+        "@opentelemetry/resources": "1.27.0",
+        "@opentelemetry/sdk-logs": "0.54.0",
+        "@opentelemetry/sdk-metrics": "1.27.0",
+        "@opentelemetry/sdk-trace-base": "1.27.0",
+        "@opentelemetry/sdk-trace-node": "1.27.0",
         "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
@@ -8942,69 +7442,15 @@
         "@opentelemetry/api": ">=1.3.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/sdk-node/node_modules/@opentelemetry/exporter-trace-otlp-proto": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-trace-otlp-proto/-/exporter-trace-otlp-proto-0.53.0.tgz",
-      "integrity": "sha512-T/bdXslwRKj23S96qbvGtaYOdfyew3TjPEKOk5mHjkCmkVl1O9C/YMdejwSsdLdOq2YW30KjR9kVi0YMxZushQ==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/core": "1.26.0",
-        "@opentelemetry/otlp-exporter-base": "0.53.0",
-        "@opentelemetry/otlp-transformer": "0.53.0",
-        "@opentelemetry/resources": "1.26.0",
-        "@opentelemetry/sdk-trace-base": "1.26.0"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.0.0"
-      }
-    },
-    "node_modules/@opentelemetry/sdk-node/node_modules/@opentelemetry/instrumentation": {
-      "version": "0.53.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.53.0.tgz",
-      "integrity": "sha512-DMwg0hy4wzf7K73JJtl95m/e0boSoWhH07rfvHvYzQtBD3Bmv0Wc1x733vyZBqmFm8OjJD0/pfiUg1W3JjFX0A==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@opentelemetry/api-logs": "0.53.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/sdk-node/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
     "node_modules/@opentelemetry/sdk-trace-base": {
-      "version": "1.26.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-base/-/sdk-trace-base-1.26.0.tgz",
-      "integrity": "sha512-olWQldtvbK4v22ymrKLbIcBi9L2SpMO84sCPY54IVsJhP9fRsxJT194C/AVaAuJzLE30EdhhM1VmvVYR7az+cw==",
+      "version": "1.27.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-base/-/sdk-trace-base-1.27.0.tgz",
+      "integrity": "sha512-btz6XTQzwsyJjombpeqCX6LhiMQYpzt2pIYNPnw0IPO/3AhT6yjnf8Mnv3ZC2A4eRYOjqrg+bfaXg9XHDRJDWQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "1.26.0",
-        "@opentelemetry/resources": "1.26.0",
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/resources": "1.27.0",
         "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
@@ -9015,17 +7461,17 @@
       }
     },
     "node_modules/@opentelemetry/sdk-trace-node": {
-      "version": "1.26.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-node/-/sdk-trace-node-1.26.0.tgz",
-      "integrity": "sha512-Fj5IVKrj0yeUwlewCRwzOVcr5avTuNnMHWf7GPc1t6WaT78J6CJyF3saZ/0RkZfdeNO8IcBl/bNcWMVZBMRW8Q==",
+      "version": "1.27.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-node/-/sdk-trace-node-1.27.0.tgz",
+      "integrity": "sha512-dWZp/dVGdUEfRBjBq2BgNuBlFqHCxyyMc8FsN0NX15X07mxSUO0SZRLyK/fdAVrde8nqFI/FEdMH4rgU9fqJfQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/context-async-hooks": "1.26.0",
-        "@opentelemetry/core": "1.26.0",
-        "@opentelemetry/propagator-b3": "1.26.0",
-        "@opentelemetry/propagator-jaeger": "1.26.0",
-        "@opentelemetry/sdk-trace-base": "1.26.0",
+        "@opentelemetry/context-async-hooks": "1.27.0",
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/propagator-b3": "1.27.0",
+        "@opentelemetry/propagator-jaeger": "1.27.0",
+        "@opentelemetry/sdk-trace-base": "1.27.0",
         "semver": "^7.5.2"
       },
       "engines": {
@@ -15656,6 +14102,13 @@
         "node": ">= 0.6"
       }
     },
+    "node_modules/forwarded-parse": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/forwarded-parse/-/forwarded-parse-2.1.2.tgz",
+      "integrity": "sha512-alTFZZQDKMporBH77856pXgzhEzaUVmLCDk+egLgIgHst3Tpndzz8MnKe+GzRJRfvVdn69HhpW7cmXzvtLvJAw==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/fresh": {
       "version": "0.5.2",
       "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
diff --git a/package.json b/package.json
index c9f8a01dca6..e7a5de11395 100644
--- a/package.json
+++ b/package.json
@@ -140,7 +140,7 @@
     "@babel/register": "^7.23.7",
     "@graphql-eslint/eslint-plugin": "^3.20.1",
     "@opentelemetry/api": "^1.7.0",
-    "@opentelemetry/auto-instrumentations-node": "^0.51.0",
+    "@opentelemetry/auto-instrumentations-node": "^0.52.0",
     "@opentelemetry/exporter-trace-otlp-proto": "^0.54.0",
     "@opentelemetry/instrumentation": "^0.54.0",
     "@opentelemetry/resources": "^1.20.0",

From e2c1e48dd5a148ae9ff102ce035ca6f2ea9e7984 Mon Sep 17 00:00:00 2001
From: Andrew Nesbitt <andrewnez@gmail.com>
Date: Thu, 7 Nov 2024 12:28:38 +0000
Subject: [PATCH 039/129] Allow passing website when creating a project
 (#10454)

---
 server/graphql/v2/mutation/CreateProjectMutation.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/graphql/v2/mutation/CreateProjectMutation.js b/server/graphql/v2/mutation/CreateProjectMutation.js
index a20088a7e39..f161224540e 100644
--- a/server/graphql/v2/mutation/CreateProjectMutation.js
+++ b/server/graphql/v2/mutation/CreateProjectMutation.js
@@ -43,7 +43,7 @@ async function createProject(_, args, req) {
   const projectData = {
     type: 'PROJECT',
     slug: args.project.slug.toLowerCase(),
-    ...pick(args.project, ['name', 'description', 'tags']),
+    ...pick(args.project, ['name', 'description', 'tags', 'website']),
     ...pick(parent, ['currency', 'isActive', 'platformFeePercent', 'hostFeePercent', 'data.useCustomHostFee']),
     approvedAt: parent.isActive ? new Date() : null,
     ParentCollectiveId: parent.id,

From 737783b548174b8e438fb7fd3b8e69fd75fe6495 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Fri, 8 Nov 2024 13:45:29 +0100
Subject: [PATCH 040/129] chore: Paypal improvements (#10456)

---
 cron/daily/51-synchronize-paypal-ledger.ts | 31 +++++--
 scripts/paypal/update-hosts-webhooks.ts    | 52 ------------
 scripts/paypal/webhooks.ts                 | 95 ++++++++++++++++++++++
 server/lib/paypal.ts                       |  2 +-
 4 files changed, 120 insertions(+), 60 deletions(-)
 delete mode 100755 scripts/paypal/update-hosts-webhooks.ts
 create mode 100755 scripts/paypal/webhooks.ts

diff --git a/cron/daily/51-synchronize-paypal-ledger.ts b/cron/daily/51-synchronize-paypal-ledger.ts
index 2b0fe29b216..5b00f03976f 100644
--- a/cron/daily/51-synchronize-paypal-ledger.ts
+++ b/cron/daily/51-synchronize-paypal-ledger.ts
@@ -12,6 +12,7 @@ import FEATURE from '../../server/constants/feature';
 import OrderStatuses from '../../server/constants/order-status';
 import logger from '../../server/lib/logger';
 import { getHostsWithPayPalConnected, listPayPalTransactions } from '../../server/lib/paypal';
+import { sendThankYouEmail } from '../../server/lib/recurring-contributions';
 import { reportErrorToSentry, reportMessageToSentry } from '../../server/lib/sentry';
 import { parseToBoolean } from '../../server/lib/utils';
 import models, { Collective, sequelize } from '../../server/models';
@@ -168,10 +169,10 @@ const handleSubscriptionTransaction = async (
   transaction: PaypalTransactionSearchResult['transaction_details'][0],
   captureDetails: PaypalCapture,
 ) => {
-  let order;
+  let order, subscription;
   const paypalSubscriptionId = transaction.transaction_info.paypal_reference_id;
   try {
-    ({ order } = await loadDataForSubscription(paypalSubscriptionId, host));
+    ({ order, subscription } = await loadDataForSubscription(paypalSubscriptionId, host));
   } catch (e) {
     logger.error(`Error while loading data for subscription ${paypalSubscriptionId}: ${e.message}`);
     reportErrorToSentry(e, { extra: { paypalSubscriptionId, transaction } });
@@ -181,10 +182,17 @@ const handleSubscriptionTransaction = async (
   const msg = `Record subscription transaction ${transaction.transaction_info.transaction_id} for order #${order.id}`;
   logger.info(DRY_RUN ? `DRY RUN: ${msg}` : msg);
   if (!DRY_RUN) {
-    return recordPaypalCapture(order, captureDetails, {
+    const captureDate = new Date(captureDetails.create_time);
+    const isFirstCharge = subscription?.chargeNumber === 0;
+    const dbTransaction = await recordPaypalCapture(order, captureDetails, {
       data: { recordedFrom: 'cron/daily/51-synchronize-paypal-ledger' },
-      createdAt: new Date(captureDetails.create_time),
+      createdAt: captureDate,
     });
+
+    // If the capture is less than 48 hours old, send the thank you email
+    if (moment().diff(captureDate, 'hours') < 48) {
+      await sendThankYouEmail(order, dbTransaction, isFirstCharge);
+    }
   }
 };
 
@@ -199,7 +207,10 @@ const handleCheckoutTransaction = async (
   const captureId = transaction.transaction_info.transaction_id;
   const order = await models.Order.findOne({
     where: { data: { paypalCaptureId: captureId } },
-    include: [{ association: 'collective', required: true, where: { HostCollectiveId: host.id } }],
+    include: [
+      { association: 'collective', required: true, where: { HostCollectiveId: host.id } },
+      { association: 'fromCollective' },
+    ],
   });
 
   if (!order) {
@@ -215,13 +226,19 @@ const handleCheckoutTransaction = async (
   const msg = `Record checkout transaction ${transaction.transaction_info.transaction_id} for order #${order.id}`;
   logger.info(DRY_RUN ? `DRY RUN: ${msg}` : msg);
   if (!DRY_RUN) {
-    await recordPaypalCapture(order, captureDetails, {
+    const captureDate = new Date(captureDetails.create_time);
+    const dbTransaction = await recordPaypalCapture(order, captureDetails, {
       data: { recordedFrom: 'cron/daily/51-synchronize-paypal-ledger' },
-      createdAt: new Date(captureDetails.create_time),
+      createdAt: captureDate,
     });
 
     if (order.status !== OrderStatuses.PAID) {
       await order.update({ status: OrderStatuses.PAID });
+
+      // If the capture is less than 48 hours old, send the thank you email
+      if (moment().diff(captureDate, 'hours') < 48) {
+        await sendThankYouEmail(order, dbTransaction);
+      }
     }
   }
 };
diff --git a/scripts/paypal/update-hosts-webhooks.ts b/scripts/paypal/update-hosts-webhooks.ts
deleted file mode 100755
index ee58d5cf8e6..00000000000
--- a/scripts/paypal/update-hosts-webhooks.ts
+++ /dev/null
@@ -1,52 +0,0 @@
-/**
- * This script can be used whenever PayPal webhooks event types change to update
- * Host's connected accounts.
- */
-
-import '../../server/env';
-
-import logger from '../../server/lib/logger';
-import * as PaypalLib from '../../server/lib/paypal';
-import models, { Op, sequelize } from '../../server/models';
-
-const getAllHostsWithPaypalAccounts = () => {
-  return models.Collective.findAll({
-    where: { isHostAccount: true },
-    group: [sequelize.col('Collective.id')],
-    include: [
-      {
-        association: 'ConnectedAccounts',
-        required: true,
-        attributes: [],
-        where: { service: 'paypal', clientId: { [Op.not]: null }, token: { [Op.not]: null } },
-      },
-    ],
-  });
-};
-
-const main = async (): Promise<void> => {
-  const allHosts = await getAllHostsWithPaypalAccounts();
-  const ignoredSlugs = process.env.SKIP_SLUGS ? process.env.SKIP_SLUGS.split(',') : null;
-  const onlySlugs = process.env.ONLY_SLUGS ? process.env.ONLY_SLUGS.split(',') : null;
-  const filteredHosts = allHosts.filter(host => {
-    return (!ignoredSlugs || !ignoredSlugs.includes(host.slug)) && (!onlySlugs || onlySlugs.includes(host.slug));
-  });
-
-  for (const host of filteredHosts) {
-    logger.info(`Checking PayPal webhook for ${host.slug}...`);
-    await PaypalLib.setupPaypalWebhookForHost(host);
-
-    if (process.env.REMOVE_OTHERS) {
-      await PaypalLib.removeUnusedPaypalWebhooks(host);
-    }
-  }
-
-  return;
-};
-
-main()
-  .then(() => process.exit(0))
-  .catch(e => {
-    console.error(e);
-    process.exit(1);
-  });
diff --git a/scripts/paypal/webhooks.ts b/scripts/paypal/webhooks.ts
new file mode 100755
index 00000000000..9e8a778b2dc
--- /dev/null
+++ b/scripts/paypal/webhooks.ts
@@ -0,0 +1,95 @@
+/**
+ * This script can be used whenever PayPal webhooks event types change to update
+ * Host's connected accounts.
+ */
+
+import '../../server/env';
+
+import { Command } from 'commander';
+
+import logger from '../../server/lib/logger';
+import * as PaypalLib from '../../server/lib/paypal';
+import models, { Collective, Op, sequelize } from '../../server/models';
+
+const getAllHostsWithPaypalAccounts = () => {
+  return models.Collective.findAll({
+    where: { isHostAccount: true },
+    group: [sequelize.col('Collective.id')],
+    include: [
+      {
+        association: 'ConnectedAccounts',
+        required: true,
+        attributes: [],
+        where: { service: 'paypal', clientId: { [Op.not]: null }, token: { [Op.not]: null } },
+      },
+    ],
+  });
+};
+
+const getHostsFromArg = async (hostSlugsStr: string, ignoreSlugsStr: string): Promise<Collective[]> => {
+  const strToSlugsList = str => str?.split(',')?.map(slug => slug.trim()) || [];
+  const hostsSlugs = strToSlugsList(hostSlugsStr);
+  const ignoredSlugs = strToSlugsList(ignoreSlugsStr);
+  const allHosts = await getAllHostsWithPaypalAccounts();
+  return allHosts.filter(host => {
+    return !ignoredSlugs.includes(host.slug) && (!hostsSlugs.length || hostsSlugs.includes(host.slug));
+  });
+};
+
+const checkWebhooks = async (args: string[], options): Promise<void> => {
+  const filteredHosts = await getHostsFromArg(args[0], options.ignore);
+  if (!filteredHosts.length) {
+    console.log('No hosts found');
+    return;
+  }
+
+  for (const host of filteredHosts) {
+    logger.info(`Checking PayPal webhook for ${host.slug}...`);
+    const result = await PaypalLib.listPaypalWebhooks(host);
+    console.log(`PayPal webhooks for ${host.slug}:`, JSON.stringify(result, null, 2));
+  }
+};
+
+const updateWebhooks = async (args: string[], options): Promise<void> => {
+  const filteredHosts = await getHostsFromArg(args[0], options.ignore);
+  if (!filteredHosts.length) {
+    console.log('No hosts found');
+    return;
+  }
+
+  for (const host of filteredHosts) {
+    logger.info(`Checking PayPal webhook for ${host.slug}...`);
+    await PaypalLib.setupPaypalWebhookForHost(host);
+
+    if (process.env.REMOVE_OTHERS) {
+      await PaypalLib.removeUnusedPaypalWebhooks(host);
+    }
+  }
+};
+
+const main = async (): Promise<void> => {
+  const program = new Command();
+  program.showSuggestionAfterError();
+
+  // General options
+  program
+    .command('check [hostSlugs...]')
+    .description('Check PayPal webhooks for hosts, or all hosts if none provided')
+    .option('--ignore <slugs>', 'List of host slugs to ignore')
+    .action(checkWebhooks);
+
+  program
+    .command('update [hostSlugs...]')
+    .description('Update PayPal webhooks for hosts, or all hosts if none provided')
+    .option('--ignore <slugs>', 'List of host slugs to ignore')
+    .action(updateWebhooks);
+
+  await program.parseAsync();
+};
+
+main()
+  .then(() => process.exit(0))
+  .catch(e => {
+    console.error(e);
+    process.exit(1);
+  });
diff --git a/server/lib/paypal.ts b/server/lib/paypal.ts
index eadc058a01a..f35d5394543 100644
--- a/server/lib/paypal.ts
+++ b/server/lib/paypal.ts
@@ -185,7 +185,7 @@ const WATCHED_EVENT_TYPES = [
 /**
  * See https://developer.paypal.com/docs/api/webhooks/v1/#webhooks_list
  */
-const listPaypalWebhooks = async (host): Promise<PaypalWebhook[]> => {
+export const listPaypalWebhooks = async (host): Promise<PaypalWebhook[]> => {
   const result = await paypalRequest('notifications/webhooks', null, host, 'GET');
   return <PaypalWebhook[]>result['webhooks'];
 };

From 4e5f0e0941fcf474d211a72e0d678f63230fc7c9 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Fri, 8 Nov 2024 13:46:06 +0100
Subject: [PATCH 041/129] chore: Enable settlements for Ofitech (#10450)

---
 config/production.json                        |  6 ++-
 cron/monthly/host-settlement.ts               | 18 +++++--
 package-lock.json                             | 28 +++++++++--
 package.json                                  |  1 +
 server/constants/platform.ts                  | 20 +++++---
 server/graphql/common/expenses.ts             |  9 ++++
 server/graphql/v1/mutations/collectives.js    | 17 +++++++
 .../graphql/v2/mutation/AccountMutations.ts   |  1 +
 .../v2/mutation/CreateCollectiveMutation.js   |  4 +-
 .../v2/mutation/CreateEventMutation.js        |  4 +-
 .../graphql/v2/mutation/CreateFundMutation.js |  4 +-
 .../v2/mutation/CreateOrganizationMutation.js |  4 +-
 .../v2/mutation/CreateProjectMutation.js      |  4 +-
 server/lib/collectivelib.ts                   | 13 ++++-
 server/lib/sql-search.ts                      |  8 +--
 server/lib/string-utils.ts                    | 49 +++++++++++++++++++
 server/models/User.ts                         |  4 ++
 test/cron/monthly/host-settlement.test.js     | 15 +++++-
 ...ation.ts => CreateProjectMutation.test.ts} |  0
 test/server/lib/string-utils.test.ts          | 48 ++++++++++++++++++
 20 files changed, 219 insertions(+), 38 deletions(-)
 create mode 100644 server/lib/string-utils.ts
 rename test/server/graphql/v2/mutation/{CreateProjectMutation.ts => CreateProjectMutation.test.ts} (100%)
 create mode 100644 test/server/lib/string-utils.test.ts

diff --git a/config/production.json b/config/production.json
index 6d0300edbbd..0e187f7cfa6 100644
--- a/config/production.json
+++ b/config/production.json
@@ -78,7 +78,8 @@
       11049, // OCF
       98478, // SCN
       9807, // OCE
-      73495 // AFC
+      73495, // AFC
+      845576 // Ofitech
     ],
     "collectivesWithManyTransactions": [
       11004, // OSC
@@ -86,7 +87,8 @@
       11049, // OCF
       166914, // Logseq
       9807, // OCE
-      73495 // AFC
+      73495, // AFC
+      845576 // Ofitech
     ]
   }
 }
diff --git a/cron/monthly/host-settlement.ts b/cron/monthly/host-settlement.ts
index bc6208ddec7..a70b1b9dbe7 100644
--- a/cron/monthly/host-settlement.ts
+++ b/cron/monthly/host-settlement.ts
@@ -15,6 +15,7 @@ import { getFxRate } from '../../server/lib/currency';
 import { getPendingHostFeeShare, getPendingPlatformTips } from '../../server/lib/host-metrics';
 import { parseToBoolean } from '../../server/lib/utils';
 import models, { sequelize } from '../../server/models';
+import { CommentType } from '../../server/models/Comment';
 import { PayoutMethodTypes } from '../../server/models/PayoutMethod';
 import { runCronJob } from '../utils';
 
@@ -52,10 +53,6 @@ export async function run(baseDate: Date | moment.Moment = defaultDate): Promise
   const endDate = new Date(year, month + 1, 1);
   const PlatformConstants = getPlatformConstantsForDate(momentDate);
 
-  if (momentDate.isSameOrAfter(PLATFORM_MIGRATION_DATE) && config.env === 'production') {
-    throw new Error('This script is not yet compatible with the new platform setup.');
-  }
-
   console.info(`Invoicing hosts pending fees and tips for ${momentDate.format('MMMM')}.`);
 
   const payoutMethods = groupBy(
@@ -268,6 +265,19 @@ export async function run(baseDate: Date | moment.Moment = defaultDate): Promise
       // Mark transactions as invoiced
       await models.TransactionSettlement.markTransactionsAsInvoiced(transactions, expense.id);
       await expense.createActivity(activityType.COLLECTIVE_EXPENSE_CREATED);
+
+      // If running for the month of `PLATFORM_MIGRATION_DATE`, add a comment to explain why we're using a different profile
+      if (momentDate.isSame(PLATFORM_MIGRATION_DATE, 'month') && momentDate.isSame(PLATFORM_MIGRATION_DATE, 'year')) {
+        const platformUser = await models.User.findByPk(PlatformConstants.PlatformUserId);
+        await models.Comment.create({
+          CreatedByUserId: platformUser.id,
+          FromCollectiveId: platformUser.CollectiveId,
+          CollectiveId: host.id,
+          ExpenseId: expense.id,
+          type: CommentType.COMMENT,
+          html: `<div>Dear ${host.name},<br /><br /></div><div>You may notice that this expense comes from the "<a href="https://opencollective.com/ofitech">Ofitech</a>" profile instead of "<a href="https://opencollective.com/opencollective">Open Collective</a>". This change is part of a recent transition of the Open Collective platform to a community-governed non-profit. For more information, you can read the full announcement <a href="https://blog.opencollective.com/the-open-collective-platform-is-moving-to-a-community-governed-non-profit/">here</a>.<br /><br />As always, if you have any questions or need assistance, please reach out via <a href="https://opencollective.com/contact">our contact page</a>.<br /><br />Thank you for your understanding and continued support!</div>`,
+        });
+      }
     }
   }
 }
diff --git a/package-lock.json b/package-lock.json
index 929f396cf0c..3a7ef8be94e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -59,6 +59,7 @@
         "express-basic-auth": "1.2.1",
         "express-session": "1.18.1",
         "express-ws": "5.0.2",
+        "fast-levenshtein": "3.0.0",
         "fast-redact": "3.5.0",
         "fs-extra": "11.2.0",
         "get-urls": "10.0.1",
@@ -13743,10 +13744,13 @@
       "devOptional": true
     },
     "node_modules/fast-levenshtein": {
-      "version": "2.0.6",
-      "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz",
-      "integrity": "sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==",
-      "dev": true
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-3.0.0.tgz",
+      "integrity": "sha512-hKKNajm46uNmTlhHSyZkmToAc56uZJwYq7yrciZjqOxnlfQwERDQJmHPUp7m1m9wx8vgOe8IaCKZ5Kv2k1DdCQ==",
+      "license": "MIT",
+      "dependencies": {
+        "fastest-levenshtein": "^1.0.7"
+      }
     },
     "node_modules/fast-querystring": {
       "version": "1.1.2",
@@ -13808,6 +13812,15 @@
         "fxparser": "src/cli/cli.js"
       }
     },
+    "node_modules/fastest-levenshtein": {
+      "version": "1.0.16",
+      "resolved": "https://registry.npmjs.org/fastest-levenshtein/-/fastest-levenshtein-1.0.16.tgz",
+      "integrity": "sha512-eRnCtTTtGZFpQCwhJiUOuxPQWRXVKYDn0b2PeHfXL6/Zi53SLAzAHfVhVWK2AryC/WH05kGfxhFIPvTF0SXQzg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 4.9.1"
+      }
+    },
     "node_modules/fastq": {
       "version": "1.15.0",
       "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.15.0.tgz",
@@ -19248,6 +19261,13 @@
         "node": ">= 0.8.0"
       }
     },
+    "node_modules/optionator/node_modules/fast-levenshtein": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz",
+      "integrity": "sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/ora": {
       "version": "5.4.1",
       "resolved": "https://registry.npmjs.org/ora/-/ora-5.4.1.tgz",
diff --git a/package.json b/package.json
index e7a5de11395..6d09166fbbd 100644
--- a/package.json
+++ b/package.json
@@ -80,6 +80,7 @@
     "express-basic-auth": "1.2.1",
     "express-session": "1.18.1",
     "express-ws": "5.0.2",
+    "fast-levenshtein": "3.0.0",
     "fast-redact": "3.5.0",
     "fs-extra": "11.2.0",
     "get-urls": "10.0.1",
diff --git a/server/constants/platform.ts b/server/constants/platform.ts
index 0cf7173cc3c..7ba0191b162 100644
--- a/server/constants/platform.ts
+++ b/server/constants/platform.ts
@@ -15,10 +15,12 @@ export const PLATFORM_MIGRATION_DATE = moment('2024-10-01T00:00:00Z');
  */
 const getPlatformConstants = (checkIfMigrated: () => boolean) => ({
   get OCICollectiveId() {
+    // https://opencollective.com/opencollective
     return 8686;
   },
 
   get OfitechCollectiveId() {
+    // https://opencollective.com/ofitech
     return 845576;
   },
 
@@ -31,8 +33,8 @@ const getPlatformConstants = (checkIfMigrated: () => boolean) => ({
   },
 
   get PlatformUserId() {
-    // Pia's account
-    return 30;
+    // https://opencollective.com/ofitech-admin
+    return 741159;
   },
 
   get PlatformCurrency(): SupportedCurrency {
@@ -40,19 +42,21 @@ const getPlatformConstants = (checkIfMigrated: () => boolean) => ({
   },
 
   get PlatformBankAccountId() {
-    return 2955;
+    // Ofitech bank account
+    return 70674;
   },
 
-  get PlatformPayPalId() {
-    return 6087;
-  },
+  // Not supported for now
+  // get PlatformPayPalId() {
+  //   return 6087;
+  // },
 
   get PlatformDefaultPaymentMethodId() {
-    return 2955;
+    return this.PlatformBankAccountId;
   },
 
   get PlatformAddress() {
-    return '340 S Lemon Ave #3717, Walnut, CA 91789';
+    return '440 N Barranca Ave #3489, Covina, CA 91723';
   },
 
   get PlatformCountry() {
diff --git a/server/graphql/common/expenses.ts b/server/graphql/common/expenses.ts
index a30f742026f..66cfa21294c 100644
--- a/server/graphql/common/expenses.ts
+++ b/server/graphql/common/expenses.ts
@@ -42,6 +42,7 @@ import EXPENSE_TYPE from '../../constants/expense-type';
 import FEATURE from '../../constants/feature';
 import { PAYMENT_METHOD_SERVICE, PAYMENT_METHOD_TYPE } from '../../constants/paymentMethods';
 import { EXPENSE_PERMISSION_ERROR_CODES } from '../../constants/permissions';
+import PlatformConstants from '../../constants/platform';
 import POLICIES from '../../constants/policies';
 import { TransactionKind } from '../../constants/transaction-kind';
 import cache from '../../lib/cache';
@@ -718,6 +719,14 @@ export const canMarkAsSpam: ExpensePermissionEvaluator = async (
       throw new Forbidden('User cannot mark expenses as spam', EXPENSE_PERMISSION_ERROR_CODES.UNSUPPORTED_USER_FEATURE);
     }
     return false;
+  } else if (expense.UserId === PlatformConstants.PlatformUserId) {
+    if (options?.throw) {
+      throw new Forbidden(
+        'Cannot mark platform expenses as spam',
+        EXPENSE_PERMISSION_ERROR_CODES.UNSUPPORTED_USER_FEATURE,
+      );
+    }
+    return false;
   } else {
     return remoteUserMeetsOneCondition(req, expense, [isCollectiveAdmin, isHostAdmin], options);
   }
diff --git a/server/graphql/v1/mutations/collectives.js b/server/graphql/v1/mutations/collectives.js
index 64e92a97983..88467822dc6 100644
--- a/server/graphql/v1/mutations/collectives.js
+++ b/server/graphql/v1/mutations/collectives.js
@@ -12,6 +12,7 @@ import * as collectivelib from '../../../lib/collectivelib';
 import { defaultHostCollective } from '../../../lib/collectivelib';
 import * as github from '../../../lib/github';
 import RateLimit, { ONE_HOUR_IN_SECONDS } from '../../../lib/rate-limit';
+import { containsProtectedBrandName } from '../../../lib/string-utils';
 import twoFactorAuthLib from '../../../lib/two-factor-authentication';
 import models, { sequelize } from '../../../models';
 import { SocialLinkType } from '../../../models/SocialLink';
@@ -415,6 +416,22 @@ export function editCollective(_, args, req) {
             privateInstructions: args.collective.privateInstructions,
           };
         }
+
+        // Validate slug/name
+        if (newCollectiveData.slug && newCollectiveData.slug !== collective.slug) {
+          if (!collectivelib.canUseSlug(newCollectiveData.slug, req.remoteUser)) {
+            throw new Error(`The slug '${newCollectiveData.slug}' is not allowed.`);
+          }
+        }
+        if (
+          newCollectiveData.name &&
+          newCollectiveData.name !== collective.name &&
+          !req.remoteUser.isAdminOfAnyPlatformAccount() &&
+          containsProtectedBrandName(newCollectiveData.name)
+        ) {
+          throw new Error(`The name '${newCollectiveData.name}' is not allowed.`);
+        }
+
         // we omit those attributes that have already been updated above
         return collective.update(omit(newCollectiveData, ['HostCollectiveId', 'hostFeePercent', 'currency']));
       })
diff --git a/server/graphql/v2/mutation/AccountMutations.ts b/server/graphql/v2/mutation/AccountMutations.ts
index 5d73b3df83e..58b6a561571 100644
--- a/server/graphql/v2/mutation/AccountMutations.ts
+++ b/server/graphql/v2/mutation/AccountMutations.ts
@@ -650,6 +650,7 @@ const accountMutations = {
 
       for (const key of Object.keys(args.account)) {
         switch (key) {
+          // If ever implementing name/slug change here, make sure to protect them with `canUseSlug`/`containsProtectedBrandName`!
           case 'currency': {
             const previousData = { currency: account.currency };
             await account.setCurrency(args.account[key]);
diff --git a/server/graphql/v2/mutation/CreateCollectiveMutation.js b/server/graphql/v2/mutation/CreateCollectiveMutation.js
index eea4a09999a..ef95f7ca04b 100644
--- a/server/graphql/v2/mutation/CreateCollectiveMutation.js
+++ b/server/graphql/v2/mutation/CreateCollectiveMutation.js
@@ -6,7 +6,7 @@ import { get, pick } from 'lodash';
 import POLICIES from '../../../constants/policies';
 import roles from '../../../constants/roles';
 import { purgeCacheForCollective } from '../../../lib/cache';
-import { defaultHostCollective, isCollectiveSlugReserved } from '../../../lib/collectivelib';
+import { canUseSlug, defaultHostCollective } from '../../../lib/collectivelib';
 import * as github from '../../../lib/github';
 import { OSCValidator } from '../../../lib/osc-validator';
 import { getPolicy } from '../../../lib/policies';
@@ -66,7 +66,7 @@ async function createCollective(_, args, req) {
         collectiveData.data = args.testPayload.data;
       }
 
-      if (isCollectiveSlugReserved(collectiveData.slug)) {
+      if (!canUseSlug(collectiveData.slug, remoteUser)) {
         throw new Error(`The slug '${collectiveData.slug}' is not allowed.`);
       }
       const collectiveWithSlug = await models.Collective.findOne({ where: { slug: collectiveData.slug }, transaction });
diff --git a/server/graphql/v2/mutation/CreateEventMutation.js b/server/graphql/v2/mutation/CreateEventMutation.js
index c884167fd21..340c2db6428 100644
--- a/server/graphql/v2/mutation/CreateEventMutation.js
+++ b/server/graphql/v2/mutation/CreateEventMutation.js
@@ -4,7 +4,7 @@ import { pick } from 'lodash';
 import { v4 as uuid } from 'uuid';
 
 import roles from '../../../constants/roles';
-import { isCollectiveSlugReserved } from '../../../lib/collectivelib';
+import { canUseSlug } from '../../../lib/collectivelib';
 import models from '../../../models';
 import { checkRemoteUserCanUseAccount } from '../../common/scope-check';
 import { BadRequest, NotFound, Unauthorized } from '../../errors';
@@ -42,7 +42,7 @@ async function createEvent(_, args, req) {
     settings: { ...DEFAULT_EVENT_SETTINGS, ...args.event.settings },
   };
 
-  if (isCollectiveSlugReserved(eventData.slug)) {
+  if (!canUseSlug(eventData.slug, req.remoteUser)) {
     throw new Error(`The slug '${eventData.slug}' is not allowed.`);
   }
   const checkSlug = await models.Collective.findOne({ where: { slug: eventData.slug } });
diff --git a/server/graphql/v2/mutation/CreateFundMutation.js b/server/graphql/v2/mutation/CreateFundMutation.js
index d304ae55ee0..3bad7662d70 100644
--- a/server/graphql/v2/mutation/CreateFundMutation.js
+++ b/server/graphql/v2/mutation/CreateFundMutation.js
@@ -3,7 +3,7 @@ import { get, pick } from 'lodash';
 
 import roles from '../../../constants/roles';
 import { purgeCacheForCollective } from '../../../lib/cache';
-import { isCollectiveSlugReserved } from '../../../lib/collectivelib';
+import { canUseSlug } from '../../../lib/collectivelib';
 import models from '../../../models';
 import { checkRemoteUserCanUseAccount } from '../../common/scope-check';
 import { ValidationFailed } from '../../errors';
@@ -49,7 +49,7 @@ async function createFund(_, args, req) {
     settings: { ...DEFAULT_COLLECTIVE_SETTINGS, ...args.fund.settings },
   };
 
-  if (isCollectiveSlugReserved(fundData.slug)) {
+  if (!canUseSlug(fundData.slug, req.remoteUser)) {
     throw new Error(`The slug '${fundData.slug}' is not allowed.`);
   }
   const withSlug = await models.Collective.findOne({ where: { slug: fundData.slug } });
diff --git a/server/graphql/v2/mutation/CreateOrganizationMutation.js b/server/graphql/v2/mutation/CreateOrganizationMutation.js
index 4698c12175d..48087859dd0 100644
--- a/server/graphql/v2/mutation/CreateOrganizationMutation.js
+++ b/server/graphql/v2/mutation/CreateOrganizationMutation.js
@@ -2,7 +2,7 @@ import { GraphQLList, GraphQLNonNull } from 'graphql';
 import { pick } from 'lodash';
 
 import roles from '../../../constants/roles';
-import { isCollectiveSlugReserved } from '../../../lib/collectivelib';
+import { canUseSlug } from '../../../lib/collectivelib';
 import models from '../../../models';
 import { MEMBER_INVITATION_SUPPORTED_ROLES } from '../../../models/MemberInvitation';
 import { processInviteMembersInput } from '../../common/members';
@@ -27,7 +27,7 @@ async function createOrganization(_, args, req) {
     settings: { ...DEFAULT_ORGANIZATION_SETTINGS, ...args.organization.settings },
   };
 
-  if (isCollectiveSlugReserved(organizationData.slug)) {
+  if (!canUseSlug(organizationData.slug, req.remoteUser)) {
     throw new Error(`The slug '${organizationData.slug}' is not allowed.`);
   }
   const collectiveWithSlug = await models.Collective.findOne({ where: { slug: organizationData.slug } });
diff --git a/server/graphql/v2/mutation/CreateProjectMutation.js b/server/graphql/v2/mutation/CreateProjectMutation.js
index f161224540e..0e7eb538cce 100644
--- a/server/graphql/v2/mutation/CreateProjectMutation.js
+++ b/server/graphql/v2/mutation/CreateProjectMutation.js
@@ -2,7 +2,7 @@ import { GraphQLNonNull } from 'graphql';
 import { pick } from 'lodash';
 
 import roles from '../../../constants/roles';
-import { isCollectiveSlugReserved } from '../../../lib/collectivelib';
+import { canUseSlug } from '../../../lib/collectivelib';
 import models from '../../../models';
 import { checkRemoteUserCanUseAccount } from '../../common/scope-check';
 import { Forbidden, NotFound } from '../../errors';
@@ -51,7 +51,7 @@ async function createProject(_, args, req) {
     settings: { ...DEFAULT_PROJECT_SETTINGS, ...args.project.settings },
   };
 
-  if (isCollectiveSlugReserved(projectData.slug)) {
+  if (!canUseSlug(projectData.slug, req.remoteUser)) {
     throw new Error(`The slug '${projectData.slug}' is not allowed.`);
   }
   const checkSlug = await models.Collective.findOne({ where: { slug: projectData.slug } });
diff --git a/server/lib/collectivelib.ts b/server/lib/collectivelib.ts
index fa241808ce4..3d4113d3e6a 100644
--- a/server/lib/collectivelib.ts
+++ b/server/lib/collectivelib.ts
@@ -9,7 +9,7 @@ import { CollectiveType } from '../constants/collectives';
 import { MODERATION_CATEGORIES } from '../constants/moderation-categories';
 import PlatformConstants from '../constants/platform';
 import { VAT_OPTIONS } from '../constants/vat';
-import models, { Collective, Member, Op, sequelize } from '../models';
+import models, { Collective, Member, Op, sequelize, User } from '../models';
 import Expense from '../models/Expense';
 import { MemberModelInterface } from '../models/Member';
 import MemberInvitation from '../models/MemberInvitation';
@@ -18,6 +18,7 @@ import PaymentMethod from '../models/PaymentMethod';
 
 import logger from './logger';
 import { stripHTML } from './sanitize-html';
+import { containsProtectedBrandName } from './string-utils';
 import { md5 } from './utils';
 
 const { USER } = CollectiveType;
@@ -318,6 +319,16 @@ export function isCollectiveSlugReserved(slug: string): boolean {
   return collectiveSlugReservedList.includes(slug);
 }
 
+export function canUseSlug(slug: string, user: User | null): boolean {
+  if (isCollectiveSlugReserved(slug)) {
+    return false;
+  } else if (user?.isAdminOfAnyPlatformAccount()) {
+    return true;
+  } else {
+    return !containsProtectedBrandName(slug);
+  }
+}
+
 /**
  * Returns true if the event is passed
  */
diff --git a/server/lib/sql-search.ts b/server/lib/sql-search.ts
index 39b24f36a09..40a6829d698 100644
--- a/server/lib/sql-search.ts
+++ b/server/lib/sql-search.ts
@@ -19,6 +19,7 @@ import models, { Op, sequelize } from '../models';
 
 import { floatAmountToCents } from './math';
 import RateLimit, { ONE_HOUR_IN_SECONDS } from './rate-limit';
+import { removeDiacritics } from './string-utils';
 import { runPromiseOrTimeout } from './utils';
 
 // Returned when there's no result for a search
@@ -77,13 +78,6 @@ const trimSearchTerm = term => {
   return term?.trim().replace(/\s+/g, ' ');
 };
 
-/**
- * Example: "crème brulée => "creme brulee"
- */
-const removeDiacritics = str => {
-  return str.normalize('NFD').replace(/[\u0300-\u036f]/g, '');
-};
-
 /**
  * Sanitize a search string to be used in a SQL query
  *
diff --git a/server/lib/string-utils.ts b/server/lib/string-utils.ts
new file mode 100644
index 00000000000..2407aed90d1
--- /dev/null
+++ b/server/lib/string-utils.ts
@@ -0,0 +1,49 @@
+import levenshtein from 'fast-levenshtein';
+
+/**
+ * Example: "crème brulée => "creme brulee"
+ */
+export const removeDiacritics = str => {
+  return str.normalize('NFD').replace(/[\u0300-\u036f]/g, '');
+};
+
+/**
+ * Converts common number substitutions to their letter equivalent, concretely converting
+ * 1773 speak to English.
+ */
+const convertCommonNumberSubstitutions = str => {
+  return str
+    .replace(/[@4]/g, 'a')
+    .replace(/3/g, 'e')
+    .replace(/1/g, 'i')
+    .replace(/0/g, 'o')
+    .replace(/5/g, 's')
+    .replace(/7/g, 't')
+    .replace(/8/g, 'b')
+    .replace(/9/g, 'g');
+};
+
+export const containsProtectedBrandName = (str: string): boolean => {
+  if (!str) {
+    return false;
+  }
+
+  const sanitizedStr = [
+    str => str.toLowerCase(),
+    removeDiacritics, // é => e, ç => c...etc
+    convertCommonNumberSubstitutions, // 0 => o, 1 => i...etc
+    str => str.replace(/[^a-z0-9]/g, ''), // Remove special characters that haven't been replaced by the previous processors
+  ].reduce((acc, processor) => processor(acc), str);
+
+  const protectedBrandNames = ['opencollective', 'ofitech', 'ofico'];
+  return protectedBrandNames.some(brand => {
+    // If the brand is included in the name (e.g. "Super OpenCollective Foundation") return directly
+    if (sanitizedStr.includes(brand)) {
+      return true;
+    }
+
+    // Otherwise, compute the distance between the sanitized name and the brand
+    const distance = levenshtein.get(sanitizedStr, brand);
+    return distance <= 2;
+  });
+};
diff --git a/server/models/User.ts b/server/models/User.ts
index bf4b8f3ba67..9a66c0ff085 100644
--- a/server/models/User.ts
+++ b/server/models/User.ts
@@ -308,6 +308,10 @@ class User extends Model<InferAttributes<User>, InferCreationAttributes<User>> {
     }
   };
 
+  isAdminOfAnyPlatformAccount = function (): boolean {
+    return PlatformConstants.AllPlatformCollectiveIds.some(id => this.hasRole([MemberRoles.ADMIN], id));
+  };
+
   isRoot = function (): boolean {
     return Boolean(this.isAdminOfPlatform() && this.data?.isRoot);
   };
diff --git a/test/cron/monthly/host-settlement.test.js b/test/cron/monthly/host-settlement.test.js
index e0340d1b8f4..faa651d9425 100644
--- a/test/cron/monthly/host-settlement.test.js
+++ b/test/cron/monthly/host-settlement.test.js
@@ -3,7 +3,7 @@ import moment from 'moment';
 import sinon, { useFakeTimers } from 'sinon';
 
 import { run as invoicePlatformFees } from '../../../cron/monthly/host-settlement';
-import PlatformConstants from '../../../server/constants/platform';
+import PlatformConstants, { PLATFORM_MIGRATION_DATE } from '../../../server/constants/platform';
 import { TransactionKind } from '../../../server/constants/transaction-kind';
 import { createRefundTransaction } from '../../../server/lib/payments';
 import { getTaxesSummary } from '../../../server/lib/transactions';
@@ -29,7 +29,7 @@ describe('cron/monthly/host-settlement', () => {
 
   before(async () => {
     await utils.resetTestDB();
-    const user = await fakeUser({ id: 30 }, { id: 20, slug: 'pia' });
+    const user = await fakeUser({ id: PlatformConstants.PlatformUserId }, { slug: 'ofitech-admin' });
     const oc = await fakeHost({
       id: PlatformConstants.PlatformCollectiveId,
       slug: randStr('platform-'),
@@ -367,4 +367,15 @@ describe('cron/monthly/host-settlement', () => {
     const summary = getTaxesSummary(eurHostTransactions);
     expect(summary.VAT.collected).to.eq(210e2); // 21% of 1000€
   });
+
+  it('should add a comment with the platform migration info if running for October 2024', async () => {
+    if (moment.utc().isAfter(PLATFORM_MIGRATION_DATE.clone().add(1, 'month'))) {
+      console.warn('This test can safely be removed after November 2024');
+      return;
+    }
+
+    const comments = await gphHostSettlementExpense.getComments();
+    expect(comments).to.have.length(1);
+    expect(comments[0]).to.have.property('html').that.includes('transition of the Open Collective platform');
+  });
 });
diff --git a/test/server/graphql/v2/mutation/CreateProjectMutation.ts b/test/server/graphql/v2/mutation/CreateProjectMutation.test.ts
similarity index 100%
rename from test/server/graphql/v2/mutation/CreateProjectMutation.ts
rename to test/server/graphql/v2/mutation/CreateProjectMutation.test.ts
diff --git a/test/server/lib/string-utils.test.ts b/test/server/lib/string-utils.test.ts
new file mode 100644
index 00000000000..7198b209bda
--- /dev/null
+++ b/test/server/lib/string-utils.test.ts
@@ -0,0 +1,48 @@
+import { expect } from 'chai';
+
+import { containsProtectedBrandName } from '../../../server/lib/string-utils';
+
+describe('server/lib/string-utils', () => {
+  describe('containsProtectedBrandName', () => {
+    it('detects protected brand names in slugs', () => {
+      expect(containsProtectedBrandName('opencollective')).to.be.true;
+      expect(containsProtectedBrandName('open-collective')).to.be.true;
+      expect(containsProtectedBrandName('open_collective')).to.be.true;
+      expect(containsProtectedBrandName('opencollective1')).to.be.true;
+      expect(containsProtectedBrandName('super-open-collective')).to.be.true;
+    });
+
+    it('detects protected brand names in names', () => {
+      // OC
+      expect(containsProtectedBrandName('opencollective')).to.be.true;
+      expect(containsProtectedBrandName('opencolllective')).to.be.true;
+      expect(containsProtectedBrandName('OpenCollective')).to.be.true;
+      expect(containsProtectedBrandName('open coll ecti ve')).to.be.true;
+      expect(containsProtectedBrandName('0pen Collective')).to.be.true;
+      expect(containsProtectedBrandName('opén collective')).to.be.true;
+
+      // Ofitech
+      expect(containsProtectedBrandName('ofitech')).to.be.true;
+      expect(containsProtectedBrandName('Ofitech')).to.be.true;
+      expect(containsProtectedBrandName('ofi tech')).to.be.true;
+      expect(containsProtectedBrandName('0fi tech')).to.be.true;
+      expect(containsProtectedBrandName('ofí tech')).to.be.true;
+
+      // Ofico
+      expect(containsProtectedBrandName('ofico')).to.be.true;
+      expect(containsProtectedBrandName('Ofico')).to.be.true;
+      expect(containsProtectedBrandName('    0fic02   ')).to.be.true;
+      expect(containsProtectedBrandName('ofi co')).to.be.true;
+      expect(containsProtectedBrandName('0fi co')).to.be.true;
+    });
+
+    it('does not trigger false positives', () => {
+      expect(containsProtectedBrandName('babel')).to.be.false;
+      expect(containsProtectedBrandName('Webpack Collective')).to.be.false;
+      expect(containsProtectedBrandName('open-potatoes')).to.be.false;
+      expect(containsProtectedBrandName('open-family-collective')).to.be.false;
+      expect(containsProtectedBrandName('ofinew')).to.be.false;
+      expect(containsProtectedBrandName('backyourstack')).to.be.false;
+    });
+  });
+});

From 60d0043af5b285e03988e4c8b92ab943cca89df8 Mon Sep 17 00:00:00 2001
From: Leo Kewitz <leo@opencollective.com>
Date: Fri, 8 Nov 2024 11:11:03 -0300
Subject: [PATCH 042/129] Export Hosted Collectives: Fix hostedAccountSummary
 loader performance and add monthly average fields (#10455)

* perf: hostedAccountSummary loader instance

* refact: make spentTotal condition compatible with CurrentCollectiveTransactionStats view

* feat: add receivedTotal and monthly averages to HostedAccountSummary

* chore: update schemas

* refact: calculate monthly averages since collective.approvedAt
---
 server/graphql/loaders/index.js               | 46 +++++++-----
 server/graphql/schemaV2.graphql               | 30 ++++++++
 .../graphql/v2/object/HostedAccountSummary.ts | 72 ++++++++++++++++++-
 server/lib/utils.js                           |  3 +-
 .../server/graphql/loaders/collective.test.ts |  5 +-
 5 files changed, 134 insertions(+), 22 deletions(-)

diff --git a/server/graphql/loaders/index.js b/server/graphql/loaders/index.js
index 18986d7fb00..6ad6cb44080 100644
--- a/server/graphql/loaders/index.js
+++ b/server/graphql/loaders/index.js
@@ -468,45 +468,55 @@ export const loaders = req => {
       return sortResultsSimple(collectiveIds, stats, row => row.CollectiveId);
     }),
     hostedAccountSummary: {
-      buildLoader: ({ dateFrom, dateTo } = {}) =>
-        new DataLoader(async collectiveIds => {
-          const stats = await sequelize.query(
-            `
+      buildLoader: ({ dateFrom, dateTo } = {}) => {
+        const key = `${dateFrom}-${dateTo}`;
+        if (!context.loaders.Collective.stats.hostedAccountSummary[key]) {
+          context.loaders.Collective.stats.hostedAccountSummary[key] = new DataLoader(async collectiveIds => {
+            const stats = await sequelize.query(
+              `
             SELECT
               t."CollectiveId",
               t."hostCurrency",
+              EXTRACT('days' FROM (NOW() - MAX(c."approvedAt"))) as "daysSinceApproved",
               COUNT(t.id) FILTER (WHERE t.kind = 'EXPENSE' AND t.type = 'DEBIT') AS "expenseCount",
+              EXTRACT('days' FROM (NOW() - MIN(t."createdAt") FILTER (WHERE t.kind = 'EXPENSE' AND t.type = 'DEBIT'))) as "daysSinceFirstExpense",
               SUM(ABS(t."amountInHostCurrency")) FILTER (WHERE t.kind = 'EXPENSE' AND t.type = 'DEBIT') AS "expenseTotal",
               MAX(ABS(t."amountInHostCurrency")) FILTER (WHERE t.kind = 'EXPENSE' AND t.type = 'DEBIT') AS "expenseMaxValue",
               COUNT(DISTINCT t."FromCollectiveId") FILTER (WHERE t.kind = 'EXPENSE' AND t.type = 'DEBIT') AS "expenseDistinctPayee",
               COUNT(t.id) FILTER (WHERE t.kind IN ('CONTRIBUTION', 'ADDED_FUNDS') AND t.type = 'CREDIT') AS "contributionCount",
+              EXTRACT('days' FROM (NOW() - MIN(t."createdAt") FILTER (WHERE t.kind IN ('CONTRIBUTION', 'ADDED_FUNDS') AND t.type = 'CREDIT'))) as "daysSinceFirstContribution",
               SUM(t."amountInHostCurrency") FILTER (WHERE t.kind IN ('CONTRIBUTION', 'ADDED_FUNDS') AND t.type = 'CREDIT') AS "contributionTotal",
-              SUM(ABS(t."amountInHostCurrency")) FILTER (WHERE t.kind IN ('HOST_FEE') AND t.type = 'DEBIT') AS "hostFeeTotal",
-              SUM(ABS(t."amountInHostCurrency")) FILTER (WHERE t.kind IN ('CONTRIBUTION', 'EXPENSE') AND t.type = 'DEBIT') AS "spentTotal"
+              SUM(ABS(t."amountInHostCurrency")) FILTER (WHERE t.kind = 'HOST_FEE' AND t.type = 'DEBIT') AS "hostFeeTotal",
+              SUM(ABS(t."amountInHostCurrency")) FILTER (WHERE t.type = 'DEBIT' AND t.kind != 'HOST_FEE' AND t.kind != 'PAYMENT_PROCESSOR_FEE') AS "spentTotal",
+              SUM(ABS(t."amountInHostCurrency")) FILTER (WHERE t.type = 'CREDIT' AND t."kind" NOT IN ('PAYMENT_PROCESSOR_COVER')) AS "receivedTotal"
             FROM
               "Transactions" t
               INNER JOIN "Collectives" c ON t."CollectiveId" = c.id
             WHERE t."CollectiveId" IN (:collectiveIds)
               AND t."deletedAt" IS NULL
-              ${ifStr(dateFrom, 'AND t."createdAt" > :dateFrom')}
+              ${ifStr(dateFrom, 'AND t."createdAt" > :dateFrom', 'AND t."createdAt" > c."approvedAt"')}
               ${ifStr(dateTo, 'AND t."createdAt" <= :dateTo')}
               AND t."HostCollectiveId" = c."HostCollectiveId"
             GROUP BY
               t."CollectiveId", t."hostCurrency"
             `,
-            {
-              replacements: {
-                collectiveIds,
-                dateFrom,
-                dateTo,
+              {
+                replacements: {
+                  collectiveIds,
+                  dateFrom,
+                  dateTo,
+                },
+                type: sequelize.QueryTypes.SELECT,
+                raw: true,
               },
-              type: sequelize.QueryTypes.SELECT,
-              raw: true,
-            },
-          );
+            );
 
-          return sortResultsSimple(collectiveIds, stats, row => row.CollectiveId);
-        }),
+            return sortResultsSimple(collectiveIds, stats, row => row.CollectiveId);
+          });
+        }
+
+        return context.loaders.Collective.stats.hostedAccountSummary[key];
+      },
     },
   };
 
diff --git a/server/graphql/schemaV2.graphql b/server/graphql/schemaV2.graphql
index 64133e915e4..19ae31f1a6b 100644
--- a/server/graphql/schemaV2.graphql
+++ b/server/graphql/schemaV2.graphql
@@ -5494,6 +5494,11 @@ type AccountStats {
     Include transactions from children (Projects and Events)
     """
     includeChildren: Boolean = false
+
+    """
+    Filter by kind
+    """
+    kind: [TransactionKind]
   ): [AmountStats]
 
   """
@@ -5519,6 +5524,11 @@ type AccountStats {
     Include transactions from children (Projects and Events)
     """
     includeChildren: Boolean = false
+
+    """
+    Filter by kind
+    """
+    kind: [TransactionKind]
   ): TimeSeriesAmount!
 }
 
@@ -9590,11 +9600,31 @@ Return a summary of transaction info about a given account within the context of
 """
 type HostedAccountSummary {
   expenseCount: Int
+
+  """
+  Average calculated based on the number of months since the first transaction of this kind within the requested time frame
+  """
+  expenseMonthlyAverageCount: Float
   expenseTotal: Amount
+
+  """
+  Average calculated based on the number of months since the first transaction of this kind within the requested time frame
+  """
+  expenseMonthlyAverageTotal: Amount
   expenseMaxValue: Amount
   expenseDistinctPayee: Int
   contributionCount: Int
+
+  """
+  Average calculated based on the number of months since the first transaction of this kind within the requested time frame
+  """
+  contributionMonthlyAverageCount: Float
   contributionTotal: Amount
+
+  """
+  Average calculated based on the number of months since the first transaction of this kind within the requested time frame
+  """
+  contributionMonthlyAverageTotal: Amount
   hostFeeTotal: Amount
   spentTotal: Amount
 }
diff --git a/server/graphql/v2/object/HostedAccountSummary.ts b/server/graphql/v2/object/HostedAccountSummary.ts
index ce9b84e8e5e..a2c9bb4744f 100644
--- a/server/graphql/v2/object/HostedAccountSummary.ts
+++ b/server/graphql/v2/object/HostedAccountSummary.ts
@@ -1,4 +1,6 @@
-import { GraphQLInt, GraphQLObjectType } from 'graphql';
+import { GraphQLFloat, GraphQLInt, GraphQLObjectType } from 'graphql';
+import { ceil, min, round } from 'lodash';
+import moment from 'moment';
 
 import { GraphQLAmount } from './Amount';
 
@@ -11,10 +13,28 @@ export const HostedAccountSummary = new GraphQLObjectType({
       type: GraphQLInt,
       resolve: ({ summary }) => summary?.expenseCount || 0,
     },
+    expenseMonthlyAverageCount: {
+      type: GraphQLFloat,
+      description:
+        'Average calculated over the number of months the collective was approved or the number of months since dateFrom, whichever is less',
+      resolve: ({ summary, months }) => {
+        const count = summary?.expenseCount || 0;
+        return months > 0 ? round(count / months, 2) : 0;
+      },
+    },
     expenseTotal: {
       type: GraphQLAmount,
       resolve: ({ host, summary }) => ({ value: summary?.expenseTotal || 0, currency: host.currency }),
     },
+    expenseMonthlyAverageTotal: {
+      type: GraphQLAmount,
+      description:
+        'Average calculated over the number of months the collective was approved or the number of months since dateFrom, whichever is less',
+      resolve: ({ host, summary, months }) => {
+        const value = months > 0 && summary?.expenseTotal ? Math.round(summary?.expenseTotal / months || 0) : 0;
+        return { value, currency: host.currency };
+      },
+    },
     expenseMaxValue: {
       type: GraphQLAmount,
       resolve: ({ host, summary }) => ({ value: summary?.expenseMaxValue || 0, currency: host.currency }),
@@ -27,10 +47,29 @@ export const HostedAccountSummary = new GraphQLObjectType({
       type: GraphQLInt,
       resolve: ({ summary }) => summary?.contributionCount || 0,
     },
+    contributionMonthlyAverageCount: {
+      type: GraphQLFloat,
+      description:
+        'Average calculated over the number of months the collective was approved or the number of months since dateFrom, whichever is less',
+      resolve: ({ summary, months }) => {
+        const count = summary?.contributionCount || 0;
+        return months > 0 ? round(count / months, 2) : 0;
+      },
+    },
     contributionTotal: {
       type: GraphQLAmount,
       resolve: ({ host, summary }) => ({ value: summary?.contributionTotal || 0, currency: host.currency }),
     },
+    contributionMonthlyAverageTotal: {
+      type: GraphQLAmount,
+      description:
+        'Average calculated over the number of months the collective was approved or the number of months since dateFrom, whichever is less',
+      resolve: ({ host, summary, months }) => {
+        const value =
+          months > 0 && summary?.contributionTotal ? Math.round(summary?.contributionTotal / months || 0) : 0;
+        return { value, currency: host.currency };
+      },
+    },
     hostFeeTotal: {
       type: GraphQLAmount,
       resolve: ({ host, summary }) => ({ value: summary?.hostFeeTotal || 0, currency: host.currency }),
@@ -39,11 +78,40 @@ export const HostedAccountSummary = new GraphQLObjectType({
       type: GraphQLAmount,
       resolve: ({ host, summary }) => ({ value: summary?.spentTotal || 0, currency: host.currency }),
     },
+    receivedTotal: {
+      type: GraphQLAmount,
+      resolve: ({ host, summary }) => ({ value: summary?.receivedTotal || 0, currency: host.currency }),
+    },
+    spentTotalMonthlyAverage: {
+      type: GraphQLAmount,
+      resolve: ({ host, summary, months }) => {
+        const value = months > 0 && summary?.spentTotal ? Math.round(summary?.spentTotal / months || 0) : 0;
+        return { value, currency: host.currency };
+      },
+    },
+    receivedTotalMonthlyAverage: {
+      type: GraphQLAmount,
+      resolve: ({ host, summary, months }) => {
+        const value = months > 0 && summary?.receivedTotal ? Math.round(summary?.receivedTotal / months || 0) : 0;
+        return { value, currency: host.currency };
+      },
+    },
   }),
 });
 
 export const resolveHostedAccountSummary = async (account, args, req) => {
   const host = await req.loaders.Collective.byId.load(account.HostCollectiveId);
   const summary = await req.loaders.Collective.stats.hostedAccountSummary.buildLoader(args).load(account.id);
-  return { host, summary };
+
+  // Average calculated over the number of months the collective was approved or the number of months since dateFrom, whichever is less
+  const monthsSinceApproved = moment.duration(summary?.daysSinceApproved || 0, 'days').asMonths();
+  let months;
+  if (args.dateFrom) {
+    const monthsSinceDateFrom = moment().diff(moment(args.dateFrom), 'months', true);
+    months = ceil(min([monthsSinceApproved, monthsSinceDateFrom]));
+  } else {
+    months = ceil(moment.duration(summary?.daysSinceApproved || 0, 'days').asMonths());
+  }
+
+  return { host, summary, months };
 };
diff --git a/server/lib/utils.js b/server/lib/utils.js
index b4b25fde3dd..3428b5ce1e2 100644
--- a/server/lib/utils.js
+++ b/server/lib/utils.js
@@ -531,7 +531,8 @@ export const computeDatesAsISOStrings = (startDate, endDate) => {
  * @param {String} string
  * @returns string
  */
-export const ifStr = (condition, expression) => (condition ? expression : '');
+export const ifStr = (condition, trueExpression, falseExpression = undefined) =>
+  condition ? trueExpression : falseExpression || '';
 
 export const redactSensitiveFields = fastRedact({
   serialize: false,
diff --git a/test/server/graphql/loaders/collective.test.ts b/test/server/graphql/loaders/collective.test.ts
index 31eefb7d332..6950991d95d 100644
--- a/test/server/graphql/loaders/collective.test.ts
+++ b/test/server/graphql/loaders/collective.test.ts
@@ -135,7 +135,10 @@ describe('server/graphql/loaders/collective', () => {
 
     before(async () => {
       const host = await fakeActiveHost();
-      collectives = await multiple(fakeCollective, 3, { HostCollectiveId: host.id });
+      collectives = await multiple(fakeCollective, 3, {
+        HostCollectiveId: host.id,
+        approvedAt: moment().utc().subtract(10, 'days').toDate(),
+      });
       await Promise.all(
         collectives.map(async c => {
           await fakeTransaction({

From 58cf61655ffad2b49a6c46df2e38665d81f5cf0f Mon Sep 17 00:00:00 2001
From: Leo Kewitz <leo@opencollective.com>
Date: Mon, 11 Nov 2024 09:15:57 -0300
Subject: [PATCH 043/129] fix: transfers#refund to use version 1.0.0 delivery
 (#10457)

---
 server/paymentProviders/transferwise/index.ts | 33 +++++++++++++------
 server/types/transferwise.ts                  |  2 +-
 2 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/server/paymentProviders/transferwise/index.ts b/server/paymentProviders/transferwise/index.ts
index 4e4c20dbc6f..1325df8bc35 100644
--- a/server/paymentProviders/transferwise/index.ts
+++ b/server/paymentProviders/transferwise/index.ts
@@ -789,29 +789,42 @@ const oauth = {
   },
 };
 
-const APPLICATION_TRIGGERS = ['transfers#state-change', 'transfers#refund'] as const;
-
 async function createWebhooksForHost(): Promise<Webhook[]> {
   const url = `${config.host.api}/webhooks/transferwise`;
   const existingWebhooks = await transferwise.listApplicationWebhooks();
 
+  const requiredHooks = [
+    {
+      trigger_on: 'transfers#state-change',
+      delivery: {
+        version: '2.0.0',
+        url,
+      },
+    },
+    {
+      trigger_on: 'transfers#refund',
+      delivery: {
+        version: '1.0.0',
+        url,
+      },
+    },
+  ] as const;
+
   const webhooks = [];
-  for (const trigger_on of APPLICATION_TRIGGERS) {
-    const existingWebhook = existingWebhooks?.find(w => w.trigger_on === trigger_on && w.delivery.url === url);
+  for (const hook of requiredHooks) {
+    const existingWebhook = existingWebhooks?.find(
+      existingHook => existingHook.trigger_on === hook.trigger_on && existingHook.delivery.url === hook.delivery.url,
+    );
     if (existingWebhook) {
       logger.info(`TransferWise App Webhook already exists for ${url}.`);
       webhooks.push(existingWebhook);
       continue;
     }
 
-    logger.info(`Creating TransferWise App Webhook on ${url} for ${trigger_on} events...`);
+    logger.info(`Creating TransferWise App Webhook on ${hook.delivery.url} for ${hook.trigger_on} events...`);
     const webhook = await transferwise.createApplicationWebhook({
       name: 'Open Collective',
-      trigger_on,
-      delivery: {
-        version: '2.0.0',
-        url,
-      },
+      ...hook,
     });
     webhooks.push(webhook);
   }
diff --git a/server/types/transferwise.ts b/server/types/transferwise.ts
index 9c23420d7db..1580a8ecddd 100644
--- a/server/types/transferwise.ts
+++ b/server/types/transferwise.ts
@@ -416,7 +416,7 @@ export type Webhook = {
   id: string;
   name: string;
   delivery: {
-    version: '2.0.0';
+    version: string;
     url: string;
   };
   trigger_on:

From 1c80321bd953c63c50c77cad092ccb97a37167e5 Mon Sep 17 00:00:00 2001
From: Leo Kewitz <leo@opencollective.com>
Date: Thu, 14 Nov 2024 06:49:19 -0300
Subject: [PATCH 044/129] Export Hosted Collectives: add
 contributionRefundedTotal and refact average resolvers (#10461)

* refact: add contributionRefundedTotal to HostedAccountSummary

* refact: HostedAccountSummary average period as argument

* chore: update schemas
---
 server/graphql/loaders/index.js               |   3 +-
 server/graphql/schemaV2.graphql               |  42 +++--
 server/graphql/v2/enum/AveragePeriod.ts       |  14 ++
 .../graphql/v2/object/HostedAccountSummary.ts | 158 ++++++++++++------
 4 files changed, 147 insertions(+), 70 deletions(-)
 create mode 100644 server/graphql/v2/enum/AveragePeriod.ts

diff --git a/server/graphql/loaders/index.js b/server/graphql/loaders/index.js
index 6ad6cb44080..d4066953dd5 100644
--- a/server/graphql/loaders/index.js
+++ b/server/graphql/loaders/index.js
@@ -479,13 +479,12 @@ export const loaders = req => {
               t."hostCurrency",
               EXTRACT('days' FROM (NOW() - MAX(c."approvedAt"))) as "daysSinceApproved",
               COUNT(t.id) FILTER (WHERE t.kind = 'EXPENSE' AND t.type = 'DEBIT') AS "expenseCount",
-              EXTRACT('days' FROM (NOW() - MIN(t."createdAt") FILTER (WHERE t.kind = 'EXPENSE' AND t.type = 'DEBIT'))) as "daysSinceFirstExpense",
               SUM(ABS(t."amountInHostCurrency")) FILTER (WHERE t.kind = 'EXPENSE' AND t.type = 'DEBIT') AS "expenseTotal",
               MAX(ABS(t."amountInHostCurrency")) FILTER (WHERE t.kind = 'EXPENSE' AND t.type = 'DEBIT') AS "expenseMaxValue",
               COUNT(DISTINCT t."FromCollectiveId") FILTER (WHERE t.kind = 'EXPENSE' AND t.type = 'DEBIT') AS "expenseDistinctPayee",
               COUNT(t.id) FILTER (WHERE t.kind IN ('CONTRIBUTION', 'ADDED_FUNDS') AND t.type = 'CREDIT') AS "contributionCount",
-              EXTRACT('days' FROM (NOW() - MIN(t."createdAt") FILTER (WHERE t.kind IN ('CONTRIBUTION', 'ADDED_FUNDS') AND t.type = 'CREDIT'))) as "daysSinceFirstContribution",
               SUM(t."amountInHostCurrency") FILTER (WHERE t.kind IN ('CONTRIBUTION', 'ADDED_FUNDS') AND t.type = 'CREDIT') AS "contributionTotal",
+              SUM(ABS(t."amountInHostCurrency")) FILTER (WHERE t.kind IN ('CONTRIBUTION', 'ADDED_FUNDS') AND t.type = 'DEBIT' AND t."isRefund" = true) AS "contributionRefundedTotal",
               SUM(ABS(t."amountInHostCurrency")) FILTER (WHERE t.kind = 'HOST_FEE' AND t.type = 'DEBIT') AS "hostFeeTotal",
               SUM(ABS(t."amountInHostCurrency")) FILTER (WHERE t.type = 'DEBIT' AND t.kind != 'HOST_FEE' AND t.kind != 'PAYMENT_PROCESSOR_FEE') AS "spentTotal",
               SUM(ABS(t."amountInHostCurrency")) FILTER (WHERE t.type = 'CREDIT' AND t."kind" NOT IN ('PAYMENT_PROCESSOR_COVER')) AS "receivedTotal"
diff --git a/server/graphql/schemaV2.graphql b/server/graphql/schemaV2.graphql
index 19ae31f1a6b..84233034b94 100644
--- a/server/graphql/schemaV2.graphql
+++ b/server/graphql/schemaV2.graphql
@@ -9600,33 +9600,45 @@ Return a summary of transaction info about a given account within the context of
 """
 type HostedAccountSummary {
   expenseCount: Int
+  expenseTotal: Amount
+  expenseMaxValue: Amount
+  expenseDistinctPayee: Int
+  contributionCount: Int
+  contributionTotal: Amount
+  hostFeeTotal: Amount
+  spentTotal: Amount
+  receivedTotal: Amount
 
   """
-  Average calculated based on the number of months since the first transaction of this kind within the requested time frame
+  Average calculated over the number of months the collective was approved or the number of months since dateFrom, whichever is less
   """
-  expenseMonthlyAverageCount: Float
-  expenseTotal: Amount
+  expenseAverageTotal(period: AveragePeriod = MONTH): Amount
 
   """
-  Average calculated based on the number of months since the first transaction of this kind within the requested time frame
+  Average calculated over the number of months the collective was approved or the number of months since dateFrom, whichever is less
   """
-  expenseMonthlyAverageTotal: Amount
-  expenseMaxValue: Amount
-  expenseDistinctPayee: Int
-  contributionCount: Int
+  expenseAverageCount(period: AveragePeriod = MONTH): Float
 
   """
-  Average calculated based on the number of months since the first transaction of this kind within the requested time frame
+  Average calculated over the number of months the collective was approved or the number of months since dateFrom, whichever is less
   """
-  contributionMonthlyAverageCount: Float
-  contributionTotal: Amount
+  contributionAverageTotal(period: AveragePeriod = MONTH): Amount
 
   """
-  Average calculated based on the number of months since the first transaction of this kind within the requested time frame
+  Average calculated over the number of months/years the collective was approved or the number of months since dateFrom, whichever is less
   """
-  contributionMonthlyAverageTotal: Amount
-  hostFeeTotal: Amount
-  spentTotal: Amount
+  contributionAverageCount(period: AveragePeriod = MONTH): Float
+  spentTotalAverage(period: AveragePeriod = MONTH): Amount
+  receivedTotalAverage(period: AveragePeriod = MONTH): Amount
+  contributionRefundedTotal: Amount
+}
+
+"""
+The period over which the average is calculated
+"""
+enum AveragePeriod {
+  YEAR
+  MONTH
 }
 
 """
diff --git a/server/graphql/v2/enum/AveragePeriod.ts b/server/graphql/v2/enum/AveragePeriod.ts
new file mode 100644
index 00000000000..d14d9dfb5ee
--- /dev/null
+++ b/server/graphql/v2/enum/AveragePeriod.ts
@@ -0,0 +1,14 @@
+import { GraphQLEnumType } from 'graphql';
+
+export const GraphQLAveragePeriod = new GraphQLEnumType({
+  name: 'AveragePeriod',
+  description: 'The period over which the average is calculated',
+  values: {
+    YEAR: {
+      value: 'year',
+    },
+    MONTH: {
+      value: 'month',
+    },
+  },
+});
diff --git a/server/graphql/v2/object/HostedAccountSummary.ts b/server/graphql/v2/object/HostedAccountSummary.ts
index a2c9bb4744f..14b7182411f 100644
--- a/server/graphql/v2/object/HostedAccountSummary.ts
+++ b/server/graphql/v2/object/HostedAccountSummary.ts
@@ -1,7 +1,9 @@
 import { GraphQLFloat, GraphQLInt, GraphQLObjectType } from 'graphql';
-import { ceil, min, round } from 'lodash';
+import { min, round } from 'lodash';
 import moment from 'moment';
 
+import { GraphQLAveragePeriod } from '../enum/AveragePeriod';
+
 import { GraphQLAmount } from './Amount';
 
 export const HostedAccountSummary = new GraphQLObjectType({
@@ -13,28 +15,10 @@ export const HostedAccountSummary = new GraphQLObjectType({
       type: GraphQLInt,
       resolve: ({ summary }) => summary?.expenseCount || 0,
     },
-    expenseMonthlyAverageCount: {
-      type: GraphQLFloat,
-      description:
-        'Average calculated over the number of months the collective was approved or the number of months since dateFrom, whichever is less',
-      resolve: ({ summary, months }) => {
-        const count = summary?.expenseCount || 0;
-        return months > 0 ? round(count / months, 2) : 0;
-      },
-    },
     expenseTotal: {
       type: GraphQLAmount,
       resolve: ({ host, summary }) => ({ value: summary?.expenseTotal || 0, currency: host.currency }),
     },
-    expenseMonthlyAverageTotal: {
-      type: GraphQLAmount,
-      description:
-        'Average calculated over the number of months the collective was approved or the number of months since dateFrom, whichever is less',
-      resolve: ({ host, summary, months }) => {
-        const value = months > 0 && summary?.expenseTotal ? Math.round(summary?.expenseTotal / months || 0) : 0;
-        return { value, currency: host.currency };
-      },
-    },
     expenseMaxValue: {
       type: GraphQLAmount,
       resolve: ({ host, summary }) => ({ value: summary?.expenseMaxValue || 0, currency: host.currency }),
@@ -47,29 +31,10 @@ export const HostedAccountSummary = new GraphQLObjectType({
       type: GraphQLInt,
       resolve: ({ summary }) => summary?.contributionCount || 0,
     },
-    contributionMonthlyAverageCount: {
-      type: GraphQLFloat,
-      description:
-        'Average calculated over the number of months the collective was approved or the number of months since dateFrom, whichever is less',
-      resolve: ({ summary, months }) => {
-        const count = summary?.contributionCount || 0;
-        return months > 0 ? round(count / months, 2) : 0;
-      },
-    },
     contributionTotal: {
       type: GraphQLAmount,
       resolve: ({ host, summary }) => ({ value: summary?.contributionTotal || 0, currency: host.currency }),
     },
-    contributionMonthlyAverageTotal: {
-      type: GraphQLAmount,
-      description:
-        'Average calculated over the number of months the collective was approved or the number of months since dateFrom, whichever is less',
-      resolve: ({ host, summary, months }) => {
-        const value =
-          months > 0 && summary?.contributionTotal ? Math.round(summary?.contributionTotal / months || 0) : 0;
-        return { value, currency: host.currency };
-      },
-    },
     hostFeeTotal: {
       type: GraphQLAmount,
       resolve: ({ host, summary }) => ({ value: summary?.hostFeeTotal || 0, currency: host.currency }),
@@ -82,36 +47,123 @@ export const HostedAccountSummary = new GraphQLObjectType({
       type: GraphQLAmount,
       resolve: ({ host, summary }) => ({ value: summary?.receivedTotal || 0, currency: host.currency }),
     },
-    spentTotalMonthlyAverage: {
+    // Averages
+    expenseAverageTotal: {
+      type: GraphQLAmount,
+      description:
+        'Average calculated over the number of months the collective was approved or the number of months since dateFrom, whichever is less',
+      args: {
+        period: {
+          type: GraphQLAveragePeriod,
+          defaultValue: 'month',
+        },
+      },
+      resolve: ({ host, summary, periods }, args) => {
+        const period = periods[args.period];
+        const value = period > 0 && summary?.expenseTotal ? Math.round(summary?.expenseTotal / period || 0) : 0;
+        return { value, currency: host.currency };
+      },
+    },
+    expenseAverageCount: {
+      type: GraphQLFloat,
+      description:
+        'Average calculated over the number of months the collective was approved or the number of months since dateFrom, whichever is less',
+      args: {
+        period: {
+          type: GraphQLAveragePeriod,
+          defaultValue: 'month',
+        },
+      },
+      resolve: ({ summary, periods }, args) => {
+        const period = periods[args.period];
+        const count = summary?.expenseCount || 0;
+        return period > 0 ? round(count / period, 2) : 0;
+      },
+    },
+    contributionAverageTotal: {
+      type: GraphQLAmount,
+      description:
+        'Average calculated over the number of months the collective was approved or the number of months since dateFrom, whichever is less',
+      args: {
+        period: {
+          type: GraphQLAveragePeriod,
+          defaultValue: 'month',
+        },
+      },
+      resolve: ({ host, summary, periods }, args) => {
+        const period = periods[args.period];
+        const value =
+          period > 0 && summary?.contributionTotal ? Math.round(summary?.contributionTotal / period || 0) : 0;
+        return { value, currency: host.currency };
+      },
+    },
+    contributionAverageCount: {
+      type: GraphQLFloat,
+      description:
+        'Average calculated over the number of months/years the collective was approved or the number of months since dateFrom, whichever is less',
+      args: {
+        period: {
+          type: GraphQLAveragePeriod,
+          defaultValue: 'month',
+        },
+      },
+      resolve: ({ summary, periods }, args) => {
+        const period = periods[args.period];
+        const count = summary?.contributionCount || 0;
+        return period > 0 ? round(count / period, 2) : 0;
+      },
+    },
+    spentTotalAverage: {
       type: GraphQLAmount,
-      resolve: ({ host, summary, months }) => {
-        const value = months > 0 && summary?.spentTotal ? Math.round(summary?.spentTotal / months || 0) : 0;
+      args: {
+        period: {
+          type: GraphQLAveragePeriod,
+          defaultValue: 'month',
+        },
+      },
+      resolve: ({ host, summary, periods }, args) => {
+        const period = periods[args.period];
+        const value = period > 0 && summary?.spentTotal ? Math.round(summary?.spentTotal / period || 0) : 0;
         return { value, currency: host.currency };
       },
     },
-    receivedTotalMonthlyAverage: {
+    receivedTotalAverage: {
       type: GraphQLAmount,
-      resolve: ({ host, summary, months }) => {
-        const value = months > 0 && summary?.receivedTotal ? Math.round(summary?.receivedTotal / months || 0) : 0;
+      args: {
+        period: {
+          type: GraphQLAveragePeriod,
+          defaultValue: 'month',
+        },
+      },
+      resolve: ({ host, summary, periods }, args) => {
+        const period = periods[args.period];
+        const value = period > 0 && summary?.receivedTotal ? Math.round(summary?.receivedTotal / period || 0) : 0;
         return { value, currency: host.currency };
       },
     },
+    contributionRefundedTotal: {
+      type: GraphQLAmount,
+      resolve: ({ host, summary }) => ({ value: summary?.contributionRefundedTotal || 0, currency: host.currency }),
+    },
   }),
 });
 
+// It is OK to consider 1.4 months when calculating an average but it is misleading to consider 0.4 months.
+const roundAveragePeriod = value => (value < 1 ? 1 : round(value, 1));
+
 export const resolveHostedAccountSummary = async (account, args, req) => {
   const host = await req.loaders.Collective.byId.load(account.HostCollectiveId);
   const summary = await req.loaders.Collective.stats.hostedAccountSummary.buildLoader(args).load(account.id);
 
-  // Average calculated over the number of months the collective was approved or the number of months since dateFrom, whichever is less
-  const monthsSinceApproved = moment.duration(summary?.daysSinceApproved || 0, 'days').asMonths();
-  let months;
+  // Periods are based on the time the collective is hosted (approved) or the number of months since dateFrom, whichever is less
+  const daysSinceApproved = moment.duration(summary?.daysSinceApproved || 0, 'days');
+  const monthsSinceApproved = daysSinceApproved.asMonths();
+  const yearsSinceApproved = daysSinceApproved.asYears();
+  let month = roundAveragePeriod(monthsSinceApproved);
+  let year = roundAveragePeriod(yearsSinceApproved);
   if (args.dateFrom) {
-    const monthsSinceDateFrom = moment().diff(moment(args.dateFrom), 'months', true);
-    months = ceil(min([monthsSinceApproved, monthsSinceDateFrom]));
-  } else {
-    months = ceil(moment.duration(summary?.daysSinceApproved || 0, 'days').asMonths());
+    month = roundAveragePeriod(min([monthsSinceApproved, moment().diff(moment(args.dateFrom), 'months', true)]));
+    year = roundAveragePeriod(min([yearsSinceApproved, moment().diff(moment(args.dateFrom), 'years', true)]));
   }
-
-  return { host, summary, months };
+  return { host, summary, periods: { month, year } };
 };

From f2f814570d48c1ee339d7bbc8f4381d98b9ed456 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Thu, 14 Nov 2024 13:08:20 +0100
Subject: [PATCH 045/129] test: Add 4* to E2e workflow (#10462)

---
 .github/workflows/e2e.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index cf3c456742a..1d5531124c7 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -39,7 +39,7 @@ jobs:
 
     strategy:
       matrix:
-        files: ['0*.js', '1*.js', '2*.js', '3*.js']
+        files: ['0*.js', '1*.js', '2*.js', '3*.js', '4*.js']
 
     services:
       redis:

From b1c521648a9bb756d7cea0dd1c1c50a56cfa92ce Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Fri, 15 Nov 2024 11:18:25 +0100
Subject: [PATCH 046/129] enhancement(settlement): include platform user in
 expense activity (#10460)

---
 cron/monthly/host-settlement.ts | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/cron/monthly/host-settlement.ts b/cron/monthly/host-settlement.ts
index a70b1b9dbe7..3f20b942361 100644
--- a/cron/monthly/host-settlement.ts
+++ b/cron/monthly/host-settlement.ts
@@ -264,11 +264,12 @@ export async function run(baseDate: Date | moment.Moment = defaultDate): Promise
 
       // Mark transactions as invoiced
       await models.TransactionSettlement.markTransactionsAsInvoiced(transactions, expense.id);
-      await expense.createActivity(activityType.COLLECTIVE_EXPENSE_CREATED);
+
+      const platformUser = await models.User.findByPk(PlatformConstants.PlatformUserId);
+      await expense.createActivity(activityType.COLLECTIVE_EXPENSE_CREATED, platformUser);
 
       // If running for the month of `PLATFORM_MIGRATION_DATE`, add a comment to explain why we're using a different profile
       if (momentDate.isSame(PLATFORM_MIGRATION_DATE, 'month') && momentDate.isSame(PLATFORM_MIGRATION_DATE, 'year')) {
-        const platformUser = await models.User.findByPk(PlatformConstants.PlatformUserId);
         await models.Comment.create({
           CreatedByUserId: platformUser.id,
           FromCollectiveId: platformUser.CollectiveId,

From 66e071bcdee19838f0cfbaf66b278e6b5a503bb0 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Fri, 15 Nov 2024 11:18:39 +0100
Subject: [PATCH 047/129] feat(CreateProject): add suport for social links
 (#10459)

---
 server/graphql/schemaV2.graphql                 | 17 +++++++++++------
 server/graphql/v1/mutations/collectives.js      |  8 +++-----
 .../graphql/v2/input/OrganizationCreateInput.js |  2 +-
 server/graphql/v2/input/ProjectCreateInput.js   |  6 ++++++
 .../v2/mutation/CreateProjectMutation.js        | 13 ++++++++++---
 server/models/Collective.ts                     | 17 +++++++++--------
 .../v2/mutation/CreateProjectMutation.test.ts   | 17 +++++++++++++++++
 7 files changed, 57 insertions(+), 23 deletions(-)

diff --git a/server/graphql/schemaV2.graphql b/server/graphql/schemaV2.graphql
index 84233034b94..a1e26cb2418 100644
--- a/server/graphql/schemaV2.graphql
+++ b/server/graphql/schemaV2.graphql
@@ -20862,7 +20862,7 @@ input OrganizationCreateInput {
   legalName: String
   slug: String!
   description: String!
-  website: String
+  website: String @deprecated(reason: "2024-11-12: Please use socialLinks")
   settings: JSON
 }
 
@@ -20872,6 +20872,16 @@ input ProjectCreateInput {
   description: String!
   tags: [String]
   settings: JSON
+
+  """
+  The social links in order of preference
+  """
+  socialLinks: [SocialLinkInput!]
+}
+
+input SocialLinkInput {
+  type: SocialLinkType!
+  url: URL!
 }
 
 """
@@ -22849,11 +22859,6 @@ input PersonalTokenReferenceInput {
   legacyId: Int
 }
 
-input SocialLinkInput {
-  type: SocialLinkType!
-  url: URL!
-}
-
 type TagResponse {
   order: Order
   expense: Expense
diff --git a/server/graphql/v1/mutations/collectives.js b/server/graphql/v1/mutations/collectives.js
index 88467822dc6..29ad979631a 100644
--- a/server/graphql/v1/mutations/collectives.js
+++ b/server/graphql/v1/mutations/collectives.js
@@ -1,6 +1,6 @@
 import config from 'config';
 import slugify from 'limax';
-import { cloneDeep, get, isEqual, isNil, isUndefined, omit, pick, truncate, uniqWith } from 'lodash';
+import { cloneDeep, get, isEqual, isNil, isUndefined, omit, pick, truncate } from 'lodash';
 import { Op, QueryTypes } from 'sequelize';
 import { v4 as uuid } from 'uuid';
 
@@ -436,10 +436,8 @@ export function editCollective(_, args, req) {
         return collective.update(omit(newCollectiveData, ['HostCollectiveId', 'hostFeePercent', 'currency']));
       })
       .then(async () => {
-        const isSlEqual = (aSl, bSl) => aSl.type === bSl.type && aSl.url === bSl.url;
-
         if (args.collective.socialLinks) {
-          return collective.updateSocialLinks(uniqWith(args.collective.socialLinks, isSlEqual));
+          return collective.updateSocialLinks(args.collective.socialLinks);
         } else if (
           args.collective.website ||
           args.collective.repositoryUrl ||
@@ -481,7 +479,7 @@ export function editCollective(_, args, req) {
             });
           }
 
-          return collective.updateSocialLinks(uniqWith(socialLinks, isSlEqual));
+          return collective.updateSocialLinks(socialLinks);
         }
       })
       .then(async () => {
diff --git a/server/graphql/v2/input/OrganizationCreateInput.js b/server/graphql/v2/input/OrganizationCreateInput.js
index b3ce0a3978f..6da3f00fa7d 100644
--- a/server/graphql/v2/input/OrganizationCreateInput.js
+++ b/server/graphql/v2/input/OrganizationCreateInput.js
@@ -8,7 +8,7 @@ export const GraphQLOrganizationCreateInput = new GraphQLInputObjectType({
     legalName: { type: GraphQLString },
     slug: { type: new GraphQLNonNull(GraphQLString) },
     description: { type: new GraphQLNonNull(GraphQLString) },
-    website: { type: GraphQLString },
+    website: { type: GraphQLString, deprecationReason: '2024-11-12: Please use socialLinks' },
     settings: { type: GraphQLJSON },
   }),
 });
diff --git a/server/graphql/v2/input/ProjectCreateInput.js b/server/graphql/v2/input/ProjectCreateInput.js
index b48e70968e2..2122d7b0277 100644
--- a/server/graphql/v2/input/ProjectCreateInput.js
+++ b/server/graphql/v2/input/ProjectCreateInput.js
@@ -1,6 +1,8 @@
 import { GraphQLInputObjectType, GraphQLList, GraphQLNonNull, GraphQLString } from 'graphql';
 import { GraphQLJSON } from 'graphql-scalars';
 
+import { GraphQLSocialLinkInput } from './SocialLinkInput';
+
 export const GraphQLProjectCreateInput = new GraphQLInputObjectType({
   name: 'ProjectCreateInput',
   fields: () => ({
@@ -9,5 +11,9 @@ export const GraphQLProjectCreateInput = new GraphQLInputObjectType({
     description: { type: new GraphQLNonNull(GraphQLString) },
     tags: { type: new GraphQLList(GraphQLString) },
     settings: { type: GraphQLJSON },
+    socialLinks: {
+      type: new GraphQLList(new GraphQLNonNull(GraphQLSocialLinkInput)),
+      description: 'The social links in order of preference',
+    },
   }),
 });
diff --git a/server/graphql/v2/mutation/CreateProjectMutation.js b/server/graphql/v2/mutation/CreateProjectMutation.js
index 0e7eb538cce..d2504adf682 100644
--- a/server/graphql/v2/mutation/CreateProjectMutation.js
+++ b/server/graphql/v2/mutation/CreateProjectMutation.js
@@ -3,7 +3,7 @@ import { pick } from 'lodash';
 
 import roles from '../../../constants/roles';
 import { canUseSlug } from '../../../lib/collectivelib';
-import models from '../../../models';
+import models, { sequelize } from '../../../models';
 import { checkRemoteUserCanUseAccount } from '../../common/scope-check';
 import { Forbidden, NotFound } from '../../errors';
 import { fetchAccountWithReference, GraphQLAccountReferenceInput } from '../input/AccountReferenceInput';
@@ -43,7 +43,7 @@ async function createProject(_, args, req) {
   const projectData = {
     type: 'PROJECT',
     slug: args.project.slug.toLowerCase(),
-    ...pick(args.project, ['name', 'description', 'tags', 'website']),
+    ...pick(args.project, ['name', 'description', 'tags']),
     ...pick(parent, ['currency', 'isActive', 'platformFeePercent', 'hostFeePercent', 'data.useCustomHostFee']),
     approvedAt: parent.isActive ? new Date() : null,
     ParentCollectiveId: parent.id,
@@ -59,7 +59,14 @@ async function createProject(_, args, req) {
     throw new Error(`The slug '${projectData.slug}' is already taken. Please use another slug for your Project.`);
   }
 
-  const project = await models.Collective.create(projectData);
+  const project = await sequelize.transaction(async dbTransaction => {
+    const project = await models.Collective.create(projectData, { transaction: dbTransaction });
+    if (args.project.socialLinks) {
+      await project.updateSocialLinks(args.project.socialLinks, dbTransaction);
+    }
+
+    return project;
+  });
 
   if (parent.HostCollectiveId) {
     const host = await req.loaders.Collective.byId.load(parent.HostCollectiveId);
diff --git a/server/models/Collective.ts b/server/models/Collective.ts
index a16ed82aa8c..6dfc685ac12 100644
--- a/server/models/Collective.ts
+++ b/server/models/Collective.ts
@@ -25,6 +25,7 @@ import {
   sum,
   sumBy,
   trim,
+  uniqWith,
   unset,
 } from 'lodash';
 import moment from 'moment';
@@ -632,21 +633,19 @@ class Collective extends Model<
     return nextGoal;
   };
 
-  updateSocialLinks = async function (socialLinks) {
+  updateSocialLinks = async function (socialLinksInput, dbTransaction = null) {
+    const areSocialLinkEqual = (aSl, bSl) => aSl.type === bSl.type && aSl.url === bSl.url;
+    const socialLinks = uniqWith(socialLinksInput, areSocialLinkEqual);
     if (socialLinks.length > 10) {
       throw new Error('account cannot set more than 10 social links');
     }
 
     if (socialLinks.length === 0) {
-      await SocialLink.destroy({
-        where: {
-          CollectiveId: this.id,
-        },
-      });
+      await SocialLink.destroy({ where: { CollectiveId: this.id }, transaction: dbTransaction });
       return [];
     }
 
-    return await sequelize.transaction(async transaction => {
+    const runInTransaction = async transaction => {
       const existingLinks = await SocialLink.findAll({
         where: {
           CollectiveId: this.id,
@@ -729,7 +728,9 @@ class Collective extends Model<
       );
 
       return updatedSocialLinks;
-    });
+    };
+
+    return dbTransaction ? runInTransaction(dbTransaction) : sequelize.transaction(runInTransaction);
   };
 
   getParentCollective = async function ({ attributes = null, loaders = null } = {}) {
diff --git a/test/server/graphql/v2/mutation/CreateProjectMutation.test.ts b/test/server/graphql/v2/mutation/CreateProjectMutation.test.ts
index ac070aa6a40..7b6a1438cc3 100644
--- a/test/server/graphql/v2/mutation/CreateProjectMutation.test.ts
+++ b/test/server/graphql/v2/mutation/CreateProjectMutation.test.ts
@@ -12,6 +12,10 @@ const createProjectMutation = gql`
       slug
       hostFeePercent
       hostFeesStructure
+      socialLinks {
+        type
+        url
+      }
     }
   }
 `;
@@ -78,4 +82,17 @@ describe('server/graphql/v2/mutation/CreateProjectMutation', () => {
     expect(project.hostFeePercent).to.equal(7.77);
     expect(project.hostFeesStructure).to.equal('CUSTOM_FEE');
   });
+
+  it('can set social links', async () => {
+    const adminUser = await fakeUser();
+    const parentCollective = await fakeCollective({ admin: adminUser });
+    const parent = { legacyId: parentCollective.id };
+    const socialLinks = [{ type: 'WEBSITE', url: 'https://example.com/' }];
+    const mutationArgs = { parent, project: { ...VALID_PROJECT_ATTRIBUTES, slug: randStr(), socialLinks } };
+    const result = await utils.graphqlQueryV2(createProjectMutation, mutationArgs, adminUser);
+    result.errors && console.error(result.errors);
+    expect(result.errors).to.not.exist;
+    const project = result.data.createProject;
+    expect(project.socialLinks).to.deep.equal(socialLinks);
+  });
 });

From 26f94c20dfbbccf477847c9208b4e48e3d4ed0c4 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Fri, 15 Nov 2024 11:57:20 +0100
Subject: [PATCH 048/129] fix(Collective): record remote user in delete
 activity (#10458)

---
 server/graphql/v1/mutations/collectives.js     | 2 +-
 server/graphql/v2/mutation/AccountMutations.ts | 2 +-
 server/lib/collectivelib.ts                    | 3 ++-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/server/graphql/v1/mutations/collectives.js b/server/graphql/v1/mutations/collectives.js
index 29ad979631a..325e0f132ea 100644
--- a/server/graphql/v1/mutations/collectives.js
+++ b/server/graphql/v1/mutations/collectives.js
@@ -673,7 +673,7 @@ export async function deleteCollective(_, args, req) {
 
   await twoFactorAuthLib.enforceForAccount(req, collective, { alwaysAskForToken: true });
 
-  return collectivelib.deleteCollective(collective);
+  return collectivelib.deleteCollective(collective, req.remoteUser);
 }
 
 export async function activateCollectiveAsHost(_, args, req) {
diff --git a/server/graphql/v2/mutation/AccountMutations.ts b/server/graphql/v2/mutation/AccountMutations.ts
index 58b6a561571..c68f28ae1ae 100644
--- a/server/graphql/v2/mutation/AccountMutations.ts
+++ b/server/graphql/v2/mutation/AccountMutations.ts
@@ -764,7 +764,7 @@ const accountMutations = {
         );
       }
 
-      return collectivelib.deleteCollective(account);
+      return collectivelib.deleteCollective(account, req.remoteUser);
     },
   },
   sendMessage: {
diff --git a/server/lib/collectivelib.ts b/server/lib/collectivelib.ts
index 3d4113d3e6a..b4b5d8c4c06 100644
--- a/server/lib/collectivelib.ts
+++ b/server/lib/collectivelib.ts
@@ -425,7 +425,7 @@ export async function isCollectiveDeletable(collective) {
   return !hasUndeletableData;
 }
 
-export async function deleteCollective(collective) {
+export async function deleteCollective(collective: Collective, remoteUser: User) {
   let user;
   if (collective.type === USER) {
     user = await models.User.findOne({ where: { CollectiveId: collective.id } });
@@ -497,6 +497,7 @@ export async function deleteCollective(collective) {
     FromCollectiveId: collective.id,
     HostCollectiveId: collective.approvedAt ? collective.HostCollectiveId : null,
     data: collective.info,
+    UserId: remoteUser.id,
   });
 
   return collective;

From c2132d77bb442d8823d73561033a2175e88c8af3 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Fri, 15 Nov 2024 13:58:43 +0100
Subject: [PATCH 049/129] fix: enforce minimum amount presets in Tiers table
 (#10439)

---
 checks/model/index.js |  2 ++
 checks/model/tiers.ts | 43 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 checks/model/tiers.ts

diff --git a/checks/model/index.js b/checks/model/index.js
index c777574ecec..217121fbfb1 100644
--- a/checks/model/index.js
+++ b/checks/model/index.js
@@ -11,6 +11,7 @@ import { checkIndependentCollectives } from './independent-collectives';
 import { checkMembers } from './members';
 import { checkOrders } from './orders';
 import { checkPaymentMethods } from './payment-methods';
+import { checkTiers } from './tiers';
 import { checkTransactions } from './transactions';
 import { checkUsers } from './users';
 import { checkVirtualCards } from './virtual-cards';
@@ -23,6 +24,7 @@ const allModelChecks = [
   checkMembers,
   checkOrders,
   checkPaymentMethods,
+  checkTiers,
   checkTransactions,
   checkUsers,
   checkVirtualCards,
diff --git a/checks/model/tiers.ts b/checks/model/tiers.ts
new file mode 100644
index 00000000000..c4b5dc6df75
--- /dev/null
+++ b/checks/model/tiers.ts
@@ -0,0 +1,43 @@
+import '../../server/env';
+
+import { sequelize } from '../../server/models';
+
+import { runCheckThenExit } from './_utils';
+
+async function checkTiersMinimumAmountWithPresets({ fix = false } = {}) {
+  const message = 'Tiers presets cannot be lower than the minimum amount';
+  const results = await sequelize.query(
+    `
+    SELECT COUNT(*) AS count
+    FROM "Tiers"
+    WHERE presets IS NOT NULL
+    AND ARRAY_LENGTH(presets, 1) > 0
+    AND "minimumAmount" > (SELECT MIN(val) FROM UNNEST(presets) val)  
+  `,
+    { type: sequelize.QueryTypes.SELECT, raw: true },
+  );
+
+  if (results[0].count > 0) {
+    if (!fix) {
+      throw new Error(`${message} (${results[0].count} found)`);
+    }
+
+    await sequelize.query(`
+      UPDATE "Tiers"
+      SET
+        "minimumAmount" = (SELECT MIN(val) FROM UNNEST(presets) val),
+        "data" = JSONB_SET(COALESCE("data", '{}'), '{minimumAmountBeforeCheckFix}', "minimumAmount"::TEXT::JSONB)
+      WHERE presets IS NOT NULL
+      AND ARRAY_LENGTH(presets, 1) > 0
+      AND "minimumAmount" > (SELECT MIN(val) FROM UNNEST(presets) val)
+    `);
+  }
+}
+
+export async function checkTiers({ fix = false } = {}) {
+  await checkTiersMinimumAmountWithPresets({ fix });
+}
+
+if (!module.parent) {
+  runCheckThenExit(checkTiers);
+}

From 3750ffba46e0ff55ad9c794f544c8fadfeceb448 Mon Sep 17 00:00:00 2001
From: Leo Kewitz <leo@opencollective.com>
Date: Mon, 18 Nov 2024 05:22:05 -0300
Subject: [PATCH 050/129] fix: remove USD from Wise OTT flag (#10469)

---
 server/paymentProviders/transferwise/index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/paymentProviders/transferwise/index.ts b/server/paymentProviders/transferwise/index.ts
index 1325df8bc35..a830dc7f961 100644
--- a/server/paymentProviders/transferwise/index.ts
+++ b/server/paymentProviders/transferwise/index.ts
@@ -765,7 +765,7 @@ const oauth = {
       if (
         (collective.countryISO &&
           (isMemberOfTheEuropeanUnion(collective.countryISO) || ['AU', 'GB'].includes(collective.countryISO))) ||
-        ['AUD', 'DKK', 'EUR', 'GBP', 'SEK', 'USD'].includes(collective.currency) ||
+        ['AUD', 'DKK', 'EUR', 'GBP', 'SEK'].includes(collective.currency) ||
         config.env === 'development'
       ) {
         const settings = collective.settings ? cloneDeep(collective.settings) : {};

From cac5acc1a395e0603a30949c1cf435f3c1b8469d Mon Sep 17 00:00:00 2001
From: Leo Kewitz <leo@opencollective.com>
Date: Mon, 18 Nov 2024 19:53:11 -0300
Subject: [PATCH 051/129] Add env variable to disable timeline resolver
 (#10471)

* refact: add env variable to disable timeline resolver

* refact: return null instead of an empty array
---
 config/custom-environment-variables.json | 3 ++-
 config/default.json                      | 3 ++-
 server/lib/timeline.ts                   | 7 +++++++
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/config/custom-environment-variables.json b/config/custom-environment-variables.json
index 447fe0b320b..cc072a757ff 100644
--- a/config/custom-environment-variables.json
+++ b/config/custom-environment-variables.json
@@ -220,7 +220,8 @@
     "orderedTransactions": "LEDGER_ORDERED_TRANSACTIONS"
   },
   "timeline": {
-    "daysCached": "TIMELINE_DAYS_CACHED"
+    "daysCached": "TIMELINE_DAYS_CACHED",
+    "disabled": "TIMELINE_DISABLED"
   },
   "activities": {
     "skipTransactions": "SKIP_TRANSACTION_ACTIVITIES",
diff --git a/config/default.json b/config/default.json
index 3295e0cd1a0..e941e8200f7 100644
--- a/config/default.json
+++ b/config/default.json
@@ -217,7 +217,8 @@
     "orderedTransactions": false
   },
   "timeline": {
-    "daysCached": 7
+    "daysCached": 7,
+    "disabled": false
   },
   "twoFactorAuthentication": {
     "enabled": true
diff --git a/server/lib/timeline.ts b/server/lib/timeline.ts
index d90b358fb4c..c310a4ff332 100644
--- a/server/lib/timeline.ts
+++ b/server/lib/timeline.ts
@@ -12,6 +12,7 @@ import { MemberModelInterface } from '../models/Member';
 
 import cache from './cache';
 import { utils } from './statsd';
+import { parseToBoolean } from './utils';
 
 const debug = debugLib('timeline');
 
@@ -242,11 +243,17 @@ export const getCollectiveFeed = async ({
   limit: number;
   classes: ActivityClasses[];
 }) => {
+  const isDisabled = parseToBoolean(config.timeline.disabled);
+  if (isDisabled) {
+    return null;
+  }
+
   const redis = await createRedisClient(RedisInstanceType.TIMELINE);
   // If we don't have a redis client, we can't cache the timeline using sorted sets
   if (!redis) {
     debug('Redis is not configured, skipping cached timeline');
     const stopWatch = utils.stopwatch('timeline.readPage.noCache');
+
     const where = await makeTimelineQuery(collective, classes);
     if (dateTo) {
       where['createdAt'] = { [Op.lt]: dateTo };

From a50c7b877c66d745623844a5dfaee5355dbafd5e Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Tue, 19 Nov 2024 00:09:15 +0100
Subject: [PATCH 052/129] debt: Delete 'collective.transaction.created'
 activities (#10464)

---
 ...0522-delete-transactions-created-activities.js | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 migrations/20241115090522-delete-transactions-created-activities.js

diff --git a/migrations/20241115090522-delete-transactions-created-activities.js b/migrations/20241115090522-delete-transactions-created-activities.js
new file mode 100644
index 00000000000..afcd83f19f2
--- /dev/null
+++ b/migrations/20241115090522-delete-transactions-created-activities.js
@@ -0,0 +1,15 @@
+'use strict';
+
+/** @type {import('sequelize-cli').Migration} */
+module.exports = {
+  async up(queryInterface) {
+    await queryInterface.sequelize.query(`
+      DELETE FROM "Activities"
+      WHERE "type" = 'collective.transaction.created'
+    `);
+  },
+
+  async down() {
+    console.log('This migration is irreversible, but a backup has been made.');
+  },
+};

From 34699e09bd5511ca8f545b6b7a6053ac213f5772 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 19 Nov 2024 09:37:05 +0100
Subject: [PATCH 053/129] fix(deps): update dependency @elastic/elasticsearch
 to v8.16.1 (#10467)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 282 +++++++++++++++++++++++++++++++++++++++++++---
 package.json      |   2 +-
 2 files changed, 270 insertions(+), 14 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 3a7ef8be94e..bfb64605610 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -14,7 +14,7 @@
         "@babel/node": "7.26.0",
         "@babel/plugin-transform-typescript": "7.25.9",
         "@babel/preset-env": "7.26.0",
-        "@elastic/elasticsearch": "8.15.1",
+        "@elastic/elasticsearch": "8.16.1",
         "@escape.tech/graphql-armor": "3.1.1",
         "@hyperwatch/hyperwatch": "4.0.0",
         "@json2csv/plainjs": "^7.0.6",
@@ -3814,12 +3814,13 @@
       }
     },
     "node_modules/@elastic/elasticsearch": {
-      "version": "8.15.1",
-      "resolved": "https://registry.npmjs.org/@elastic/elasticsearch/-/elasticsearch-8.15.1.tgz",
-      "integrity": "sha512-L3YzSaxrasMMGtcxnktiUDjS5f177L0zpHsBH+jL0LgPhdMk9xN/VKrAaYzvri86IlV5IbveA0ANV6o/BDUmhQ==",
+      "version": "8.16.1",
+      "resolved": "https://registry.npmjs.org/@elastic/elasticsearch/-/elasticsearch-8.16.1.tgz",
+      "integrity": "sha512-ddBaY9ITag4egeYNY+uGWi7QZSX2x+SWTEum1bvfspbEU/G5Q3g6sdlBAkg29NWIpINH6FEnaanGeO7XjNvSHQ==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@elastic/transport": "^8.8.1",
+        "@elastic/transport": "^8.9.1",
+        "apache-arrow": "^18.0.0",
         "tslib": "^2.4.0"
       },
       "engines": {
@@ -3827,9 +3828,9 @@
       }
     },
     "node_modules/@elastic/transport": {
-      "version": "8.8.1",
-      "resolved": "https://registry.npmjs.org/@elastic/transport/-/transport-8.8.1.tgz",
-      "integrity": "sha512-4RQIiChwNIx3B0O+2JdmTq/Qobj6+1g2RQnSv1gt4V2SVfAYjGwOKu0ZMKEHQOXYNG6+j/Chero2G9k3/wXLEw==",
+      "version": "8.9.1",
+      "resolved": "https://registry.npmjs.org/@elastic/transport/-/transport-8.9.1.tgz",
+      "integrity": "sha512-jasKNQeOb1vNf9aEYg+8zXmetaFjApDTSCC4QTl6aTixvyiRiSLcCiB8P6Q0lY9JIII/BhqNl8WbpFnsKitntw==",
       "license": "Apache-2.0",
       "dependencies": {
         "@opentelemetry/api": "1.x",
@@ -8880,6 +8881,15 @@
         "@types/passport-oauth2": ">=1.4"
       }
     },
+    "node_modules/@swc/helpers": {
+      "version": "0.5.15",
+      "resolved": "https://registry.npmjs.org/@swc/helpers/-/helpers-0.5.15.tgz",
+      "integrity": "sha512-JQ5TuMi45Owi4/BIMAJBoSQoOJu12oOk/gADqlcUL9JEdHB8vyjUSsxqeNXnmXHjYKMi2WcYtezGEEhqUI/E2g==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "tslib": "^2.8.0"
+      }
+    },
     "node_modules/@types/accepts": {
       "version": "1.3.7",
       "resolved": "https://registry.npmjs.org/@types/accepts/-/accepts-1.3.7.tgz",
@@ -8927,6 +8937,18 @@
         "@types/node": "*"
       }
     },
+    "node_modules/@types/command-line-args": {
+      "version": "5.2.3",
+      "resolved": "https://registry.npmjs.org/@types/command-line-args/-/command-line-args-5.2.3.tgz",
+      "integrity": "sha512-uv0aG6R0Y8WHZLTamZwtfsDLVRnOa+n+n5rEvFWL5Na5gZ8V2Teab/duDPFzIIIhs9qizDpcavCusCLJZu62Kw==",
+      "license": "MIT"
+    },
+    "node_modules/@types/command-line-usage": {
+      "version": "5.0.4",
+      "resolved": "https://registry.npmjs.org/@types/command-line-usage/-/command-line-usage-5.0.4.tgz",
+      "integrity": "sha512-BwR5KP3Es/CSht0xqBcUXS3qCAUVXwpRKsV2+arxeb65atasuXG9LykC9Ab10Cw3s2raH92ZqOeILaQbsB2ACg==",
+      "license": "MIT"
+    },
     "node_modules/@types/connect": {
       "version": "3.4.36",
       "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.36.tgz",
@@ -9106,11 +9128,12 @@
       }
     },
     "node_modules/@types/node": {
-      "version": "20.11.2",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.11.2.tgz",
-      "integrity": "sha512-cZShBaVa+UO1LjWWBPmWRR4+/eY/JR/UIEcDlVsw3okjWEu+rB7/mH6X3B/L+qJVHDLjk9QW/y2upp9wp1yDXA==",
+      "version": "20.17.6",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.17.6.tgz",
+      "integrity": "sha512-VEI7OdvK2wP7XHnsuXbAJnEpEkF6NjSN45QJlL4VGqZSXsnicpesdTWsg9RISeSdYd3yeRj/y3k5KGjUXYnFwQ==",
+      "license": "MIT",
       "dependencies": {
-        "undici-types": "~5.26.4"
+        "undici-types": "~6.19.2"
       }
     },
     "node_modules/@types/node-fetch": {
@@ -9122,6 +9145,12 @@
         "form-data": "^4.0.0"
       }
     },
+    "node_modules/@types/node/node_modules/undici-types": {
+      "version": "6.19.8",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.19.8.tgz",
+      "integrity": "sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw==",
+      "license": "MIT"
+    },
     "node_modules/@types/nodemailer": {
       "version": "6.4.14",
       "resolved": "https://registry.npmjs.org/@types/nodemailer/-/nodemailer-6.4.14.tgz",
@@ -9726,6 +9755,26 @@
         "node": ">= 8"
       }
     },
+    "node_modules/apache-arrow": {
+      "version": "18.0.0",
+      "resolved": "https://registry.npmjs.org/apache-arrow/-/apache-arrow-18.0.0.tgz",
+      "integrity": "sha512-gFlPaqN9osetbB83zC29AbbZqGiCuFH1vyyPseJ+B7SIbfBtESV62mMT/CkiIt77W6ykC/nTWFzTXFs0Uldg4g==",
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@swc/helpers": "^0.5.11",
+        "@types/command-line-args": "^5.2.3",
+        "@types/command-line-usage": "^5.0.4",
+        "@types/node": "^20.13.0",
+        "command-line-args": "^5.2.1",
+        "command-line-usage": "^7.0.1",
+        "flatbuffers": "^24.3.25",
+        "json-bignum": "^0.0.3",
+        "tslib": "^2.6.2"
+      },
+      "bin": {
+        "arrow2csv": "bin/arrow2csv.js"
+      }
+    },
     "node_modules/append-field": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/append-field/-/append-field-1.0.0.tgz",
@@ -9784,6 +9833,15 @@
       "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz",
       "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q=="
     },
+    "node_modules/array-back": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/array-back/-/array-back-3.1.0.tgz",
+      "integrity": "sha512-TkuxA4UCOvxuDK6NZYXCalszEzj+TLszyASooky+i742l9TqsOdYCMJJupxRic61hwquNtppB3hgcuq9SVSH1Q==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=6"
+      }
+    },
     "node_modules/array-buffer-byte-length": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/array-buffer-byte-length/-/array-buffer-byte-length-1.0.1.tgz",
@@ -10777,6 +10835,91 @@
         "node": ">=4"
       }
     },
+    "node_modules/chalk-template": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/chalk-template/-/chalk-template-0.4.0.tgz",
+      "integrity": "sha512-/ghrgmhfY8RaSdeo43hNXxpoHAtxdbskUHjPpfqUWGttFgycUhYPGx3YZBCnUCvOa7Doivn1IZec3DEGFoMgLg==",
+      "license": "MIT",
+      "dependencies": {
+        "chalk": "^4.1.2"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk-template?sponsor=1"
+      }
+    },
+    "node_modules/chalk-template/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+      "license": "MIT",
+      "dependencies": {
+        "color-convert": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/chalk-template/node_modules/chalk": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+      "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+      "license": "MIT",
+      "dependencies": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/chalk?sponsor=1"
+      }
+    },
+    "node_modules/chalk-template/node_modules/color-convert": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+      "license": "MIT",
+      "dependencies": {
+        "color-name": "~1.1.4"
+      },
+      "engines": {
+        "node": ">=7.0.0"
+      }
+    },
+    "node_modules/chalk-template/node_modules/color-name": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+      "license": "MIT"
+    },
+    "node_modules/chalk-template/node_modules/has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/chalk-template/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "license": "MIT",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/chardet": {
       "version": "0.7.0",
       "resolved": "https://registry.npmjs.org/chardet/-/chardet-0.7.0.tgz",
@@ -11196,6 +11339,54 @@
         "node": ">= 0.8"
       }
     },
+    "node_modules/command-line-args": {
+      "version": "5.2.1",
+      "resolved": "https://registry.npmjs.org/command-line-args/-/command-line-args-5.2.1.tgz",
+      "integrity": "sha512-H4UfQhZyakIjC74I9d34fGYDwk3XpSr17QhEd0Q3I9Xq1CETHo4Hcuo87WyWHpAF1aSLjLRf5lD9ZGX2qStUvg==",
+      "license": "MIT",
+      "dependencies": {
+        "array-back": "^3.1.0",
+        "find-replace": "^3.0.0",
+        "lodash.camelcase": "^4.3.0",
+        "typical": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=4.0.0"
+      }
+    },
+    "node_modules/command-line-usage": {
+      "version": "7.0.3",
+      "resolved": "https://registry.npmjs.org/command-line-usage/-/command-line-usage-7.0.3.tgz",
+      "integrity": "sha512-PqMLy5+YGwhMh1wS04mVG44oqDsgyLRSKJBdOo1bnYhMKBW65gZF1dRp2OZRhiTjgUHljy99qkO7bsctLaw35Q==",
+      "license": "MIT",
+      "dependencies": {
+        "array-back": "^6.2.2",
+        "chalk-template": "^0.4.0",
+        "table-layout": "^4.1.0",
+        "typical": "^7.1.1"
+      },
+      "engines": {
+        "node": ">=12.20.0"
+      }
+    },
+    "node_modules/command-line-usage/node_modules/array-back": {
+      "version": "6.2.2",
+      "resolved": "https://registry.npmjs.org/array-back/-/array-back-6.2.2.tgz",
+      "integrity": "sha512-gUAZ7HPyb4SJczXAMUXMGAvI976JoK3qEx9v1FTmeYuJj0IBiaKttG1ydtGKdkfqWkIkouke7nG8ufGy77+Cvw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=12.17"
+      }
+    },
+    "node_modules/command-line-usage/node_modules/typical": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/typical/-/typical-7.3.0.tgz",
+      "integrity": "sha512-ya4mg/30vm+DOWfBg4YK3j2WD6TWtRkCbasOJr40CseYENzCUby/7rIvXA99JGsQHeNxLbnXdyLLxKSv3tauFw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=12.17"
+      }
+    },
     "node_modules/commander": {
       "version": "12.1.0",
       "resolved": "https://registry.npmjs.org/commander/-/commander-12.1.0.tgz",
@@ -13937,6 +14128,18 @@
         "merge": "^2.1.1"
       }
     },
+    "node_modules/find-replace": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/find-replace/-/find-replace-3.0.0.tgz",
+      "integrity": "sha512-6Tb2myMioCAgv5kfvP5/PkZZ/ntTpVK39fHY7WkWBgvbeE+VHd/tZuZ4mrC+bxh4cfOZeYKVPaJIZtZXV7GNCQ==",
+      "license": "MIT",
+      "dependencies": {
+        "array-back": "^3.0.1"
+      },
+      "engines": {
+        "node": ">=4.0.0"
+      }
+    },
     "node_modules/find-root": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/find-root/-/find-root-1.1.0.tgz",
@@ -13994,6 +14197,12 @@
         "node": "^10.12.0 || >=12.0.0"
       }
     },
+    "node_modules/flatbuffers": {
+      "version": "24.3.25",
+      "resolved": "https://registry.npmjs.org/flatbuffers/-/flatbuffers-24.3.25.tgz",
+      "integrity": "sha512-3HDgPbgiwWMI9zVB7VYBHaMrbOO7Gm0v+yD2FV/sCKj+9NDeVL7BOBYUuhWAQGKWOzBo8S9WdMvV0eixO233XQ==",
+      "license": "Apache-2.0"
+    },
     "node_modules/flatted": {
       "version": "3.2.9",
       "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.2.9.tgz",
@@ -16444,6 +16653,14 @@
         "bignumber.js": "^9.0.0"
       }
     },
+    "node_modules/json-bignum": {
+      "version": "0.0.3",
+      "resolved": "https://registry.npmjs.org/json-bignum/-/json-bignum-0.0.3.tgz",
+      "integrity": "sha512-2WHyXj3OfHSgNyuzDbSxI1w2jgw5gkWSWhS7Qg4bWXx1nLk3jnbwfUeS0PSba3IzpTUWdHxBieELUzXRjQB2zg==",
+      "engines": {
+        "node": ">=0.8"
+      }
+    },
     "node_modules/json-buffer": {
       "version": "3.0.1",
       "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz",
@@ -16931,7 +17148,6 @@
       "version": "4.3.0",
       "resolved": "https://registry.npmjs.org/lodash.camelcase/-/lodash.camelcase-4.3.0.tgz",
       "integrity": "sha512-TwuEnCnxbc3rAvhf/LbG7tJUDzhqXyFnv3dtzLOPgCG/hODL7WFnsbwktkD7yUV0RrreP/l1PALq/YSg6VvjlA==",
-      "dev": true,
       "license": "MIT"
     },
     "node_modules/lodash.debounce": {
@@ -22310,6 +22526,28 @@
         "node": ">= 4"
       }
     },
+    "node_modules/table-layout": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/table-layout/-/table-layout-4.1.1.tgz",
+      "integrity": "sha512-iK5/YhZxq5GO5z8wb0bY1317uDF3Zjpha0QFFLA8/trAoiLbQD0HUbMesEaxyzUgDxi2QlcbM8IvqOlEjgoXBA==",
+      "license": "MIT",
+      "dependencies": {
+        "array-back": "^6.2.2",
+        "wordwrapjs": "^5.1.0"
+      },
+      "engines": {
+        "node": ">=12.17"
+      }
+    },
+    "node_modules/table-layout/node_modules/array-back": {
+      "version": "6.2.2",
+      "resolved": "https://registry.npmjs.org/array-back/-/array-back-6.2.2.tgz",
+      "integrity": "sha512-gUAZ7HPyb4SJczXAMUXMGAvI976JoK3qEx9v1FTmeYuJj0IBiaKttG1ydtGKdkfqWkIkouke7nG8ufGy77+Cvw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=12.17"
+      }
+    },
     "node_modules/tail": {
       "version": "2.2.6",
       "resolved": "https://registry.npmjs.org/tail/-/tail-2.2.6.tgz",
@@ -22822,6 +23060,15 @@
         "node": ">=14.17"
       }
     },
+    "node_modules/typical": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/typical/-/typical-4.0.0.tgz",
+      "integrity": "sha512-VAH4IvQ7BDFYglMd7BPRDfLgxZZX4O4TFcRDA6EN5X7erNJJq+McIEp8np9aVtxrCJ6qx4GTYVfOWNjcqwZgRw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/uglify-js": {
       "version": "3.17.4",
       "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.17.4.tgz",
@@ -23522,6 +23769,15 @@
       "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz",
       "integrity": "sha512-gvVzJFlPycKc5dZN4yPkP8w7Dc37BtP1yczEneOb4uq34pXZcvrtRTmWV8W+Ume+XCxKgbjM+nevkyFPMybd4Q=="
     },
+    "node_modules/wordwrapjs": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/wordwrapjs/-/wordwrapjs-5.1.0.tgz",
+      "integrity": "sha512-JNjcULU2e4KJwUNv6CHgI46UvDGitb6dGryHajXTDiLgg1/RiGoPSDw4kZfYnwGtEXf2ZMeIewDQgFGzkCB2Sg==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=12.17"
+      }
+    },
     "node_modules/workerpool": {
       "version": "6.2.1",
       "resolved": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.1.tgz",
diff --git a/package.json b/package.json
index 6d09166fbbd..14f24464c04 100644
--- a/package.json
+++ b/package.json
@@ -35,7 +35,7 @@
     "@babel/node": "7.26.0",
     "@babel/plugin-transform-typescript": "7.25.9",
     "@babel/preset-env": "7.26.0",
-    "@elastic/elasticsearch": "8.15.1",
+    "@elastic/elasticsearch": "8.16.1",
     "@escape.tech/graphql-armor": "3.1.1",
     "@hyperwatch/hyperwatch": "4.0.0",
     "@json2csv/plainjs": "^7.0.6",

From 2ada9630ac79bdafe12aba777085e80fa49a2895 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Tue, 19 Nov 2024 11:11:40 +0100
Subject: [PATCH 054/129] enhancement(Notifications): record success for other
 channels (#10473)

---
 server/lib/notifications/index.ts | 23 ++++++++++++-----------
 server/models/Notification.ts     |  7 +++++++
 2 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/server/lib/notifications/index.ts b/server/lib/notifications/index.ts
index b6cc72e6566..f6b3fe596a2 100644
--- a/server/lib/notifications/index.ts
+++ b/server/lib/notifications/index.ts
@@ -1,6 +1,5 @@
 import axios, { AxiosError } from 'axios';
 import config from 'config';
-import moment from 'moment';
 
 import { activities, channels } from '../../constants';
 import ActivityTypes from '../../constants/activities';
@@ -25,18 +24,15 @@ const shouldSkipActivity = (activity: Activity) => {
   return false;
 };
 
-const publishToWebhook = async (notification: Notification, activity: Activity) => {
+const publishToWebhook = async (notification: Notification, activity: Activity): Promise<boolean> => {
   if (slackLib.isSlackWebhookUrl(notification.webhookUrl)) {
-    return slackLib.postActivityOnPublicChannel(activity, notification.webhookUrl);
+    await slackLib.postActivityOnPublicChannel(activity, notification.webhookUrl);
+    return true;
   } else {
     const sanitizedActivity = sanitizeActivity(activity);
     const enrichedActivity = enrichActivity(sanitizedActivity);
     const response = await axios.post(notification.webhookUrl, enrichedActivity, { maxRedirects: 0, timeout: 30000 });
-    const isSuccess = response.status >= 200 && response.status < 300;
-    if (isSuccess && (!notification.lastSuccessAt || !moment(notification.lastSuccessAt).isSame(moment(), 'day'))) {
-      await notification.update({ lastSuccessAt: new Date() });
-    }
-    return response;
+    return response.status >= 200 && response.status < 300;
   }
 };
 
@@ -87,11 +83,16 @@ const dispatch = async (
 
         try {
           if (notifConfig.channel === channels.SLACK) {
-            return await slackLib.postActivityOnPublicChannel(activity, notifConfig.webhookUrl);
+            await slackLib.postActivityOnPublicChannel(activity, notifConfig.webhookUrl);
+            notifConfig.recordSuccess(); // No need to await
           } else if (notifConfig.channel === channels.TWITTER) {
-            return await twitter.tweetActivity(activity);
+            await twitter.tweetActivity(activity);
+            notifConfig.recordSuccess(); // No need to await
           } else if (notifConfig.channel === channels.WEBHOOK) {
-            return await publishToWebhook(notifConfig, activity);
+            const success = await publishToWebhook(notifConfig, activity);
+            if (success) {
+              notifConfig.recordSuccess(); // No need to await
+            }
           }
         } catch (e) {
           const stringifiedError =
diff --git a/server/models/Notification.ts b/server/models/Notification.ts
index ccb88b2d198..3fc8ac6bba4 100644
--- a/server/models/Notification.ts
+++ b/server/models/Notification.ts
@@ -1,5 +1,6 @@
 import debugLib from 'debug';
 import { compact, defaults, isNil, keys, pick, pickBy, reject, uniq } from 'lodash';
+import moment from 'moment';
 import prependHttp from 'prepend-http';
 import { CreationOptional, InferAttributes, InferCreationAttributes } from 'sequelize';
 import isIP from 'validator/lib/isIP';
@@ -39,6 +40,12 @@ class Notification extends Model<InferAttributes<Notification>, InferCreationAtt
     return User.findByPk(this.UserId);
   }
 
+  async recordSuccess() {
+    if (!this.lastSuccessAt || !moment(this.lastSuccessAt).isSame(moment(), 'day')) {
+      await this.update({ lastSuccessAt: new Date() });
+    }
+  }
+
   static async createMany(
     notifications: InferCreationAttributes<Notification>[],
     defaultValues?: InferCreationAttributes<Notification>,

From a8bfc9d71b61e7c73f544bb498a5c32a3d455e54 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Tue, 19 Nov 2024 11:17:30 +0100
Subject: [PATCH 055/129] fix: Always set processedAt on paid orders (#10470)

---
 checks/model/orders.js                     | 28 +++++++++++++++++++++-
 cron/daily/51-synchronize-paypal-ledger.ts |  2 +-
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/checks/model/orders.js b/checks/model/orders.js
index cfdb0f159b4..3543c9fb634 100644
--- a/checks/model/orders.js
+++ b/checks/model/orders.js
@@ -29,8 +29,34 @@ async function checkDuplicateNonRecurringContribution() {
   }
 }
 
-export async function checkOrders() {
+async function checkPaidOrdersWithNullProcessedAt({ fix = false } = {}) {
+  const message = 'Paid Order with null processedAt';
+
+  const results = await sequelize.query(`
+    SELECT id, "updatedAt"
+    FROM "Orders"
+    WHERE status = 'PAID'
+    AND "processedAt" IS NULL
+    ORDER BY "createdAt" DESC
+  `);
+
+  if (results.length > 0) {
+    if (!fix) {
+      throw new Error(message);
+    } else {
+      await sequelize.query(`
+        UPDATE "Orders"
+        SET "processedAt" = "updatedAt"
+        WHERE status = 'PAID'
+        AND "processedAt" IS NULL
+      `);
+    }
+  }
+}
+
+export async function checkOrders({ fix = false } = {}) {
   await checkDuplicateNonRecurringContribution();
+  await checkPaidOrdersWithNullProcessedAt({ fix });
 }
 
 if (!module.parent) {
diff --git a/cron/daily/51-synchronize-paypal-ledger.ts b/cron/daily/51-synchronize-paypal-ledger.ts
index 5b00f03976f..7c40bb8e843 100644
--- a/cron/daily/51-synchronize-paypal-ledger.ts
+++ b/cron/daily/51-synchronize-paypal-ledger.ts
@@ -233,7 +233,7 @@ const handleCheckoutTransaction = async (
     });
 
     if (order.status !== OrderStatuses.PAID) {
-      await order.update({ status: OrderStatuses.PAID });
+      await order.update({ status: OrderStatuses.PAID, processedAt: captureDate });
 
       // If the capture is less than 48 hours old, send the thank you email
       if (moment().diff(captureDate, 'hours') < 48) {

From 5e132339ab84c1dae9dea8de7afff845db6576f1 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Tue, 19 Nov 2024 11:18:54 +0100
Subject: [PATCH 056/129] feat: Add check for missing members (#10466)

---
 checks/model/members.js | 54 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 53 insertions(+), 1 deletion(-)

diff --git a/checks/model/members.js b/checks/model/members.js
index ddff7912740..51e87b8a151 100644
--- a/checks/model/members.js
+++ b/checks/model/members.js
@@ -3,7 +3,7 @@ import '../../server/env';
 import { flatten, uniq } from 'lodash';
 
 import logger from '../../server/lib/logger';
-import { MigrationLog, sequelize } from '../../server/models';
+import { Member, MigrationLog, sequelize } from '../../server/models';
 import { MigrationLogType } from '../../server/models/MigrationLog';
 
 import { runCheckThenExit } from './_utils';
@@ -107,10 +107,62 @@ async function checkDuplicateMembers({ fix = false } = {}) {
   }
 }
 
+async function checkMissingMembers({ fix = false }) {
+  const message = 'No missing members';
+
+  const results = await sequelize.query(
+    `
+    SELECT o.id, o."FromCollectiveId", o."CollectiveId", o."CreatedByUserId", o."TierId", o."createdAt", t."type" AS "tierType"
+    FROM "Orders" o
+    LEFT JOIN "Members" m
+      ON o."FromCollectiveId" = m."MemberCollectiveId"
+      AND m."CollectiveId" = o."CollectiveId"
+      AND m."deletedAt" IS NULL
+      AND (
+        (m."TierId" IS NULL AND o."TierId" IS NULL)
+        OR (m."TierId" = o."TierId")
+      )
+    LEFT JOIN "Tiers" t
+      ON t."id" = o."TierId"
+    WHERE o.status in ('PAID', 'ACTIVE')
+    AND o."deletedAt" IS NULL
+    AND m.id IS NULL
+    `,
+    { type: sequelize.QueryTypes.SELECT, raw: true },
+  );
+
+  if (results.length > 0) {
+    if (!fix) {
+      throw new Error(message);
+    } else {
+      logger.warn(`Fixing: ${message}`);
+      for (const result of results) {
+        await Member.create({
+          MemberCollectiveId: result.FromCollectiveId,
+          CollectiveId: result.CollectiveId,
+          CreatedByUserId: result.CreatedByUserId,
+          TierId: result.TierId,
+          since: result.createdAt,
+          role: result.tierType === 'TICKET' ? 'ATTENDEE' : 'BACKER',
+        });
+      }
+
+      // Members don't have a `data` column that we could use to log that they've been created from this script, so we
+      // create a new migration log instead.
+      await MigrationLog.create({
+        type: MigrationLogType.MODEL_FIX,
+        description: `Missing members check: Added ${results.length} missing members`,
+        data: { results },
+      });
+    }
+  }
+}
+
 export async function checkMembers({ fix = false } = {}) {
   await checkDeletedMembers({ fix });
   await checkMemberTypes();
   await checkDuplicateMembers({ fix });
+  await checkMissingMembers({ fix });
 }
 
 if (!module.parent) {

From a3393a17df3ecc1e4eb72fcbb1bbeeac39bc44e9 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Tue, 19 Nov 2024 11:19:46 +0100
Subject: [PATCH 057/129] chore(PayPal): misc enhancements (#10463)

---
 scripts/paypal/subscriptions.ts               | 54 ++++++++++++++++
 .../paymentProviders/paypal/subscription.ts   | 17 +++--
 server/paymentProviders/paypal/webhook.ts     |  3 +-
 server/types/paypal.ts                        | 63 +++++++++++++++++++
 4 files changed, 130 insertions(+), 7 deletions(-)
 create mode 100644 scripts/paypal/subscriptions.ts

diff --git a/scripts/paypal/subscriptions.ts b/scripts/paypal/subscriptions.ts
new file mode 100644
index 00000000000..ab94bbdc35f
--- /dev/null
+++ b/scripts/paypal/subscriptions.ts
@@ -0,0 +1,54 @@
+/**
+ * This script can be used whenever PayPal webhooks event types change to update
+ * Host's connected accounts.
+ */
+
+import '../../server/env';
+
+import { Command } from 'commander';
+import { cloneDeep } from 'lodash';
+
+import models from '../../server/models';
+import {
+  fetchPaypalSubscription,
+  fetchPaypalTransactionsForSubscription,
+} from '../../server/paymentProviders/paypal/subscription';
+
+const main = async (): Promise<void> => {
+  const program = new Command();
+  program.showSuggestionAfterError();
+
+  // General options
+  program
+    .command('check <hostSlug> <subscriptionId>')
+    .description('Check the status of a PayPal subscription')
+    .action(checkSubscription);
+
+  await program.parseAsync();
+};
+
+const checkSubscription = async (hostSlug: string, subscriptionId: string): Promise<void> => {
+  const host = await models.Collective.findBySlug(hostSlug);
+  if (!host) {
+    throw new Error(`Host not found: ${hostSlug}`);
+  }
+
+  const subscription = await fetchPaypalSubscription(host, subscriptionId);
+  console.log('Subscription:');
+  console.log(subscription);
+  console.log('-------');
+
+  const result = await fetchPaypalTransactionsForSubscription(host, subscriptionId);
+  const prettyTransactions: Record<string, unknown>[] = cloneDeep(result.transactions);
+  prettyTransactions.forEach(t => (t['amount_with_breakdown'] = JSON.stringify(t.amount_with_breakdown)));
+  console.log('Transactions:');
+  console.table(prettyTransactions);
+  console.log('-------');
+};
+
+main()
+  .then(() => process.exit(0))
+  .catch(e => {
+    console.error(e);
+    process.exit(1);
+  });
diff --git a/server/paymentProviders/paypal/subscription.ts b/server/paymentProviders/paypal/subscription.ts
index e3d5dc8e3ed..384534075e0 100644
--- a/server/paymentProviders/paypal/subscription.ts
+++ b/server/paymentProviders/paypal/subscription.ts
@@ -18,7 +18,7 @@ import PaypalPlan from '../../models/PaypalPlan';
 import Tier from '../../models/Tier';
 import Transaction from '../../models/Transaction';
 import User from '../../models/User';
-import { SubscriptionTransactions } from '../../types/paypal';
+import { PayPalSubscription, SubscriptionTransactions } from '../../types/paypal';
 import type { PaymentMethodServiceWithExternalRecurringManagement } from '../types';
 
 import { paypalRequest } from './api';
@@ -318,8 +318,13 @@ const createSubscription = async (order: Order, paypalSubscriptionId) => {
   });
 };
 
-export const fetchPaypalSubscription = async (hostCollective, subscriptionId) => {
-  return paypalRequest(`billing/subscriptions/${subscriptionId}`, null, hostCollective, 'GET');
+export const fetchPaypalSubscription = async (hostCollective, subscriptionId): Promise<PayPalSubscription> => {
+  return paypalRequest(
+    `billing/subscriptions/${subscriptionId}`,
+    null,
+    hostCollective,
+    'GET',
+  ) as Promise<PayPalSubscription>;
 };
 
 export const fetchPaypalTransactionsForSubscription = async (
@@ -337,7 +342,7 @@ export const fetchPaypalTransactionsForSubscription = async (
  * Ensures that subscription can be used for this contribution. This is to prevent malicious users
  * from manually creating a subscription that would not match the minimum imposed by a tier.
  */
-const verifySubscription = async (order: Order, paypalSubscription) => {
+const verifySubscription = async (order: Order, paypalSubscription: PayPalSubscription) => {
   if (paypalSubscription.status !== 'APPROVED') {
     throw new Error('Subscription must be approved to be activated');
   }
@@ -375,7 +380,7 @@ export const isPaypalSubscriptionPaymentMethod = (paymentMethod: PaymentMethod):
   );
 };
 
-const PayPalSubscription: PaymentMethodServiceWithExternalRecurringManagement = {
+const PaymentMethodServicePayPalSubscription: PaymentMethodServiceWithExternalRecurringManagement = {
   features: {
     recurring: true,
     isRecurringManagedExternally: true,
@@ -459,4 +464,4 @@ const PayPalSubscription: PaymentMethodServiceWithExternalRecurringManagement =
   },
 };
 
-export default PayPalSubscription;
+export default PaymentMethodServicePayPalSubscription;
diff --git a/server/paymentProviders/paypal/webhook.ts b/server/paymentProviders/paypal/webhook.ts
index 2b981e27ae9..4e0766d9fa7 100644
--- a/server/paymentProviders/paypal/webhook.ts
+++ b/server/paymentProviders/paypal/webhook.ts
@@ -331,6 +331,7 @@ async function handleSubscriptionCancelled(req: Request): Promise<void> {
       isActive: false,
       deactivatedAt: new Date(),
       nextChargeDate: null,
+      data: { ...order.Subscription.data, deactivatedFromPayPalWebhook: true },
     });
   }
 }
@@ -359,7 +360,7 @@ async function handleSubscriptionSuspended(req: Request): Promise<void> {
 
   const { order } = result;
   if (order.status !== OrderStatus.PAUSED) {
-    await pauseOrderInDb(order, subscription.status_change_note, 'PLATFORM');
+    await pauseOrderInDb(order, subscription.status_change_note, 'USER');
   }
 }
 
diff --git a/server/types/paypal.ts b/server/types/paypal.ts
index a0115f3e953..5e1f1173666 100644
--- a/server/types/paypal.ts
+++ b/server/types/paypal.ts
@@ -424,3 +424,66 @@ export type SubscriptionTransactions = {
     method: string;
   }>;
 };
+
+export type PayPalSubscription = {
+  id: string;
+  plan_id: string;
+  start_time: string;
+  quantity: string;
+  shipping_amount: {
+    currency_code: string;
+    value: string;
+  };
+  subscriber: {
+    shipping_address: {
+      name: {
+        full_name: string;
+      };
+      address: {
+        address_line_1: string;
+        address_line_2: string;
+        admin_area_2: string;
+        admin_area_1: string;
+        postal_code: string;
+        country_code: string;
+      };
+    };
+    name: {
+      given_name: string;
+      surname: string;
+    };
+    email_address: string;
+    payer_id: string;
+  };
+  billing_info: {
+    outstanding_balance: {
+      currency_code: string;
+      value: string;
+    };
+    cycle_executions: {
+      tenure_type: string;
+      sequence: number;
+      cycles_completed: number;
+      cycles_remaining: number;
+      total_cycles: number;
+    }[];
+    last_payment: {
+      amount: {
+        currency_code: string;
+        value: string;
+      };
+      time: string;
+    };
+    next_billing_time: string;
+    failed_payments_count: number;
+  };
+  create_time: string;
+  update_time: string;
+  links: {
+    href: string;
+    rel: string;
+    method: string;
+  }[];
+  status: 'APPROVAL_PENDING' | 'APPROVED' | 'ACTIVE' | 'SUSPENDED' | 'CANCELLED' | 'EXPIRED';
+  status_update_time: string;
+};

From 6c48e1921e7e0499d3793c43a332eff7b7d24960 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Tue, 19 Nov 2024 11:20:00 +0100
Subject: [PATCH 058/129] deps: Automatically assign (#10425)

---
 renovate.json | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/renovate.json b/renovate.json
index 0d8bb72e84c..911c50b0316 100644
--- a/renovate.json
+++ b/renovate.json
@@ -1,4 +1,26 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": ["local>opencollective/renovate-config"]
+  "extends": ["local>opencollective/renovate-config"],
+  "assignees": ["betree", "gustavlrsn", "hdiniz", "kewitz"],
+  "assigneesSampleSize": 1,
+  "packageRules": [
+    {
+      "assignees": ["betree"],
+      "matchPackageNames": [
+        "@elastic/elasticsearch",
+        "@escape.tech/graphql-armor",
+        "@node-oauth/oauth2-server",
+        "@opencollective/taxes",
+        "@sentry/**"
+      ]
+    },
+    {
+      "assignees": ["hdiniz"],
+      "matchPackageNames": ["@peculiar/**", "@simplewebauthn/**", "@opentelemetry/**"]
+    },
+    {
+      "assignees": ["kewitz"],
+      "matchPackageNames": ["@paypal/payouts-sdk"]
+    }
+  ]
 }

From bc24dec2cc7d7ea9814611df98c0761554525bf4 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Tue, 19 Nov 2024 12:48:41 +0100
Subject: [PATCH 059/129] enhancement(Transactions): return merchant ID for
 tips (#10465)

---
 server/graphql/loaders/index.js            |  1 +
 server/graphql/loaders/transactions.ts     | 29 ++++++++++++++++++++++
 server/graphql/v2/interface/Transaction.js | 25 +++++++++++++++----
 3 files changed, 50 insertions(+), 5 deletions(-)

diff --git a/server/graphql/loaders/index.js b/server/graphql/loaders/index.js
index d4066953dd5..7e516396d8c 100644
--- a/server/graphql/loaders/index.js
+++ b/server/graphql/loaders/index.js
@@ -907,6 +907,7 @@ export const loaders = req => {
     paymentProcessorFeeAmountForTransaction: transactionLoaders.generatePaymentProcessorFeeAmountForTransactionLoader(),
     taxAmountForTransaction: transactionLoaders.generateTaxAmountForTransactionLoader(),
     relatedTransactions: transactionLoaders.generateRelatedTransactionsLoader(),
+    relatedContributionTransaction: transactionLoaders.generateRelatedContributionTransactionLoader(),
     balanceById: new DataLoader(async transactionIds => {
       const transactionBalances = await sequelize.query(
         ` SELECT      id, balance
diff --git a/server/graphql/loaders/transactions.ts b/server/graphql/loaders/transactions.ts
index a364bc80608..f61bdb49a94 100644
--- a/server/graphql/loaders/transactions.ts
+++ b/server/graphql/loaders/transactions.ts
@@ -150,3 +150,32 @@ export const generateRelatedTransactionsLoader = (): DataLoader<Transaction, Tra
       cacheKeyFn: transaction => transaction.id,
     },
   );
+
+export const generateRelatedContributionTransactionLoader = (): DataLoader<Transaction, Transaction> => {
+  return new DataLoader(
+    async (transactions: Transaction[]) => {
+      const relatedTransactions = await models.Transaction.findAll({
+        where: {
+          [Op.or]: transactions.map(transaction => ({
+            TransactionGroup: transaction.TransactionGroup,
+            kind: TransactionKind.CONTRIBUTION,
+            type: transaction.type,
+          })),
+        },
+      });
+      const groupedTransactions = groupBy(relatedTransactions, 'TransactionGroup');
+      return transactions.map(transaction => {
+        if (groupedTransactions[transaction.TransactionGroup]) {
+          return groupedTransactions[transaction.TransactionGroup].find(
+            t => t.id !== transaction.id && t.type === transaction.type,
+          );
+        } else {
+          return null;
+        }
+      });
+    },
+    {
+      cacheKeyFn: transaction => transaction.id,
+    },
+  );
+};
diff --git a/server/graphql/v2/interface/Transaction.js b/server/graphql/v2/interface/Transaction.js
index 60167bad975..6c5e29a4f98 100644
--- a/server/graphql/v2/interface/Transaction.js
+++ b/server/graphql/v2/interface/Transaction.js
@@ -13,6 +13,7 @@ import { get, isNil, round } from 'lodash';
 
 import orderStatus from '../../../constants/order-status';
 import { PAYMENT_METHOD_SERVICE } from '../../../constants/paymentMethods';
+import PlatformConstants from '../../../constants/platform';
 import roles from '../../../constants/roles';
 import { TransactionKind } from '../../../constants/transaction-kind';
 import { getDashboardObjectIdURL } from '../../../lib/stripe';
@@ -33,7 +34,7 @@ import { GraphQLTaxInfo } from '../object/TaxInfo';
 
 import { GraphQLAccount } from './Account';
 
-const { EXPENSE } = TransactionKind;
+const { EXPENSE, PLATFORM_TIP } = TransactionKind;
 
 /**
  * @typedef {import("../../../models/PaymentMethod")} PaymentMethod
@@ -731,19 +732,33 @@ export const TransactionFields = () => {
       type: GraphQLString,
       description: 'Merchant ID related to the Transaction (Stripe, PayPal, Wise, Privacy)',
       async resolve(transaction, _, req) {
-        if (!req.remoteUser || !req.remoteUser.hasRole([roles.ACCOUNTANT, roles.ADMIN], transaction.HostCollectiveId)) {
+        const allowedRoles = [roles.ACCOUNTANT, roles.ADMIN];
+        if (!req.remoteUser || !req.remoteUser.hasRole(allowedRoles, transaction.HostCollectiveId)) {
           return;
         }
 
+        const merchantIdFromTransaction = transaction.merchantId;
+        if (merchantIdFromTransaction) {
+          return merchantIdFromTransaction;
+        }
+
         // NOTE: We don't have transaction?.data?.transaction stored for transactions < 2022-09-27, but we have it available in expense.data
         if (transaction.kind === EXPENSE) {
           let expense = transaction.expense;
           if (!expense && transaction.ExpenseId) {
             expense = await req.loaders.Expense.byId.load(transaction.ExpenseId);
           }
-          return transaction.merchantId || expense?.data?.transactionId;
-        } else {
-          return transaction.merchantId;
+          return expense?.data?.transactionId;
+        } else if (
+          transaction.kind === PLATFORM_TIP &&
+          req.remoteUser.hasRole(allowedRoles, PlatformConstants.PlatformCollectiveId)
+        ) {
+          // For Stripe platform tips collected directly, we have to get the merchant ID from the related contribution transaction
+          const contributionTransaction =
+            await req.loaders.Transaction.relatedContributionTransaction.load(transaction);
+          if (contributionTransaction && contributionTransaction.data?.isPlatformRevenueDirectlyCollected) {
+            return contributionTransaction.merchantId;
+          }
         }
       },
     },

From 36e252be878ae0337fa9c2b784b2e83ef0c16709 Mon Sep 17 00:00:00 2001
From: Leo Kewitz <leo@opencollective.com>
Date: Tue, 19 Nov 2024 10:02:41 -0300
Subject: [PATCH 060/129] Check balance before issuing a refund (#10468)

* fix: check balance before issuing a refund

* refact: add ignoreBalanceCheck to refundTransaction mutation

* refact: make sure only fiscal-host admins can ignore balance check
---
 server/graphql/common/transactions.ts         | 23 +++++++--
 .../v2/mutation/TransactionMutations.ts       | 10 ++--
 .../v2/mutation/TransactionMutations.test.ts  | 47 +++++++++++++++++--
 3 files changed, 69 insertions(+), 11 deletions(-)

diff --git a/server/graphql/common/transactions.ts b/server/graphql/common/transactions.ts
index 93aa3dfcfe6..b568b2fb41e 100644
--- a/server/graphql/common/transactions.ts
+++ b/server/graphql/common/transactions.ts
@@ -1,3 +1,5 @@
+import assert from 'assert';
+
 import express from 'express';
 import { isNull } from 'lodash';
 import moment from 'moment';
@@ -191,7 +193,7 @@ export const canReject = canRefund;
 export async function refundTransaction(
   passedTransaction: Transaction,
   req: express.Request,
-  args: { message?: string } = {},
+  args: { message?: string; ignoreBalanceCheck?: boolean } = {},
 ) {
   // 0. Retrieve transaction from database
   const transaction = await models.Transaction.findByPk(passedTransaction.id, {
@@ -219,12 +221,13 @@ export async function refundTransaction(
     throw new Forbidden('Cannot refund this transaction');
   }
 
-  // Check 2FA
+  const creditTransaction = transaction.type === 'CREDIT' ? transaction : await transaction.getOppositeTransaction();
   const collective = transaction.type === 'CREDIT' ? transaction.collective : transaction.fromCollective;
+
+  // Check 2FA
   if (collective && req.remoteUser.isAdminOfCollective(collective)) {
     await twoFactorAuthLib.enforceForAccount(req, collective);
   } else {
-    const creditTransaction = transaction.type === 'CREDIT' ? transaction : await transaction.getOppositeTransaction();
     if (req.remoteUser.isAdmin(creditTransaction?.HostCollectiveId)) {
       await twoFactorAuthLib.enforceForAccount(
         req,
@@ -233,6 +236,20 @@ export async function refundTransaction(
     }
   }
 
+  if (args?.ignoreBalanceCheck) {
+    assert(
+      req.remoteUser.isAdmin(creditTransaction?.HostCollectiveId),
+      'Only Fiscal-Host admins can ignore balance check',
+    );
+  }
+  // Check if the hosted collective has enough funds to refund the transaction
+  else {
+    const balanceInHostCurrency = await collective.getBalance({ currency: creditTransaction.hostCurrency });
+    if (balanceInHostCurrency < creditTransaction.amountInHostCurrency) {
+      throw new Forbidden('Not enough funds to refund this transaction');
+    }
+  }
+
   // 2. Refund via payment method
   // 3. Create new transactions with the refund value in our database
   const result = await refundTransactionPayment(transaction, req.remoteUser, args.message);
diff --git a/server/graphql/v2/mutation/TransactionMutations.ts b/server/graphql/v2/mutation/TransactionMutations.ts
index 2df47c52b5c..697ca4db164 100644
--- a/server/graphql/v2/mutation/TransactionMutations.ts
+++ b/server/graphql/v2/mutation/TransactionMutations.ts
@@ -1,5 +1,5 @@
 import express from 'express';
-import { GraphQLNonNull, GraphQLString } from 'graphql';
+import { GraphQLBoolean, GraphQLNonNull, GraphQLString } from 'graphql';
 
 import { activities } from '../../../constants';
 import orderStatus from '../../../constants/order-status';
@@ -22,11 +22,15 @@ const transactionMutations = {
         type: new GraphQLNonNull(GraphQLTransactionReferenceInput),
         description: 'Reference of the transaction to refund',
       },
+      ignoreBalanceCheck: {
+        type: GraphQLBoolean,
+        description: 'If true, the refund will be processed even if it exceeds the balance of the Collective',
+      },
     },
-    async resolve(_: void, args, req: express.Request): Promise<typeof GraphQLTransaction> {
+    async resolve(_: void, args, req: express.Request): Promise<Transaction> {
       checkRemoteUserCanUseTransactions(req);
       const transaction = await fetchTransactionWithReference(args.transaction, { throwIfMissing: true });
-      return refundTransaction(transaction, req);
+      return refundTransaction(transaction, req, { ignoreBalanceCheck: args.ignoreBalanceCheck });
     },
   },
   rejectTransaction: {
diff --git a/test/server/graphql/v2/mutation/TransactionMutations.test.ts b/test/server/graphql/v2/mutation/TransactionMutations.test.ts
index 15eb092f296..52e50967d27 100644
--- a/test/server/graphql/v2/mutation/TransactionMutations.test.ts
+++ b/test/server/graphql/v2/mutation/TransactionMutations.test.ts
@@ -1,11 +1,13 @@
 import { expect } from 'chai';
 import gql from 'fake-tag';
+import { pick } from 'lodash';
 import nock from 'nock';
 import { createSandbox } from 'sinon';
 import Stripe from 'stripe';
 
 import { SupportedCurrency } from '../../../../../server/constants/currencies';
 import MemberRoles from '../../../../../server/constants/roles';
+import { TransactionKind } from '../../../../../server/constants/transaction-kind';
 import { TransactionTypes } from '../../../../../server/constants/transactions';
 import * as TransactionMutationHelpers from '../../../../../server/graphql/common/transactions';
 import emailLib from '../../../../../server/lib/email';
@@ -13,15 +15,15 @@ import { calcFee, executeOrder } from '../../../../../server/lib/payments';
 import stripe, { convertFromStripeAmount, convertToStripeAmount, extractFees } from '../../../../../server/lib/stripe';
 import models from '../../../../../server/models';
 import stripeMocks from '../../../../mocks/stripe';
-import { fakeCollective, fakeOrder, fakeUser, randStr } from '../../../../test-helpers/fake-data';
+import { fakeCollective, fakeOrder, fakeTransaction, fakeUser, randStr } from '../../../../test-helpers/fake-data';
 import { graphqlQueryV2 } from '../../../../utils';
 import * as utils from '../../../../utils';
 
 const STRIPE_TOKEN = 'tok_123456781234567812345678';
 
 const refundTransactionMutation = gql`
-  mutation RefundTransaction($transaction: TransactionReferenceInput!) {
-    refundTransaction(transaction: $transaction) {
+  mutation RefundTransaction($transaction: TransactionReferenceInput!, $ignoreBalanceCheck: Boolean) {
+    refundTransaction(transaction: $transaction, ignoreBalanceCheck: $ignoreBalanceCheck) {
       id
       legacyId
     }
@@ -91,10 +93,12 @@ describe('server/graphql/v2/mutation/TransactionMutations', () => {
     await hostAdminUser.populateRoles();
     order1 = await fakeOrder({
       CollectiveId: collective.id,
+      totalAmount: stripeMocks.balance.amount,
     });
     order1 = await order1.setPaymentMethod({ token: STRIPE_TOKEN });
     order2 = await fakeOrder({
       CollectiveId: collective.id,
+      totalAmount: stripeMocks.balance.amount,
     });
     order2 = await order2.setPaymentMethod({ token: STRIPE_TOKEN });
     await models.ConnectedAccount.create({
@@ -173,6 +177,28 @@ describe('server/graphql/v2/mutation/TransactionMutations', () => {
       expect(refund1.CreatedByUserId).to.equal(hostAdminUser.id);
       expect(refund2.CreatedByUserId).to.equal(hostAdminUser.id);
     });
+
+    it('error if the collective does not have enough funds', async () => {
+      const result = await graphqlQueryV2(
+        refundTransactionMutation,
+        { transaction: { legacyId: transaction2.id } },
+        hostAdminUser,
+      );
+      const [{ message }] = result.errors;
+      expect(message).to.equal('Not enough funds to refund this transaction');
+    });
+
+    it('allows use to bypass the balance check', async () => {
+      const result = await graphqlQueryV2(
+        refundTransactionMutation,
+        { transaction: { legacyId: transaction2.id }, ignoreBalanceCheck: true },
+        hostAdminUser,
+      );
+      expect(result.errors).to.not.exist;
+
+      const balance = await collective.getBalance();
+      expect(balance).to.not.be.above(0);
+    });
   });
 
   describe('rejectTransaction', () => {
@@ -210,6 +236,11 @@ describe('server/graphql/v2/mutation/TransactionMutations', () => {
     });
 
     it('rejects the transaction', async () => {
+      // Add funds to the collective
+      await fakeTransaction({
+        ...pick(transaction1, ['CollectiveId', 'HostCollectiveId', 'amount', 'amountInHostCurrency', 'currency']),
+        kind: TransactionKind.ADDED_FUNDS,
+      });
       const message = 'We do not want your contribution';
       const result = await graphqlQueryV2(
         rejectTransactionMutation,
@@ -359,6 +390,12 @@ describe('refundTransaction legacy tests', () => {
       data: { charge, balanceTransaction },
     };
     const transaction = await models.Transaction.createFromContributionPayload(transactionPayload);
+    await fakeTransaction({
+      ...pick(transaction, ['CollectiveId', 'HostCollectiveId']),
+      amount: 100000,
+      amountInHostCurrency: 100000,
+      kind: TransactionKind.ADDED_FUNDS,
+    });
     return { user, host, collective, tier, paymentMethod, order, transaction };
   }
 
@@ -407,7 +444,7 @@ describe('refundTransaction legacy tests', () => {
       const { user, collective, host, transaction } = await setupTestObjects();
 
       // Balance pre-refund
-      expect(await collective.getBalance()).to.eq(400000);
+      expect(await collective.getBalance()).to.eq(500000);
 
       // When the above transaction is refunded
       const result = await graphqlQueryV2(
@@ -432,7 +469,7 @@ describe('refundTransaction legacy tests', () => {
       await snapshotTransactionsForRefund(allTransactions);
 
       // Collective balance should go back to 0
-      expect(await collective.getBalance()).to.eq(0);
+      expect(await collective.getBalance()).to.eq(100000);
 
       // And two new transactions should be created in the
       // database. This only makes sense in an empty database. For

From 7f3ba4d37376bce0a81033ec1786fd1bdafc22d8 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Tue, 19 Nov 2024 14:27:52 +0100
Subject: [PATCH 061/129] debt(Express): remove unused params (#10472)

---
 server/middleware/params.js | 143 ------------------------------------
 server/routes.js            |  11 ---
 2 files changed, 154 deletions(-)
 delete mode 100644 server/middleware/params.js

diff --git a/server/middleware/params.js b/server/middleware/params.js
deleted file mode 100644
index 3e07a9c85d5..00000000000
--- a/server/middleware/params.js
+++ /dev/null
@@ -1,143 +0,0 @@
-import { isNaN } from 'lodash';
-
-import errors from '../lib/errors';
-import { isUUID } from '../lib/utils';
-import models from '../models';
-
-const { User, Collective, Transaction, Expense } = models;
-
-/**
- * Parse id or uuid and returns the where condition to get the element
- * @POST: { uuid: String } or { id: Int }
- */
-const parseIdOrUUID = param => {
-  if (isUUID(param)) {
-    return Promise.resolve({ uuid: param });
-  }
-
-  const id = parseInt(param);
-
-  if (isNaN(id)) {
-    return Promise.reject(new errors.BadRequest('This is not a correct id.'));
-  } else {
-    return Promise.resolve({ id });
-  }
-};
-
-/**
- * Get a record by id or by name
- */
-async function getByKeyValue(model, key, value) {
-  const result = await model.findOne({ where: { [key]: value.toLowerCase() } });
-  if (!result) {
-    throw new errors.NotFound(`${model.getTableName()} '${value}' not found`);
-  }
-  return result;
-}
-
-export function uuid(req, res, next, uuid) {
-  if (uuid.match(/^[A-F\d]{8}-[A-F\d]{4}-4[A-F\d]{3}-[89AB][A-F\d]{3}-[A-F\d]{12}$/i)) {
-    req.params.uuid = uuid;
-  } else {
-    const id = parseInt(uuid);
-    if (!isNaN(id)) {
-      req.params.id = id;
-    }
-  }
-  next();
-}
-
-/**
- * userid
- */
-export function userid(req, res, next, userIdOrName) {
-  getByKeyValue(User, 'id', userIdOrName)
-    .then(user => (req.user = user))
-    .asCallback(next);
-}
-
-/**
- * collectiveid
- */
-export function collectiveid(req, res, next, collectiveIdOrSlug) {
-  getByKeyValue(Collective, isNaN(collectiveIdOrSlug) ? 'slug' : 'id', collectiveIdOrSlug)
-    .then(collective => (req.collective = collective))
-    .asCallback(next);
-}
-
-/**
- * transactionuuid
- */
-export function transactionuuid(req, res, next, transactionuuid) {
-  if (!isUUID(transactionuuid)) {
-    next(new errors.BadRequest('Must provide transaction uuid'));
-    return null;
-  }
-
-  Transaction.findOne({ where: { uuid: transactionuuid } })
-    .then(transaction => {
-      if (!transaction) {
-        next(new errors.NotFound(`Transaction '${transactionuuid}' not found`));
-        return null;
-      } else {
-        req.transaction = transaction;
-        next();
-        return null;
-      }
-    })
-    .catch(next);
-}
-
-/**
- * Transactionid for a paranoid (deleted) ressource
- */
-export function paranoidtransactionid(req, res, next, id) {
-  parseIdOrUUID(id)
-    .then(where => {
-      return Transaction.findOne({
-        where,
-        paranoid: false,
-      });
-    })
-    .then(transaction => {
-      if (!transaction) {
-        next(new errors.NotFound(`Transaction ${id} not found`));
-        return null;
-      } else {
-        req.paranoidtransaction = transaction;
-        next();
-        return null;
-      }
-    })
-    .catch(next);
-}
-
-/**
- * ExpenseId.
- */
-export function expenseid(req, res, next, expenseid) {
-  let queryInCollective,
-    NotFoundInCollective = '';
-  if (req.params.collectiveid) {
-    queryInCollective = { CollectiveId: req.params.collectiveid };
-    NotFoundInCollective = `in collective ${req.params.collectiveid}`;
-  }
-  parseIdOrUUID(expenseid)
-    .then(where =>
-      Expense.findOne({
-        where: Object.assign({}, where, queryInCollective),
-        include: [{ model: models.Collective, as: 'collective' }, { model: models.User }],
-      }),
-    )
-    .then(expense => {
-      if (!expense) {
-        next(new errors.NotFound(`Expense '${expenseid}' not found ${NotFoundInCollective}`));
-        return null;
-      } else {
-        req.expense = expense;
-        next();
-        return null;
-      }
-    })
-    .catch(next);
-}
diff --git a/server/routes.js b/server/routes.js
index a614ad7d142..41a04673169 100644
--- a/server/routes.js
+++ b/server/routes.js
@@ -31,7 +31,6 @@ import { HandlerType, reportMessageToSentry, SentryGraphQLPlugin, sentryHandleSl
 import { parseToBoolean } from './lib/utils';
 import * as authentication from './middleware/authentication';
 import errorHandler from './middleware/error-handler';
-import * as params from './middleware/params';
 import required from './middleware/required-param';
 import sanitizer from './middleware/sanitizer';
 
@@ -127,16 +126,6 @@ export default async app => {
   );
   app.post('/oauth/authenticate', noCache, app.oauth.authenticate());
 
-  /**
-   * Parameters.
-   */
-  app.param('uuid', params.uuid);
-  app.param('userid', params.userid);
-  app.param('collectiveid', params.collectiveid);
-  app.param('transactionuuid', params.transactionuuid);
-  app.param('paranoidtransactionid', params.paranoidtransactionid);
-  app.param('expenseid', params.expenseid);
-
   /**
    * GraphQL caching
    */

From 7fc5e148f701b37aecd7ad4e4236d4af8749585d Mon Sep 17 00:00:00 2001
From: Leo Kewitz <leo@opencollective.com>
Date: Tue, 19 Nov 2024 13:23:45 -0300
Subject: [PATCH 062/129] Add X alternatives to Social Links (#10475)

* feat: add BluesSky and Threads types

* chore: update schemas
---
 server/graphql/schemaV1.graphql | 32 +++++++++++++++-------------
 server/graphql/schemaV2.graphql | 37 ++++++++++++++++++++-------------
 server/models/SocialLink.ts     | 32 +++++++++++++++-------------
 3 files changed, 56 insertions(+), 45 deletions(-)

diff --git a/server/graphql/schemaV1.graphql b/server/graphql/schemaV1.graphql
index 37fabb623e6..d2114eed653 100644
--- a/server/graphql/schemaV1.graphql
+++ b/server/graphql/schemaV1.graphql
@@ -967,27 +967,29 @@ type SocialLink {
 The type of social link
 """
 enum SocialLinkType {
-  TWITTER
-  TUMBLR
-  MASTODON
-  MATTERMOST
-  SLACK
-  LINKEDIN
-  MEETUP
-  FACEBOOK
-  INSTAGRAM
+  BLUESKY
   DISCORD
-  YOUTUBE
-  GITHUB
-  GITLAB
-  GIT
-  WEBSITE
   DISCOURSE
-  PIXELFED
+  FACEBOOK
   GHOST
+  GIT
+  GITHUB
+  GITLAB
+  INSTAGRAM
+  LINKEDIN
+  MASTODON
+  MATTERMOST
+  MEETUP
   PEERTUBE
+  PIXELFED
+  SLACK
+  THREADS
   TIKTOK
+  TUMBLR
   TWITCH
+  TWITTER
+  WEBSITE
+  YOUTUBE
 }
 
 """
diff --git a/server/graphql/schemaV2.graphql b/server/graphql/schemaV2.graphql
index a1e26cb2418..4e20074a642 100644
--- a/server/graphql/schemaV2.graphql
+++ b/server/graphql/schemaV2.graphql
@@ -1030,27 +1030,29 @@ type SocialLink {
 The type of social link
 """
 enum SocialLinkType {
-  TWITTER
-  TUMBLR
-  MASTODON
-  MATTERMOST
-  SLACK
-  LINKEDIN
-  MEETUP
-  FACEBOOK
-  INSTAGRAM
+  BLUESKY
   DISCORD
-  YOUTUBE
-  GITHUB
-  GITLAB
-  GIT
-  WEBSITE
   DISCOURSE
-  PIXELFED
+  FACEBOOK
   GHOST
+  GIT
+  GITHUB
+  GITLAB
+  INSTAGRAM
+  LINKEDIN
+  MASTODON
+  MATTERMOST
+  MEETUP
   PEERTUBE
+  PIXELFED
+  SLACK
+  THREADS
   TIKTOK
+  TUMBLR
   TWITCH
+  TWITTER
+  WEBSITE
+  YOUTUBE
 }
 
 """
@@ -20231,6 +20233,11 @@ type Mutation {
     Reference of the transaction to refund
     """
     transaction: TransactionReferenceInput!
+
+    """
+    If true, the refund will be processed even if it exceeds the balance of the Collective
+    """
+    ignoreBalanceCheck: Boolean
   ): Transaction
 
   """
diff --git a/server/models/SocialLink.ts b/server/models/SocialLink.ts
index de181c8a8d3..0442e294f94 100644
--- a/server/models/SocialLink.ts
+++ b/server/models/SocialLink.ts
@@ -5,27 +5,29 @@ import sequelize, { DataTypes, Model } from '../lib/sequelize';
 import Collective from './Collective';
 
 export enum SocialLinkType {
-  TWITTER = 'TWITTER',
-  TUMBLR = 'TUMBLR',
-  MASTODON = 'MASTODON',
-  MATTERMOST = 'MATTERMOST',
-  SLACK = 'SLACK',
-  LINKEDIN = 'LINKEDIN',
-  MEETUP = 'MEETUP',
-  FACEBOOK = 'FACEBOOK',
-  INSTAGRAM = 'INSTAGRAM',
+  BLUESKY = 'BLUESKY',
   DISCORD = 'DISCORD',
-  YOUTUBE = 'YOUTUBE',
-  GITHUB = 'GITHUB',
-  GITLAB = 'GITLAB',
-  GIT = 'GIT',
-  WEBSITE = 'WEBSITE',
   DISCOURSE = 'DISCOURSE',
-  PIXELFED = 'PIXELFED',
+  FACEBOOK = 'FACEBOOK',
   GHOST = 'GHOST',
+  GIT = 'GIT',
+  GITHUB = 'GITHUB',
+  GITLAB = 'GITLAB',
+  INSTAGRAM = 'INSTAGRAM',
+  LINKEDIN = 'LINKEDIN',
+  MASTODON = 'MASTODON',
+  MATTERMOST = 'MATTERMOST',
+  MEETUP = 'MEETUP',
   PEERTUBE = 'PEERTUBE',
+  PIXELFED = 'PIXELFED',
+  SLACK = 'SLACK',
+  THREADS = 'THREADS',
   TIKTOK = 'TIKTOK',
+  TUMBLR = 'TUMBLR',
   TWITCH = 'TWITCH',
+  TWITTER = 'TWITTER',
+  WEBSITE = 'WEBSITE',
+  YOUTUBE = 'YOUTUBE',
 }
 
 class SocialLink extends Model<InferAttributes<SocialLink>, InferCreationAttributes<SocialLink>> {

From 08bc178d043e4621053fcce71a1360ef40c1fc8e Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Wed, 20 Nov 2024 09:37:52 +0100
Subject: [PATCH 063/129] fix(contributors): return proper type for account
 (#10476)

---
 server/graphql/v2/object/Contributor.ts | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/server/graphql/v2/object/Contributor.ts b/server/graphql/v2/object/Contributor.ts
index 3dc34e5f875..811ab07c6e8 100644
--- a/server/graphql/v2/object/Contributor.ts
+++ b/server/graphql/v2/object/Contributor.ts
@@ -2,7 +2,9 @@ import { GraphQLBoolean, GraphQLInt, GraphQLList, GraphQLNonNull, GraphQLObjectT
 import { GraphQLDateTime } from 'graphql-scalars';
 
 import { getCollectiveAvatarUrl } from '../../../lib/collectivelib';
+import Collective from '../../../models/Collective';
 import { GraphQLImageFormat, GraphQLMemberRole } from '../enum';
+import { GraphQLAccount } from '../interface/Account';
 
 import { GraphQLAmount } from './Amount';
 
@@ -81,8 +83,8 @@ export const GraphQLContributor = new GraphQLObjectType({
       },
     },
     account: {
-      type: GraphQLString,
-      resolve(contributor, _, req): Promise<string | null> {
+      type: GraphQLAccount,
+      resolve(contributor, _, req): Promise<Collective | null> {
         return req.loaders.Collective.byId.load(contributor.id);
       },
     },

From 87beb3e86f3371cfc8e6ab6bc68bf7f69d5acbd7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Hodierne?= <francois@hodierne.net>
Date: Wed, 20 Nov 2024 12:47:23 +0100
Subject: [PATCH 064/129] introduce daily materialized views (#10474)

---
 .../92-refresh-daily-materialized-views.js    | 35 +++++++++++++++++++
 cron/hourly/50-refresh-materialized-views.js  |  8 +----
 2 files changed, 36 insertions(+), 7 deletions(-)
 create mode 100644 cron/daily/92-refresh-daily-materialized-views.js

diff --git a/cron/daily/92-refresh-daily-materialized-views.js b/cron/daily/92-refresh-daily-materialized-views.js
new file mode 100644
index 00000000000..6695625f67a
--- /dev/null
+++ b/cron/daily/92-refresh-daily-materialized-views.js
@@ -0,0 +1,35 @@
+import '../../server/env';
+
+import logger from '../../server/lib/logger';
+import { sequelize } from '../../server/models';
+import { runCronJob } from '../utils';
+
+const VIEWS = ['CollectiveTransactionStats', 'TransactionBalances', 'CollectiveBalanceCheckpoint'];
+
+/**
+ * Refresh the materialized views.
+ *
+ * `CONCURRENTLY` is used to avoid deadlocks, as Postgres otherwise lock queries
+ * using this table until the refresh is complete.
+ */
+async function run() {
+  for (const view of VIEWS) {
+    logger.info(`Refreshing ${view} materialized view CONCURRENTLY...`);
+    const startTime = process.hrtime();
+    try {
+      await sequelize.query(`REFRESH MATERIALIZED VIEW CONCURRENTLY "${view}"`);
+      const [runSeconds, runMilliSeconds] = process.hrtime(startTime);
+      logger.info(`${view} materialized view refreshed in ${runSeconds}.${runMilliSeconds} seconds`);
+    } catch (e) {
+      const [runSeconds, runMilliSeconds] = process.hrtime(startTime);
+      logger.error(
+        `Error while refreshing ${view} materialized view after ${runSeconds}.${runMilliSeconds} seconds: ${e.message}`,
+        e,
+      );
+    }
+  }
+}
+
+if (require.main === module) {
+  runCronJob('refresh-daily-materialized-views', run, 24 * 60 * 60);
+}
diff --git a/cron/hourly/50-refresh-materialized-views.js b/cron/hourly/50-refresh-materialized-views.js
index 9a90de25856..b66a3b58fac 100644
--- a/cron/hourly/50-refresh-materialized-views.js
+++ b/cron/hourly/50-refresh-materialized-views.js
@@ -4,13 +4,7 @@ import logger from '../../server/lib/logger';
 import { sequelize } from '../../server/models';
 import { runCronJob } from '../utils';
 
-const VIEWS = [
-  'CollectiveTransactionStats',
-  'TransactionBalances',
-  'CollectiveBalanceCheckpoint',
-  'CollectiveOrderStats',
-  'ExpenseTagStats',
-];
+const VIEWS = ['CollectiveOrderStats', 'ExpenseTagStats'];
 
 const VIEWS_WITHOUT_UNIQUE_INDEX = ['HostMonthlyTransactions', 'CollectiveTagStats'];
 

From 0ba08a84caf437a11e3403f88d7c018f193f769c Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 20 Nov 2024 12:47:39 +0100
Subject: [PATCH 065/129] fix(deps): update dependency winston to v3.17.0
 (#10445)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 30 ++++++++++++++++--------------
 package.json      |  2 +-
 2 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index bfb64605610..70d0a81f88e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -112,7 +112,7 @@
         "twitter-api-v2": "1.17.2",
         "uuid": "10.0.0",
         "validator": "13.12.0",
-        "winston": "3.15.0",
+        "winston": "3.17.0",
         "zod": "3.23.8"
       },
       "devDependencies": {
@@ -17553,9 +17553,10 @@
       }
     },
     "node_modules/logform": {
-      "version": "2.6.0",
-      "resolved": "https://registry.npmjs.org/logform/-/logform-2.6.0.tgz",
-      "integrity": "sha512-1ulHeNPp6k/LD8H91o7VYFBng5i1BDE7HoKxVbZiGFidS1Rj65qcywLxX+pVfAPoQJEjRdvKcusKwOupHCVOVQ==",
+      "version": "2.7.0",
+      "resolved": "https://registry.npmjs.org/logform/-/logform-2.7.0.tgz",
+      "integrity": "sha512-TFYA4jnP7PVbmlBIfhlSe+WKxs9dklXMTEGcBCIvLhE/Tn3H6Gk1norupVW7m5Cnd4bLcr08AytbyV/xj7f/kQ==",
+      "license": "MIT",
       "dependencies": {
         "@colors/colors": "1.6.0",
         "@types/triple-beam": "^1.3.2",
@@ -23680,34 +23681,35 @@
       }
     },
     "node_modules/winston": {
-      "version": "3.15.0",
-      "resolved": "https://registry.npmjs.org/winston/-/winston-3.15.0.tgz",
-      "integrity": "sha512-RhruH2Cj0bV0WgNL+lOfoUBI4DVfdUNjVnJGVovWZmrcKtrFTTRzgXYK2O9cymSGjrERCtaAeHwMNnUWXlwZow==",
+      "version": "3.17.0",
+      "resolved": "https://registry.npmjs.org/winston/-/winston-3.17.0.tgz",
+      "integrity": "sha512-DLiFIXYC5fMPxaRg832S6F5mJYvePtmO5G9v9IgUFPhXm9/GkXarH/TUrBAVzhTCzAj9anE/+GjrgXp/54nOgw==",
       "license": "MIT",
       "dependencies": {
         "@colors/colors": "^1.6.0",
         "@dabh/diagnostics": "^2.0.2",
         "async": "^3.2.3",
         "is-stream": "^2.0.0",
-        "logform": "^2.6.0",
+        "logform": "^2.7.0",
         "one-time": "^1.0.0",
         "readable-stream": "^3.4.0",
         "safe-stable-stringify": "^2.3.1",
         "stack-trace": "0.0.x",
         "triple-beam": "^1.3.0",
-        "winston-transport": "^4.7.0"
+        "winston-transport": "^4.9.0"
       },
       "engines": {
         "node": ">= 12.0.0"
       }
     },
     "node_modules/winston-transport": {
-      "version": "4.7.0",
-      "resolved": "https://registry.npmjs.org/winston-transport/-/winston-transport-4.7.0.tgz",
-      "integrity": "sha512-ajBj65K5I7denzer2IYW6+2bNIVqLGDHqDw3Ow8Ohh+vdW+rv4MZ6eiDvHoKhfJFZ2auyN8byXieDDJ96ViONg==",
+      "version": "4.9.0",
+      "resolved": "https://registry.npmjs.org/winston-transport/-/winston-transport-4.9.0.tgz",
+      "integrity": "sha512-8drMJ4rkgaPo1Me4zD/3WLfI/zPdA9o2IipKODunnGDcuqbHwjsbB79ylv04LCGGzU0xQ6vTznOMpQGaLhhm6A==",
+      "license": "MIT",
       "dependencies": {
-        "logform": "^2.3.2",
-        "readable-stream": "^3.6.0",
+        "logform": "^2.7.0",
+        "readable-stream": "^3.6.2",
         "triple-beam": "^1.3.0"
       },
       "engines": {
diff --git a/package.json b/package.json
index 14f24464c04..86aa174dd62 100644
--- a/package.json
+++ b/package.json
@@ -133,7 +133,7 @@
     "twitter-api-v2": "1.17.2",
     "uuid": "10.0.0",
     "validator": "13.12.0",
-    "winston": "3.15.0",
+    "winston": "3.17.0",
     "zod": "3.23.8"
   },
   "devDependencies": {

From e1f6a7bd7abd2865807c085cd2e7ff1f2685bda6 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 20 Nov 2024 12:48:04 +0100
Subject: [PATCH 066/129] fix(deps): update dependency cloudflare to v3.5.0
 (#10393)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 16 +++++++++-------
 package.json      |  2 +-
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 70d0a81f88e..7b35c50d9af 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -39,7 +39,7 @@
         "bcrypt": "5.1.1",
         "blurhash": "2.0.5",
         "burner-email-providers": "github:opencollective/burner-email-providers",
-        "cloudflare": "3.4.0",
+        "cloudflare": "3.5.0",
         "cloudflare-ip": "0.0.7",
         "commander": "12.1.0",
         "config": "3.3.12",
@@ -11180,9 +11180,10 @@
       }
     },
     "node_modules/cloudflare": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/cloudflare/-/cloudflare-3.4.0.tgz",
-      "integrity": "sha512-jiPN5MqzaeZP4UKPgGTuR7/e6kvD+pdeTdJSfqoUHczcSTGIPuJhGj3XRjnqubskrQtWIYuRpiN8rEm5avDrAw==",
+      "version": "3.5.0",
+      "resolved": "https://registry.npmjs.org/cloudflare/-/cloudflare-3.5.0.tgz",
+      "integrity": "sha512-sIRZ4K2WQf8tZ74gZGan3u6+50VY1cB6uNc9XIGGLQa7Ti/nrvvadirm8EPVFlQMG11PUXPsX1Buheh4MPLiew==",
+      "license": "Apache-2.0",
       "dependencies": {
         "@types/node": "^18.11.18",
         "@types/node-fetch": "^2.6.4",
@@ -11205,9 +11206,10 @@
       }
     },
     "node_modules/cloudflare/node_modules/@types/node": {
-      "version": "18.19.31",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.19.31.tgz",
-      "integrity": "sha512-ArgCD39YpyyrtFKIqMDvjz79jto5fcI/SVUs2HwB+f0dAzq68yqOdyaSivLiLugSziTpNXLQrVb7RZFmdZzbhA==",
+      "version": "18.19.59",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-18.19.59.tgz",
+      "integrity": "sha512-vizm2EqwV/7Zay+A6J3tGl9Lhr7CjZe2HmWS988sefiEmsyP9CeXEleho6i4hJk/8UtZAo0bWN4QPZZr83RxvQ==",
+      "license": "MIT",
       "dependencies": {
         "undici-types": "~5.26.4"
       }
diff --git a/package.json b/package.json
index 86aa174dd62..cf58111889a 100644
--- a/package.json
+++ b/package.json
@@ -60,7 +60,7 @@
     "bcrypt": "5.1.1",
     "blurhash": "2.0.5",
     "burner-email-providers": "github:opencollective/burner-email-providers",
-    "cloudflare": "3.4.0",
+    "cloudflare": "3.5.0",
     "cloudflare-ip": "0.0.7",
     "commander": "12.1.0",
     "config": "3.3.12",

From 37b4363d831894b0cd385d90b1cc95f73fa762c1 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 20 Nov 2024 12:48:19 +0100
Subject: [PATCH 067/129] fix(deps): update dependency moment-timezone to
 v0.5.46 (#10391)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 9 +++++----
 package.json      | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 7b35c50d9af..6266bcd9d46 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -81,7 +81,7 @@
         "lodash": "4.17.21",
         "lru-cache": "11.0.1",
         "moment": "2.30.1",
-        "moment-timezone": "0.5.45",
+        "moment-timezone": "0.5.46",
         "multer": "1.4.5-lts.1",
         "node-fetch": "2.7.0",
         "node-statsd": "0.1.1",
@@ -18323,9 +18323,10 @@
       }
     },
     "node_modules/moment-timezone": {
-      "version": "0.5.45",
-      "resolved": "https://registry.npmjs.org/moment-timezone/-/moment-timezone-0.5.45.tgz",
-      "integrity": "sha512-HIWmqA86KcmCAhnMAN0wuDOARV/525R2+lOLotuGFzn4HO+FH+/645z2wx0Dt3iDv6/p61SIvKnDstISainhLQ==",
+      "version": "0.5.46",
+      "resolved": "https://registry.npmjs.org/moment-timezone/-/moment-timezone-0.5.46.tgz",
+      "integrity": "sha512-ZXm9b36esbe7OmdABqIWJuBBiLLwAjrN7CE+7sYdCCx82Nabt1wHDj8TVseS59QIlfFPbOoiBPm6ca9BioG4hw==",
+      "license": "MIT",
       "dependencies": {
         "moment": "^2.29.4"
       },
diff --git a/package.json b/package.json
index cf58111889a..348750c2596 100644
--- a/package.json
+++ b/package.json
@@ -102,7 +102,7 @@
     "lodash": "4.17.21",
     "lru-cache": "11.0.1",
     "moment": "2.30.1",
-    "moment-timezone": "0.5.45",
+    "moment-timezone": "0.5.46",
     "multer": "1.4.5-lts.1",
     "node-fetch": "2.7.0",
     "node-statsd": "0.1.1",

From ede6b86f51a3da8cabb51b08dc87e7eb738aa7d0 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 20 Nov 2024 13:09:46 +0100
Subject: [PATCH 068/129] fix(deps): update dependency sequelize to v6.37.5
 (#10427)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 6266bcd9d46..a363f94f4a4 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -99,7 +99,7 @@
         "prepend-http": "3.0.1",
         "redis": "4.6.6",
         "sanitize-html": "2.13.1",
-        "sequelize": "6.37.4",
+        "sequelize": "6.37.5",
         "sequelize-cli": "6.6.2",
         "sequelize-temporal": "2.0.0",
         "sharp": "0.33.4",
@@ -21431,9 +21431,9 @@
       }
     },
     "node_modules/sequelize": {
-      "version": "6.37.4",
-      "resolved": "https://registry.npmjs.org/sequelize/-/sequelize-6.37.4.tgz",
-      "integrity": "sha512-+8B0p00EKmxJpwwruDI0drxh4wNSC0YB9pVhOajRzfMI+uIDi5V7rJPC8RTTkLmKUoAIatJZn6lW9gj6bmmYKQ==",
+      "version": "6.37.5",
+      "resolved": "https://registry.npmjs.org/sequelize/-/sequelize-6.37.5.tgz",
+      "integrity": "sha512-10WA4poUb3XWnUROThqL2Apq9C2NhyV1xHPMZuybNMCucDsbbFuKg51jhmyvvAUyUqCiimwTZamc3AHhMoBr2Q==",
       "funding": [
         {
           "type": "opencollective",
diff --git a/package.json b/package.json
index 348750c2596..ec1ec443ad5 100644
--- a/package.json
+++ b/package.json
@@ -120,7 +120,7 @@
     "prepend-http": "3.0.1",
     "redis": "4.6.6",
     "sanitize-html": "2.13.1",
-    "sequelize": "6.37.4",
+    "sequelize": "6.37.5",
     "sequelize-cli": "6.6.2",
     "sequelize-temporal": "2.0.0",
     "sharp": "0.33.4",

From ff571d0b0ae40fca506387b4e507119e40d2ab80 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 20 Nov 2024 13:27:38 +0100
Subject: [PATCH 069/129] fix(deps): update dependency pg to v8.13.1 (#10355)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 28 +++++++++++++++-------------
 package.json      |  2 +-
 2 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index a363f94f4a4..3ee014ea07f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -92,7 +92,7 @@
         "passport": "0.7.0",
         "passport-github": "1.1.0",
         "paypal-adaptive": "0.4.2",
-        "pg": "8.12.0",
+        "pg": "8.13.1",
         "pg-connection-string": "2.7.0",
         "pg-format": "1.0.4",
         "plaid": "29.0.0",
@@ -19968,14 +19968,14 @@
       "optional": true
     },
     "node_modules/pg": {
-      "version": "8.12.0",
-      "resolved": "https://registry.npmjs.org/pg/-/pg-8.12.0.tgz",
-      "integrity": "sha512-A+LHUSnwnxrnL/tZ+OLfqR1SxLN3c/pgDztZ47Rpbsd4jUytsTtwQo/TLPRzPJMp/1pbhYVhH9cuSZLAajNfjQ==",
+      "version": "8.13.1",
+      "resolved": "https://registry.npmjs.org/pg/-/pg-8.13.1.tgz",
+      "integrity": "sha512-OUir1A0rPNZlX//c7ksiu7crsGZTKSOXJPgtNiHGIlC9H0lO+NC6ZDYksSgBYY/thSWhnSRBv8w1lieNNGATNQ==",
       "license": "MIT",
       "dependencies": {
-        "pg-connection-string": "^2.6.4",
-        "pg-pool": "^3.6.2",
-        "pg-protocol": "^1.6.1",
+        "pg-connection-string": "^2.7.0",
+        "pg-pool": "^3.7.0",
+        "pg-protocol": "^1.7.0",
         "pg-types": "^2.1.0",
         "pgpass": "1.x"
       },
@@ -20023,17 +20023,19 @@
       }
     },
     "node_modules/pg-pool": {
-      "version": "3.6.2",
-      "resolved": "https://registry.npmjs.org/pg-pool/-/pg-pool-3.6.2.tgz",
-      "integrity": "sha512-Htjbg8BlwXqSBQ9V8Vjtc+vzf/6fVUuak/3/XXKA9oxZprwW3IMDQTGHP+KDmVL7rtd+R1QjbnCFPuTHm3G4hg==",
+      "version": "3.7.0",
+      "resolved": "https://registry.npmjs.org/pg-pool/-/pg-pool-3.7.0.tgz",
+      "integrity": "sha512-ZOBQForurqh4zZWjrgSwwAtzJ7QiRX0ovFkZr2klsen3Nm0aoh33Ls0fzfv3imeH/nw/O27cjdz5kzYJfeGp/g==",
+      "license": "MIT",
       "peerDependencies": {
         "pg": ">=8.0"
       }
     },
     "node_modules/pg-protocol": {
-      "version": "1.6.1",
-      "resolved": "https://registry.npmjs.org/pg-protocol/-/pg-protocol-1.6.1.tgz",
-      "integrity": "sha512-jPIlvgoD63hrEuihvIg+tJhoGjUsLPn6poJY9N5CnlPd91c2T18T/9zBtLxZSb1EhYxBRoZJtzScCaWlYLtktg=="
+      "version": "1.7.0",
+      "resolved": "https://registry.npmjs.org/pg-protocol/-/pg-protocol-1.7.0.tgz",
+      "integrity": "sha512-hTK/mE36i8fDDhgDFjy6xNOG+LCorxLG3WO17tku+ij6sVHXh1jQUJ8hYAnRhNla4QVD2H8er/FOjc/+EgC6yQ==",
+      "license": "MIT"
     },
     "node_modules/pg-types": {
       "version": "2.2.0",
diff --git a/package.json b/package.json
index ec1ec443ad5..c2ac37a0a36 100644
--- a/package.json
+++ b/package.json
@@ -113,7 +113,7 @@
     "passport": "0.7.0",
     "passport-github": "1.1.0",
     "paypal-adaptive": "0.4.2",
-    "pg": "8.12.0",
+    "pg": "8.13.1",
     "pg-connection-string": "2.7.0",
     "pg-format": "1.0.4",
     "plaid": "29.0.0",

From d2efb14fe2635006f762d0cde3b449af0d6cef39 Mon Sep 17 00:00:00 2001
From: Leo Kewitz <leo@opencollective.com>
Date: Thu, 21 Nov 2024 10:30:30 -0300
Subject: [PATCH 070/129] Draft Expenses: Optional invite notification and
 draft key (#10477)

* refact: allow user to skip invite email in draftExpenseAndInviteUser

* refact: expose expense.draftKey for trusted fiscal host admins

* chore: update schema

* refact: make canSeeDraftKey logic independent

Co-authored-by: Benjamin Piouffle <benjamin@opencollective.com>

* refact: rely on Activity.create logic to skip notification

Co-authored-by: Benjamin Piouffle <benjamin@opencollective.com>

---------

Co-authored-by: Benjamin Piouffle <benjamin@opencollective.com>
---
 server/graphql/common/expenses.ts             | 20 +++++++-
 server/graphql/schemaV2.graphql               | 10 ++++
 .../graphql/v2/mutation/ExpenseMutations.ts   |  8 +++-
 server/graphql/v2/object/Expense.ts           |  9 ++++
 server/models/Expense.ts                      |  5 +-
 test/server/graphql/common/expenses.test.js   | 47 +++++++++++++++++++
 .../v2/mutation/ExpenseMutations.test.js      | 25 +++++++++-
 7 files changed, 119 insertions(+), 5 deletions(-)

diff --git a/server/graphql/common/expenses.ts b/server/graphql/common/expenses.ts
index 66cfa21294c..2ac3d49e61a 100644
--- a/server/graphql/common/expenses.ts
+++ b/server/graphql/common/expenses.ts
@@ -29,7 +29,7 @@ import {
 import moment from 'moment';
 import { v4 as uuid } from 'uuid';
 
-import { activities, roles } from '../../constants';
+import { activities, expenseStatus, roles } from '../../constants';
 import ActivityTypes from '../../constants/activities';
 import { CollectiveType } from '../../constants/collectives';
 import { Service } from '../../constants/connected-account';
@@ -396,6 +396,24 @@ export const canSeeExpenseSecurityChecks: ExpensePermissionEvaluator = async (re
   return remoteUserMeetsOneCondition(req, expense, [isHostAdmin]);
 };
 
+export const canSeeDraftKey: ExpensePermissionEvaluator = async (req, expense) => {
+  if (expense.status !== expenseStatus.DRAFT) {
+    return false;
+  }
+
+  if (!validateExpenseScope(req)) {
+    return false;
+  }
+
+  // Preload host and collective, we'll need them for permissions checks
+  expense.collective = expense.collective || (await req.loaders.Collective.byId.load(expense.CollectiveId));
+  if (expense.collective?.HostCollectiveId && !expense.collective.host) {
+    expense.collective.host = await req.loaders.Collective.byId.load(expense.collective.HostCollectiveId);
+  }
+
+  return remoteUserMeetsOneCondition(req, expense, [isHostAdmin]);
+};
+
 export const canSeeExpenseCustomData: ExpensePermissionEvaluator = async (req, expense) => {
   if (!validateExpenseScope(req)) {
     return false;
diff --git a/server/graphql/schemaV2.graphql b/server/graphql/schemaV2.graphql
index 4e20074a642..e4de216a242 100644
--- a/server/graphql/schemaV2.graphql
+++ b/server/graphql/schemaV2.graphql
@@ -2533,6 +2533,11 @@ type Expense {
   """
   securityChecks: [SecurityCheck]
 
+  """
+  [Host Admin only] Key to access the draft of this expense
+  """
+  draftKey: String
+
   """
   Custom data for this expense
   """
@@ -19487,6 +19492,11 @@ type Mutation {
     Account where the expense will be created
     """
     account: AccountReferenceInput!
+
+    """
+    Skip sending the invite email
+    """
+    skipInvite: Boolean = false
   ): Expense!
 
   """
diff --git a/server/graphql/v2/mutation/ExpenseMutations.ts b/server/graphql/v2/mutation/ExpenseMutations.ts
index f237bd04caf..9d4af1c3014 100644
--- a/server/graphql/v2/mutation/ExpenseMutations.ts
+++ b/server/graphql/v2/mutation/ExpenseMutations.ts
@@ -455,6 +455,11 @@ const expenseMutations = {
         type: new GraphQLNonNull(GraphQLAccountReferenceInput),
         description: 'Account where the expense will be created',
       },
+      skipInvite: {
+        type: new GraphQLNonNull(GraphQLBoolean),
+        description: 'Skip sending the invite email',
+        defaultValue: false,
+      },
     },
     async resolve(_: void, args, req: express.Request): Promise<ExpenseModel> {
       checkRemoteUserCanUseExpenses(req);
@@ -505,6 +510,7 @@ const expenseMutations = {
 
       const expense = await models.Expense.create({
         ...pick(expenseData, DRAFT_EXPENSE_FIELDS),
+        status: expenseStatus.DRAFT,
         CollectiveId: collective.id,
         FromCollectiveId: fromCollective.id,
         lastEditedById: remoteUser.id,
@@ -524,8 +530,8 @@ const expenseMutations = {
           customData: expenseData.customData,
           taxes: expenseData.tax,
           reference: expenseData.reference,
+          notify: !args.skipInvite,
         },
-        status: expenseStatus.DRAFT,
       });
 
       await sendDraftExpenseInvite(req, expense, collective, draftKey);
diff --git a/server/graphql/v2/object/Expense.ts b/server/graphql/v2/object/Expense.ts
index 8faa955d44c..d4e68e7e94a 100644
--- a/server/graphql/v2/object/Expense.ts
+++ b/server/graphql/v2/object/Expense.ts
@@ -634,6 +634,15 @@ export const GraphQLExpense = new GraphQLObjectType<ExpenseModel, express.Reques
           }
         },
       },
+      draftKey: {
+        type: GraphQLString,
+        description: '[Host Admin only] Key to access the draft of this expense',
+        async resolve(expense, _, req) {
+          if (await ExpenseLib.canSeeDraftKey(req, expense)) {
+            return expense.data?.draftKey;
+          }
+        },
+      },
       customData: {
         type: GraphQLJSON,
         description: 'Custom data for this expense',
diff --git a/server/models/Expense.ts b/server/models/Expense.ts
index bf3aaf69d17..cc850bd7342 100644
--- a/server/models/Expense.ts
+++ b/server/models/Expense.ts
@@ -163,7 +163,9 @@ class Expense extends Model<InferAttributes<Expense>, InferCreationAttributes<Ex
   createActivity = async function (
     type: ActivityTypes,
     user: User | { id: number } | null = null,
-    data: ({ notifyCollective?: boolean; ledgerTransaction?: Transaction } & Record<string, unknown>) | null = {},
+    data:
+      | ({ notifyCollective?: boolean; ledgerTransaction?: Transaction; notify?: boolean } & Record<string, unknown>)
+      | null = {},
   ) {
     const submittedByUser = await this.getSubmitterUser();
     const submittedByUserCollective = await Collective.findByPk(submittedByUser.CollectiveId);
@@ -205,6 +207,7 @@ class Expense extends Model<InferAttributes<Expense>, InferCreationAttributes<Ex
           'message',
           'event',
           'isSystem',
+          'notify',
           'notifyCollective',
           'reference',
           'estimatedDelivery',
diff --git a/test/server/graphql/common/expenses.test.js b/test/server/graphql/common/expenses.test.js
index 27656dc705b..472246e4b9f 100644
--- a/test/server/graphql/common/expenses.test.js
+++ b/test/server/graphql/common/expenses.test.js
@@ -15,6 +15,7 @@ import {
   canMarkAsUnpaid,
   canPayExpense,
   canReject,
+  canSeeDraftKey,
   canSeeExpenseAttachments,
   canSeeExpenseDraftPrivateDetails,
   canSeeExpenseInvoiceInfo,
@@ -861,6 +862,52 @@ describe('server/graphql/common/expenses', () => {
     });
   });
 
+  describe('canSeeDraftKey', () => {
+    it('can not be seen if the expense is not a DRAFT', async () => {
+      await runForAllContexts(async context => {
+        await context.expense.update({ status: 'PENDING' });
+        expect(await checkAllPermissions(canSeeDraftKey, context)).to.deep.equal({
+          public: false,
+          randomUser: false,
+          collectiveAdmin: false,
+          collectiveAccountant: false,
+          hostAdmin: false,
+          hostAccountant: false,
+          expenseOwner: false,
+          limitedHostAdmin: false,
+        });
+      });
+    });
+
+    it('can only be seen by host admin', async () => {
+      let context = contexts.normal;
+      await context.expense.update({ status: 'DRAFT' });
+      expect(await checkAllPermissions(canSeeDraftKey, context)).to.deep.equal({
+        public: false,
+        randomUser: false,
+        collectiveAdmin: false,
+        collectiveAccountant: false,
+        hostAdmin: true,
+        hostAccountant: false,
+        expenseOwner: false,
+        limitedHostAdmin: false,
+      });
+
+      context = contexts.selfHosted;
+      await context.expense.update({ status: 'DRAFT' });
+      expect(await checkAllPermissions(canSeeDraftKey, context)).to.deep.equal({
+        public: false,
+        randomUser: false,
+        collectiveAdmin: true,
+        collectiveAccountant: false,
+        hostAdmin: true,
+        hostAccountant: false,
+        expenseOwner: false,
+        limitedHostAdmin: false,
+      });
+    });
+  });
+
   describe('getExpenseAmountInDifferentCurrency', () => {
     describe('Wise', () => {
       it('returns the amount in expense currency', async () => {
diff --git a/test/server/graphql/v2/mutation/ExpenseMutations.test.js b/test/server/graphql/v2/mutation/ExpenseMutations.test.js
index 52022d577fc..e8aef1af319 100644
--- a/test/server/graphql/v2/mutation/ExpenseMutations.test.js
+++ b/test/server/graphql/v2/mutation/ExpenseMutations.test.js
@@ -18,6 +18,7 @@ import {
   TwoFactorAuthenticationHeader,
   TwoFactorMethod,
 } from '../../../../../server/lib/two-factor-authentication/lib';
+import { sleep } from '../../../../../server/lib/utils';
 import models from '../../../../../server/models';
 import { LEGAL_DOCUMENT_TYPE } from '../../../../../server/models/LegalDocument';
 import { PayoutMethodTypes } from '../../../../../server/models/PayoutMethod';
@@ -4207,8 +4208,12 @@ describe('server/graphql/v2/mutation/ExpenseMutations', () => {
     let sandbox, collective, expense, user;
 
     const draftExpenseAndInviteUserMutation = gql`
-      mutation DraftExpenseAndInviteUser($expense: ExpenseInviteDraftInput!, $account: AccountReferenceInput!) {
-        draftExpenseAndInviteUser(expense: $expense, account: $account) {
+      mutation DraftExpenseAndInviteUser(
+        $expense: ExpenseInviteDraftInput!
+        $account: AccountReferenceInput!
+        $skipInvite: Boolean
+      ) {
+        draftExpenseAndInviteUser(expense: $expense, account: $account, skipInvite: $skipInvite) {
           id
           legacyId
           status
@@ -4333,5 +4338,21 @@ describe('server/graphql/v2/mutation/ExpenseMutations', () => {
       const [recipient] = emailLib.sendMessage.thirdCall.args;
       expect(recipient).to.eq(existingUser.email);
     });
+
+    it('allows to skip email invitation', async () => {
+      emailLib.sendMessage.resetHistory();
+      const result = await graphqlQueryV2(
+        draftExpenseAndInviteUserMutation,
+        { expense: invoice, account: { legacyId: collective.id }, skipInvite: true },
+        user,
+      );
+
+      await sleep(100);
+
+      const draftedExpense = result.data.draftExpenseAndInviteUser;
+      expense = await models.Expense.findByPk(draftedExpense.legacyId);
+      expect(expense.status).to.eq(expenseStatus.DRAFT);
+      expect(emailLib.sendMessage.callCount).to.eq(0);
+    });
   });
 });

From bb2eae36c87cc400c7099509fd5149a85aa026fe Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Thu, 21 Nov 2024 14:34:59 +0100
Subject: [PATCH 071/129] chore: Report materialized view refresh errors to
 Sentry (#10479)

---
 cron/daily/92-refresh-daily-materialized-views.js | 2 ++
 cron/hourly/50-refresh-materialized-views.js      | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/cron/daily/92-refresh-daily-materialized-views.js b/cron/daily/92-refresh-daily-materialized-views.js
index 6695625f67a..720854b558a 100644
--- a/cron/daily/92-refresh-daily-materialized-views.js
+++ b/cron/daily/92-refresh-daily-materialized-views.js
@@ -1,6 +1,7 @@
 import '../../server/env';
 
 import logger from '../../server/lib/logger';
+import { HandlerType, reportErrorToSentry } from '../../server/lib/sentry';
 import { sequelize } from '../../server/models';
 import { runCronJob } from '../utils';
 
@@ -21,6 +22,7 @@ async function run() {
       const [runSeconds, runMilliSeconds] = process.hrtime(startTime);
       logger.info(`${view} materialized view refreshed in ${runSeconds}.${runMilliSeconds} seconds`);
     } catch (e) {
+      reportErrorToSentry(e, { handler: HandlerType.CRON, severity: 'error', extra: { view } });
       const [runSeconds, runMilliSeconds] = process.hrtime(startTime);
       logger.error(
         `Error while refreshing ${view} materialized view after ${runSeconds}.${runMilliSeconds} seconds: ${e.message}`,
diff --git a/cron/hourly/50-refresh-materialized-views.js b/cron/hourly/50-refresh-materialized-views.js
index b66a3b58fac..745ec4a5a02 100644
--- a/cron/hourly/50-refresh-materialized-views.js
+++ b/cron/hourly/50-refresh-materialized-views.js
@@ -1,6 +1,7 @@
 import '../../server/env';
 
 import logger from '../../server/lib/logger';
+import { HandlerType, reportErrorToSentry } from '../../server/lib/sentry';
 import { sequelize } from '../../server/models';
 import { runCronJob } from '../utils';
 
@@ -24,6 +25,7 @@ async function run() {
       logger.info(`${view} materialized view refreshed in ${runSeconds}.${runMilliSeconds} seconds`);
     } catch (e) {
       const [runSeconds, runMilliSeconds] = process.hrtime(startTime);
+      reportErrorToSentry(e, { handler: HandlerType.CRON, severity: 'error', extra: { view } });
       logger.error(
         `Error while refreshing ${view} materialized view after ${runSeconds}.${runMilliSeconds} seconds: ${e.message}`,
         e,
@@ -39,6 +41,7 @@ async function run() {
       const [runSeconds, runMilliSeconds] = process.hrtime(startTime);
       logger.info(`${view} materialized view refreshed in ${runSeconds}.${runMilliSeconds} seconds`);
     } catch (e) {
+      reportErrorToSentry(e, { handler: HandlerType.CRON, severity: 'error', extra: { view } });
       const [runSeconds, runMilliSeconds] = process.hrtime(startTime);
       logger.error(
         `Error while refreshing ${view} materialized view after ${runSeconds}.${runMilliSeconds} seconds: ${e.message}`,

From a25c89db4c7ca4d55ace630f98ed65873cc346de Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Hodierne?= <francois@hodierne.net>
Date: Fri, 22 Nov 2024 10:07:58 +0100
Subject: [PATCH 072/129] improve the SQL query in rejectt-contributions
 (#10478)

* improve the SQL query in reject-contributions
* add ORDER BY
* add some comments
---
 cron/disabled/reject-contributions.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/cron/disabled/reject-contributions.js b/cron/disabled/reject-contributions.js
index 0f9b5c7ef33..eb1b0db491f 100644
--- a/cron/disabled/reject-contributions.js
+++ b/cron/disabled/reject-contributions.js
@@ -18,8 +18,11 @@ const query = `SELECT "Orders"."id"
   FROM "Orders", "Collectives", "Collectives" as "FromCollectives"
   WHERE "Orders"."CollectiveId" = "Collectives"."id" AND "FromCollectives"."id" = "Orders"."FromCollectiveId"
   AND "Orders"."status" IN ('ACTIVE', 'PAID')
+  AND "Orders"."deletedAt" IS NULL
   AND "Collectives"."settings"->'moderation'->'rejectedCategories' IS NOT NULL
-  AND "FromCollectives"."data"->'categories' IS NOT NULL`;
+  AND jsonb_array_length("Collectives"."settings"->'moderation'->'rejectedCategories') > 0
+  AND "FromCollectives"."data"->'categories' IS NOT NULL
+  ORDER BY "Orders"."createdAt" ASC`;
 
 const getContributorRejectedCategories = (fromCollective, collective) => {
   const rejectedCategories = get(collective, 'settings.moderation.rejectedCategories', []);
@@ -74,7 +77,7 @@ async function run({ dryRun, limit, force } = {}) {
     let shouldNotifyContributor = true;
     let actionTaken = false;
 
-    // Retrieve latest transaction
+    // Retrieve latest transaction to refund it (less than 30 days)
     const transaction = await models.Transaction.findOne({
       where: {
         OrderId: order.id,
@@ -107,6 +110,7 @@ async function run({ dryRun, limit, force } = {}) {
             } else if (force) {
               await createRefundTransaction(transaction, 0, null);
             } else {
+              // don't mark as REJECTED non-refunded one time contributions
               if (order.status === 'PAID') {
                 shouldMarkAsRejected = false;
                 shouldNotifyContributor = false;

From b50ecd5fd309bbf8c7c552c3cf05112467567af2 Mon Sep 17 00:00:00 2001
From: Leo Kewitz <leo@opencollective.com>
Date: Fri, 22 Nov 2024 07:20:39 -0300
Subject: [PATCH 073/129] Rewrite generate jwt debug script (#10482)

* refact: rewrite generate jwt debug script

* fix: add expiration

Co-authored-by: Benjamin Piouffle <benjamin@opencollective.com>

---------

Co-authored-by: Benjamin Piouffle <benjamin@opencollective.com>
---
 scripts/generate-jwt.js | 40 -----------------------------
 scripts/generate-jwt.ts | 56 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 56 insertions(+), 40 deletions(-)
 delete mode 100644 scripts/generate-jwt.js
 create mode 100644 scripts/generate-jwt.ts

diff --git a/scripts/generate-jwt.js b/scripts/generate-jwt.js
deleted file mode 100644
index 663790bd914..00000000000
--- a/scripts/generate-jwt.js
+++ /dev/null
@@ -1,40 +0,0 @@
-import '../server/env';
-
-import { ArgumentParser } from 'argparse';
-import config from 'config';
-
-import models from '../server/models';
-
-/** Help on how to use this script */
-function usage() {
-  console.error(`Usage: ${process.argv.join(' ')} <UserID>`);
-  process.exit(1);
-}
-
-async function main(args) {
-  if (!args.user_id) {
-    usage();
-    return;
-  }
-
-  const user = await models.User.findByPk(args.user_id);
-
-  const jwt = await user.generateSessionToken({ createActivity: false, updateLastLoginAt: false });
-
-  console.log(`${config.host.website}/signin/${jwt}`);
-}
-
-/** Return the options passed by the user to run the script */
-function parseCommandLineArguments() {
-  const parser = new ArgumentParser({
-    add_help: true, // eslint-disable-line camelcase
-    description: 'Create a JWT Token',
-  });
-  parser.add_argument('user_id', {
-    help: 'Internal User ID in the database',
-    action: 'store',
-  });
-  return parser.parse_args();
-}
-
-main(parseCommandLineArguments());
diff --git a/scripts/generate-jwt.ts b/scripts/generate-jwt.ts
new file mode 100644
index 00000000000..53017544aed
--- /dev/null
+++ b/scripts/generate-jwt.ts
@@ -0,0 +1,56 @@
+import '../server/env';
+
+import { Command } from 'commander';
+import config from 'config';
+
+import models, { sequelize } from '../server/models';
+
+const program = new Command();
+
+program.addHelpText(
+  'after',
+  `
+
+Example call:
+  $ npm run script scripts/generate-jwt.ts id 1234
+  $ npm run script scripts/generate-jwt.ts email willem@dafoe.com
+`,
+);
+
+program.command('id <UserId> [env]').action(async id => {
+  const user = await models.User.findByPk(id);
+
+  if (!user) {
+    console.error(`User with ID ${id} not found`);
+    process.exit(1);
+  }
+
+  const jwt = await user.generateSessionToken({ createActivity: false, updateLastLoginAt: false });
+
+  console.log(`localStorage.accessToken = '${jwt}'`);
+  console.log(`${config.host.website}/signin/${jwt}`);
+
+  sequelize.close();
+});
+
+program.command('email <email> [env]').action(async email => {
+  const user = await models.User.findOne({ where: { email: email } });
+
+  if (!user) {
+    console.error(`User with email ${email} not found`);
+    process.exit(1);
+  }
+
+  const jwt = await user.generateSessionToken({
+    createActivity: false,
+    updateLastLoginAt: false,
+    expiration: 60 * 60 * 24,
+  });
+
+  console.log(`localStorage.accessToken = '${jwt}'`);
+  console.log(`${config.host.website}/signin/${jwt}`);
+
+  sequelize.close();
+});
+
+program.parse();

From 84b2820957f4820117fc19ca2591c331f9bd0ad2 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Fri, 22 Nov 2024 12:18:51 +0100
Subject: [PATCH 074/129] debt: Remove promotions for Twitter integration
 (#10480)

---
 cron/daily/20-onboarding.js                   | 17 ---------
 scripts/compile-email.js                      | 14 +++----
 server/lib/emailTemplates.ts                  |  1 -
 templates/emails/github.signup.hbs            |  3 +-
 .../emails/onboarding.day2.opensource.hbs     |  2 +-
 .../emails/onboarding.day21.noTwitter.hbs     | 37 -------------------
 templates/emails/onboarding.day3.hbs          |  2 +-
 7 files changed, 10 insertions(+), 66 deletions(-)
 delete mode 100644 templates/emails/onboarding.day21.noTwitter.hbs

diff --git a/cron/daily/20-onboarding.js b/cron/daily/20-onboarding.js
index 2e6339ed2c9..020b8ab32a4 100644
--- a/cron/daily/20-onboarding.js
+++ b/cron/daily/20-onboarding.js
@@ -1,7 +1,5 @@
 import '../../server/env';
 
-import { get } from 'lodash';
-
 import { processOnBoardingTemplate } from '../../server/lib/onboarding';
 import models, { Op } from '../../server/models';
 import { runCronJob } from '../utils';
@@ -34,20 +32,6 @@ const onlyCollectivesWithoutUpdates = collective => {
   }).then(count => count === 0);
 };
 
-const onlyCollectivesWithoutTwitterActivated = collective => {
-  return models.ConnectedAccount.findOne({
-    where: { CollectiveId: collective.id, service: 'twitter' },
-  }).then(twitterAccount => {
-    if (!twitterAccount) {
-      return true;
-    }
-    if (get(twitterAccount, 'settings.monthlyStats.active') && get(twitterAccount, 'settings.newBacker.active')) {
-      return false;
-    }
-    return true;
-  });
-};
-
 if (require.main === module) {
   runCronJob(
     'onboarding',
@@ -55,7 +39,6 @@ if (require.main === module) {
       Promise.all([
         processOnBoardingTemplate('onboarding.day35.inactive', XDaysAgo(35), onlyInactiveCollectives),
         processOnBoardingTemplate('onboarding.day7', XDaysAgo(7)),
-        processOnBoardingTemplate('onboarding.day21.noTwitter', XDaysAgo(21), onlyCollectivesWithoutTwitterActivated),
         processOnBoardingTemplate('onboarding.noExpenses', XDaysAgo(14), onlyCollectivesWithoutExpenses),
         processOnBoardingTemplate('onboarding.noUpdates', XDaysAgo(21), onlyCollectivesWithoutUpdates),
         processOnBoardingTemplate('onboarding.day3', XDaysAgo(3)),
diff --git a/scripts/compile-email.js b/scripts/compile-email.js
index a2561eaf767..4ed20dfc462 100644
--- a/scripts/compile-email.js
+++ b/scripts/compile-email.js
@@ -15,18 +15,18 @@ const data = {};
 data['user.new.token'] = {
   loginLink: 'https://opencollective.com/signin?next=',
 };
-data['onboarding.day21.noTwitter'] = {
+const mockCollective = {
   collective: {
     name: 'yeoman',
     slug: 'yeoman',
   },
 };
-data['onboarding.day2.opensource'] =
-  data['onboarding.day7.opensource'] =
-  data['onboarding.noExpenses.opensource'] =
-  data['onboarding.day28'] =
-  data['onboarding.day35.inactive'] =
-    data['onboarding.day21.noTwitter'];
+data['onboarding.day2.opensource'] = mockCollective;
+data['onboarding.day7.opensource'] = mockCollective;
+data['onboarding.noExpenses.opensource'] = mockCollective;
+data['onboarding.day28'] = mockCollective;
+data['onboarding.day35.inactive'] = mockCollective;
+data['onboarding.day21.noTwitter'] = mockCollective;
 data['collective.expense.approved'] = {
   host: { id: 1, name: 'WWCode', slug: 'wwcode' },
   expense: {
diff --git a/server/lib/emailTemplates.ts b/server/lib/emailTemplates.ts
index 6877c29fdd1..e50329086ae 100644
--- a/server/lib/emailTemplates.ts
+++ b/server/lib/emailTemplates.ts
@@ -76,7 +76,6 @@ export const templateNames = [
   'onboarding.noExpenses',
   'onboarding.noExpenses.opensource',
   'onboarding.noUpdates',
-  'onboarding.day21.noTwitter',
   'onboarding.day7',
   'onboarding.day35.active',
   'onboarding.day35.inactive',
diff --git a/templates/emails/github.signup.hbs b/templates/emails/github.signup.hbs
index 607e696ebd5..9b0f7d264e4 100644
--- a/templates/emails/github.signup.hbs
+++ b/templates/emails/github.signup.hbs
@@ -79,8 +79,7 @@ h3 {
           <a href="https://docs.opencollective.com/help/collectives/widgets">widgets</a>, connect your Collective to
           <a href="https://docs.opencollective.com/help/collectives/github-sponsors">GitHub Sponsors</a>, and
           <a href="https://docs.opencollective.com/help/collectives/embed-contribution-flow">embed contributions</a> on
-          your website, so people don't have to leave in order to pay. You can also connect Twitter to automatically thank
-          contributors, and use webhooks to connect to your Slack or other chat—<a href="https://docs.opencollective.com/help/collectives/integrations">here's how</a>.</p>
+          your website, so people don't have to leave in order to pay. You can also use webhooks to connect to your socials, Slack, Discord or other chat—<a href="https://docs.opencollective.com/help/collectives/integrations">here's how</a>.</p>
         </div>
       </td>
       <td valign="top">
diff --git a/templates/emails/onboarding.day2.opensource.hbs b/templates/emails/onboarding.day2.opensource.hbs
index 13c101f8dad..fc869dd64e5 100644
--- a/templates/emails/onboarding.day2.opensource.hbs
+++ b/templates/emails/onboarding.day2.opensource.hbs
@@ -9,7 +9,7 @@ Subject: Engage your community on Open Collective
  <ul>
    <li> <a href="https://docs.opencollective.com/help/collectives/communication">Send an Updates</a>: Let everyone know what their support is enabling. Updates go out as an email and also show up like a blog post on your Collective page.</li>
    <li> <a href="https://docs.opencollective.com/help/collectives/conversations">Start a Conversation</a>: Like a message board or forum on your page, you can get feedback from your community or to organize your activities.</li>
-   <li> <a href="https://docs.opencollective.com/help/collectives/integrations">Automate interactions</a>: Hook up Twitter, Slack, or other tools your community uses, to automatically send thank you tweets or post updates in your chat.</li>
+   <li> <a href="https://docs.opencollective.com/help/collectives/integrations">Automate interactions</a>: Hook up Discord, Slack, or other tools your community uses, to automatically send thank you tweets or post updates in your chat.</li>
    <li> <a href="https://docs.opencollective.com/help/collectives/widgets">Website widgets</a>: Display your supporters, add a ‘donate’ button, or even <a href="https://docs.opencollective.com/help/collectives/embed-contribution-flow">embed the whole payment process</a>.</li>
 </ul>
 
diff --git a/templates/emails/onboarding.day21.noTwitter.hbs b/templates/emails/onboarding.day21.noTwitter.hbs
deleted file mode 100644
index cf7b473f152..00000000000
--- a/templates/emails/onboarding.day21.noTwitter.hbs
+++ /dev/null
@@ -1,37 +0,0 @@
-Subject: Connect a Twitter account to your Collective
-
-{{> header}}
-
-<h1>Hey {{collective.name}} 👋</h1>
-
-<p>Did you know that you can connect your Twitter account to your Open Collective? It can really help increase engagement and awareness of your Collective.</p>
-
-<p>Automatically send a thank you tweet to new financial contributors, like this:</p>
-
-<p>
-  <center>
-    <a href="https://twitter.com/ErxesHQ/status/962682839430062080"><img src="https://d.pr/free/i/V9Ykl1+" width="320" /></a>
-  </center>
-</p>
-
-<p>And a monthly stats tweet, like this:</p>
-
-<p>
-  <center>
-    <a href="https://twitter.com/rootswp/status/960958572669652992"><img src="https://d.pr/free/i/HVw6Mj+" width="320" /></a>
-  </center>
-</p>
-
-<p>
-  <center>
-    <a href="{{config.host.website}}/dashboard/{{collective.slug}}/connected-accounts" class="btn blue"><div>Connect Twitter</div></a>
-  </center>
-</p>
-
-<p>Let us know if you have any questions. We are here to help you succeed!</p>
-
-<p>Best,</p>
-
-<p>Pía, and the Open Collective Team</p>
-
-{{> footer}}
diff --git a/templates/emails/onboarding.day3.hbs b/templates/emails/onboarding.day3.hbs
index 5ae10d46c4e..8e0967e2d2c 100644
--- a/templates/emails/onboarding.day3.hbs
+++ b/templates/emails/onboarding.day3.hbs
@@ -9,7 +9,7 @@ Subject: Engage your community on Open Collective
 <ul>
   <li> <a href="https://docs.opencollective.com/help/collectives/communication">Send an Updates</a>: Let everyone know what their support is enabling. Updates go out as an email and also show up like a blog post on your Collective page.</li>
   <li> <a href="https://docs.opencollective.com/help/collectives/conversations">Start a Conversation</a>: Like a message board or forum on your page, you can get feedback from your community or to organize your activities.</li>
-  <li> <a href="https://docs.opencollective.com/help/collectives/integrations">Automate interactions</a>: Hook up Twitter, Slack, or other tools your community uses, to automatically send thank you tweets or post updates in your chat.</li>
+  <li> <a href="https://docs.opencollective.com/help/collectives/integrations">Automate interactions</a>: Hook up Discord, Slack, or other tools your community uses, to automatically send thank you tweets or post updates in your chat.</li>
   <li> <a href="https://docs.opencollective.com/help/collectives/widgets">Website widgets</a>: Displaying your supporters on your external website, add a ‘donate’ button, or even <a href="https://docs.opencollective.com/help/collectives/embed-contribution-flow">embed the whole payment process</a>.</li>
 </ul>
 

From 63d9e5f5f817a518ace56dbd59fb5ba310796c2d Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Fri, 22 Nov 2024 14:38:57 +0100
Subject: [PATCH 075/129] debt: Remove some OCF legacy (#10481)

---
 scripts/compile-email.js                      | 25 ------
 scripts/ocf/freeze-collectives.ts             | 58 ------------
 server/lib/email.ts                           | 10 +--
 server/lib/emailTemplates.ts                  |  7 --
 server/lib/notifications/email.ts             | 21 -----
 server/lib/onboarding.js                      |  5 --
 server/lib/sanitize-html.ts                   |  1 -
 .../emails/collective.apply.foundation.hbs    | 17 ----
 .../emails/collective.approved.foundation.hbs | 30 -------
 templates/emails/fund.approved.foundation.hbs | 23 -----
 templates/emails/fund.created.foundation.hbs  | 21 -----
 .../emails/onboarding.day2.foundation.hbs     | 32 -------
 .../emails/onboarding.day3.foundation.hbs     | 33 -------
 .../emails/order.thankyou.foundation.hbs      | 89 -------------------
 14 files changed, 2 insertions(+), 370 deletions(-)
 delete mode 100644 scripts/ocf/freeze-collectives.ts
 delete mode 100644 templates/emails/collective.apply.foundation.hbs
 delete mode 100644 templates/emails/collective.approved.foundation.hbs
 delete mode 100644 templates/emails/fund.approved.foundation.hbs
 delete mode 100644 templates/emails/fund.created.foundation.hbs
 delete mode 100644 templates/emails/onboarding.day2.foundation.hbs
 delete mode 100644 templates/emails/onboarding.day3.foundation.hbs
 delete mode 100644 templates/emails/order.thankyou.foundation.hbs

diff --git a/scripts/compile-email.js b/scripts/compile-email.js
index 4ed20dfc462..ec0f5368053 100644
--- a/scripts/compile-email.js
+++ b/scripts/compile-email.js
@@ -229,22 +229,6 @@ data['report.platform'] = {
       hostCurrency: 'USD',
       collectives: 1171,
     },
-    {
-      host: 'foundation',
-      currency: 'USD',
-      HostCollectiveId: 11049,
-      backers: 54,
-      activeCollectives: 16,
-      totalRevenue: 826084,
-      hostFees: 39252,
-      platformFeesPaypal: 0,
-      platformFeesStripe: 24380,
-      platformFeesManual: 14947,
-      platformFeesDue: 14947,
-      platformFees: 39327,
-      hostCurrency: 'USD',
-      collectives: 55,
-    },
     {
       host: 'faly',
       currency: 'CHF',
@@ -497,15 +481,6 @@ data['collective.member.created'] = {
     },
   },
 };
-data['collective.apply.foundation'] = {
-  collective: {
-    name: 'TheCollective',
-  },
-  host: {
-    slug: 'foundation',
-    name: 'foundation',
-  },
-};
 
 const defaultData = {
   config: {
diff --git a/scripts/ocf/freeze-collectives.ts b/scripts/ocf/freeze-collectives.ts
deleted file mode 100644
index 67d6f80b25a..00000000000
--- a/scripts/ocf/freeze-collectives.ts
+++ /dev/null
@@ -1,58 +0,0 @@
-/**
- * This script is meant to be run on the 1st of October to freeze all the collectives hosted by Open Collective Foundation
- * that haven't emptied their balances yet.
- */
-
-import '../../server/env';
-
-import { CollectiveType } from '../../server/constants/collectives';
-import FEATURE from '../../server/constants/feature';
-import { ACCOUNT_BALANCE_QUERY } from '../../server/graphql/v2/input/AmountRangeInput';
-import { defaultHostCollective } from '../../server/lib/collectivelib';
-import logger from '../../server/lib/logger';
-import { Op, sequelize } from '../../server/models';
-
-const DRY_RUN = process.env.DRY_RUN !== 'false';
-
-const run = async () => {
-  const host = await defaultHostCollective('foundation');
-  const collectivesToFreeze = await host.getHostedCollectives({
-    logging: console.log,
-    where: {
-      [Op.and]: [
-        sequelize.where(ACCOUNT_BALANCE_QUERY, Op.gt, 0),
-        {
-          type: [CollectiveType.COLLECTIVE, CollectiveType.FUND],
-          data: { features: { [FEATURE.ALL]: { [Op.ne]: true } } },
-        },
-      ],
-    },
-  });
-
-  logger.info(
-    `Found ${collectivesToFreeze.length} collectives to freeze: ${collectivesToFreeze.map(c => `@${c.slug} (#${c.id})`).join('\n    - ')}`,
-  );
-
-  if (DRY_RUN) {
-    logger.info('[DRY RUN] Would have frozen the above collectives.');
-  } else {
-    logger.info('Freezing collectives...');
-    for (const collective of collectivesToFreeze) {
-      try {
-        const messageForCollectiveAdmins = `If you have any questions you can refer to OCF's updates (https://opencollective.com/foundation/updates) and documentation (https://docs.opencollective.foundation/) or contact <generalinquiries@opencollective.org>. The fiscal sponsorship agreement can be reviewed here: https://docs.opencollective.foundation/terms/terms.`;
-        const pauseExistingRecurringContributions = false; // They're already paused, let's not touch them
-        await collective.freeze(messageForCollectiveAdmins, pauseExistingRecurringContributions);
-      } catch (e) {
-        logger.error(`Error freezing collective ${collective.slug} (#${collective.id}):`, e);
-      }
-    }
-  }
-};
-
-// Only run script if called directly (to allow unit tests)
-if (!module.parent) {
-  run().then(() => {
-    console.log('Done!');
-    process.exit();
-  });
-}
diff --git a/server/lib/email.ts b/server/lib/email.ts
index c22d198ef55..bd8852334f2 100644
--- a/server/lib/email.ts
+++ b/server/lib/email.ts
@@ -308,13 +308,7 @@ const generateEmailFromTemplate = (
   }
 
   if (template === 'collective.approved') {
-    if (['foundation', 'the-social-change-nest'].includes(hostSlug)) {
-      template = `${template}.${hostSlug}`;
-    }
-  }
-
-  if (template === 'collective.apply') {
-    if (hostSlug === 'foundation') {
+    if (['the-social-change-nest'].includes(hostSlug)) {
       template = `${template}.${hostSlug}`;
     }
   }
@@ -332,7 +326,7 @@ const generateEmailFromTemplate = (
   if (template === activities.ORDER_THANKYOU) {
     if (slug.match(/wwcode/)) {
       template = `${activities.ORDER_THANKYOU}.wwcode`;
-    } else if (['foundation', 'opensource'].includes(hostSlug)) {
+    } else if (['opensource'].includes(hostSlug)) {
       template = `${activities.ORDER_THANKYOU}.${hostSlug}`;
     } else if (includes(['laprimaire', 'lesbarbares', 'enmarchebe', 'monnaie-libre'], slug)) {
       template = `${activities.ORDER_THANKYOU}.fr`;
diff --git a/server/lib/emailTemplates.ts b/server/lib/emailTemplates.ts
index e50329086ae..c66056b8012 100644
--- a/server/lib/emailTemplates.ts
+++ b/server/lib/emailTemplates.ts
@@ -14,10 +14,8 @@ export const templateNames = [
   'order.canceled.archived.collective',
   'github.signup',
   'collective.apply',
-  'collective.apply.foundation',
   'collective.apply.for.host',
   'collective.approved',
-  'collective.approved.foundation',
   'collective.approved.the-social-change-nest',
   'collective.rejected',
   'collective.comment.created',
@@ -59,19 +57,15 @@ export const templateNames = [
   'event.reminder.1d',
   'event.reminder.7d',
   'expense-accounting-category-educational',
-  'fund.created.foundation',
-  'fund.approved.foundation',
   'host.application.contact',
   'host.application.comment.created',
   'host.report',
   'member.invitation',
   'oauth.application.authorized',
   'onboarding.day2',
-  'onboarding.day2.foundation',
   'onboarding.day2.opensource',
   'onboarding.day2.organization',
   'onboarding.day3',
-  'onboarding.day3.foundation',
   'onboarding.day3.opensource',
   'onboarding.noExpenses',
   'onboarding.noExpenses.opensource',
@@ -106,7 +100,6 @@ export const templateNames = [
   'order.thankyou',
   'order.thankyou.wwcode',
   'order.thankyou.fr',
-  'order.thankyou.foundation',
   'order.thankyou.opensource',
   'user.card.claimed',
   'user.card.invited',
diff --git a/server/lib/notifications/email.ts b/server/lib/notifications/email.ts
index 0e51289b9ed..9ad19ee518d 100644
--- a/server/lib/notifications/email.ts
+++ b/server/lib/notifications/email.ts
@@ -525,16 +525,6 @@ export const notifyByEmail = async (activity: Activity) => {
       break;
 
     case ActivityTypes.COLLECTIVE_APPROVED:
-      // Funds MVP
-      if (get(activity, 'data.collective.type') === 'FUND' || get(activity, 'data.collective.settings.fund') === true) {
-        if (get(activity, 'data.host.slug') === 'foundation') {
-          await notify.collective(activity, {
-            collectiveId: activity.CollectiveId,
-            template: 'fund.approved.foundation',
-          });
-        }
-        break;
-      }
       await notify.collective(activity, {
         collectiveId: activity.CollectiveId,
         replyTo: activity.data.host.data?.replyToEmail || undefined,
@@ -590,17 +580,6 @@ export const notifyByEmail = async (activity: Activity) => {
       break;
 
     case ActivityTypes.COLLECTIVE_CREATED:
-      // Funds MVP
-      if (get(activity, 'data.collective.type') === 'FUND' || get(activity, 'data.collective.settings.fund') === true) {
-        if (get(activity, 'data.host.slug') === 'foundation') {
-          await notify.collective(activity, {
-            collectiveId: activity.CollectiveId,
-            template: 'fund.created.foundation',
-          });
-        }
-        break;
-      }
-
       // Disable for the-social-change-nest
       if (get(activity, 'data.host.slug') === 'the-social-change-nest') {
         break;
diff --git a/server/lib/onboarding.js b/server/lib/onboarding.js
index 4a4c3ded396..39e5aafc218 100644
--- a/server/lib/onboarding.js
+++ b/server/lib/onboarding.js
@@ -33,11 +33,6 @@ async function processCollective(collective, template) {
     template = `${template}.opensource`;
   }
 
-  const host = await collective.getHostCollective();
-  if (host && host.slug === 'foundation' && templateNames.includes(`${template}.foundation`)) {
-    template = `${template}.foundation`;
-  }
-
   // if the collective created is an ORGANIZATION, we only send an onboarding email if there is one specific to organizations
   if (collective.type === 'ORGANIZATION') {
     const orgTemplate = `${template}.${collective.type.toLowerCase()}`;
diff --git a/server/lib/sanitize-html.ts b/server/lib/sanitize-html.ts
index c4cd0bccb98..c10846b5018 100644
--- a/server/lib/sanitize-html.ts
+++ b/server/lib/sanitize-html.ts
@@ -238,7 +238,6 @@ const isTrustedLinkUrl = (url: string): boolean => {
   const trustedDomains = [
     new RegExp(`^(.+\\.)?${config.host.website.replace(/^https?:\/\//, '')}$`),
     /^(.+\.)?opencollective.com$/,
-    /^(.+\.)?opencollective.foundation$/,
     /^(.+\.)?oscollective.org$/,
     /^(.+\.)?github.com$/,
     /^(.+\.)?meetup.com$/,
diff --git a/templates/emails/collective.apply.foundation.hbs b/templates/emails/collective.apply.foundation.hbs
deleted file mode 100644
index ea12bf383b6..00000000000
--- a/templates/emails/collective.apply.foundation.hbs
+++ /dev/null
@@ -1,17 +0,0 @@
-Subject: Thanks for applying to {{{host.name}}}
-
-{{> header}}
-
-<div class="hidden">Your application to OCF is pending</div>
-
-<p>Oh hey {{user.collective.name}} 👋 </p>
-<p>Thank you for applying for {{> linkCollective collective=collective}} to be hosted by Open Collective Foundation.</p>
-<p>We will get in contact with you if we have any questions. Application reviews can take about 2 weeks. 
-In the meantime, <a href="https://docs.opencollective.foundation"> our documentation</a> 
-has answers to many common questions.</p>
-
-<p>Feel free to <a href="https://opencollective.com/{{host.slug}}/contact">contact</a> if you need to ask us anything.</p>
-
-<p>– {{host.name}}</p>
-
-{{> footer}}
diff --git a/templates/emails/collective.approved.foundation.hbs b/templates/emails/collective.approved.foundation.hbs
deleted file mode 100644
index 87743dc4bce..00000000000
--- a/templates/emails/collective.approved.foundation.hbs
+++ /dev/null
@@ -1,30 +0,0 @@
-Subject: 🎉 Your Collective has been approved!
-
-{{> header}}
-
-<h1>Hey {{collective.name}} 👋</h1>
-
-<p>Your application to join (<a href="https://opencollective.com/{{host.slug}}">{{host.name}}</a>) as your Fiscal Host has been approved!</p>
-
-<p>Your Collective has been fully activated and you can now receive tax-deductible donations.</p>
-
-<p>
-  <center>
-    <a href="https://opencollective.com/{{collective.slug}}" class="btn blue"><div>Get Started!</div></a>
-  </center>
-</p>
-
-<p>We'd love to show you around!
-
-<ul>
-  <li><a href="https://www.loom.com/share/e7c8245251784196a6dde4f49cb3ab2a">Watch</a> an onboarding video about how everything works.</li>
-  <li><a href="https://calendly.com/openmike/ocf-onb">Book</a> an onboarding call with our team.</li>
-  <li><a href="https://docs.opencollective.foundation">Read</a> our documentation, which has answers to many frequently asked questions.</li>
-
-  </p>
-
-<p>We're so glad you're here. Welcome!</p>
-
-<p>— the Open Collective Foundation Team</p>
-
-{{> footer}}
diff --git a/templates/emails/fund.approved.foundation.hbs b/templates/emails/fund.approved.foundation.hbs
deleted file mode 100644
index 882ec951e76..00000000000
--- a/templates/emails/fund.approved.foundation.hbs
+++ /dev/null
@@ -1,23 +0,0 @@
-Subject: 🎉 Your Fund has been approved!
-
-{{> header}}
-
-<h1>Hey {{collective.name}} 👋</h1>
-
-<p>Your application for Fiscal Sponsorship has been approved by the Open Collective Foundation. You can now receive tax deductible financial contributions.</p>
-
-<ul>
-  <li>If you haven’t yet, you’ll receive a Fiscal Sponsorship agreement to sign.</li>
-  <li>See these <a href="https://docs.opencollective.foundation/how-it-works/financial-contributions">instructions for donations</a> and other frequently asked questions.</li>
-  <li>Read about the different <a href="https://docs.opencollective.foundation/what-we-offer">services</a> we offer.</li>
-</ul>
-
-<p>We are here to help your Fund succeed! Please feel free to check our <a href="https://opencollective.com/help">help pages</a>" or to join our <a href="https://discord.opencollective.com">Discord</a>.</p>
-
-<p>Best!</p>
-
-<p>Pia Mancini.<br>
-President,<br>
-Open Collective Foundation</p>
-
-{{> footer}}
diff --git a/templates/emails/fund.created.foundation.hbs b/templates/emails/fund.created.foundation.hbs
deleted file mode 100644
index 4fd6ddcdf57..00000000000
--- a/templates/emails/fund.created.foundation.hbs
+++ /dev/null
@@ -1,21 +0,0 @@
-Subject: Thanks for applying to {{host.name}}
-
-{{> header}}
-
-<h1>Hey {{collective.name}} 👋</h1>
-
-<p>Thank you for applying to the Open Collective Foundation for Fiscal Sponsorship. We are a 501(c)(3) nonprofit that provides compliance oversight, financial management, tax deductible status, and other administrative services to help build the capacity of charitable projects.</p>
-
-<p>Please make sure you read our <a href="https://docs.google.com/document/u/2/d/e/2PACX-1vQ_fs7IOojAHaMBKYtaJetlTXJZLnJ7flIWkwxUSQtTkWUMtwFYC2ssb-ooBnT-Ldl6wbVhNQiCkSms/pub">Terms of Fiscal Sponsorship</a> (we will send a copy for you to sign once your application has been approved).</p>
-
-<p>We can only fiscally sponsor initiatives that are aligned with our <a href="https://docs.opencollective.foundation/getting-started/eligibility">eligibility criteria</a>, so we will assess your application accordingly. We will reach out to you if we need additional information. We strive to process applications within one week, but timing depends on your particular situation.</p>
-
-<p>In the meantime, you may wish to visit our <a href="https://docs.opencollective.foundation">documentation</a>, <a href="https://opencollective.foundation">website</a>, or <a href="https://blog.opencollective.com/tag/foundation/">blog</a>. Do not hesitate to <a href="mailto:contact@opencollective.foundation">contact us</a> if you have any questions. We are here to help.</p>
-
-<p>Best,<br>
-Pia Mancini<br>
-President<br>
-Open Collective Foundation<br>
-</p>
-
-{{> footer}}
diff --git a/templates/emails/onboarding.day2.foundation.hbs b/templates/emails/onboarding.day2.foundation.hbs
deleted file mode 100644
index e215733100c..00000000000
--- a/templates/emails/onboarding.day2.foundation.hbs
+++ /dev/null
@@ -1,32 +0,0 @@
-Subject: How it all works and getting started
-
-{{> header}}
-
-<h1>Hey {{collective.name}} 👋</h1>
-
-<p>We’ll be sending you a couple emails with tips to help you get up and running.</p>
-
-<p>Our top advice for you right now:
-
-<ul>
-<li>Fill in your "about" section and upload a logo and cover image by clicking on those sections of <a href="https://opencollective.com/{{collective.slug}}">your page</a>.</li>
-<li>To help people find you, add tags (like "mutual aid", "open source", or "Chicago") in <a href="{{config.host.website}}/dashboard/{{collective.slug}}">your settings</a>.</li>
-<li>It's time to start fundraising! Share the link to your page far and wide, and read more about <a href="https://docs.opencollective.foundation/how-it-works/financial-contributions">how people can donate</a>.</li>
-<li>You can <a href="https://docs.opencollective.com/help/collectives/embed-contribution-flow">embed the contribution flow</a> on your own website, so people don't have to leave your page to donate to your Collective.</li>
-<li>Wondering how to spend money and pay out from your balance? <a href="https://docs.opencollective.foundation/how-it-works/basics#submitting-expenses">Learn about Expenses</a>.
-</ul>
-</p>
-
-<p>You’re welcome to ask us questions any time: <a href="https://discord.opencollective.com">join our Discord</a>, reply to this email, or better yet...</p>
-
-<p>
-  <center>
-    <a href="https://calendly.com/openmike/ocf-onb" class="btn blue">
-      <div>Book an onboarding call!</div>
-    </a>
-  </center>
-</p>
-
-<p>—the Open Collective Foundation Team</p>
-
-{{> footer}}
diff --git a/templates/emails/onboarding.day3.foundation.hbs b/templates/emails/onboarding.day3.foundation.hbs
deleted file mode 100644
index 8ec022d3aed..00000000000
--- a/templates/emails/onboarding.day3.foundation.hbs
+++ /dev/null
@@ -1,33 +0,0 @@
-Subject: Important info and helpful tips
-
-{{> header}}
-
-<h1>Hey {{collective.name}} 👋</h1>
-
-<p>We hope you've had a chance to get set up and look around. How's it going so far?</p>
-
-<p>Here are some more helpful tips:
-
-<ul>
-  <li><a href="https://docs.opencollective.com/help/collectives/communication">Updates</a> are a great way to tell your story. They go out as an email newletter and up as a blog post on your page. We'd love for you to post at least one a quarter! <a href="https://opencollective.com/foundation/updates">OCF's own Updates</a> are a great way to find out about new services and important announcements.</li>
-  <li>Check out stories and case studies of diverse groups using the platform <a href="https://blog.opencollective.com">on the blog</a>. We'd love to feature a post about yours, too!</li>
-  <li>Looking for our IRS determination letter, address, EIN, 990, or other official documents? <a href="https://docs.opencollective.foundation/about/official-information-and-documents">We've got you covered</a>.</li>
-  <li>Keep in mind our <a href="https://docs.opencollective.foundation/how-it-works/processes-and-limitations">rules and policies</a> when it comes to things like non-US activity, political lobbying, contracts with third parties, in-person fundraising events, outside entities, and outside accounts.</li>
-  <li>Did you know you can get a <a href="https://docs.opencollective.foundation/how-it-works/processes-and-limitations/virtual-cards-policy">virtual card</a> (like a debit card), <a href="https://docs.opencollective.foundation/what-we-offer/about-grantmaking">make grants</a>, get <a href="https://docs.opencollective.foundation/what-we-offer/liability-insurance">liability insurance</a>, and sign up for <a href="https://docs.opencollective.foundation/what-we-offer/emails">free email accounts</a> through OCF?
-</ul>
-
-<p>Come along to the next monthly open community forum, on Zoom every first Friday.
-
-<p>
-  <center>
-    <a href="https://opencollective.com/foundation/events" class="btn blue">
-      <div>Register now</div>
-    </a>
-  </center>
-</p>
-
-<p>Still need help? See <a href="https://docs.opencollective.foundation/faq/basic-faq">our FAQ</a> for answers to more of the top questions.</p> And remember, you're welcome to hit reply to email us, or <a href="https://discord.opencollective.com">join our Discord</a>!</p>
-
-<p>—the Open Collective Foundation Team</p>
-
-{{> footer}}
diff --git a/templates/emails/order.thankyou.foundation.hbs b/templates/emails/order.thankyou.foundation.hbs
deleted file mode 100644
index baece8bf364..00000000000
--- a/templates/emails/order.thankyou.foundation.hbs
+++ /dev/null
@@ -1,89 +0,0 @@
-Subject: Thank you for your contribution to {{{collective.name}}}
-
-{{> header}}
-
-{{> toplogo}}
-
-{{#if fromCollective.name}}
-<p>Dear {{fromCollective.name}},</p>
-{{else}}
-<p>Hi!</p>
-{{/if}}
-
-{{#if interval}}
-  {{#if firstPayment }}
-    <p>Thank you for contributing {{currency order.totalAmount currency=order.currency}} per {{interval}} to {{collective.name}}.
-       Your first payment was made on {{moment order.createdAt}}. As the collective's fiscal sponsor, Open Collective Foundation, a public charity recognized tax-exempt organization under IRS Section 501(c)(3), acknowledges your donation.</p>
-      {{> charge_date_notice}}
-  {{else}}
-    <p>Thank you for your continued support! Your latest {{interval}}ly contribution of {{currency order.totalAmount currency=order.currency}} was received on {{moment transaction.createdAt}}.
-       As the collective's fiscal sponsor, Open Collective Foundation, a public charity recognized tax-exempt organization under IRS Section 501(c)(3), acknowledges your donation.</p>
-  {{/if}}
-{{else}}
-
-<p>Thank you for your contribution of {{currency order.totalAmount currency=order.currency}} on {{moment order.createdAt}}.
-As the collective's fiscal sponsor, Open Collective Foundation, a public charity recognized tax-exempt organization under IRS Section 501(c)(3), acknowledges your donation.</p>
-{{/if}}
-
-<p>See our activities and transparent budget on
-  <a href="https://opencollective.com/{{collective.slug}}">https://opencollective.com/{{collective.slug}}</a>, and share the link to help us spread the word!
-</p>
-
-{{#if customMessage}}
-<p>A message from {{collective.name}}:</p>
-
-<img width="40" height="33" src="{{config.host.website}}/static/images/email/quotation-custom-email.png" />
-<div style="color: #494B4D; font-size: 14px; line-height: 18px; padding-left: 10px; margin-top: 10px; border-left: 5px solid #F1F2F3">{{{customMessage}}}</div>
-{{/if}}
-
-<h2>Help us raise more money!</h2>
-<p>Share this URL: <a href="https://opencollective.com/{{collective.slug}}/donate">https://opencollective.com/{{collective.slug}}/donate</a>
-</p>
-
-{{#if transactionPdf}}
-<h2>📎 Attachments</h2>
-<ul>
-  <li>A PDF receipt of your contribution to {{collective.name}}</li>
-  {{#if platformTipPdf}}
-    <li>A PDF receipt of your contribution to Open Collective</li>
-  {{/if}}
-</ul>
-{{/if}}
-
-{{#if order.platformTipAmount}}
-<h2>Payment Details</h2>
-
-<ul>
-  <li>Contribution to {{collective.name}}: {{currency order.netAmount currency=order.currency}}</li>
-  <li>Tip for Open Collective: {{currency order.platformTipAmount currency=order.currency}}</li>
-  <li>Total amount: {{currency order.chargeAmount currency=order.currency}}</li>
-  <li>Tax deductible amount: {{collective.name}}: {{currency order.netAmount currency=order.currency}}</li>
-</ul>
-
-<p>Your payment will appear on your statement as {{currency order.chargeAmount currency=order.currency}}</p>
-{{/if}}
-
-{{#if order.isGuest}}
-<p>
-  {{#if order.interval}}
-    To manage your recurring contributions, <a href="{{subscriptionsLink}}">Sign in</a> and
-    go to your profile page.
-    <br/>
-  {{/if}}
-  If you need help, contact <a href="mailto:contact@opencollective.foundation">support</a>.
-</p>
-{{/if}}
-
-
-<p>Warmly,</p>
-
-<p>
-Open Collective Foundation<br/>
-340 S. Lemon Ave, #3717<br/>
-Walnut, CA 91789<br/>
-EIN 81-4004928
-</p>
-
-<p>Your contribution is tax-deductible to the extent allowed by law. You may save or print this receipt for your records. This email certifies that you have made this contribution as a charitable contribution and you are not receiving any goods or services in return. This receipt may be useful to you when completing your tax return. Open Collective Foundation, registered 501(c)3 Nonprofit TAX ID: 81-4004928. </p>
-
-{{> footer}}

From 73b284f4d37adb1dbbfad8b5e8bbdd56ef13f0bc Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Mon, 25 Nov 2024 09:03:47 +0100
Subject: [PATCH 076/129] fix: Member checks fixes (#10484)

---
 checks/model/members.js                       | 21 ++++++++----
 ...5064012-restore-invalid-deleted-members.js | 33 +++++++++++++++++++
 2 files changed, 48 insertions(+), 6 deletions(-)
 create mode 100644 migrations/20241125064012-restore-invalid-deleted-members.js

diff --git a/checks/model/members.js b/checks/model/members.js
index 51e87b8a151..f8cab9a51b4 100644
--- a/checks/model/members.js
+++ b/checks/model/members.js
@@ -1,6 +1,6 @@
 import '../../server/env';
 
-import { flatten, uniq } from 'lodash';
+import { flatten, min, uniq } from 'lodash';
 
 import logger from '../../server/lib/logger';
 import { Member, MigrationLog, sequelize } from '../../server/models';
@@ -70,7 +70,7 @@ async function checkDuplicateMembers({ fix = false } = {}) {
     `SELECT ARRAY_AGG(DISTINCT m2.id) AS duplicate_ids
      FROM "Members" m1
      INNER JOIN "Members" m2
-       ON m1.id != m2.id
+       ON m1.id < m2.id
        AND m1."CollectiveId" = m2."CollectiveId"
        AND m1."MemberCollectiveId" = m2."MemberCollectiveId"
        AND m1."role" = m2."role"
@@ -112,7 +112,13 @@ async function checkMissingMembers({ fix = false }) {
 
   const results = await sequelize.query(
     `
-    SELECT o.id, o."FromCollectiveId", o."CollectiveId", o."CreatedByUserId", o."TierId", o."createdAt", t."type" AS "tierType"
+    SELECT
+      o."FromCollectiveId",
+      o."CollectiveId",
+      o."TierId",
+      t."type" AS "tierType",
+      ARRAY_AGG(o."CreatedByUserId") AS "CreatedByUserId",
+      ARRAY_AGG(o."createdAt") AS "createdAt"
     FROM "Orders" o
     LEFT JOIN "Members" m
       ON o."FromCollectiveId" = m."MemberCollectiveId"
@@ -122,11 +128,14 @@ async function checkMissingMembers({ fix = false }) {
         (m."TierId" IS NULL AND o."TierId" IS NULL)
         OR (m."TierId" = o."TierId")
       )
+    INNER JOIN "Collectives" c
+      ON c."id" = o."CollectiveId" AND c."deletedAt" IS NULL
     LEFT JOIN "Tiers" t
-      ON t."id" = o."TierId"
+      ON t."id" = o."TierId" AND t."deletedAt" IS NULL
     WHERE o.status in ('PAID', 'ACTIVE')
     AND o."deletedAt" IS NULL
     AND m.id IS NULL
+    GROUP BY o."FromCollectiveId", o."CollectiveId", o."TierId", t."type"
     `,
     { type: sequelize.QueryTypes.SELECT, raw: true },
   );
@@ -140,9 +149,9 @@ async function checkMissingMembers({ fix = false }) {
         await Member.create({
           MemberCollectiveId: result.FromCollectiveId,
           CollectiveId: result.CollectiveId,
-          CreatedByUserId: result.CreatedByUserId,
+          CreatedByUserId: result.CreatedByUserId[0],
           TierId: result.TierId,
-          since: result.createdAt,
+          since: min(result.createdAt),
           role: result.tierType === 'TICKET' ? 'ATTENDEE' : 'BACKER',
         });
       }
diff --git a/migrations/20241125064012-restore-invalid-deleted-members.js b/migrations/20241125064012-restore-invalid-deleted-members.js
new file mode 100644
index 00000000000..ed0f1b21e68
--- /dev/null
+++ b/migrations/20241125064012-restore-invalid-deleted-members.js
@@ -0,0 +1,33 @@
+'use strict';
+
+import { uniq } from 'lodash';
+
+/** @type {import('sequelize-cli').Migration} */
+module.exports = {
+  async up(queryInterface) {
+    const [migrationLogs] = await queryInterface.sequelize.query(`
+      SELECT data
+      FROM "MigrationLogs"
+      WHERE type = 'MODEL_FIX'
+      AND description like 'Deleted % duplicate members'
+    `);
+
+    const allMemberIds = uniq(migrationLogs.map(log => log.data.duplicateMemberIds).flat());
+    if (allMemberIds.length > 0) {
+      console.log(`Restoring ${allMemberIds.length} deleted members (${allMemberIds})`);
+      await queryInterface.sequelize.query(
+        `
+        UPDATE "Members"
+        SET "deletedAt" = NULL
+        WHERE "Members"."id" IN (:allMemberIds)
+        AND "Members"."deletedAt" IS NOT NULL
+      `,
+        { replacements: { allMemberIds } },
+      );
+    }
+  },
+
+  async down() {
+    console.log('No rollback, please use the checks to re-delete duplicate entries');
+  },
+};

From 0acbf60406d1dce9a17c042ffd9bb54a47508338 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 25 Nov 2024 10:55:20 +0100
Subject: [PATCH 077/129] chore(deps): update dependency
 @opentelemetry/auto-instrumentations-node to ^0.53.0 (#10487)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 4009 +++++++++++++++++++++++++++++++++++++++------
 package.json      |    2 +-
 2 files changed, 3499 insertions(+), 512 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 3ee014ea07f..2550c635be4 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -120,7 +120,7 @@
         "@babel/register": "^7.23.7",
         "@graphql-eslint/eslint-plugin": "^3.20.1",
         "@opentelemetry/api": "^1.7.0",
-        "@opentelemetry/auto-instrumentations-node": "^0.52.0",
+        "@opentelemetry/auto-instrumentations-node": "^0.53.0",
         "@opentelemetry/exporter-trace-otlp-proto": "^0.54.0",
         "@opentelemetry/instrumentation": "^0.54.0",
         "@opentelemetry/resources": "^1.20.0",
@@ -6176,59 +6176,59 @@
       }
     },
     "node_modules/@opentelemetry/auto-instrumentations-node": {
-      "version": "0.52.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/auto-instrumentations-node/-/auto-instrumentations-node-0.52.0.tgz",
-      "integrity": "sha512-J9SgX7NOpTvQ7itvlOlHP3lTlsMWtVh5WQSHUSTlg2m3A9HlZBri2DtZ8QgNj8rYWe0EQxQ3TQ3H6vabfun4vw==",
+      "version": "0.53.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/auto-instrumentations-node/-/auto-instrumentations-node-0.53.0.tgz",
+      "integrity": "sha512-AI3VQX1L2g4Xya8fPE1aahVhvya8/ikU7o2kMbry122Gd4kDVph41pejdOhWa/oNUgPRC6FLJmx7SZZ6/ShVjQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/instrumentation-amqplib": "^0.43.0",
-        "@opentelemetry/instrumentation-aws-lambda": "^0.46.0",
-        "@opentelemetry/instrumentation-aws-sdk": "^0.45.0",
-        "@opentelemetry/instrumentation-bunyan": "^0.42.0",
-        "@opentelemetry/instrumentation-cassandra-driver": "^0.42.0",
-        "@opentelemetry/instrumentation-connect": "^0.40.0",
-        "@opentelemetry/instrumentation-cucumber": "^0.10.0",
-        "@opentelemetry/instrumentation-dataloader": "^0.13.0",
-        "@opentelemetry/instrumentation-dns": "^0.40.0",
-        "@opentelemetry/instrumentation-express": "^0.44.0",
-        "@opentelemetry/instrumentation-fastify": "^0.41.0",
-        "@opentelemetry/instrumentation-fs": "^0.16.0",
-        "@opentelemetry/instrumentation-generic-pool": "^0.40.0",
-        "@opentelemetry/instrumentation-graphql": "^0.44.0",
-        "@opentelemetry/instrumentation-grpc": "^0.54.0",
-        "@opentelemetry/instrumentation-hapi": "^0.42.0",
-        "@opentelemetry/instrumentation-http": "^0.54.0",
-        "@opentelemetry/instrumentation-ioredis": "^0.44.0",
-        "@opentelemetry/instrumentation-kafkajs": "^0.4.0",
-        "@opentelemetry/instrumentation-knex": "^0.41.0",
-        "@opentelemetry/instrumentation-koa": "^0.44.0",
-        "@opentelemetry/instrumentation-lru-memoizer": "^0.41.0",
-        "@opentelemetry/instrumentation-memcached": "^0.40.0",
-        "@opentelemetry/instrumentation-mongodb": "^0.48.0",
-        "@opentelemetry/instrumentation-mongoose": "^0.43.0",
-        "@opentelemetry/instrumentation-mysql": "^0.42.0",
-        "@opentelemetry/instrumentation-mysql2": "^0.42.0",
-        "@opentelemetry/instrumentation-nestjs-core": "^0.41.0",
-        "@opentelemetry/instrumentation-net": "^0.40.0",
-        "@opentelemetry/instrumentation-pg": "^0.47.0",
-        "@opentelemetry/instrumentation-pino": "^0.43.0",
-        "@opentelemetry/instrumentation-redis": "^0.43.0",
-        "@opentelemetry/instrumentation-redis-4": "^0.43.0",
-        "@opentelemetry/instrumentation-restify": "^0.42.0",
-        "@opentelemetry/instrumentation-router": "^0.41.0",
-        "@opentelemetry/instrumentation-socket.io": "^0.43.0",
-        "@opentelemetry/instrumentation-tedious": "^0.15.0",
-        "@opentelemetry/instrumentation-undici": "^0.7.0",
-        "@opentelemetry/instrumentation-winston": "^0.41.0",
-        "@opentelemetry/resource-detector-alibaba-cloud": "^0.29.4",
-        "@opentelemetry/resource-detector-aws": "^1.7.0",
-        "@opentelemetry/resource-detector-azure": "^0.2.12",
-        "@opentelemetry/resource-detector-container": "^0.5.0",
-        "@opentelemetry/resource-detector-gcp": "^0.29.13",
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/instrumentation-amqplib": "^0.44.0",
+        "@opentelemetry/instrumentation-aws-lambda": "^0.48.0",
+        "@opentelemetry/instrumentation-aws-sdk": "^0.47.0",
+        "@opentelemetry/instrumentation-bunyan": "^0.43.0",
+        "@opentelemetry/instrumentation-cassandra-driver": "^0.43.0",
+        "@opentelemetry/instrumentation-connect": "^0.41.0",
+        "@opentelemetry/instrumentation-cucumber": "^0.11.0",
+        "@opentelemetry/instrumentation-dataloader": "^0.14.0",
+        "@opentelemetry/instrumentation-dns": "^0.41.0",
+        "@opentelemetry/instrumentation-express": "^0.45.0",
+        "@opentelemetry/instrumentation-fastify": "^0.42.0",
+        "@opentelemetry/instrumentation-fs": "^0.17.0",
+        "@opentelemetry/instrumentation-generic-pool": "^0.41.0",
+        "@opentelemetry/instrumentation-graphql": "^0.45.0",
+        "@opentelemetry/instrumentation-grpc": "^0.55.0",
+        "@opentelemetry/instrumentation-hapi": "^0.43.0",
+        "@opentelemetry/instrumentation-http": "^0.55.0",
+        "@opentelemetry/instrumentation-ioredis": "^0.45.0",
+        "@opentelemetry/instrumentation-kafkajs": "^0.5.0",
+        "@opentelemetry/instrumentation-knex": "^0.42.0",
+        "@opentelemetry/instrumentation-koa": "^0.45.0",
+        "@opentelemetry/instrumentation-lru-memoizer": "^0.42.0",
+        "@opentelemetry/instrumentation-memcached": "^0.41.0",
+        "@opentelemetry/instrumentation-mongodb": "^0.49.0",
+        "@opentelemetry/instrumentation-mongoose": "^0.44.0",
+        "@opentelemetry/instrumentation-mysql": "^0.43.0",
+        "@opentelemetry/instrumentation-mysql2": "^0.43.0",
+        "@opentelemetry/instrumentation-nestjs-core": "^0.42.0",
+        "@opentelemetry/instrumentation-net": "^0.41.0",
+        "@opentelemetry/instrumentation-pg": "^0.48.0",
+        "@opentelemetry/instrumentation-pino": "^0.44.0",
+        "@opentelemetry/instrumentation-redis": "^0.44.0",
+        "@opentelemetry/instrumentation-redis-4": "^0.44.0",
+        "@opentelemetry/instrumentation-restify": "^0.43.0",
+        "@opentelemetry/instrumentation-router": "^0.42.0",
+        "@opentelemetry/instrumentation-socket.io": "^0.44.0",
+        "@opentelemetry/instrumentation-tedious": "^0.16.0",
+        "@opentelemetry/instrumentation-undici": "^0.8.0",
+        "@opentelemetry/instrumentation-winston": "^0.42.0",
+        "@opentelemetry/resource-detector-alibaba-cloud": "^0.29.5",
+        "@opentelemetry/resource-detector-aws": "^1.8.0",
+        "@opentelemetry/resource-detector-azure": "^0.3.0",
+        "@opentelemetry/resource-detector-container": "^0.5.1",
+        "@opentelemetry/resource-detector-gcp": "^0.30.0",
         "@opentelemetry/resources": "^1.24.0",
-        "@opentelemetry/sdk-node": "^0.54.0"
+        "@opentelemetry/sdk-node": "^0.55.0"
       },
       "engines": {
         "node": ">=14"
@@ -6237,10 +6237,57 @@
         "@opentelemetry/api": "^1.4.1"
       }
     },
+    "node_modules/@opentelemetry/auto-instrumentations-node/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/auto-instrumentations-node/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/auto-instrumentations-node/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/@opentelemetry/context-async-hooks": {
-      "version": "1.27.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/context-async-hooks/-/context-async-hooks-1.27.0.tgz",
-      "integrity": "sha512-CdZ3qmHCwNhFAzjTgHqrDQ44Qxcpz43cVxZRhOs+Ns/79ug+Mr84Bkb626bkJLkA3+BLimA5YAEVRlJC6pFb7g==",
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/context-async-hooks/-/context-async-hooks-1.28.0.tgz",
+      "integrity": "sha512-igcl4Ve+F1N2063PJUkesk/GkYyuGIWinYkSyAFTnIj3gzrOgvOA4k747XNdL47HRRL1w/qh7UW8NDuxOLvKFA==",
       "dev": true,
       "license": "Apache-2.0",
       "engines": {
@@ -6267,17 +6314,17 @@
       }
     },
     "node_modules/@opentelemetry/exporter-logs-otlp-grpc": {
-      "version": "0.54.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-logs-otlp-grpc/-/exporter-logs-otlp-grpc-0.54.0.tgz",
-      "integrity": "sha512-CQC9xl9p8EIvx2KggdM7yffbpmUArKjiqAcjTTTEvqE8kOOf71NSuBU0FXs14FU8vBGTUlsr3oI4vGeWF8FakA==",
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-logs-otlp-grpc/-/exporter-logs-otlp-grpc-0.55.0.tgz",
+      "integrity": "sha512-ykqawCL0ILJWyCJlxCPSAlqQXZ6x2bQsxAVUu8S3z22XNqY5SMx0rl2d93XnvnrOwtcfm+sM9ZhbGh/i5AZ9xw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
         "@grpc/grpc-js": "^1.7.1",
-        "@opentelemetry/core": "1.27.0",
-        "@opentelemetry/otlp-grpc-exporter-base": "0.54.0",
-        "@opentelemetry/otlp-transformer": "0.54.0",
-        "@opentelemetry/sdk-logs": "0.54.0"
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/otlp-grpc-exporter-base": "0.55.0",
+        "@opentelemetry/otlp-transformer": "0.55.0",
+        "@opentelemetry/sdk-logs": "0.55.0"
       },
       "engines": {
         "node": ">=14"
@@ -6286,61 +6333,49 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/exporter-logs-otlp-http": {
-      "version": "0.54.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-logs-otlp-http/-/exporter-logs-otlp-http-0.54.0.tgz",
-      "integrity": "sha512-EX/5YPtFw5hugURWSmOtJEGsjphkwTRAiv2yay40ADCLEzajhI/tM3v/7hFCj+rm37sGFMNawpi3mGLvfKGexQ==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-grpc/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.54.0",
-        "@opentelemetry/core": "1.27.0",
-        "@opentelemetry/otlp-exporter-base": "0.54.0",
-        "@opentelemetry/otlp-transformer": "0.54.0",
-        "@opentelemetry/sdk-logs": "0.54.0"
+        "@opentelemetry/api": "^1.3.0"
       },
       "engines": {
         "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/exporter-logs-otlp-proto": {
-      "version": "0.54.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-logs-otlp-proto/-/exporter-logs-otlp-proto-0.54.0.tgz",
-      "integrity": "sha512-Q8p1eLP6BGu26VdiR8qBiyufXTZimUl2kv6EwZZPLRU0CJWAFR562UOyUtDxbwQioQFq57DVjCd6mQWBvydAlg==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-grpc/node_modules/@opentelemetry/core": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-1.28.0.tgz",
+      "integrity": "sha512-ZLwRMV+fNDpVmF2WYUdBHlq0eOWtEaUJSusrzjGnBt7iSRvfjFE3RXYUZJrqou/wIDWV0DwQ5KIfYe9WXg9Xqw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.54.0",
-        "@opentelemetry/core": "1.27.0",
-        "@opentelemetry/otlp-exporter-base": "0.54.0",
-        "@opentelemetry/otlp-transformer": "0.54.0",
-        "@opentelemetry/resources": "1.27.0",
-        "@opentelemetry/sdk-logs": "0.54.0",
-        "@opentelemetry/sdk-trace-base": "1.27.0"
+        "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/exporter-trace-otlp-grpc": {
-      "version": "0.54.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-trace-otlp-grpc/-/exporter-trace-otlp-grpc-0.54.0.tgz",
-      "integrity": "sha512-DOoK7yk/L/RHoyuYTxIyGY7PLFSTS7OGNks9htMS7eAFkm4Lsa6EtPlGANCT39NXWP4XIQR1c+Y+YIQ7lJdI+w==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-grpc/node_modules/@opentelemetry/otlp-transformer": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-transformer/-/otlp-transformer-0.55.0.tgz",
+      "integrity": "sha512-kVqEfxtp6mSN2Dhpy0REo1ghP4PYhC1kMHQJ2qVlO99Pc+aigELjZDfg7/YKmL71gR6wVGIeJfiql/eXL7sQPA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@grpc/grpc-js": "^1.7.1",
-        "@opentelemetry/core": "1.27.0",
-        "@opentelemetry/otlp-grpc-exporter-base": "0.54.0",
-        "@opentelemetry/otlp-transformer": "0.54.0",
-        "@opentelemetry/resources": "1.27.0",
-        "@opentelemetry/sdk-trace-base": "1.27.0"
+        "@opentelemetry/api-logs": "0.55.0",
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0",
+        "@opentelemetry/sdk-logs": "0.55.0",
+        "@opentelemetry/sdk-metrics": "1.28.0",
+        "@opentelemetry/sdk-trace-base": "1.28.0",
+        "protobufjs": "^7.3.0"
       },
       "engines": {
         "node": ">=14"
@@ -6349,96 +6384,88 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/exporter-trace-otlp-http": {
-      "version": "0.54.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-trace-otlp-http/-/exporter-trace-otlp-http-0.54.0.tgz",
-      "integrity": "sha512-00X6rtr6Ew59+MM9pPSH7Ww5ScpWKBLiBA49awbPqQuVL/Bp0qp7O1cTxKHgjWdNkhsELzJxAEYwuRnDGrMXyA==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-grpc/node_modules/@opentelemetry/resources": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resources/-/resources-1.28.0.tgz",
+      "integrity": "sha512-cIyXSVJjGeTICENN40YSvLDAq4Y2502hGK3iN7tfdynQLKWb3XWZQEkPc+eSx47kiy11YeFAlYkEfXwR1w8kfw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "1.27.0",
-        "@opentelemetry/otlp-exporter-base": "0.54.0",
-        "@opentelemetry/otlp-transformer": "0.54.0",
-        "@opentelemetry/resources": "1.27.0",
-        "@opentelemetry/sdk-trace-base": "1.27.0"
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/exporter-trace-otlp-proto": {
-      "version": "0.54.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-trace-otlp-proto/-/exporter-trace-otlp-proto-0.54.0.tgz",
-      "integrity": "sha512-cpDQj5wl7G8pLu3lW94SnMpn0C85A9Ehe7+JBow2IL5DGPWXTkynFngMtCC3PpQzQgzlyOVe0MVZfoBB3M5ECA==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-grpc/node_modules/@opentelemetry/sdk-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-logs/-/sdk-logs-0.55.0.tgz",
+      "integrity": "sha512-TSx+Yg/d48uWW6HtjS1AD5x6WPfLhDWLl/WxC7I2fMevaiBuKCuraxTB8MDXieCNnBI24bw9ytyXrDCswFfWgA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "1.27.0",
-        "@opentelemetry/otlp-exporter-base": "0.54.0",
-        "@opentelemetry/otlp-transformer": "0.54.0",
-        "@opentelemetry/resources": "1.27.0",
-        "@opentelemetry/sdk-trace-base": "1.27.0"
+        "@opentelemetry/api-logs": "0.55.0",
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api": ">=1.4.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/exporter-zipkin": {
-      "version": "1.27.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-zipkin/-/exporter-zipkin-1.27.0.tgz",
-      "integrity": "sha512-eGMY3s4QprspFZojqsuQyQpWNFpo+oNVE/aosTbtvAlrJBAlvXcwwsOROOHOd8Y9lkU4i0FpQW482rcXkgwCSw==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-grpc/node_modules/@opentelemetry/sdk-metrics": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-metrics/-/sdk-metrics-1.28.0.tgz",
+      "integrity": "sha512-43tqMK/0BcKTyOvm15/WQ3HLr0Vu/ucAl/D84NO7iSlv6O4eOprxSHa3sUtmYkaZWHqdDJV0AHVz/R6u4JALVQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "1.27.0",
-        "@opentelemetry/resources": "1.27.0",
-        "@opentelemetry/sdk-trace-base": "1.27.0",
-        "@opentelemetry/semantic-conventions": "1.27.0"
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.0.0"
+        "@opentelemetry/api": ">=1.3.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation": {
-      "version": "0.54.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.54.0.tgz",
-      "integrity": "sha512-B0Ydo9g9ehgNHwtpc97XivEzjz0XBKR6iQ83NTENIxEEf5NHE0otZQuZLgDdey1XNk+bP1cfRpIkSFWM5YlSyg==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-grpc/node_modules/@opentelemetry/sdk-trace-base": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-base/-/sdk-trace-base-1.28.0.tgz",
+      "integrity": "sha512-ceUVWuCpIao7Y5xE02Xs3nQi0tOGmMea17ecBdwtCvdo9ekmO+ijc9RFDgfifMl7XCBf41zne/1POM3LqSTZDA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.54.0",
-        "@types/shimmer": "^1.2.0",
-        "import-in-the-middle": "^1.8.1",
-        "require-in-the-middle": "^7.1.1",
-        "semver": "^7.5.2",
-        "shimmer": "^1.2.1"
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-amqplib": {
-      "version": "0.43.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-amqplib/-/instrumentation-amqplib-0.43.0.tgz",
-      "integrity": "sha512-ALjfQC+0dnIEcvNYsbZl/VLh7D2P1HhFF4vicRKHhHFIUV3Shpg4kXgiek5PLhmeKSIPiUB25IYH5RIneclL4A==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-http": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-logs-otlp-http/-/exporter-logs-otlp-http-0.55.0.tgz",
+      "integrity": "sha512-fpFObWWq+DoLVrBU2dyMEaVkibByEkmKQZIUIjW/4j7lwIsTgW7aJCoD9RYFVB/tButcqov5Es2C0J2wTjM2tg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/api-logs": "0.55.0",
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/otlp-exporter-base": "0.55.0",
+        "@opentelemetry/otlp-transformer": "0.55.0",
+        "@opentelemetry/sdk-logs": "0.55.0"
       },
       "engines": {
         "node": ">=14"
@@ -6447,54 +6474,44 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-aws-lambda": {
-      "version": "0.46.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-aws-lambda/-/instrumentation-aws-lambda-0.46.0.tgz",
-      "integrity": "sha512-rNmhTC1e1qQD4jw+TZSHlpLYNhrkbKA0P5rlqPpTVHqZXHQctu9+dity2lLBh4DlFKt4p/ibVDLVDoBqjvetKA==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-http/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/propagator-aws-xray": "^1.3.1",
-        "@opentelemetry/semantic-conventions": "^1.27.0",
-        "@types/aws-lambda": "8.10.143"
+        "@opentelemetry/api": "^1.3.0"
       },
       "engines": {
         "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-aws-sdk": {
-      "version": "0.45.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-aws-sdk/-/instrumentation-aws-sdk-0.45.0.tgz",
-      "integrity": "sha512-3EGgC0LFZuFfXcOeslhXHhsiInVhhN046YQsYIPflsicAk7v0wN946sZKWuerEfmqx/kFXOsbOeI1SkkTRmqWQ==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-http/node_modules/@opentelemetry/core": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-1.28.0.tgz",
+      "integrity": "sha512-ZLwRMV+fNDpVmF2WYUdBHlq0eOWtEaUJSusrzjGnBt7iSRvfjFE3RXYUZJrqou/wIDWV0DwQ5KIfYe9WXg9Xqw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/propagation-utils": "^0.30.12",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-bunyan": {
-      "version": "0.42.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-bunyan/-/instrumentation-bunyan-0.42.0.tgz",
-      "integrity": "sha512-GBh6ybwKmFZjc86SyHVx72jHg+4pFPaXT3IZgJ4QtnMsMf0/q5m2aHAjid+yakmEkApsnRWX8pJ8nkl1e+6mag==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-http/node_modules/@opentelemetry/otlp-exporter-base": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-exporter-base/-/otlp-exporter-base-0.55.0.tgz",
+      "integrity": "sha512-iHQI0Zzq3h1T6xUJTVFwmFl5Dt5y1es+fl4kM+k5T/3YvmVyeYkSiF+wHCg6oKrlUAJfk+t55kaAu3sYmt7ZYA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "^0.54.0",
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@types/bunyan": "1.8.9"
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/otlp-transformer": "0.55.0"
       },
       "engines": {
         "node": ">=14"
@@ -6503,15 +6520,20 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-cassandra-driver": {
-      "version": "0.42.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-cassandra-driver/-/instrumentation-cassandra-driver-0.42.0.tgz",
-      "integrity": "sha512-35I9Gw4BeSs9NPe7fugu9e/mWKaapc/N1wounHnGt259/Q3ISGMOQRrOwIBw+x/XJygJvn4Ss1c+r5h89TsVAw==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-http/node_modules/@opentelemetry/otlp-transformer": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-transformer/-/otlp-transformer-0.55.0.tgz",
+      "integrity": "sha512-kVqEfxtp6mSN2Dhpy0REo1ghP4PYhC1kMHQJ2qVlO99Pc+aigELjZDfg7/YKmL71gR6wVGIeJfiql/eXL7sQPA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/api-logs": "0.55.0",
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0",
+        "@opentelemetry/sdk-logs": "0.55.0",
+        "@opentelemetry/sdk-metrics": "1.28.0",
+        "@opentelemetry/sdk-trace-base": "1.28.0",
+        "protobufjs": "^7.3.0"
       },
       "engines": {
         "node": ">=14"
@@ -6520,84 +6542,90 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-connect": {
-      "version": "0.40.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-connect/-/instrumentation-connect-0.40.0.tgz",
-      "integrity": "sha512-3aR/3YBQ160siitwwRLjwqrv2KBT16897+bo6yz8wIfel6nWOxTZBJudcbsK3p42pTC7qrbotJ9t/1wRLpv79Q==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-http/node_modules/@opentelemetry/resources": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resources/-/resources-1.28.0.tgz",
+      "integrity": "sha512-cIyXSVJjGeTICENN40YSvLDAq4Y2502hGK3iN7tfdynQLKWb3XWZQEkPc+eSx47kiy11YeFAlYkEfXwR1w8kfw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0",
-        "@types/connect": "3.4.36"
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-cucumber": {
-      "version": "0.10.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-cucumber/-/instrumentation-cucumber-0.10.0.tgz",
-      "integrity": "sha512-5sT6Ap3W7StEL0Oax/vd1YTEcTPTefx+9myzkKrr72hxzFzSooGRCxlU3sfPwZqWptUV7+QWTMd7SqGEEPnE/w==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-http/node_modules/@opentelemetry/sdk-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-logs/-/sdk-logs-0.55.0.tgz",
+      "integrity": "sha512-TSx+Yg/d48uWW6HtjS1AD5x6WPfLhDWLl/WxC7I2fMevaiBuKCuraxTB8MDXieCNnBI24bw9ytyXrDCswFfWgA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/api-logs": "0.55.0",
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.0.0"
+        "@opentelemetry/api": ">=1.4.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-dataloader": {
-      "version": "0.13.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-dataloader/-/instrumentation-dataloader-0.13.0.tgz",
-      "integrity": "sha512-wbU3WdgUAXljEIY2nfpkqID/VH70ThnES8mZZHKCZlV/Pl5T4+qmrVdT7U9/WUzz8flwsXfER6T6jl48Wbl+LQ==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-http/node_modules/@opentelemetry/sdk-metrics": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-metrics/-/sdk-metrics-1.28.0.tgz",
+      "integrity": "sha512-43tqMK/0BcKTyOvm15/WQ3HLr0Vu/ucAl/D84NO7iSlv6O4eOprxSHa3sUtmYkaZWHqdDJV0AHVz/R6u4JALVQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.54.0"
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api": ">=1.3.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-dns": {
-      "version": "0.40.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-dns/-/instrumentation-dns-0.40.0.tgz",
-      "integrity": "sha512-tLNR8XLPiYRKKk3/UqifXnPP2TVt1RcwvHU0R1ETL1xkZ1ZHMTmSC4x6TignnHOFtRixtJ05EgMGejnffaBXkQ==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-http/node_modules/@opentelemetry/sdk-trace-base": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-base/-/sdk-trace-base-1.28.0.tgz",
+      "integrity": "sha512-ceUVWuCpIao7Y5xE02Xs3nQi0tOGmMea17ecBdwtCvdo9ekmO+ijc9RFDgfifMl7XCBf41zne/1POM3LqSTZDA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.54.0"
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-express": {
-      "version": "0.44.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-express/-/instrumentation-express-0.44.0.tgz",
-      "integrity": "sha512-GWgibp6Q0wxyFaaU8ERIgMMYgzcHmGrw3ILUtGchLtLncHNOKk0SNoWGqiylXWWT4HTn5XdV8MGawUgpZh80cA==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-proto": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-logs-otlp-proto/-/exporter-logs-otlp-proto-0.55.0.tgz",
+      "integrity": "sha512-vjE+DxUr+cUpxikdKCPiLZM5Wx7g1bywjCG76TQocvsA7Tmbb9p0t1+8gPlu9AGH7VEzPwDxxpN4p1ajpOurzQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/api-logs": "0.55.0",
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/otlp-exporter-base": "0.55.0",
+        "@opentelemetry/otlp-transformer": "0.55.0",
+        "@opentelemetry/resources": "1.28.0",
+        "@opentelemetry/sdk-logs": "0.55.0",
+        "@opentelemetry/sdk-trace-base": "1.28.0"
       },
       "engines": {
         "node": ">=14"
@@ -6606,49 +6634,44 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-fastify": {
-      "version": "0.41.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-fastify/-/instrumentation-fastify-0.41.0.tgz",
-      "integrity": "sha512-pNRjFvf0mvqfJueaeL/qEkuGJwgtE5pgjIHGYwjc2rMViNCrtY9/Sf+Nu8ww6dDd/Oyk2fwZZP7i0XZfCnETrA==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-proto/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/api": "^1.3.0"
       },
       "engines": {
         "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-fs": {
-      "version": "0.16.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-fs/-/instrumentation-fs-0.16.0.tgz",
-      "integrity": "sha512-hMDRUxV38ln1R3lNz6osj3YjlO32ykbHqVrzG7gEhGXFQfu7LJUx8t9tEwE4r2h3CD4D0Rw4YGDU4yF4mP3ilg==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-proto/node_modules/@opentelemetry/core": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-1.28.0.tgz",
+      "integrity": "sha512-ZLwRMV+fNDpVmF2WYUdBHlq0eOWtEaUJSusrzjGnBt7iSRvfjFE3RXYUZJrqou/wIDWV0DwQ5KIfYe9WXg9Xqw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.54.0"
+        "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-generic-pool": {
-      "version": "0.40.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-generic-pool/-/instrumentation-generic-pool-0.40.0.tgz",
-      "integrity": "sha512-k+/JlNDHN3bPi/Cir+Ew6tKHFVCa1ZFeQyGUw5HQkRX/twCRaN3kJFXJW+rDAN90XwK3RtC9AWwBihDGh/oSlQ==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-proto/node_modules/@opentelemetry/otlp-exporter-base": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-exporter-base/-/otlp-exporter-base-0.55.0.tgz",
+      "integrity": "sha512-iHQI0Zzq3h1T6xUJTVFwmFl5Dt5y1es+fl4kM+k5T/3YvmVyeYkSiF+wHCg6oKrlUAJfk+t55kaAu3sYmt7ZYA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.54.0"
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/otlp-transformer": "0.55.0"
       },
       "engines": {
         "node": ">=14"
@@ -6657,14 +6680,20 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-graphql": {
-      "version": "0.44.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-graphql/-/instrumentation-graphql-0.44.0.tgz",
-      "integrity": "sha512-FYXTe3Bv96aNpYktqm86BFUTpjglKD0kWI5T5bxYkLUPEPvFn38vWGMJTGrDMVou/i55E4jlWvcm6hFIqLsMbg==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-proto/node_modules/@opentelemetry/otlp-transformer": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-transformer/-/otlp-transformer-0.55.0.tgz",
+      "integrity": "sha512-kVqEfxtp6mSN2Dhpy0REo1ghP4PYhC1kMHQJ2qVlO99Pc+aigELjZDfg7/YKmL71gR6wVGIeJfiql/eXL7sQPA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.54.0"
+        "@opentelemetry/api-logs": "0.55.0",
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0",
+        "@opentelemetry/sdk-logs": "0.55.0",
+        "@opentelemetry/sdk-metrics": "1.28.0",
+        "@opentelemetry/sdk-trace-base": "1.28.0",
+        "protobufjs": "^7.3.0"
       },
       "engines": {
         "node": ">=14"
@@ -6673,101 +6702,89 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-grpc": {
-      "version": "0.54.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-grpc/-/instrumentation-grpc-0.54.0.tgz",
-      "integrity": "sha512-IwLwAf1uC6I5lYjUxfvG0jFuppqNuaBIiaDxYFHMWeRX1Rejh4eqtQi2u+VVtSOHsCn2sRnS9hOxQ2w7+zzPLw==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-proto/node_modules/@opentelemetry/resources": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resources/-/resources-1.28.0.tgz",
+      "integrity": "sha512-cIyXSVJjGeTICENN40YSvLDAq4Y2502hGK3iN7tfdynQLKWb3XWZQEkPc+eSx47kiy11YeFAlYkEfXwR1w8kfw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "0.54.0",
+        "@opentelemetry/core": "1.28.0",
         "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-hapi": {
-      "version": "0.42.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-hapi/-/instrumentation-hapi-0.42.0.tgz",
-      "integrity": "sha512-TQC0BtIWLHrp6nKsYdZ5t5B7aiZ16BwbRqZtYYQxeJVsq/HQTANWpknjtA7KMxv5tAUMCrU/eDo8F3qioUOSZg==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-proto/node_modules/@opentelemetry/sdk-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-logs/-/sdk-logs-0.55.0.tgz",
+      "integrity": "sha512-TSx+Yg/d48uWW6HtjS1AD5x6WPfLhDWLl/WxC7I2fMevaiBuKCuraxTB8MDXieCNnBI24bw9ytyXrDCswFfWgA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/api-logs": "0.55.0",
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api": ">=1.4.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-http": {
-      "version": "0.54.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-http/-/instrumentation-http-0.54.0.tgz",
-      "integrity": "sha512-ovl0UrL+vGpi0O7fdZ1mHRdiQkuv6NGMRBRKZZygVCUFNXdoqTpvJRRbTYih5U5FC+PHIFssEordmlblRCaGUg==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-proto/node_modules/@opentelemetry/sdk-metrics": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-metrics/-/sdk-metrics-1.28.0.tgz",
+      "integrity": "sha512-43tqMK/0BcKTyOvm15/WQ3HLr0Vu/ucAl/D84NO7iSlv6O4eOprxSHa3sUtmYkaZWHqdDJV0AHVz/R6u4JALVQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "1.27.0",
-        "@opentelemetry/instrumentation": "0.54.0",
-        "@opentelemetry/semantic-conventions": "1.27.0",
-        "forwarded-parse": "2.1.2",
-        "semver": "^7.5.2"
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation-http/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
+        "@opentelemetry/api": ">=1.3.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-ioredis": {
-      "version": "0.44.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-ioredis/-/instrumentation-ioredis-0.44.0.tgz",
-      "integrity": "sha512-312pE2xc0ihX9haTf9WC4OF9in5EfVO1y5I8Ef9aMQKJNhuSe3IgzQAqGoLfaYajC+ig0IZ9SQKU8mRbFwHU+A==",
+    "node_modules/@opentelemetry/exporter-logs-otlp-proto/node_modules/@opentelemetry/sdk-trace-base": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-base/-/sdk-trace-base-1.28.0.tgz",
+      "integrity": "sha512-ceUVWuCpIao7Y5xE02Xs3nQi0tOGmMea17ecBdwtCvdo9ekmO+ijc9RFDgfifMl7XCBf41zne/1POM3LqSTZDA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/redis-common": "^0.36.2",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-kafkajs": {
-      "version": "0.4.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-kafkajs/-/instrumentation-kafkajs-0.4.0.tgz",
-      "integrity": "sha512-I9VwDG314g7SDL4t8kD/7+1ytaDBRbZQjhVaQaVIDR8K+mlsoBhLsWH79yHxhHQKvwCSZwqXF+TiTOhoQVUt7A==",
+    "node_modules/@opentelemetry/exporter-trace-otlp-grpc": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-trace-otlp-grpc/-/exporter-trace-otlp-grpc-0.55.0.tgz",
+      "integrity": "sha512-ohIkCLn2Wc3vhhFuf1bH8kOXHMEdcWiD847x7f3Qfygc+CGiatGLzQYscTcEYsWGMV22gVwB/kVcNcx5a3o8gA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@grpc/grpc-js": "^1.7.1",
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/otlp-grpc-exporter-base": "0.55.0",
+        "@opentelemetry/otlp-transformer": "0.55.0",
+        "@opentelemetry/resources": "1.28.0",
+        "@opentelemetry/sdk-trace-base": "1.28.0"
       },
       "engines": {
         "node": ">=14"
@@ -6776,49 +6793,49 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-knex": {
-      "version": "0.41.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-knex/-/instrumentation-knex-0.41.0.tgz",
-      "integrity": "sha512-OhI1SlLv5qnsnm2dOVrian/x3431P75GngSpnR7c4fcVFv7prXGYu29Z6ILRWJf/NJt6fkbySmwdfUUnFnHCTg==",
+    "node_modules/@opentelemetry/exporter-trace-otlp-grpc/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/api": "^1.3.0"
       },
       "engines": {
         "node": ">=14"
-      },
-      "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-koa": {
-      "version": "0.44.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-koa/-/instrumentation-koa-0.44.0.tgz",
-      "integrity": "sha512-ryPqGIQ4hpMGd85bAGjRMDAy/ic+Qdh1GtFGJo9KaXdzbcvZoF1ZgXVsKTYDxbD1n5C0BoQy6rcWg8Lu68iCJA==",
+    "node_modules/@opentelemetry/exporter-trace-otlp-grpc/node_modules/@opentelemetry/core": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-1.28.0.tgz",
+      "integrity": "sha512-ZLwRMV+fNDpVmF2WYUdBHlq0eOWtEaUJSusrzjGnBt7iSRvfjFE3RXYUZJrqou/wIDWV0DwQ5KIfYe9WXg9Xqw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-lru-memoizer": {
-      "version": "0.41.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-lru-memoizer/-/instrumentation-lru-memoizer-0.41.0.tgz",
-      "integrity": "sha512-6OePkk4RYCPVsnS0TroEK6UZzxxxjVWaE6EPdOn2qxGHMtm+Qb80tiBQ6BbmC+f7bjc27O85JY8gxeTybhHZXw==",
+    "node_modules/@opentelemetry/exporter-trace-otlp-grpc/node_modules/@opentelemetry/otlp-transformer": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-transformer/-/otlp-transformer-0.55.0.tgz",
+      "integrity": "sha512-kVqEfxtp6mSN2Dhpy0REo1ghP4PYhC1kMHQJ2qVlO99Pc+aigELjZDfg7/YKmL71gR6wVGIeJfiql/eXL7sQPA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.54.0"
+        "@opentelemetry/api-logs": "0.55.0",
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0",
+        "@opentelemetry/sdk-logs": "0.55.0",
+        "@opentelemetry/sdk-metrics": "1.28.0",
+        "@opentelemetry/sdk-trace-base": "1.28.0",
+        "protobufjs": "^7.3.0"
       },
       "engines": {
         "node": ">=14"
@@ -6827,16 +6844,2538 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-memcached": {
-      "version": "0.40.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-memcached/-/instrumentation-memcached-0.40.0.tgz",
-      "integrity": "sha512-VzJUUH6cVz8yrb25RvvjhxCpwu4vUk28I0m5nnnhebULOo8p9lda5PgQeVde2+jQAd977C/vN714fkbYOmwb+A==",
+    "node_modules/@opentelemetry/exporter-trace-otlp-grpc/node_modules/@opentelemetry/resources": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resources/-/resources-1.28.0.tgz",
+      "integrity": "sha512-cIyXSVJjGeTICENN40YSvLDAq4Y2502hGK3iN7tfdynQLKWb3XWZQEkPc+eSx47kiy11YeFAlYkEfXwR1w8kfw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
+      }
+    },
+    "node_modules/@opentelemetry/exporter-trace-otlp-grpc/node_modules/@opentelemetry/sdk-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-logs/-/sdk-logs-0.55.0.tgz",
+      "integrity": "sha512-TSx+Yg/d48uWW6HtjS1AD5x6WPfLhDWLl/WxC7I2fMevaiBuKCuraxTB8MDXieCNnBI24bw9ytyXrDCswFfWgA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": ">=1.4.0 <1.10.0"
+      }
+    },
+    "node_modules/@opentelemetry/exporter-trace-otlp-grpc/node_modules/@opentelemetry/sdk-metrics": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-metrics/-/sdk-metrics-1.28.0.tgz",
+      "integrity": "sha512-43tqMK/0BcKTyOvm15/WQ3HLr0Vu/ucAl/D84NO7iSlv6O4eOprxSHa3sUtmYkaZWHqdDJV0AHVz/R6u4JALVQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": ">=1.3.0 <1.10.0"
+      }
+    },
+    "node_modules/@opentelemetry/exporter-trace-otlp-grpc/node_modules/@opentelemetry/sdk-trace-base": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-base/-/sdk-trace-base-1.28.0.tgz",
+      "integrity": "sha512-ceUVWuCpIao7Y5xE02Xs3nQi0tOGmMea17ecBdwtCvdo9ekmO+ijc9RFDgfifMl7XCBf41zne/1POM3LqSTZDA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
+      }
+    },
+    "node_modules/@opentelemetry/exporter-trace-otlp-http": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-trace-otlp-http/-/exporter-trace-otlp-http-0.55.0.tgz",
+      "integrity": "sha512-lMiNic63EVHpW+eChmLD2CieDmwQBFi72+LFbh8+5hY0ShrDGrsGP/zuT5MRh7M/vM/UZYO/2A/FYd7CMQGR7A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/otlp-exporter-base": "0.55.0",
+        "@opentelemetry/otlp-transformer": "0.55.0",
+        "@opentelemetry/resources": "1.28.0",
+        "@opentelemetry/sdk-trace-base": "1.28.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/exporter-trace-otlp-http/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/exporter-trace-otlp-http/node_modules/@opentelemetry/core": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-1.28.0.tgz",
+      "integrity": "sha512-ZLwRMV+fNDpVmF2WYUdBHlq0eOWtEaUJSusrzjGnBt7iSRvfjFE3RXYUZJrqou/wIDWV0DwQ5KIfYe9WXg9Xqw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/semantic-conventions": "1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
+      }
+    },
+    "node_modules/@opentelemetry/exporter-trace-otlp-http/node_modules/@opentelemetry/otlp-exporter-base": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-exporter-base/-/otlp-exporter-base-0.55.0.tgz",
+      "integrity": "sha512-iHQI0Zzq3h1T6xUJTVFwmFl5Dt5y1es+fl4kM+k5T/3YvmVyeYkSiF+wHCg6oKrlUAJfk+t55kaAu3sYmt7ZYA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/otlp-transformer": "0.55.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/exporter-trace-otlp-http/node_modules/@opentelemetry/otlp-transformer": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-transformer/-/otlp-transformer-0.55.0.tgz",
+      "integrity": "sha512-kVqEfxtp6mSN2Dhpy0REo1ghP4PYhC1kMHQJ2qVlO99Pc+aigELjZDfg7/YKmL71gR6wVGIeJfiql/eXL7sQPA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0",
+        "@opentelemetry/sdk-logs": "0.55.0",
+        "@opentelemetry/sdk-metrics": "1.28.0",
+        "@opentelemetry/sdk-trace-base": "1.28.0",
+        "protobufjs": "^7.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/exporter-trace-otlp-http/node_modules/@opentelemetry/resources": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resources/-/resources-1.28.0.tgz",
+      "integrity": "sha512-cIyXSVJjGeTICENN40YSvLDAq4Y2502hGK3iN7tfdynQLKWb3XWZQEkPc+eSx47kiy11YeFAlYkEfXwR1w8kfw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
+      }
+    },
+    "node_modules/@opentelemetry/exporter-trace-otlp-http/node_modules/@opentelemetry/sdk-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-logs/-/sdk-logs-0.55.0.tgz",
+      "integrity": "sha512-TSx+Yg/d48uWW6HtjS1AD5x6WPfLhDWLl/WxC7I2fMevaiBuKCuraxTB8MDXieCNnBI24bw9ytyXrDCswFfWgA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": ">=1.4.0 <1.10.0"
+      }
+    },
+    "node_modules/@opentelemetry/exporter-trace-otlp-http/node_modules/@opentelemetry/sdk-metrics": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-metrics/-/sdk-metrics-1.28.0.tgz",
+      "integrity": "sha512-43tqMK/0BcKTyOvm15/WQ3HLr0Vu/ucAl/D84NO7iSlv6O4eOprxSHa3sUtmYkaZWHqdDJV0AHVz/R6u4JALVQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": ">=1.3.0 <1.10.0"
+      }
+    },
+    "node_modules/@opentelemetry/exporter-trace-otlp-http/node_modules/@opentelemetry/sdk-trace-base": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-base/-/sdk-trace-base-1.28.0.tgz",
+      "integrity": "sha512-ceUVWuCpIao7Y5xE02Xs3nQi0tOGmMea17ecBdwtCvdo9ekmO+ijc9RFDgfifMl7XCBf41zne/1POM3LqSTZDA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
+      }
+    },
+    "node_modules/@opentelemetry/exporter-trace-otlp-proto": {
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-trace-otlp-proto/-/exporter-trace-otlp-proto-0.54.0.tgz",
+      "integrity": "sha512-cpDQj5wl7G8pLu3lW94SnMpn0C85A9Ehe7+JBow2IL5DGPWXTkynFngMtCC3PpQzQgzlyOVe0MVZfoBB3M5ECA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/otlp-exporter-base": "0.54.0",
+        "@opentelemetry/otlp-transformer": "0.54.0",
+        "@opentelemetry/resources": "1.27.0",
+        "@opentelemetry/sdk-trace-base": "1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/exporter-zipkin": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-zipkin/-/exporter-zipkin-1.28.0.tgz",
+      "integrity": "sha512-AMwr3eGXaPEH7gk8yhcUcen31VXy1yU5VJETu0pCfGpggGCYmhm0FKgYBpL5/vlIgQJWU/sW2vIjCL7aSilpKg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0",
+        "@opentelemetry/sdk-trace-base": "1.28.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.0.0"
+      }
+    },
+    "node_modules/@opentelemetry/exporter-zipkin/node_modules/@opentelemetry/core": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-1.28.0.tgz",
+      "integrity": "sha512-ZLwRMV+fNDpVmF2WYUdBHlq0eOWtEaUJSusrzjGnBt7iSRvfjFE3RXYUZJrqou/wIDWV0DwQ5KIfYe9WXg9Xqw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/semantic-conventions": "1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
+      }
+    },
+    "node_modules/@opentelemetry/exporter-zipkin/node_modules/@opentelemetry/resources": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resources/-/resources-1.28.0.tgz",
+      "integrity": "sha512-cIyXSVJjGeTICENN40YSvLDAq4Y2502hGK3iN7tfdynQLKWb3XWZQEkPc+eSx47kiy11YeFAlYkEfXwR1w8kfw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
+      }
+    },
+    "node_modules/@opentelemetry/exporter-zipkin/node_modules/@opentelemetry/sdk-trace-base": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-base/-/sdk-trace-base-1.28.0.tgz",
+      "integrity": "sha512-ceUVWuCpIao7Y5xE02Xs3nQi0tOGmMea17ecBdwtCvdo9ekmO+ijc9RFDgfifMl7XCBf41zne/1POM3LqSTZDA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation": {
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.54.0.tgz",
+      "integrity": "sha512-B0Ydo9g9ehgNHwtpc97XivEzjz0XBKR6iQ83NTENIxEEf5NHE0otZQuZLgDdey1XNk+bP1cfRpIkSFWM5YlSyg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.54.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-amqplib": {
+      "version": "0.44.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-amqplib/-/instrumentation-amqplib-0.44.0.tgz",
+      "integrity": "sha512-n2nn2jD1zWeKQOfmDTMXmypHJ2DmyTGZADOYLxRlYNDOv69lTPLZYaxVIUEdnCvioLSuVnB8zPzy077gEKcCaQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-amqplib/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-amqplib/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-amqplib/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-aws-lambda": {
+      "version": "0.48.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-aws-lambda/-/instrumentation-aws-lambda-0.48.0.tgz",
+      "integrity": "sha512-0BJHjCUQwDO5uMCAE1C06LoXcLPK3lWlnT40AORFU9DvT/tFFCjs+KlN3vE39FSlWL7vVzyMVOejdcbDv+xMlw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0",
+        "@types/aws-lambda": "8.10.143"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-aws-lambda/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-aws-lambda/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-aws-lambda/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-aws-sdk": {
+      "version": "0.47.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-aws-sdk/-/instrumentation-aws-sdk-0.47.0.tgz",
+      "integrity": "sha512-taO5tsee7g5Q71LRebnHSDb8oIEcGDaqMol0gMJdPCAZAu4pZ7vixDGCONAvIo9OgrR948h/NhQX4T0cLJ1fag==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/propagation-utils": "^0.30.13",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-aws-sdk/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-aws-sdk/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-aws-sdk/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-bunyan": {
+      "version": "0.43.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-bunyan/-/instrumentation-bunyan-0.43.0.tgz",
+      "integrity": "sha512-nAAXMx63tXXWwuPiTLWTxDRBqXDRvcfE4H3IrXZbrls3BO7P7SkTZ9dvwPCuTku4rRUhEEDpV8vq9Ng4Pk/Uzw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "^0.55.0",
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@types/bunyan": "1.8.9"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-bunyan/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-bunyan/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-bunyan/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-cassandra-driver": {
+      "version": "0.43.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-cassandra-driver/-/instrumentation-cassandra-driver-0.43.0.tgz",
+      "integrity": "sha512-fpnGDwUA5nRFhMDb4N1JBUi3dzsHvZRFcyX5bIXoApx43ZwY3lP/eF44aiHE6a4YObgcStLchLa0bEDM5UT4Fw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-cassandra-driver/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-cassandra-driver/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-cassandra-driver/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-connect": {
+      "version": "0.41.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-connect/-/instrumentation-connect-0.41.0.tgz",
+      "integrity": "sha512-BFbkWYVzvSG9G9bG/8vp3+VWRfFgBqPPG0fQh4oM8nrz3YWrHK6269PIXmk9W5hXoxvYw0ghzp2kjMXIzX+NeA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0",
+        "@types/connect": "3.4.36"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-connect/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-connect/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-connect/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-cucumber": {
+      "version": "0.11.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-cucumber/-/instrumentation-cucumber-0.11.0.tgz",
+      "integrity": "sha512-6CyeH678mw5AYbXIY1wtuNL7OsE57+XXk5t5pBeiXsAg0Kh0084/MmBzzCNVOCxn+IN5sjXKtjgVIDHrE/iILA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.0.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-cucumber/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-cucumber/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-cucumber/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-dataloader": {
+      "version": "0.14.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-dataloader/-/instrumentation-dataloader-0.14.0.tgz",
+      "integrity": "sha512-1cQC0CUSCDbyACFA8f8limjYyQbNdYdiKzGIJF2MwSUkhac64WvcoNjknYfK7CCO68QrBmvmaLqoF+IbZ7djZg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.55.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-dataloader/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-dataloader/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-dataloader/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-dns": {
+      "version": "0.41.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-dns/-/instrumentation-dns-0.41.0.tgz",
+      "integrity": "sha512-4SovC9rlhBcRzlAmw8PZD3tcP8CfIZ8GJIKJlB5Lca7IDh2A92JpOqzrWFCOJVGFYt7E6YeZJ09b+yb/4Ypa5Q==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.55.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-dns/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-dns/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-dns/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-express": {
+      "version": "0.45.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-express/-/instrumentation-express-0.45.0.tgz",
+      "integrity": "sha512-7NY+HsETxEP5Rtlhy8Z3pPJdiz6wPmJuFVb9bRDdThKk72ATryox2ozV3t+aMeOdDsVgQiPHpgPzU150/uovOQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-express/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-express/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-express/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-fastify": {
+      "version": "0.42.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-fastify/-/instrumentation-fastify-0.42.0.tgz",
+      "integrity": "sha512-XmLaOI4rCqcuBwL+u/vh+hJdLCaZsjc7Q88BCtvLAQhnrj02UEX3c+MDRMcCAoxUJMQTSJMlCOv/tfibWdrVAg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-fastify/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-fastify/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-fastify/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-fs": {
+      "version": "0.17.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-fs/-/instrumentation-fs-0.17.0.tgz",
+      "integrity": "sha512-WKO2hBdU24LD4VlSNOIWRAP3JegTmDtZtoy0H92ipKeVajvlSMewozvTXiGd2+hF7WY3zL6/sbx47t6ycq9SrA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.55.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-fs/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-fs/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-fs/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-generic-pool": {
+      "version": "0.41.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-generic-pool/-/instrumentation-generic-pool-0.41.0.tgz",
+      "integrity": "sha512-V0OcN7VH37laZU1pxLixFROBkXrT55E5/MpacShsziAhGqiPZyU1XlCAHBseZ0T7cPfQ8Ux3cp0BAv59hRPt1Q==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.55.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-generic-pool/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-generic-pool/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-generic-pool/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-graphql": {
+      "version": "0.45.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-graphql/-/instrumentation-graphql-0.45.0.tgz",
+      "integrity": "sha512-NCmL89XZcu9NQAskrYsUHT0PygUiLX90GwjS7kUn72nRAuk/myGg8Zj9YUPwe/OKVJcSLA5Fq755jUHlBQ1odA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.55.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-graphql/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-graphql/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-graphql/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-grpc": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-grpc/-/instrumentation-grpc-0.55.0.tgz",
+      "integrity": "sha512-n2ZH4pRwOy0Vhag/3eKqiyDBwcpUnGgJI9iiIRX7vivE0FMncaLazWphNFezRRaM/LuKwq1TD8pVUvieP68mow==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "0.55.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-grpc/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-grpc/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-grpc/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-hapi": {
+      "version": "0.43.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-hapi/-/instrumentation-hapi-0.43.0.tgz",
+      "integrity": "sha512-FsSfn3nWNucswySEK/3EDV9vtgtj24YluVausqWMZiQlTlsLPzTbu2lUl7ynQViJGsUYh0YNpNz9d4IdzAGtcQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-hapi/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-hapi/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-hapi/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-http": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-http/-/instrumentation-http-0.55.0.tgz",
+      "integrity": "sha512-AO27XSjkgNicfy/YBthskFAwx9VfaO7tChrLaTONTfOWv14GlB3Rs2eTYpywZIHWsW2cR5hvVkcDte4GV0stoA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/instrumentation": "0.55.0",
+        "@opentelemetry/semantic-conventions": "1.27.0",
+        "forwarded-parse": "2.1.2",
+        "semver": "^7.5.2"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-http/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-http/node_modules/@opentelemetry/core": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-1.28.0.tgz",
+      "integrity": "sha512-ZLwRMV+fNDpVmF2WYUdBHlq0eOWtEaUJSusrzjGnBt7iSRvfjFE3RXYUZJrqou/wIDWV0DwQ5KIfYe9WXg9Xqw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/semantic-conventions": "1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-http/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-http/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-ioredis": {
+      "version": "0.45.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-ioredis/-/instrumentation-ioredis-0.45.0.tgz",
+      "integrity": "sha512-h79ctSTYgxc6V0saa4JcdjEt/JQd9gkfgFwPNyHZkIx0aQofygMc32Ulp2v7axAHqf8HiI9jP9aP/Qh1mWVSNA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/redis-common": "^0.36.2",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-ioredis/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-ioredis/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-ioredis/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-kafkajs": {
+      "version": "0.5.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-kafkajs/-/instrumentation-kafkajs-0.5.0.tgz",
+      "integrity": "sha512-34Jv473IVv5uKFPz9m1ONX4DAnIxPXB5xKW46imq/6Cre7fZf23P2Aa/NQyFhCNymwbcJDMv6+6uU3THGn73lQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-kafkajs/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-kafkajs/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-kafkajs/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-knex": {
+      "version": "0.42.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-knex/-/instrumentation-knex-0.42.0.tgz",
+      "integrity": "sha512-lKrr9bfYVLXXX0/p0tB3VB2zMbCgw+8CZkWd5U2d2idr7CORH0efKD+0aZukMFfg10qBaIouhFdFn5iR+34i5w==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-knex/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-knex/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-knex/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-koa": {
+      "version": "0.45.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-koa/-/instrumentation-koa-0.45.0.tgz",
+      "integrity": "sha512-nNdgmOZUkP+yR/yF0RsXapJNioORgnrA2Jl58ExlxyGUbHvHjcSAlNY7dsBljQFHhFYzBOh4NPs3TBbF681+qw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-koa/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-koa/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-koa/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-lru-memoizer": {
+      "version": "0.42.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-lru-memoizer/-/instrumentation-lru-memoizer-0.42.0.tgz",
+      "integrity": "sha512-536coihEiLB8E9wuSGG4j+f/9QhGQhvbb9WWF3Y+Ogn4Zz89Vm7vIQbre/M5coLLFIzVhLDoBD77QjtE+eXn0g==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.55.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-lru-memoizer/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-lru-memoizer/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-lru-memoizer/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-memcached": {
+      "version": "0.41.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-memcached/-/instrumentation-memcached-0.41.0.tgz",
+      "integrity": "sha512-Qrp+yl6pobVAm2F5AJizopDFtKkxwIzJ8iSnV1TDhbB8O7ct4N9p8rz3WvA3XAikS0bVw9rh/cRgYvb7g6AQcQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0",
+        "@types/memcached": "^2.2.6"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-memcached/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-memcached/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-memcached/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mongodb": {
+      "version": "0.49.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mongodb/-/instrumentation-mongodb-0.49.0.tgz",
+      "integrity": "sha512-3qIvelQxqj+znuHB6f2sLGmTG6FUbpX0qsxABEG3yPh7i11f2dJ554bUxkpVV1Y9YafP3iKEHo2ybbjjUm5xyg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mongodb/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mongodb/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mongodb/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mongoose": {
+      "version": "0.44.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mongoose/-/instrumentation-mongoose-0.44.0.tgz",
+      "integrity": "sha512-gBwxWvUFxTcXDXiLTqpiM7jyOS27X5x8saQesG8RsL128yxAoN3oiy3Hn3hIw13nkh+AHTXBTiADVD/lkazuiA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mongoose/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mongoose/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mongoose/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mysql": {
+      "version": "0.43.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mysql/-/instrumentation-mysql-0.43.0.tgz",
+      "integrity": "sha512-Yd4QLENitUAovh5JKbDIvzLVkt+3InnQYiWqcD4X7VjUGdVlZuCgMNkyUl6ML3WonH60jDy7S2rmLZAlWm7qTg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.55.0",
         "@opentelemetry/semantic-conventions": "^1.27.0",
-        "@types/memcached": "^2.2.6"
+        "@types/mysql": "2.15.26"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mysql/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mysql/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mysql/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mysql2": {
+      "version": "0.43.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mysql2/-/instrumentation-mysql2-0.43.0.tgz",
+      "integrity": "sha512-9W1AxMfrZV3ZeYBPjz8bkMRIRf1od4h+QZLw+m575lu41DMQIprcHXRZbyZRXZG+tgqM3YNBiNZCI2bDV3x46Q==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0",
+        "@opentelemetry/sql-common": "^0.40.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mysql2/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mysql2/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-mysql2/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-nestjs-core": {
+      "version": "0.42.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-nestjs-core/-/instrumentation-nestjs-core-0.42.0.tgz",
+      "integrity": "sha512-+JRi91A2Ue8JOY7WJ3oSq4HFB6+qIQQ62uu77fKLqV0xn0ft8YX/hDJceUJEKgqPlJMbHH5ppZlCrSPc/d3t0w==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-nestjs-core/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-nestjs-core/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-nestjs-core/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-net": {
+      "version": "0.41.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-net/-/instrumentation-net-0.41.0.tgz",
+      "integrity": "sha512-3IqTpOaNxnCaCzCcFFPwGmX+b626Gx/uSHe61kP1kVDzhIKpwhgrzwWstdI2ZEzMa1jpNzharque/y9wEpsg8A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-net/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-net/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-net/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-pg": {
+      "version": "0.48.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-pg/-/instrumentation-pg-0.48.0.tgz",
+      "integrity": "sha512-z0eG0A6SUXM/zSBisFVYrcp6aYbO8z1+R7cM7hxURBm8ccS98kVvZ+9UpLFd61YpSeof4bGhFsA8wqgNgqh4Vg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "^1.26.0",
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/semantic-conventions": "1.27.0",
+        "@opentelemetry/sql-common": "^0.40.1",
+        "@types/pg": "8.6.1",
+        "@types/pg-pool": "2.0.6"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-pg/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-pg/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-pg/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-pino": {
+      "version": "0.44.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-pino/-/instrumentation-pino-0.44.0.tgz",
+      "integrity": "sha512-nyu6A1Zq3z/GUsfIJLsEMmUZrdqdVeQSESx8i7PzvUiVYyEdvf8w1sg4oPCBrSwl0PFU7FR4uYR4d04/QxFCoA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "^0.55.0",
+        "@opentelemetry/core": "^1.25.0",
+        "@opentelemetry/instrumentation": "^0.55.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-pino/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-pino/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-pino/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-redis": {
+      "version": "0.44.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-redis/-/instrumentation-redis-0.44.0.tgz",
+      "integrity": "sha512-QKBrjwHSejj/31JpxyI6wWEFK6ZqPmY/5ARFvzd7jSuTNtH2lMQ+Gb0j1T5hLJ6j3dDtFceYnC7CGXTSsx1jxg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/redis-common": "^0.36.2",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-redis-4": {
+      "version": "0.44.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-redis-4/-/instrumentation-redis-4-0.44.0.tgz",
+      "integrity": "sha512-mT4iGxqBeD4vUd2Dp5QG2UxaduWENHzsiPEgFvsPwSDARkyCXbTxCyOoXTTR53Vb4L8EklprbRBjukbljCdMTA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/redis-common": "^0.36.2",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-redis-4/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-redis-4/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-redis-4/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-redis/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-redis/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-redis/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-restify": {
+      "version": "0.43.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-restify/-/instrumentation-restify-0.43.0.tgz",
+      "integrity": "sha512-gNO8cAF7lPCCcWOPlx17LLTKKz2+jKkHI4OGhNoM+yUCG2KXBD5cZ8+XzL/EVLRL0GXHgV4Un4eeBnCUjXYTOw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.55.0",
+        "@opentelemetry/semantic-conventions": "^1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-restify/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-restify/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
       },
       "engines": {
         "node": ">=14"
@@ -6845,14 +9384,27 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-mongodb": {
-      "version": "0.48.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mongodb/-/instrumentation-mongodb-0.48.0.tgz",
-      "integrity": "sha512-9YWvaGvrrcrydMsYGLu0w+RgmosLMKe3kv/UNlsPy8RLnCkN2z+bhhbjjjuxtUmvEuKZMCoXFluABVuBr1yhjw==",
+    "node_modules/@opentelemetry/instrumentation-restify/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-router": {
+      "version": "0.42.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-router/-/instrumentation-router-0.42.0.tgz",
+      "integrity": "sha512-bA0gmEIOZCkCbrnzWU5auSWPlEcU72URka0nQq3H+zoDaToO+Yi1756h9g5jL/9gx6YFzO5+ufRqVh4tNzf2Jw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/instrumentation": "^0.55.0",
         "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
@@ -6862,15 +9414,61 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-mongoose": {
-      "version": "0.43.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mongoose/-/instrumentation-mongoose-0.43.0.tgz",
-      "integrity": "sha512-y1mWuL/zb6IKi199HkROgmStxF/ybEsnKYgx+/lpLATd57oZHOqrXP9tLmp9qRVI5c6P5XEWfe7ZCvrj07iDMQ==",
+    "node_modules/@opentelemetry/instrumentation-router/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-router/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-router/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-socket.io": {
+      "version": "0.44.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-socket.io/-/instrumentation-socket.io-0.44.0.tgz",
+      "integrity": "sha512-Gf53pjHae88FrFY6eUHBGylJcFp90zd4HM5JlrIrTRfM28im7IijsCPSgMYez2m8Anr72aWrEoRtOJWfo7tE0Q==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/instrumentation": "^0.55.0",
         "@opentelemetry/semantic-conventions": "^1.27.0"
       },
       "engines": {
@@ -6880,16 +9478,32 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-mysql": {
-      "version": "0.42.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mysql/-/instrumentation-mysql-0.42.0.tgz",
-      "integrity": "sha512-1GN2EBGVSZABGQ25MSz3faeBW/DwhzmE10aNW1/A2mvQAxF1CvpMk17YmNUzwapVt29iKsiU3SXQG7vjh/019A==",
+    "node_modules/@opentelemetry/instrumentation-socket.io/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0",
-        "@types/mysql": "2.15.26"
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-socket.io/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
       },
       "engines": {
         "node": ">=14"
@@ -6898,16 +9512,29 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-mysql2": {
-      "version": "0.42.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-mysql2/-/instrumentation-mysql2-0.42.0.tgz",
-      "integrity": "sha512-CQqOjCbHwEnaC+Bd6Sms+82iJkSbPpd7jD7Jwif7q8qXo6yrKLVDYDVK+zKbfnmQtu2xHaHj+xiq4tyjb3sMfg==",
+    "node_modules/@opentelemetry/instrumentation-socket.io/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-tedious": {
+      "version": "0.16.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-tedious/-/instrumentation-tedious-0.16.0.tgz",
+      "integrity": "sha512-mIzPC0fioXb9KQOm03UgGZDXwSBzYdCIT/6+S4jYHquLeVJvfKe4ivZo7bfNV0yHzfINpOefog76wlZ94tr3OA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.54.0",
+        "@opentelemetry/instrumentation": "^0.55.0",
         "@opentelemetry/semantic-conventions": "^1.27.0",
-        "@opentelemetry/sql-common": "^0.40.1"
+        "@types/tedious": "^4.0.14"
       },
       "engines": {
         "node": ">=14"
@@ -6916,15 +9543,32 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-nestjs-core": {
-      "version": "0.41.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-nestjs-core/-/instrumentation-nestjs-core-0.41.0.tgz",
-      "integrity": "sha512-XCqtghFktpcJ2BOaJtFfqtTMsHffJADxfYhJl28WT6ygCChS2uZVxMKKLsy+i9VtPaw/i1IumPICL6mbhwq+Vw==",
+    "node_modules/@opentelemetry/instrumentation-tedious/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-tedious/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
       },
       "engines": {
         "node": ">=14"
@@ -6933,36 +9577,62 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-net": {
-      "version": "0.40.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-net/-/instrumentation-net-0.40.0.tgz",
-      "integrity": "sha512-abErnVRxTmtiF7EvBISW81Se2nj/j3Xtpfy//9++dgvDOXwbcD1Xz1via6ZHOm/VamboGhqPlYiO7ABzluPLwg==",
+    "node_modules/@opentelemetry/instrumentation-tedious/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-undici": {
+      "version": "0.8.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-undici/-/instrumentation-undici-0.8.0.tgz",
+      "integrity": "sha512-XUab3nrvk2CPjOTlIPJNUv3v0KIpK6flxF67Re6PoxVaxtN4Zh5hfUTowndn7rXMGwz2feO5LpDWjqfMQw8veQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/core": "^1.8.0",
+        "@opentelemetry/instrumentation": "^0.55.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
+        "@opentelemetry/api": "^1.7.0"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-undici/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
         "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-pg": {
-      "version": "0.47.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-pg/-/instrumentation-pg-0.47.0.tgz",
-      "integrity": "sha512-aKu5PCeUv3S8s1wq60JZ2o3DWV2wqvO7WAktjmkx5wXd2+tZRfyDCKFHbP90QuDG1HDzjJ138Ob4d4rJdPETCQ==",
+    "node_modules/@opentelemetry/instrumentation-undici/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "^1.26.0",
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/semantic-conventions": "1.27.0",
-        "@opentelemetry/sql-common": "^0.40.1",
-        "@types/pg": "8.6.1",
-        "@types/pg-pool": "2.0.6"
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
       },
       "engines": {
         "node": ">=14"
@@ -6971,16 +9641,28 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-pino": {
-      "version": "0.43.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-pino/-/instrumentation-pino-0.43.0.tgz",
-      "integrity": "sha512-jlOOgbODWRRNknWXY1VLgmqgG0SO4kLgU3XnejjO/3De4OisroAsMGk+1cRB5AQ6WZ8WLAMkMyTShaOe6j2Asw==",
+    "node_modules/@opentelemetry/instrumentation-undici/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-winston": {
+      "version": "0.42.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-winston/-/instrumentation-winston-0.42.0.tgz",
+      "integrity": "sha512-kaMbm2oITQpX6q59gOsv5dPuZEXzLNnQYZiICg5P0XdsVCQkbvmWK3xoPhHTgdXUyhgIHc5uUiMknHmHfXqMQQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "^0.54.0",
-        "@opentelemetry/core": "^1.25.0",
-        "@opentelemetry/instrumentation": "^0.54.0"
+        "@opentelemetry/api-logs": "^0.55.0",
+        "@opentelemetry/instrumentation": "^0.55.0"
       },
       "engines": {
         "node": ">=14"
@@ -6989,16 +9671,32 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-redis": {
-      "version": "0.43.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-redis/-/instrumentation-redis-0.43.0.tgz",
-      "integrity": "sha512-dufe08W3sCOjutbTJmV6tg2Y3+7IBe59oQrnIW2RCgjRhsW0Jjaenezt490eawO0MdXjUfFyrIUg8WetKhE4xA==",
+    "node_modules/@opentelemetry/instrumentation-winston/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/redis-common": "^0.36.2",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation-winston/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
       },
       "engines": {
         "node": ">=14"
@@ -7007,16 +9705,41 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-redis-4": {
-      "version": "0.43.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-redis-4/-/instrumentation-redis-4-0.43.0.tgz",
-      "integrity": "sha512-6B2+CFRY9xRnkeZrSvlTyY2yB/zAgxjbXS5EwXhE3ZAKR1hWWoUzaTADIKT5xe9/VbDW42U3UoOPCcaCmeAXww==",
+    "node_modules/@opentelemetry/instrumentation-winston/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/instrumentation/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/@opentelemetry/otlp-exporter-base": {
+      "version": "0.54.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-exporter-base/-/otlp-exporter-base-0.54.0.tgz",
+      "integrity": "sha512-g+H7+QleVF/9lz4zhaR9Dt4VwApjqG5WWupy5CTMpWJfHB/nLxBbX73GBZDgdiNfh08nO3rNa6AS7fK8OhgF5g==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/redis-common": "^0.36.2",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/core": "1.27.0",
+        "@opentelemetry/otlp-transformer": "0.54.0"
       },
       "engines": {
         "node": ">=14"
@@ -7025,16 +9748,17 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-restify": {
-      "version": "0.42.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-restify/-/instrumentation-restify-0.42.0.tgz",
-      "integrity": "sha512-ApDD9HNy6de6xrHmISEfkQHwwX1f1JrBj0ADnlk6tVdJ0j/vNmsZNLwaU2IA2K3mHqbp2YLarLgxAZp6rjcfWg==",
+    "node_modules/@opentelemetry/otlp-grpc-exporter-base": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-grpc-exporter-base/-/otlp-grpc-exporter-base-0.55.0.tgz",
+      "integrity": "sha512-gebbjl9FiSp52igWXuGjcWQKfB6IBwFGt5z1VFwTcVZVeEZevB6bJIqoFrhH4A02m7OUlpJ7l4EfRi3UtkNANQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@grpc/grpc-js": "^1.7.1",
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/otlp-exporter-base": "0.55.0",
+        "@opentelemetry/otlp-transformer": "0.55.0"
       },
       "engines": {
         "node": ">=14"
@@ -7043,32 +9767,44 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-router": {
-      "version": "0.41.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-router/-/instrumentation-router-0.41.0.tgz",
-      "integrity": "sha512-IbvzgaoylMqStOOtwucEvSu5CDbfQN+H1ZZ2p6c9Kmvzptqh6G441GFy0FFVVqxOAHNhQm2w6n0Ag8trdBjCfw==",
+    "node_modules/@opentelemetry/otlp-grpc-exporter-base/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/otlp-grpc-exporter-base/node_modules/@opentelemetry/core": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-1.28.0.tgz",
+      "integrity": "sha512-ZLwRMV+fNDpVmF2WYUdBHlq0eOWtEaUJSusrzjGnBt7iSRvfjFE3RXYUZJrqou/wIDWV0DwQ5KIfYe9WXg9Xqw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-socket.io": {
-      "version": "0.43.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-socket.io/-/instrumentation-socket.io-0.43.0.tgz",
-      "integrity": "sha512-HAQoIZ6N/ey1L4jF69gmqo7RyeSv5rc4sZZAd1v6SVaB8ZolTEyWEzGlu1NRZZTnqfWNxDkX6J1/omWpDd9k0w==",
+    "node_modules/@opentelemetry/otlp-grpc-exporter-base/node_modules/@opentelemetry/otlp-exporter-base": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-exporter-base/-/otlp-exporter-base-0.55.0.tgz",
+      "integrity": "sha512-iHQI0Zzq3h1T6xUJTVFwmFl5Dt5y1es+fl4kM+k5T/3YvmVyeYkSiF+wHCg6oKrlUAJfk+t55kaAu3sYmt7ZYA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0"
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/otlp-transformer": "0.55.0"
       },
       "engines": {
         "node": ">=14"
@@ -7077,16 +9813,20 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-tedious": {
-      "version": "0.15.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-tedious/-/instrumentation-tedious-0.15.0.tgz",
-      "integrity": "sha512-Kb7yo8Zsq2TUwBbmwYgTAMPK0VbhoS8ikJ6Bup9KrDtCx2JC01nCb+M0VJWXt7tl0+5jARUbKWh5jRSoImxdCw==",
+    "node_modules/@opentelemetry/otlp-grpc-exporter-base/node_modules/@opentelemetry/otlp-transformer": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-transformer/-/otlp-transformer-0.55.0.tgz",
+      "integrity": "sha512-kVqEfxtp6mSN2Dhpy0REo1ghP4PYhC1kMHQJ2qVlO99Pc+aigELjZDfg7/YKmL71gR6wVGIeJfiql/eXL7sQPA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/instrumentation": "^0.54.0",
-        "@opentelemetry/semantic-conventions": "^1.27.0",
-        "@types/tedious": "^4.0.14"
+        "@opentelemetry/api-logs": "0.55.0",
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0",
+        "@opentelemetry/sdk-logs": "0.55.0",
+        "@opentelemetry/sdk-metrics": "1.28.0",
+        "@opentelemetry/sdk-trace-base": "1.28.0",
+        "protobufjs": "^7.3.0"
       },
       "engines": {
         "node": ">=14"
@@ -7095,87 +9835,74 @@
         "@opentelemetry/api": "^1.3.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-undici": {
-      "version": "0.7.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-undici/-/instrumentation-undici-0.7.0.tgz",
-      "integrity": "sha512-1AAqbVt1QOLgnc9DEkHS2R/0FIPI74ud5qgitwP9sVYzRg6e66bPSoAIARCyuANJrWCUrfgI69vLTfRxhBM+3A==",
+    "node_modules/@opentelemetry/otlp-grpc-exporter-base/node_modules/@opentelemetry/resources": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resources/-/resources-1.28.0.tgz",
+      "integrity": "sha512-cIyXSVJjGeTICENN40YSvLDAq4Y2502hGK3iN7tfdynQLKWb3XWZQEkPc+eSx47kiy11YeFAlYkEfXwR1w8kfw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "^1.8.0",
-        "@opentelemetry/instrumentation": "^0.54.0"
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.7.0"
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/instrumentation-winston": {
-      "version": "0.41.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation-winston/-/instrumentation-winston-0.41.0.tgz",
-      "integrity": "sha512-qtqGDx2Plu71s9xaeXut0YgZFG/y68ENG9vvo/SODeEC+4/APiS/htQ5YNJIxxjOuxYowdFYRqV9Kmef2EUzmw==",
+    "node_modules/@opentelemetry/otlp-grpc-exporter-base/node_modules/@opentelemetry/sdk-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-logs/-/sdk-logs-0.55.0.tgz",
+      "integrity": "sha512-TSx+Yg/d48uWW6HtjS1AD5x6WPfLhDWLl/WxC7I2fMevaiBuKCuraxTB8MDXieCNnBI24bw9ytyXrDCswFfWgA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "^0.54.0",
-        "@opentelemetry/instrumentation": "^0.54.0"
+        "@opentelemetry/api-logs": "0.55.0",
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
-      }
-    },
-    "node_modules/@opentelemetry/instrumentation/node_modules/semver": {
-      "version": "7.6.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
-      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
+        "@opentelemetry/api": ">=1.4.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/otlp-exporter-base": {
-      "version": "0.54.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-exporter-base/-/otlp-exporter-base-0.54.0.tgz",
-      "integrity": "sha512-g+H7+QleVF/9lz4zhaR9Dt4VwApjqG5WWupy5CTMpWJfHB/nLxBbX73GBZDgdiNfh08nO3rNa6AS7fK8OhgF5g==",
+    "node_modules/@opentelemetry/otlp-grpc-exporter-base/node_modules/@opentelemetry/sdk-metrics": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-metrics/-/sdk-metrics-1.28.0.tgz",
+      "integrity": "sha512-43tqMK/0BcKTyOvm15/WQ3HLr0Vu/ucAl/D84NO7iSlv6O4eOprxSHa3sUtmYkaZWHqdDJV0AHVz/R6u4JALVQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "1.27.0",
-        "@opentelemetry/otlp-transformer": "0.54.0"
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api": ">=1.3.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/otlp-grpc-exporter-base": {
-      "version": "0.54.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-grpc-exporter-base/-/otlp-grpc-exporter-base-0.54.0.tgz",
-      "integrity": "sha512-Yl2Dw0jlRWisEia9Hv/N8u2JLITCvzA6gAIKEvxpEu6nwHEftD2WhTJMIclkTtfmSW0rLmEEXymwmboG4xDN0Q==",
+    "node_modules/@opentelemetry/otlp-grpc-exporter-base/node_modules/@opentelemetry/sdk-trace-base": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-base/-/sdk-trace-base-1.28.0.tgz",
+      "integrity": "sha512-ceUVWuCpIao7Y5xE02Xs3nQi0tOGmMea17ecBdwtCvdo9ekmO+ijc9RFDgfifMl7XCBf41zne/1POM3LqSTZDA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@grpc/grpc-js": "^1.7.1",
-        "@opentelemetry/core": "1.27.0",
-        "@opentelemetry/otlp-exporter-base": "0.54.0",
-        "@opentelemetry/otlp-transformer": "0.54.0"
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.3.0"
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
       }
     },
     "node_modules/@opentelemetry/otlp-transformer": {
@@ -7201,9 +9928,9 @@
       }
     },
     "node_modules/@opentelemetry/propagation-utils": {
-      "version": "0.30.12",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/propagation-utils/-/propagation-utils-0.30.12.tgz",
-      "integrity": "sha512-bgab3q/4dYUutUpQCEaSDa+mLoQJG3vJKeSiGuhM4iZaSpkz8ov0fs1MGil5PfxCo6Hhw3bB3bFYhUtnsfT/Pg==",
+      "version": "0.30.13",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/propagation-utils/-/propagation-utils-0.30.13.tgz",
+      "integrity": "sha512-gE61ANH84XLOU2HwXeWw1b83exxdEaTY98HxTecmuJ1nSrBNaoM/tWt4u4+2MoCZUhdmP088+wbT5oUq1pF79Q==",
       "dev": true,
       "license": "Apache-2.0",
       "engines": {
@@ -7213,29 +9940,30 @@
         "@opentelemetry/api": "^1.0.0"
       }
     },
-    "node_modules/@opentelemetry/propagator-aws-xray": {
-      "version": "1.3.1",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/propagator-aws-xray/-/propagator-aws-xray-1.3.1.tgz",
-      "integrity": "sha512-6fDMzFlt5r6VWv7MUd0eOpglXPFqykW8CnOuUxJ1VZyLy6mV1bzBlzpsqEmhx1bjvZYvH93vhGkQZqrm95mlrQ==",
+    "node_modules/@opentelemetry/propagator-b3": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/propagator-b3/-/propagator-b3-1.28.0.tgz",
+      "integrity": "sha512-Q7HVDIMwhN5RxL4bECMT4BdbyYSAKkC6U/RGn4NpO/cbqP6ZRg+BS7fPo/pGZi2w8AHfpIGQFXQmE8d2PC5xxQ==",
       "dev": true,
+      "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "^1.0.0"
+        "@opentelemetry/core": "1.28.0"
       },
       "engines": {
         "node": ">=14"
       },
       "peerDependencies": {
-        "@opentelemetry/api": "^1.0.0"
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
       }
     },
-    "node_modules/@opentelemetry/propagator-b3": {
-      "version": "1.27.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/propagator-b3/-/propagator-b3-1.27.0.tgz",
-      "integrity": "sha512-pTsko3gnMioe3FeWcwTQR3omo5C35tYsKKwjgTCTVCgd3EOWL9BZrMfgLBmszrwXABDfUrlAEFN/0W0FfQGynQ==",
+    "node_modules/@opentelemetry/propagator-b3/node_modules/@opentelemetry/core": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-1.28.0.tgz",
+      "integrity": "sha512-ZLwRMV+fNDpVmF2WYUdBHlq0eOWtEaUJSusrzjGnBt7iSRvfjFE3RXYUZJrqou/wIDWV0DwQ5KIfYe9WXg9Xqw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "1.27.0"
+        "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
         "node": ">=14"
@@ -7245,13 +9973,29 @@
       }
     },
     "node_modules/@opentelemetry/propagator-jaeger": {
-      "version": "1.27.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/propagator-jaeger/-/propagator-jaeger-1.27.0.tgz",
-      "integrity": "sha512-EI1bbK0wn0yIuKlc2Qv2LKBRw6LiUWevrjCF80fn/rlaB+7StAi8Y5s8DBqAYNpY7v1q86+NjU18v7hj2ejU3A==",
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/propagator-jaeger/-/propagator-jaeger-1.28.0.tgz",
+      "integrity": "sha512-wKJ94+s8467CnIRgoSRh0yXm/te0QMOwTq9J01PfG/RzYZvlvN8aRisN2oZ9SznB45dDGnMj3BhUlchSA9cEKA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "1.28.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
+      }
+    },
+    "node_modules/@opentelemetry/propagator-jaeger/node_modules/@opentelemetry/core": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-1.28.0.tgz",
+      "integrity": "sha512-ZLwRMV+fNDpVmF2WYUdBHlq0eOWtEaUJSusrzjGnBt7iSRvfjFE3RXYUZJrqou/wIDWV0DwQ5KIfYe9WXg9Xqw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/core": "1.27.0"
+        "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
         "node": ">=14"
@@ -7271,9 +10015,9 @@
       }
     },
     "node_modules/@opentelemetry/resource-detector-alibaba-cloud": {
-      "version": "0.29.4",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-alibaba-cloud/-/resource-detector-alibaba-cloud-0.29.4.tgz",
-      "integrity": "sha512-U3sWPoBXiEE51jJGhRrW19hLvrRbBbZWTp3Yc7IaRVFODNNzmibOolyi2ow1XN68UgRT4BRuwgwbnM5GbG/E5Q==",
+      "version": "0.29.5",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-alibaba-cloud/-/resource-detector-alibaba-cloud-0.29.5.tgz",
+      "integrity": "sha512-bCtNnKlx3vcxo/rTdpgat6RiP9hcqahdLN79IRQgSGpD/2iw7cmdaZo4bWQYQsf3jMU8p+08mQkbvDeSqt1TmA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -7289,9 +10033,9 @@
       }
     },
     "node_modules/@opentelemetry/resource-detector-aws": {
-      "version": "1.7.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-aws/-/resource-detector-aws-1.7.0.tgz",
-      "integrity": "sha512-VxrwUi/9QcVIV+40d/jOKQthfD/E4/ppQ9FsYpDH7qy16cOO5519QOdihCQJYpVNbgDqf6q3hVrCy1f8UuG8YA==",
+      "version": "1.8.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-aws/-/resource-detector-aws-1.8.0.tgz",
+      "integrity": "sha512-f+tiNoebEvdinXs0pN0XJCNceeXT8I6l2yyKI6C5oRAirhCEcIWcJMxwY4kJyNKmoupcGCXVz7cQaZOhB3keiw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -7307,9 +10051,9 @@
       }
     },
     "node_modules/@opentelemetry/resource-detector-azure": {
-      "version": "0.2.12",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-azure/-/resource-detector-azure-0.2.12.tgz",
-      "integrity": "sha512-iIarQu6MiCjEEp8dOzmBvCSlRITPFTinFB2oNKAjU6xhx8d7eUcjNOKhBGQTvuCriZrxrEvDaEEY9NfrPQ6uYQ==",
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-azure/-/resource-detector-azure-0.3.0.tgz",
+      "integrity": "sha512-MFKiCQ+rUxCwJJH0ZLcdtsJ6FK/vLERsBhcu5pKHPSupdauVPaR5iRibApoF9dxZ1wuG5f+BRFO+USGdZXorDg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -7325,9 +10069,9 @@
       }
     },
     "node_modules/@opentelemetry/resource-detector-container": {
-      "version": "0.5.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-container/-/resource-detector-container-0.5.0.tgz",
-      "integrity": "sha512-ozp+ggcbl17xFfL91+DFgP8nmfzthNLxVTDOQUVgQgngVsSaBb5/I1Tnt63ZX2GCMdBJTxUBbFsqFvO0CjfGLg==",
+      "version": "0.5.1",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-container/-/resource-detector-container-0.5.1.tgz",
+      "integrity": "sha512-RMzfpH43IcLFeXM35WIBwwruSwGcWM+K01+CPibQKOZxNVZYRHo7/rdjT+QGCXkcp2LodC6vFFylcZChVao59Q==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -7343,9 +10087,9 @@
       }
     },
     "node_modules/@opentelemetry/resource-detector-gcp": {
-      "version": "0.29.13",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-gcp/-/resource-detector-gcp-0.29.13.tgz",
-      "integrity": "sha512-vdotx+l3Q+89PeyXMgKEGnZ/CwzwMtuMi/ddgD9/5tKZ08DfDGB2Npz9m2oXPHRCjc4Ro6ifMqFlRyzIvgOjhg==",
+      "version": "0.30.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-gcp/-/resource-detector-gcp-0.30.0.tgz",
+      "integrity": "sha512-lEbeiPEQtD+JGknF1ZZ6W7hsr1Ul9V27S68tIaPrY6WNdnuTL/7vcZSKHO8eu6NnCNJ7Up9oGFloMb2sfUazig==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -7414,36 +10158,228 @@
       }
     },
     "node_modules/@opentelemetry/sdk-node": {
-      "version": "0.54.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-node/-/sdk-node-0.54.0.tgz",
-      "integrity": "sha512-F0mdwb4WPFJNypcmkxQnj3sIfh/73zkBgYePXMK8ghsBwYw4+PgM3/85WT6NzNUeOvWtiXacx5CFft2o7rGW3w==",
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-node/-/sdk-node-0.55.0.tgz",
+      "integrity": "sha512-gSXQWV23+9vhbjsvAIeM0LxY3W8DTKI3MZlzFp61noIb1jSr46ET+qoUjHlfZ1Yymebv9KXWeZsqhft81HBXuQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/api-logs": "0.54.0",
-        "@opentelemetry/core": "1.27.0",
-        "@opentelemetry/exporter-logs-otlp-grpc": "0.54.0",
-        "@opentelemetry/exporter-logs-otlp-http": "0.54.0",
-        "@opentelemetry/exporter-logs-otlp-proto": "0.54.0",
-        "@opentelemetry/exporter-trace-otlp-grpc": "0.54.0",
-        "@opentelemetry/exporter-trace-otlp-http": "0.54.0",
-        "@opentelemetry/exporter-trace-otlp-proto": "0.54.0",
-        "@opentelemetry/exporter-zipkin": "1.27.0",
-        "@opentelemetry/instrumentation": "0.54.0",
-        "@opentelemetry/resources": "1.27.0",
-        "@opentelemetry/sdk-logs": "0.54.0",
-        "@opentelemetry/sdk-metrics": "1.27.0",
-        "@opentelemetry/sdk-trace-base": "1.27.0",
-        "@opentelemetry/sdk-trace-node": "1.27.0",
+        "@opentelemetry/api-logs": "0.55.0",
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/exporter-logs-otlp-grpc": "0.55.0",
+        "@opentelemetry/exporter-logs-otlp-http": "0.55.0",
+        "@opentelemetry/exporter-logs-otlp-proto": "0.55.0",
+        "@opentelemetry/exporter-trace-otlp-grpc": "0.55.0",
+        "@opentelemetry/exporter-trace-otlp-http": "0.55.0",
+        "@opentelemetry/exporter-trace-otlp-proto": "0.55.0",
+        "@opentelemetry/exporter-zipkin": "1.28.0",
+        "@opentelemetry/instrumentation": "0.55.0",
+        "@opentelemetry/resources": "1.28.0",
+        "@opentelemetry/sdk-logs": "0.55.0",
+        "@opentelemetry/sdk-metrics": "1.28.0",
+        "@opentelemetry/sdk-trace-base": "1.28.0",
+        "@opentelemetry/sdk-trace-node": "1.28.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": ">=1.3.0 <1.10.0"
+      }
+    },
+    "node_modules/@opentelemetry/sdk-node/node_modules/@opentelemetry/api-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/api-logs/-/api-logs-0.55.0.tgz",
+      "integrity": "sha512-3cpa+qI45VHYcA5c0bHM6VHo9gicv3p5mlLHNG3rLyjQU8b7e0st1rWtrUn3JbZ3DwwCfhKop4eQ9UuYlC6Pkg==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/@opentelemetry/sdk-node/node_modules/@opentelemetry/core": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-1.28.0.tgz",
+      "integrity": "sha512-ZLwRMV+fNDpVmF2WYUdBHlq0eOWtEaUJSusrzjGnBt7iSRvfjFE3RXYUZJrqou/wIDWV0DwQ5KIfYe9WXg9Xqw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/semantic-conventions": "1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
+      }
+    },
+    "node_modules/@opentelemetry/sdk-node/node_modules/@opentelemetry/exporter-trace-otlp-proto": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/exporter-trace-otlp-proto/-/exporter-trace-otlp-proto-0.55.0.tgz",
+      "integrity": "sha512-qxiJFP+bBZW3+goHCGkE1ZdW9gJU0fR7eQ6OP+Rz5oGtEBbq4nkGodhb7C9FJlEFlE2siPtCxoeupV0gtYynag==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/otlp-exporter-base": "0.55.0",
+        "@opentelemetry/otlp-transformer": "0.55.0",
+        "@opentelemetry/resources": "1.28.0",
+        "@opentelemetry/sdk-trace-base": "1.28.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/sdk-node/node_modules/@opentelemetry/instrumentation": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/instrumentation/-/instrumentation-0.55.0.tgz",
+      "integrity": "sha512-YDCMlaQRZkziLL3t6TONRgmmGxDx6MyQDXRD0dknkkgUZtOK5+8MWft1OXzmNu6XfBOdT12MKN5rz+jHUkafKQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@types/shimmer": "^1.2.0",
+        "import-in-the-middle": "^1.8.1",
+        "require-in-the-middle": "^7.1.1",
+        "semver": "^7.5.2",
+        "shimmer": "^1.2.1"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/sdk-node/node_modules/@opentelemetry/otlp-exporter-base": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-exporter-base/-/otlp-exporter-base-0.55.0.tgz",
+      "integrity": "sha512-iHQI0Zzq3h1T6xUJTVFwmFl5Dt5y1es+fl4kM+k5T/3YvmVyeYkSiF+wHCg6oKrlUAJfk+t55kaAu3sYmt7ZYA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/otlp-transformer": "0.55.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/sdk-node/node_modules/@opentelemetry/otlp-transformer": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/otlp-transformer/-/otlp-transformer-0.55.0.tgz",
+      "integrity": "sha512-kVqEfxtp6mSN2Dhpy0REo1ghP4PYhC1kMHQJ2qVlO99Pc+aigELjZDfg7/YKmL71gR6wVGIeJfiql/eXL7sQPA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0",
+        "@opentelemetry/sdk-logs": "0.55.0",
+        "@opentelemetry/sdk-metrics": "1.28.0",
+        "@opentelemetry/sdk-trace-base": "1.28.0",
+        "protobufjs": "^7.3.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": "^1.3.0"
+      }
+    },
+    "node_modules/@opentelemetry/sdk-node/node_modules/@opentelemetry/resources": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resources/-/resources-1.28.0.tgz",
+      "integrity": "sha512-cIyXSVJjGeTICENN40YSvLDAq4Y2502hGK3iN7tfdynQLKWb3XWZQEkPc+eSx47kiy11YeFAlYkEfXwR1w8kfw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "1.28.0",
         "@opentelemetry/semantic-conventions": "1.27.0"
       },
       "engines": {
         "node": ">=14"
       },
+      "peerDependencies": {
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
+      }
+    },
+    "node_modules/@opentelemetry/sdk-node/node_modules/@opentelemetry/sdk-logs": {
+      "version": "0.55.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-logs/-/sdk-logs-0.55.0.tgz",
+      "integrity": "sha512-TSx+Yg/d48uWW6HtjS1AD5x6WPfLhDWLl/WxC7I2fMevaiBuKCuraxTB8MDXieCNnBI24bw9ytyXrDCswFfWgA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/api-logs": "0.55.0",
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": ">=1.4.0 <1.10.0"
+      }
+    },
+    "node_modules/@opentelemetry/sdk-node/node_modules/@opentelemetry/sdk-metrics": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-metrics/-/sdk-metrics-1.28.0.tgz",
+      "integrity": "sha512-43tqMK/0BcKTyOvm15/WQ3HLr0Vu/ucAl/D84NO7iSlv6O4eOprxSHa3sUtmYkaZWHqdDJV0AHVz/R6u4JALVQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
       "peerDependencies": {
         "@opentelemetry/api": ">=1.3.0 <1.10.0"
       }
     },
+    "node_modules/@opentelemetry/sdk-node/node_modules/@opentelemetry/sdk-trace-base": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-base/-/sdk-trace-base-1.28.0.tgz",
+      "integrity": "sha512-ceUVWuCpIao7Y5xE02Xs3nQi0tOGmMea17ecBdwtCvdo9ekmO+ijc9RFDgfifMl7XCBf41zne/1POM3LqSTZDA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
+      }
+    },
+    "node_modules/@opentelemetry/sdk-node/node_modules/semver": {
+      "version": "7.6.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz",
+      "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==",
+      "dev": true,
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/@opentelemetry/sdk-trace-base": {
       "version": "1.27.0",
       "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-base/-/sdk-trace-base-1.27.0.tgz",
@@ -7463,17 +10399,17 @@
       }
     },
     "node_modules/@opentelemetry/sdk-trace-node": {
-      "version": "1.27.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-node/-/sdk-trace-node-1.27.0.tgz",
-      "integrity": "sha512-dWZp/dVGdUEfRBjBq2BgNuBlFqHCxyyMc8FsN0NX15X07mxSUO0SZRLyK/fdAVrde8nqFI/FEdMH4rgU9fqJfQ==",
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-node/-/sdk-trace-node-1.28.0.tgz",
+      "integrity": "sha512-N0sYfYXvHpP0FNIyc+UfhLnLSTOuZLytV0qQVrDWIlABeD/DWJIGttS7nYeR14gQLXch0M1DW8zm3VeN6Opwtg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@opentelemetry/context-async-hooks": "1.27.0",
-        "@opentelemetry/core": "1.27.0",
-        "@opentelemetry/propagator-b3": "1.27.0",
-        "@opentelemetry/propagator-jaeger": "1.27.0",
-        "@opentelemetry/sdk-trace-base": "1.27.0",
+        "@opentelemetry/context-async-hooks": "1.28.0",
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/propagator-b3": "1.28.0",
+        "@opentelemetry/propagator-jaeger": "1.28.0",
+        "@opentelemetry/sdk-trace-base": "1.28.0",
         "semver": "^7.5.2"
       },
       "engines": {
@@ -7483,6 +10419,57 @@
         "@opentelemetry/api": ">=1.0.0 <1.10.0"
       }
     },
+    "node_modules/@opentelemetry/sdk-trace-node/node_modules/@opentelemetry/core": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/core/-/core-1.28.0.tgz",
+      "integrity": "sha512-ZLwRMV+fNDpVmF2WYUdBHlq0eOWtEaUJSusrzjGnBt7iSRvfjFE3RXYUZJrqou/wIDWV0DwQ5KIfYe9WXg9Xqw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/semantic-conventions": "1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
+      }
+    },
+    "node_modules/@opentelemetry/sdk-trace-node/node_modules/@opentelemetry/resources": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resources/-/resources-1.28.0.tgz",
+      "integrity": "sha512-cIyXSVJjGeTICENN40YSvLDAq4Y2502hGK3iN7tfdynQLKWb3XWZQEkPc+eSx47kiy11YeFAlYkEfXwR1w8kfw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
+      }
+    },
+    "node_modules/@opentelemetry/sdk-trace-node/node_modules/@opentelemetry/sdk-trace-base": {
+      "version": "1.28.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/sdk-trace-base/-/sdk-trace-base-1.28.0.tgz",
+      "integrity": "sha512-ceUVWuCpIao7Y5xE02Xs3nQi0tOGmMea17ecBdwtCvdo9ekmO+ijc9RFDgfifMl7XCBf41zne/1POM3LqSTZDA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "@opentelemetry/core": "1.28.0",
+        "@opentelemetry/resources": "1.28.0",
+        "@opentelemetry/semantic-conventions": "1.27.0"
+      },
+      "engines": {
+        "node": ">=14"
+      },
+      "peerDependencies": {
+        "@opentelemetry/api": ">=1.0.0 <1.10.0"
+      }
+    },
     "node_modules/@opentelemetry/sdk-trace-node/node_modules/lru-cache": {
       "version": "6.0.0",
       "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz",
diff --git a/package.json b/package.json
index c2ac37a0a36..a3d56c50f0b 100644
--- a/package.json
+++ b/package.json
@@ -141,7 +141,7 @@
     "@babel/register": "^7.23.7",
     "@graphql-eslint/eslint-plugin": "^3.20.1",
     "@opentelemetry/api": "^1.7.0",
-    "@opentelemetry/auto-instrumentations-node": "^0.52.0",
+    "@opentelemetry/auto-instrumentations-node": "^0.53.0",
     "@opentelemetry/exporter-trace-otlp-proto": "^0.54.0",
     "@opentelemetry/instrumentation": "^0.54.0",
     "@opentelemetry/resources": "^1.20.0",

From 47ecd6a26f314343af164046fbba892675660931 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 25 Nov 2024 10:55:29 +0100
Subject: [PATCH 078/129] fix(deps): update dependency intl-messageformat to
 v10.7.7 (#10486)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 44 ++++++++++++++++++++++----------------------
 package.json      |  2 +-
 2 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 2550c635be4..0c8ac7b8aea 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -74,7 +74,7 @@
         "html-pdf": "3.0.1",
         "html-to-text": "9.0.5",
         "ics": "3.8.1",
-        "intl-messageformat": "10.7.6",
+        "intl-messageformat": "10.7.7",
         "jsonwebtoken": "9.0.2",
         "juice": "10.0.1",
         "limax": "4.1.0",
@@ -4151,13 +4151,13 @@
       }
     },
     "node_modules/@formatjs/ecma402-abstract": {
-      "version": "2.2.3",
-      "resolved": "https://registry.npmjs.org/@formatjs/ecma402-abstract/-/ecma402-abstract-2.2.3.tgz",
-      "integrity": "sha512-aElGmleuReGnk2wtYOzYFmNWYoiWWmf1pPPCYg0oiIQSJj0mjc4eUfzUXaSOJ4S8WzI/cLqnCTWjqz904FT2OQ==",
+      "version": "2.2.4",
+      "resolved": "https://registry.npmjs.org/@formatjs/ecma402-abstract/-/ecma402-abstract-2.2.4.tgz",
+      "integrity": "sha512-lFyiQDVvSbQOpU+WFd//ILolGj4UgA/qXrKeZxdV14uKiAUiPAtX6XAn7WBCRi7Mx6I7EybM9E5yYn4BIpZWYg==",
       "license": "MIT",
       "dependencies": {
         "@formatjs/fast-memoize": "2.2.3",
-        "@formatjs/intl-localematcher": "0.5.7",
+        "@formatjs/intl-localematcher": "0.5.8",
         "tslib": "2"
       }
     },
@@ -4171,30 +4171,30 @@
       }
     },
     "node_modules/@formatjs/icu-messageformat-parser": {
-      "version": "2.9.3",
-      "resolved": "https://registry.npmjs.org/@formatjs/icu-messageformat-parser/-/icu-messageformat-parser-2.9.3.tgz",
-      "integrity": "sha512-9L99QsH14XjOCIp4TmbT8wxuffJxGK8uLNO1zNhLtcZaVXvv626N0s4A2qgRCKG3dfYWx9psvGlFmvyVBa6u/w==",
+      "version": "2.9.4",
+      "resolved": "https://registry.npmjs.org/@formatjs/icu-messageformat-parser/-/icu-messageformat-parser-2.9.4.tgz",
+      "integrity": "sha512-Tbvp5a9IWuxUcpWNIW6GlMQYEc4rwNHR259uUFoKWNN1jM9obf9Ul0e+7r7MvFOBNcN+13K7NuKCKqQiAn1QEg==",
       "license": "MIT",
       "dependencies": {
-        "@formatjs/ecma402-abstract": "2.2.3",
-        "@formatjs/icu-skeleton-parser": "1.8.7",
+        "@formatjs/ecma402-abstract": "2.2.4",
+        "@formatjs/icu-skeleton-parser": "1.8.8",
         "tslib": "2"
       }
     },
     "node_modules/@formatjs/icu-skeleton-parser": {
-      "version": "1.8.7",
-      "resolved": "https://registry.npmjs.org/@formatjs/icu-skeleton-parser/-/icu-skeleton-parser-1.8.7.tgz",
-      "integrity": "sha512-fI+6SmS2g7h3srfAKSWa5dwreU5zNEfon2uFo99OToiLF6yxGE+WikvFSbsvMAYkscucvVmTYNlWlaDPp0n5HA==",
+      "version": "1.8.8",
+      "resolved": "https://registry.npmjs.org/@formatjs/icu-skeleton-parser/-/icu-skeleton-parser-1.8.8.tgz",
+      "integrity": "sha512-vHwK3piXwamFcx5YQdCdJxUQ1WdTl6ANclt5xba5zLGDv5Bsur7qz8AD7BevaKxITwpgDeU0u8My3AIibW9ywA==",
       "license": "MIT",
       "dependencies": {
-        "@formatjs/ecma402-abstract": "2.2.3",
+        "@formatjs/ecma402-abstract": "2.2.4",
         "tslib": "2"
       }
     },
     "node_modules/@formatjs/intl-localematcher": {
-      "version": "0.5.7",
-      "resolved": "https://registry.npmjs.org/@formatjs/intl-localematcher/-/intl-localematcher-0.5.7.tgz",
-      "integrity": "sha512-GGFtfHGQVFe/niOZp24Kal5b2i36eE2bNL0xi9Sg/yd0TR8aLjcteApZdHmismP5QQax1cMnZM9yWySUUjJteA==",
+      "version": "0.5.8",
+      "resolved": "https://registry.npmjs.org/@formatjs/intl-localematcher/-/intl-localematcher-0.5.8.tgz",
+      "integrity": "sha512-I+WDNWWJFZie+jkfkiK5Mp4hEDyRSEvmyfYadflOno/mmKJKcB17fEpEH0oJu/OWhhCJ8kJBDz2YMd/6cDl7Mg==",
       "license": "MIT",
       "dependencies": {
         "tslib": "2"
@@ -18639,14 +18639,14 @@
       }
     },
     "node_modules/intl-messageformat": {
-      "version": "10.7.6",
-      "resolved": "https://registry.npmjs.org/intl-messageformat/-/intl-messageformat-10.7.6.tgz",
-      "integrity": "sha512-IsMU/hqyy3FJwNJ0hxDfY2heJ7MteSuFvcnCebxRp67di4Fhx1gKKE+qS0bBwUF8yXkX9SsPUhLeX/B6h5SKUA==",
+      "version": "10.7.7",
+      "resolved": "https://registry.npmjs.org/intl-messageformat/-/intl-messageformat-10.7.7.tgz",
+      "integrity": "sha512-F134jIoeYMro/3I0h08D0Yt4N9o9pjddU/4IIxMMURqbAtI2wu70X8hvG1V48W49zXHXv3RKSF/po+0fDfsGjA==",
       "license": "BSD-3-Clause",
       "dependencies": {
-        "@formatjs/ecma402-abstract": "2.2.3",
+        "@formatjs/ecma402-abstract": "2.2.4",
         "@formatjs/fast-memoize": "2.2.3",
-        "@formatjs/icu-messageformat-parser": "2.9.3",
+        "@formatjs/icu-messageformat-parser": "2.9.4",
         "tslib": "2"
       }
     },
diff --git a/package.json b/package.json
index a3d56c50f0b..55cbf7e9bf1 100644
--- a/package.json
+++ b/package.json
@@ -95,7 +95,7 @@
     "html-pdf": "3.0.1",
     "html-to-text": "9.0.5",
     "ics": "3.8.1",
-    "intl-messageformat": "10.7.6",
+    "intl-messageformat": "10.7.7",
     "jsonwebtoken": "9.0.2",
     "juice": "10.0.1",
     "limax": "4.1.0",

From ec9dbc5c56f498baae7a3de233822d387337c2bc Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 25 Nov 2024 10:55:46 +0100
Subject: [PATCH 079/129] fix(deps): update dependency @elastic/elasticsearch
 to v8.16.2 (#10485)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 0c8ac7b8aea..7462c340b36 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -14,7 +14,7 @@
         "@babel/node": "7.26.0",
         "@babel/plugin-transform-typescript": "7.25.9",
         "@babel/preset-env": "7.26.0",
-        "@elastic/elasticsearch": "8.16.1",
+        "@elastic/elasticsearch": "8.16.2",
         "@escape.tech/graphql-armor": "3.1.1",
         "@hyperwatch/hyperwatch": "4.0.0",
         "@json2csv/plainjs": "^7.0.6",
@@ -3814,9 +3814,9 @@
       }
     },
     "node_modules/@elastic/elasticsearch": {
-      "version": "8.16.1",
-      "resolved": "https://registry.npmjs.org/@elastic/elasticsearch/-/elasticsearch-8.16.1.tgz",
-      "integrity": "sha512-ddBaY9ITag4egeYNY+uGWi7QZSX2x+SWTEum1bvfspbEU/G5Q3g6sdlBAkg29NWIpINH6FEnaanGeO7XjNvSHQ==",
+      "version": "8.16.2",
+      "resolved": "https://registry.npmjs.org/@elastic/elasticsearch/-/elasticsearch-8.16.2.tgz",
+      "integrity": "sha512-2ivc6uS97fbEeW4tNtg5mvh/Jy82ZLfcwQ1HhNhdYxyapNnQxIgZ83Zd8Ir+5jCPMDWKSYgwDb8t4GAINDDv2w==",
       "license": "Apache-2.0",
       "dependencies": {
         "@elastic/transport": "^8.9.1",
diff --git a/package.json b/package.json
index 55cbf7e9bf1..2e837ad3232 100644
--- a/package.json
+++ b/package.json
@@ -35,7 +35,7 @@
     "@babel/node": "7.26.0",
     "@babel/plugin-transform-typescript": "7.25.9",
     "@babel/preset-env": "7.26.0",
-    "@elastic/elasticsearch": "8.16.1",
+    "@elastic/elasticsearch": "8.16.2",
     "@escape.tech/graphql-armor": "3.1.1",
     "@hyperwatch/hyperwatch": "4.0.0",
     "@json2csv/plainjs": "^7.0.6",

From 856cf9cfd12d11b718ba057b9e6e8611d3cb560a Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 25 Nov 2024 11:46:53 +0100
Subject: [PATCH 080/129] chore(deps): update dependency typescript to v5.7.2
 (#10488)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 7462c340b36..95779bafa7f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -169,7 +169,7 @@
         "sinon-chai": "^3.7.0",
         "supertest": "^7.0.0",
         "ts-unused-exports": "^10.1.0",
-        "typescript": "5.6.3"
+        "typescript": "5.7.2"
       },
       "engines": {
         "node": "20.x",
@@ -26040,9 +26040,9 @@
       }
     },
     "node_modules/typescript": {
-      "version": "5.6.3",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.6.3.tgz",
-      "integrity": "sha512-hjcS1mhfuyi4WW8IWtjP7brDrG2cuDZukyrYrSauoXGNgx0S7zceP07adYkJycEr56BOUTNPzbInooiN3fn1qw==",
+      "version": "5.7.2",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.7.2.tgz",
+      "integrity": "sha512-i5t66RHxDvVN40HfDd1PsEThGNnlMCMT3jMUuoh9/0TaqWevNontacunWyN02LA9/fIbEWlcHZcgTKb9QoaLfg==",
       "dev": true,
       "license": "Apache-2.0",
       "bin": {
diff --git a/package.json b/package.json
index 2e837ad3232..54f99b8f0f6 100644
--- a/package.json
+++ b/package.json
@@ -190,7 +190,7 @@
     "sinon-chai": "^3.7.0",
     "supertest": "^7.0.0",
     "ts-unused-exports": "^10.1.0",
-    "typescript": "5.6.3"
+    "typescript": "5.7.2"
   },
   "scripts": {
     "build": "npm run build:clean && npm run build:updates && npm run build:server",

From e1934e34a8c04d61acbef3bc40578cc86c78bf26 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Mon, 25 Nov 2024 15:56:15 +0100
Subject: [PATCH 081/129] fix(checks): misc fixes (#10489)

---
 checks/model/members.js | 2 ++
 checks/model/orders.js  | 7 +++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/checks/model/members.js b/checks/model/members.js
index f8cab9a51b4..f6f28edb37a 100644
--- a/checks/model/members.js
+++ b/checks/model/members.js
@@ -130,6 +130,8 @@ async function checkMissingMembers({ fix = false }) {
       )
     INNER JOIN "Collectives" c
       ON c."id" = o."CollectiveId" AND c."deletedAt" IS NULL
+    INNER JOIN "Collectives" fc
+      ON fc."id" = o."FromCollectiveId" AND fc."deletedAt" IS NULL
     LEFT JOIN "Tiers" t
       ON t."id" = o."TierId" AND t."deletedAt" IS NULL
     WHERE o.status in ('PAID', 'ACTIVE')
diff --git a/checks/model/orders.js b/checks/model/orders.js
index 3543c9fb634..9b6e6c00e6b 100644
--- a/checks/model/orders.js
+++ b/checks/model/orders.js
@@ -32,13 +32,16 @@ async function checkDuplicateNonRecurringContribution() {
 async function checkPaidOrdersWithNullProcessedAt({ fix = false } = {}) {
   const message = 'Paid Order with null processedAt';
 
-  const results = await sequelize.query(`
+  const results = await sequelize.query(
+    `
     SELECT id, "updatedAt"
     FROM "Orders"
     WHERE status = 'PAID'
     AND "processedAt" IS NULL
     ORDER BY "createdAt" DESC
-  `);
+  `,
+    { type: sequelize.QueryTypes.SELECT, raw: true },
+  );
 
   if (results.length > 0) {
     if (!fix) {

From 0e84ea5b424c2d14b04b4652a585248fdfc35ada Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Hodierne?= <francois@hodierne.net>
Date: Mon, 25 Nov 2024 16:11:24 +0100
Subject: [PATCH 082/129] Mark all orders as REJECTED in reject-contributions
 script (#10483)

* always mark orders as REJECTED (even for one-time contributions)

* remove actionTaken
---
 cron/disabled/reject-contributions.js | 36 ++++++++-------------------
 1 file changed, 11 insertions(+), 25 deletions(-)

diff --git a/cron/disabled/reject-contributions.js b/cron/disabled/reject-contributions.js
index eb1b0db491f..9e318f3672f 100644
--- a/cron/disabled/reject-contributions.js
+++ b/cron/disabled/reject-contributions.js
@@ -73,9 +73,7 @@ async function run({ dryRun, limit, force } = {}) {
 
     logger.info(`  - Found rejected categories: ${rejectedCategories.join(', ')}`);
 
-    let shouldMarkAsRejected = true;
     let shouldNotifyContributor = true;
-    let actionTaken = false;
 
     // Retrieve latest transaction to refund it (less than 30 days)
     const transaction = await models.Transaction.findOne({
@@ -110,9 +108,7 @@ async function run({ dryRun, limit, force } = {}) {
             } else if (force) {
               await createRefundTransaction(transaction, 0, null);
             } else {
-              // don't mark as REJECTED non-refunded one time contributions
               if (order.status === 'PAID') {
-                shouldMarkAsRejected = false;
                 shouldNotifyContributor = false;
               }
             }
@@ -124,7 +120,6 @@ async function run({ dryRun, limit, force } = {}) {
               }
             }
           }
-          actionTaken = true;
         }
       } else {
         logger.info(`  - Transaction already refunded`);
@@ -132,38 +127,32 @@ async function run({ dryRun, limit, force } = {}) {
     } else {
       logger.info(`  - No transaction found`);
       if (order.status === 'PAID') {
-        shouldMarkAsRejected = false;
         shouldNotifyContributor = false;
       }
     }
 
-    // Mark the Order as rejected (only if we found a transaction to refund)
-    if (shouldMarkAsRejected) {
-      logger.info(`  - Marking order #${order.id} as rejected `);
-      if (!dryRun) {
-        await order.update({ status: orderStatus.REJECTED });
-      }
-      actionTaken = true;
+    // Mark the Order as rejected (always)
+    logger.info(`  - Marking order #${order.id} (${order.status}) as REJECTED`);
+    if (!dryRun) {
+      await order.update({ status: orderStatus.REJECTED });
     }
 
     // Deactivate subscription
     if (order.SubscriptionId) {
       const subscription = await models.Subscription.findByPk(order.SubscriptionId);
-      if (subscription) {
+      if (subscription?.isActive) {
         logger.info(`  - Deactivating subscription #${order.SubscriptionId}`);
         if (!dryRun) {
           await subscription.deactivate('Contribution rejected');
         }
-        actionTaken = true;
       } else {
-        logger.info(`  - Subscription not found`);
+        logger.info(`  - Subscription not active or not found`);
       }
     } else {
       logger.info(`  - No subscription to deactivate`);
     }
 
     // Remove memberships
-
     const membershipSearchParams = {
       where: {
         MemberCollectiveId: fromCollective.id,
@@ -177,18 +166,15 @@ async function run({ dryRun, limit, force } = {}) {
       if (!dryRun) {
         await models.Member.destroy(membershipSearchParams);
       }
-      actionTaken = true;
     } else {
       logger.info(`  - No BACKER memberships to delete`);
     }
 
-    if (actionTaken) {
-      logger.info(`  - Purging cache for ${collective.slug}`);
-      logger.info(`  - Purging cache for ${fromCollective.slug}`);
-      if (!dryRun) {
-        purgeCacheForCollective(collective.slug);
-        purgeCacheForCollective(fromCollective.slug);
-      }
+    logger.info(`  - Purging cache for ${collective.slug}`);
+    logger.info(`  - Purging cache for ${fromCollective.slug}`);
+    if (!dryRun) {
+      purgeCacheForCollective(collective.slug);
+      purgeCacheForCollective(fromCollective.slug);
     }
 
     if (shouldNotifyContributor) {

From 9d2426d67987ed0e6eb5f8ec8dcbbd6add0703ca Mon Sep 17 00:00:00 2001
From: Xavier Damman <xdamman@gmail.com>
Date: Tue, 26 Nov 2024 09:31:55 +0100
Subject: [PATCH 083/129] record orderId in Stripe (#10490)

---
 server/paymentProviders/stripe/creditcard.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/server/paymentProviders/stripe/creditcard.ts b/server/paymentProviders/stripe/creditcard.ts
index f66d76df48d..87330742983 100644
--- a/server/paymentProviders/stripe/creditcard.ts
+++ b/server/paymentProviders/stripe/creditcard.ts
@@ -57,6 +57,7 @@ const createChargeAndTransactions = async (
       metadata: {
         from: `${config.host.website}/${order.fromCollective.slug}`,
         to: `${config.host.website}/${order.collective.slug}`,
+        orderId: order.id,
       },
     };
     // We don't add a platform fee if the host is the root account

From f800d44cf6ae84154e7755f40ade20ef1cadab9b Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Tue, 26 Nov 2024 10:29:33 +0100
Subject: [PATCH 084/129] fix(Transaction): merchant ID for tip transactions
 (#10491)

---
 server/graphql/v2/interface/Transaction.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/graphql/v2/interface/Transaction.js b/server/graphql/v2/interface/Transaction.js
index 6c5e29a4f98..7ec8f6f26fc 100644
--- a/server/graphql/v2/interface/Transaction.js
+++ b/server/graphql/v2/interface/Transaction.js
@@ -757,7 +757,7 @@ export const TransactionFields = () => {
           const contributionTransaction =
             await req.loaders.Transaction.relatedContributionTransaction.load(transaction);
           if (contributionTransaction && contributionTransaction.data?.isPlatformRevenueDirectlyCollected) {
-            return contributionTransaction.merchantId;
+            return get(contributionTransaction, 'data.charge.application_fee');
           }
         }
       },

From addc6cb51d93b4a658a84aad7eff5b746f396e1d Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Tue, 26 Nov 2024 10:32:27 +0100
Subject: [PATCH 085/129] fix(Account): disable tips for platform accounts
 (#10492)

---
 server/graphql/v2/interface/AccountWithContributions.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server/graphql/v2/interface/AccountWithContributions.ts b/server/graphql/v2/interface/AccountWithContributions.ts
index 082727b466d..5350c846cd9 100644
--- a/server/graphql/v2/interface/AccountWithContributions.ts
+++ b/server/graphql/v2/interface/AccountWithContributions.ts
@@ -12,6 +12,7 @@ import {
 import { isNil, omit } from 'lodash';
 import { OrderItem } from 'sequelize';
 
+import PlatformConstants from '../../../constants/platform';
 import { filterContributors } from '../../../lib/contributors';
 import models, { Collective } from '../../../models';
 import { checkReceiveFinancialContributions } from '../../common/features';
@@ -106,7 +107,10 @@ export const AccountWithContributionsFields = {
     async resolve(account: Collective, _, req: express.Request): Promise<boolean> {
       if (!isNil(account.data?.platformTips)) {
         return account.data.platformTips;
+      } else if (PlatformConstants.AllPlatformCollectiveIds.includes(account.id)) {
+        return false;
       }
+
       const host = await req.loaders.Collective.host.load(account);
       if (host) {
         const plan = await host.getPlan();

From 88534c8cbe7a2afc5d6fa2bd24195f5ae7de2d90 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Wed, 27 Nov 2024 09:22:38 +0100
Subject: [PATCH 086/129] feat: Upload images when creating accounts (#10494)

* feat: Upload images when creating accounts

* enhancement: Upload after other validations
---
 .gitignore                                    |  1 +
 server/graphql/common/scope-check.ts          |  7 +-
 .../v2/input/AccountCreateInputImageFields.ts | 35 +++++++
 ...reateInput.js => CollectiveCreateInput.ts} |  2 +
 ...ventCreateInput.js => EventCreateInput.ts} |  3 +
 ...{FundCreateInput.js => FundCreateInput.ts} |  3 +
 ...ateInput.js => OrganizationCreateInput.ts} |  3 +
 ...ctCreateInput.js => ProjectCreateInput.ts} |  2 +
 server/graphql/v2/input/VendorInput.ts        |  4 +-
 .../v2/mutation/CreateCollectiveMutation.js   | 23 +++--
 .../v2/mutation/CreateEventMutation.js        | 12 ++-
 .../graphql/v2/mutation/CreateFundMutation.js | 12 ++-
 .../v2/mutation/CreateOrganizationMutation.js | 12 ++-
 .../v2/mutation/CreateProjectMutation.js      |  7 ++
 .../mutation/TransactionImportsMutations.ts   |  4 +-
 server/graphql/v2/mutation/VendorMutations.ts | 23 ++++-
 server/models/UploadedFile.ts                 | 56 ++++++-----
 test/mocks/files/transactions.csv             |  4 +
 test/mocks/images/corrupt.jpg                 |  1 +
 test/mocks/images/empty.jpg                   |  0
 .../v2/mutation/CreateProjectMutation.test.ts | 97 +++++++++++++++++++
 .../v2/mutation/VendorMutations.test.ts       | 28 +++++-
 test/utils.js                                 | 18 +++-
 23 files changed, 309 insertions(+), 48 deletions(-)
 create mode 100644 server/graphql/v2/input/AccountCreateInputImageFields.ts
 rename server/graphql/v2/input/{CollectiveCreateInput.js => CollectiveCreateInput.ts} (88%)
 rename server/graphql/v2/input/{EventCreateInput.js => EventCreateInput.ts} (89%)
 rename server/graphql/v2/input/{FundCreateInput.js => FundCreateInput.ts} (82%)
 rename server/graphql/v2/input/{OrganizationCreateInput.js => OrganizationCreateInput.ts} (84%)
 rename server/graphql/v2/input/{ProjectCreateInput.js => ProjectCreateInput.ts} (87%)
 create mode 100644 test/mocks/files/transactions.csv
 create mode 100644 test/mocks/images/corrupt.jpg
 create mode 100644 test/mocks/images/empty.jpg

diff --git a/.gitignore b/.gitignore
index 4b1ed9865db..cc1a74f60f3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -39,6 +39,7 @@ typings
 
 # test artifacts
 output/
+!test/mocks/files/*.csv
 
 *.swp
 
diff --git a/server/graphql/common/scope-check.ts b/server/graphql/common/scope-check.ts
index dc6b0ad13fb..d5a97c1f996 100644
--- a/server/graphql/common/scope-check.ts
+++ b/server/graphql/common/scope-check.ts
@@ -13,9 +13,12 @@ export const checkRemoteUserCanUseVirtualCards = (req: Express.Request): void =>
   enforceScope(req, 'virtualCards');
 };
 
-export const checkRemoteUserCanUseAccount = (req: Express.Request): void => {
+export const checkRemoteUserCanUseAccount = (
+  req: Express.Request,
+  { signedOutMessage = 'You need to be logged in to manage account.' } = {},
+): void => {
   if (!req.remoteUser) {
-    throw new Unauthorized('You need to be logged in to manage account.');
+    throw new Unauthorized(signedOutMessage);
   }
   enforceScope(req, 'account');
 };
diff --git a/server/graphql/v2/input/AccountCreateInputImageFields.ts b/server/graphql/v2/input/AccountCreateInputImageFields.ts
new file mode 100644
index 00000000000..072bf6f6297
--- /dev/null
+++ b/server/graphql/v2/input/AccountCreateInputImageFields.ts
@@ -0,0 +1,35 @@
+import GraphQLUpload from 'graphql-upload/GraphQLUpload.js';
+
+import { UploadedFile } from '../../../models';
+
+export const AccountImagesInputFields = {
+  image: {
+    type: GraphQLUpload,
+    description: 'The profile avatar image',
+  },
+  backgroundImage: {
+    type: GraphQLUpload,
+    description: 'The profile background image, for the banner and social media sharing',
+  },
+};
+
+export async function handleCollectiveImageUploadFromArgs(
+  remoteUser,
+  args,
+): Promise<{ avatar: UploadedFile | null | undefined; banner: UploadedFile | null | undefined }> {
+  if (!args) {
+    return { avatar: undefined, banner: undefined };
+  }
+
+  const { image, backgroundImage } = args;
+  if (!image && !backgroundImage) {
+    return { avatar: image, banner: backgroundImage };
+  }
+
+  const [avatar, banner] = await Promise.all([
+    image && UploadedFile.uploadGraphQl(await image, 'ACCOUNT_AVATAR', remoteUser),
+    backgroundImage && UploadedFile.uploadGraphQl(await backgroundImage, 'ACCOUNT_BANNER', remoteUser),
+  ]);
+
+  return { avatar, banner };
+}
diff --git a/server/graphql/v2/input/CollectiveCreateInput.js b/server/graphql/v2/input/CollectiveCreateInput.ts
similarity index 88%
rename from server/graphql/v2/input/CollectiveCreateInput.js
rename to server/graphql/v2/input/CollectiveCreateInput.ts
index 5eeec8e7811..ba4faf7a9e0 100644
--- a/server/graphql/v2/input/CollectiveCreateInput.js
+++ b/server/graphql/v2/input/CollectiveCreateInput.ts
@@ -1,6 +1,7 @@
 import { GraphQLInputObjectType, GraphQLList, GraphQLNonNull, GraphQLString } from 'graphql';
 import { GraphQLJSON } from 'graphql-scalars';
 
+import { AccountImagesInputFields } from './AccountCreateInputImageFields';
 import { GraphQLLocationInput } from './LocationInput';
 
 export const GraphQLCollectiveCreateInput = new GraphQLInputObjectType({
@@ -14,5 +15,6 @@ export const GraphQLCollectiveCreateInput = new GraphQLInputObjectType({
     githubHandle: { type: GraphQLString, deprecationReason: '2022-06-03: Please use repositoryUrl' },
     repositoryUrl: { type: GraphQLString, deprecationReason: '2023-01-16: Please use socialLinks' },
     settings: { type: GraphQLJSON },
+    ...AccountImagesInputFields,
   }),
 });
diff --git a/server/graphql/v2/input/EventCreateInput.js b/server/graphql/v2/input/EventCreateInput.ts
similarity index 89%
rename from server/graphql/v2/input/EventCreateInput.js
rename to server/graphql/v2/input/EventCreateInput.ts
index a565075d222..4c761e24f33 100644
--- a/server/graphql/v2/input/EventCreateInput.js
+++ b/server/graphql/v2/input/EventCreateInput.ts
@@ -1,6 +1,8 @@
 import { GraphQLInputObjectType, GraphQLList, GraphQLNonNull, GraphQLString } from 'graphql';
 import { GraphQLDateTime, GraphQLJSON } from 'graphql-scalars';
 
+import { AccountImagesInputFields } from './AccountCreateInputImageFields';
+
 export const GraphQLEventCreateInput = new GraphQLInputObjectType({
   name: 'EventCreateInput',
   fields: () => ({
@@ -22,5 +24,6 @@ export const GraphQLEventCreateInput = new GraphQLInputObjectType({
       type: new GraphQLNonNull(GraphQLString),
       default: 'UTC',
     },
+    ...AccountImagesInputFields,
   }),
 });
diff --git a/server/graphql/v2/input/FundCreateInput.js b/server/graphql/v2/input/FundCreateInput.ts
similarity index 82%
rename from server/graphql/v2/input/FundCreateInput.js
rename to server/graphql/v2/input/FundCreateInput.ts
index 13976c2f0d6..ffa36da35fe 100644
--- a/server/graphql/v2/input/FundCreateInput.js
+++ b/server/graphql/v2/input/FundCreateInput.ts
@@ -1,6 +1,8 @@
 import { GraphQLInputObjectType, GraphQLList, GraphQLNonNull, GraphQLString } from 'graphql';
 import { GraphQLJSON } from 'graphql-scalars';
 
+import { AccountImagesInputFields } from './AccountCreateInputImageFields';
+
 export const GraphQLFundCreateInput = new GraphQLInputObjectType({
   name: 'FundCreateInput',
   fields: () => ({
@@ -9,5 +11,6 @@ export const GraphQLFundCreateInput = new GraphQLInputObjectType({
     description: { type: new GraphQLNonNull(GraphQLString) },
     tags: { type: new GraphQLList(GraphQLString) },
     settings: { type: GraphQLJSON },
+    ...AccountImagesInputFields,
   }),
 });
diff --git a/server/graphql/v2/input/OrganizationCreateInput.js b/server/graphql/v2/input/OrganizationCreateInput.ts
similarity index 84%
rename from server/graphql/v2/input/OrganizationCreateInput.js
rename to server/graphql/v2/input/OrganizationCreateInput.ts
index 6da3f00fa7d..82655aaf276 100644
--- a/server/graphql/v2/input/OrganizationCreateInput.js
+++ b/server/graphql/v2/input/OrganizationCreateInput.ts
@@ -1,6 +1,8 @@
 import { GraphQLInputObjectType, GraphQLNonNull, GraphQLString } from 'graphql';
 import { GraphQLJSON } from 'graphql-scalars';
 
+import { AccountImagesInputFields } from './AccountCreateInputImageFields';
+
 export const GraphQLOrganizationCreateInput = new GraphQLInputObjectType({
   name: 'OrganizationCreateInput',
   fields: () => ({
@@ -10,5 +12,6 @@ export const GraphQLOrganizationCreateInput = new GraphQLInputObjectType({
     description: { type: new GraphQLNonNull(GraphQLString) },
     website: { type: GraphQLString, deprecationReason: '2024-11-12: Please use socialLinks' },
     settings: { type: GraphQLJSON },
+    ...AccountImagesInputFields,
   }),
 });
diff --git a/server/graphql/v2/input/ProjectCreateInput.js b/server/graphql/v2/input/ProjectCreateInput.ts
similarity index 87%
rename from server/graphql/v2/input/ProjectCreateInput.js
rename to server/graphql/v2/input/ProjectCreateInput.ts
index 2122d7b0277..67ec6d2bc1b 100644
--- a/server/graphql/v2/input/ProjectCreateInput.js
+++ b/server/graphql/v2/input/ProjectCreateInput.ts
@@ -1,6 +1,7 @@
 import { GraphQLInputObjectType, GraphQLList, GraphQLNonNull, GraphQLString } from 'graphql';
 import { GraphQLJSON } from 'graphql-scalars';
 
+import { AccountImagesInputFields } from './AccountCreateInputImageFields';
 import { GraphQLSocialLinkInput } from './SocialLinkInput';
 
 export const GraphQLProjectCreateInput = new GraphQLInputObjectType({
@@ -15,5 +16,6 @@ export const GraphQLProjectCreateInput = new GraphQLInputObjectType({
       type: new GraphQLList(new GraphQLNonNull(GraphQLSocialLinkInput)),
       description: 'The social links in order of preference',
     },
+    ...AccountImagesInputFields,
   }),
 });
diff --git a/server/graphql/v2/input/VendorInput.ts b/server/graphql/v2/input/VendorInput.ts
index 5ef25b93178..dc44ba50c1f 100644
--- a/server/graphql/v2/input/VendorInput.ts
+++ b/server/graphql/v2/input/VendorInput.ts
@@ -1,6 +1,7 @@
 import { GraphQLBoolean, GraphQLInputObjectType, GraphQLList, GraphQLNonNull, GraphQLString } from 'graphql';
 import { GraphQLNonEmptyString } from 'graphql-scalars';
 
+import { AccountImagesInputFields } from './AccountCreateInputImageFields';
 import { AccountReferenceInputFields } from './AccountReferenceInput';
 import { GraphQLLocationInput } from './LocationInput';
 import { GraphQLPayoutMethodInput } from './PayoutMethodInput';
@@ -36,9 +37,10 @@ const VendorInputFields = {
   legalName: { type: GraphQLString },
   tags: { type: new GraphQLList(GraphQLNonEmptyString) },
   location: { type: GraphQLLocationInput },
-  imageUrl: { type: GraphQLString },
+  imageUrl: { type: GraphQLString, deprecationReason: '2024-11-26: Please use image + backgroundImage fields' },
   vendorInfo: { type: GraphQLVendorInfoInput },
   payoutMethod: { type: GraphQLPayoutMethodInput },
+  ...AccountImagesInputFields,
 };
 
 export const GraphQLVendorCreateInput = new GraphQLInputObjectType({
diff --git a/server/graphql/v2/mutation/CreateCollectiveMutation.js b/server/graphql/v2/mutation/CreateCollectiveMutation.js
index ef95f7ca04b..d9081bb1ba0 100644
--- a/server/graphql/v2/mutation/CreateCollectiveMutation.js
+++ b/server/graphql/v2/mutation/CreateCollectiveMutation.js
@@ -14,8 +14,9 @@ import RateLimit, { ONE_HOUR_IN_SECONDS } from '../../../lib/rate-limit';
 import models, { sequelize } from '../../../models';
 import { MEMBER_INVITATION_SUPPORTED_ROLES } from '../../../models/MemberInvitation';
 import { processInviteMembersInput } from '../../common/members';
-import { checkScope } from '../../common/scope-check';
-import { RateLimitExceeded, Unauthorized, ValidationFailed } from '../../errors';
+import { checkRemoteUserCanUseAccount } from '../../common/scope-check';
+import { RateLimitExceeded, ValidationFailed } from '../../errors';
+import { handleCollectiveImageUploadFromArgs } from '../input/AccountCreateInputImageFields';
 import { fetchAccountWithReference, GraphQLAccountReferenceInput } from '../input/AccountReferenceInput';
 import { GraphQLCollectiveCreateInput } from '../input/CollectiveCreateInput';
 import { GraphQLIndividualCreateInput } from '../input/IndividualCreateInput';
@@ -28,9 +29,7 @@ const DEFAULT_COLLECTIVE_SETTINGS = {
 
 async function createCollective(_, args, req) {
   // Ok for non-authenticated users, we only check scope
-  if (!checkScope(req, 'account')) {
-    throw new Unauthorized('The User Token is not allowed for operations in scope "account".');
-  }
+  checkRemoteUserCanUseAccount(req, { signedOutMessage: 'You need to be logged in to create a collective' });
 
   let shouldAutomaticallyApprove = false;
   const isProd = config.env === 'production';
@@ -42,7 +41,7 @@ async function createCollective(_, args, req) {
     host = await fetchAccountWithReference(args.host, { loaders });
   }
 
-  const rateLimitKey = remoteUser ? `collective_create_${remoteUser.id}` : `collective_create_ip_${req.ip}`;
+  const rateLimitKey = `collective_create_${remoteUser.id}`;
   const rateLimit = new RateLimit(rateLimitKey, 60, ONE_HOUR_IN_SECONDS, true);
   if (!(await rateLimit.registerCall())) {
     throw new RateLimitExceeded();
@@ -50,10 +49,6 @@ async function createCollective(_, args, req) {
 
   return sequelize
     .transaction(async transaction => {
-      if (!remoteUser) {
-        throw new Unauthorized('You need to be logged in to create a collective');
-      }
-
       const collectiveData = {
         slug: args.collective.slug.toLowerCase(),
         ...pick(args.collective, ['name', 'description', 'tags', 'githubHandle', 'repositoryUrl']),
@@ -168,6 +163,14 @@ async function createCollective(_, args, req) {
         await collective.setLocation(args.collective.location, transaction);
       }
 
+      const { avatar, banner } = await handleCollectiveImageUploadFromArgs(req.remoteUser, args.collective);
+      if (avatar || banner) {
+        await collective.update(
+          { image: avatar?.url ?? collective.image, backgroundImage: banner?.url ?? collective.backgroundImage },
+          { transaction, hooks: false },
+        );
+      }
+
       return collective;
     })
     .then(async collective => {
diff --git a/server/graphql/v2/mutation/CreateEventMutation.js b/server/graphql/v2/mutation/CreateEventMutation.js
index 340c2db6428..829c58f367e 100644
--- a/server/graphql/v2/mutation/CreateEventMutation.js
+++ b/server/graphql/v2/mutation/CreateEventMutation.js
@@ -8,6 +8,7 @@ import { canUseSlug } from '../../../lib/collectivelib';
 import models from '../../../models';
 import { checkRemoteUserCanUseAccount } from '../../common/scope-check';
 import { BadRequest, NotFound, Unauthorized } from '../../errors';
+import { handleCollectiveImageUploadFromArgs } from '../input/AccountCreateInputImageFields';
 import { fetchAccountWithReference, GraphQLAccountReferenceInput } from '../input/AccountReferenceInput';
 import { GraphQLEventCreateInput } from '../input/EventCreateInput';
 import { GraphQLEvent } from '../object/Event';
@@ -50,7 +51,16 @@ async function createEvent(_, args, req) {
     throw new Error(`The slug '${eventData.slug}' is already taken. Please use another slug for the Event.`);
   }
 
-  const event = await models.Collective.create(eventData);
+  // Validate now to avoid uploading images if the collective is invalid
+  const event = models.Collective.build(eventData);
+  await event.validate();
+
+  // Attach images
+  const { avatar, banner } = await handleCollectiveImageUploadFromArgs(req.remoteUser, args.event);
+  event.image = avatar?.url ?? event.image;
+  event.backgroundImage = banner?.url ?? event.backgroundImage;
+
+  await event.save();
   event.generateCollectiveCreatedActivity(req.remoteUser, req.userToken);
   return event;
 }
diff --git a/server/graphql/v2/mutation/CreateFundMutation.js b/server/graphql/v2/mutation/CreateFundMutation.js
index 3bad7662d70..7caaa2aa73c 100644
--- a/server/graphql/v2/mutation/CreateFundMutation.js
+++ b/server/graphql/v2/mutation/CreateFundMutation.js
@@ -7,6 +7,7 @@ import { canUseSlug } from '../../../lib/collectivelib';
 import models from '../../../models';
 import { checkRemoteUserCanUseAccount } from '../../common/scope-check';
 import { ValidationFailed } from '../../errors';
+import { handleCollectiveImageUploadFromArgs } from '../input/AccountCreateInputImageFields';
 import { fetchAccountWithReference, GraphQLAccountReferenceInput } from '../input/AccountReferenceInput';
 import { GraphQLFundCreateInput } from '../input/FundCreateInput';
 import { GraphQLFund } from '../object/Fund';
@@ -68,7 +69,16 @@ async function createFund(_, args, req) {
     }
   }
 
-  const fund = await models.Collective.create(fundData);
+  // Validate now to avoid uploading images if the collective is invalid
+  const fund = models.Collective.build(fundData);
+  await fund.validate();
+
+  // Attach images
+  const { avatar, banner } = await handleCollectiveImageUploadFromArgs(req.remoteUser, args.fund);
+  fund.image = avatar?.url ?? fund.image;
+  fund.backgroundImage = banner?.url ?? fund.backgroundImage;
+
+  await fund.save();
 
   // Add authenticated user as an admin
   await fund.addUserWithRole(req.remoteUser, roles.ADMIN, { CreatedByUserId: req.remoteUser.id });
diff --git a/server/graphql/v2/mutation/CreateOrganizationMutation.js b/server/graphql/v2/mutation/CreateOrganizationMutation.js
index 48087859dd0..a6c1bae5b46 100644
--- a/server/graphql/v2/mutation/CreateOrganizationMutation.js
+++ b/server/graphql/v2/mutation/CreateOrganizationMutation.js
@@ -7,6 +7,7 @@ import models from '../../../models';
 import { MEMBER_INVITATION_SUPPORTED_ROLES } from '../../../models/MemberInvitation';
 import { processInviteMembersInput } from '../../common/members';
 import { checkRemoteUserCanUseAccount } from '../../common/scope-check';
+import { handleCollectiveImageUploadFromArgs } from '../input/AccountCreateInputImageFields';
 import { GraphQLInviteMemberInput } from '../input/InviteMemberInput';
 import { GraphQLOrganizationCreateInput } from '../input/OrganizationCreateInput';
 import { GraphQLOrganization } from '../object/Organization';
@@ -35,7 +36,16 @@ async function createOrganization(_, args, req) {
     throw new Error(`The slug ${organizationData.slug} is already taken. Please use another slug for your collective.`);
   }
 
-  const organization = await models.Collective.create(organizationData);
+  // Validate now to avoid uploading images if the collective is invalid
+  const organization = models.Collective.build(organizationData);
+  await organization.validate();
+
+  // Attach images
+  const { avatar, banner } = await handleCollectiveImageUploadFromArgs(req.remoteUser, args.organization);
+  organization.image = avatar?.url ?? organization.image;
+  organization.backgroundImage = banner?.url ?? organization.backgroundImage;
+
+  await organization.save();
 
   // Add authenticated user as an admin
   await organization.addUserWithRole(req.remoteUser, roles.ADMIN, { CreatedByUserId: req.remoteUser.id });
diff --git a/server/graphql/v2/mutation/CreateProjectMutation.js b/server/graphql/v2/mutation/CreateProjectMutation.js
index d2504adf682..c2f0a4361f1 100644
--- a/server/graphql/v2/mutation/CreateProjectMutation.js
+++ b/server/graphql/v2/mutation/CreateProjectMutation.js
@@ -6,6 +6,7 @@ import { canUseSlug } from '../../../lib/collectivelib';
 import models, { sequelize } from '../../../models';
 import { checkRemoteUserCanUseAccount } from '../../common/scope-check';
 import { Forbidden, NotFound } from '../../errors';
+import { handleCollectiveImageUploadFromArgs } from '../input/AccountCreateInputImageFields';
 import { fetchAccountWithReference, GraphQLAccountReferenceInput } from '../input/AccountReferenceInput';
 import { GraphQLProjectCreateInput } from '../input/ProjectCreateInput';
 import { GraphQLProject } from '../object/Project';
@@ -65,6 +66,12 @@ async function createProject(_, args, req) {
       await project.updateSocialLinks(args.project.socialLinks, dbTransaction);
     }
 
+    // Attach images
+    const { avatar, banner } = await handleCollectiveImageUploadFromArgs(req.remoteUser, args.project);
+    if (avatar || banner) {
+      await project.update({ image: avatar?.url, backgroundImage: banner?.url }, { transaction: dbTransaction });
+    }
+
     return project;
   });
 
diff --git a/server/graphql/v2/mutation/TransactionImportsMutations.ts b/server/graphql/v2/mutation/TransactionImportsMutations.ts
index 3d47c4a0278..7ab6332097f 100644
--- a/server/graphql/v2/mutation/TransactionImportsMutations.ts
+++ b/server/graphql/v2/mutation/TransactionImportsMutations.ts
@@ -155,9 +155,7 @@ const transactionImportsMutations = {
       // Handle CSV
       let file;
       if (args.file) {
-        file = await UploadedFile.uploadGraphQl(await args.file, 'TRANSACTIONS_IMPORT', req.remoteUser, {
-          supportedMimeTypes: ['text/csv'],
-        });
+        file = await UploadedFile.uploadGraphQl(await args.file, 'TRANSACTIONS_IMPORT', req.remoteUser);
       }
 
       // Register rate limit call as soon as the file is uploaded
diff --git a/server/graphql/v2/mutation/VendorMutations.ts b/server/graphql/v2/mutation/VendorMutations.ts
index 46eb48e564e..63ca0bfa66d 100644
--- a/server/graphql/v2/mutation/VendorMutations.ts
+++ b/server/graphql/v2/mutation/VendorMutations.ts
@@ -12,6 +12,7 @@ import models, { Activity, LegalDocument } from '../../../models';
 import { checkRemoteUserCanUseHost } from '../../common/scope-check';
 import { BadRequest, NotFound, Unauthorized, ValidationFailed } from '../../errors';
 import { idDecode, IDENTIFIER_TYPES } from '../identifiers';
+import { handleCollectiveImageUploadFromArgs } from '../input/AccountCreateInputImageFields';
 import { fetchAccountWithReference, GraphQLAccountReferenceInput } from '../input/AccountReferenceInput';
 import { GraphQLVendorCreateInput, GraphQLVendorEditInput } from '../input/VendorInput';
 import { GraphQLVendor } from '../object/Vendor';
@@ -45,7 +46,7 @@ const vendorMutations = {
         type: CollectiveType.VENDOR,
         slug: `${host.id}-${slugify(args.vendor.name)}-${uuid().substr(0, 8)}`,
         CreatedByUserId: req.remoteUser.id,
-        image: args.vendor.imageUrl || null,
+        image: args.vendor.imageUrl,
         isActive: false,
         ParentCollectiveId: host.id,
         ...pick(args.vendor, ['name', 'legalName', 'tags']),
@@ -61,7 +62,16 @@ const vendorMutations = {
         vendorData.settings[vendorInfo.taxType] = { number: vendorInfo.taxId, type: 'OWN' };
       }
 
-      const vendor = await models.Collective.create(vendorData);
+      // Validate now to avoid uploading images if the collective is invalid
+      const vendor = models.Collective.build(vendorData);
+      await vendor.validate();
+
+      // Attach images
+      const { avatar, banner } = await handleCollectiveImageUploadFromArgs(req.remoteUser, args.vendor);
+      vendor.image = avatar?.url ?? vendor.image;
+      vendor.backgroundImage = banner?.url ?? vendor.backgroundImage;
+
+      await vendor.save();
 
       if (args.vendor.location) {
         await vendor.setLocation(args.vendor.location);
@@ -125,9 +135,16 @@ const vendorMutations = {
       }
 
       const { vendorInfo } = args.vendor;
-      const image = isUndefined(args.vendor.imageUrl) ? vendor.image : args.vendor.imageUrl;
+      const { avatar, banner } = await handleCollectiveImageUploadFromArgs(req.remoteUser, args.vendor);
+      const image = !isUndefined(args.vendor.imageUrl)
+        ? args.vendor.imageUrl
+        : !isUndefined(avatar)
+          ? avatar?.url
+          : vendor.image;
+      const backgroundImage = !isUndefined(banner) ? banner?.url : vendor.backgroundImage;
       const vendorData = {
         image,
+        backgroundImage,
         ...pick(args.vendor, ['name', 'legalName', 'tags']),
         deactivatedAt: args.archive ? new Date() : null,
         settings: vendor.settings,
diff --git a/server/models/UploadedFile.ts b/server/models/UploadedFile.ts
index 6a2b748e4f3..44944311d65 100644
--- a/server/models/UploadedFile.ts
+++ b/server/models/UploadedFile.ts
@@ -77,6 +77,20 @@ export const SUPPORTED_FILE_EXTENSIONS: Record<SUPPORTED_FILE_TYPES_UNION, strin
   'text/csv': '.csv',
 } as const;
 
+const SupportedTypeByKind: Record<FileKind, readonly SupportedFileType[]> = {
+  ACCOUNT_AVATAR: SUPPORTED_FILE_TYPES_IMAGES,
+  ACCOUNT_BANNER: SUPPORTED_FILE_TYPES_IMAGES,
+  EXPENSE_ATTACHED_FILE: SUPPORTED_FILE_TYPES,
+  EXPENSE_ITEM: SUPPORTED_FILE_TYPES,
+  TRANSACTIONS_IMPORT: ['text/csv'],
+  ACCOUNT_LONG_DESCRIPTION: SUPPORTED_FILE_TYPES_IMAGES,
+  UPDATE: SUPPORTED_FILE_TYPES_IMAGES,
+  COMMENT: SUPPORTED_FILE_TYPES_IMAGES,
+  TIER_LONG_DESCRIPTION: SUPPORTED_FILE_TYPES_IMAGES,
+  ACCOUNT_CUSTOM_EMAIL: SUPPORTED_FILE_TYPES_IMAGES,
+  AGREEMENT_ATTACHMENT: SUPPORTED_FILE_TYPES,
+} as const;
+
 /**
  * A file uploaded to our S3 bucket.
  */
@@ -141,19 +155,13 @@ class UploadedFile extends Model<InferAttributes<UploadedFile>, InferCreationAtt
     };
   }
 
-  public static async uploadGraphQl(
-    file: GraphQLFileUpload,
-    kind: FileKind,
-    user: User | null,
-    args: {
-      fileName?: string;
-      supportedMimeTypes: readonly SupportedFileType[];
-    } = {
-      supportedMimeTypes: SUPPORTED_FILE_TYPES,
-    },
-  ): Promise<UploadedFile> {
+  public static async uploadGraphQl(file: GraphQLFileUpload, kind: FileKind, user: User | null): Promise<UploadedFile> {
+    if (!kind || !SupportedTypeByKind[kind]) {
+      throw new Error('Invalid file kind');
+    }
+
     const fileUpload = await UploadedFile.getFileUploadFromGraphQLUpload(file);
-    return UploadedFile.upload(fileUpload, kind, user, args);
+    return UploadedFile.upload(fileUpload, kind, user);
   }
 
   public static validateFile(
@@ -167,6 +175,8 @@ class UploadedFile extends Model<InferAttributes<UploadedFile>, InferCreationAtt
       throw new ErrorClass(`Mimetype of the file should be one of: ${supported.join(', ')}`);
     } else if (file.size > MAX_FILE_SIZE) {
       throw new ErrorClass(`File size cannot exceed ${MAX_FILE_SIZE / 1024 / 1024}MB`);
+    } else if (!file.size) {
+      throw new ErrorClass('File is empty');
     }
   }
 
@@ -176,13 +186,10 @@ class UploadedFile extends Model<InferAttributes<UploadedFile>, InferCreationAtt
     user: User | null,
     args: {
       fileName?: string;
-      supportedMimeTypes?: readonly SupportedFileType[];
-    } = {
-      supportedMimeTypes: SUPPORTED_FILE_TYPES,
-    },
+    } = {},
   ): Promise<UploadedFile> {
     // Validate file
-    UploadedFile.validateFile(file, args.supportedMimeTypes);
+    UploadedFile.validateFile(file, SupportedTypeByKind[kind]);
 
     // Should only happen in dev/test envs
     if (!checkS3Configured()) {
@@ -192,11 +199,16 @@ class UploadedFile extends Model<InferAttributes<UploadedFile>, InferCreationAtt
 
     // Strip EXIF data from images
     if (UploadedFile.isSupportedImageMimeType(file.mimetype)) {
-      const image = sharp(file.buffer);
-      file.buffer = await image
-        .rotate() // Auto-rotate based on EXIF Orientation tag
-        .toBuffer(); // The default behaviour, when withMetadata is not used, is to strip all metadata and convert to the device-independent sRGB colour space
-      file.size = file.buffer.length;
+      try {
+        const image = sharp(file.buffer);
+        file.buffer = await image
+          .rotate() // Auto-rotate based on EXIF Orientation tag
+          .toBuffer(); // The default behaviour, when withMetadata is not used, is to strip all metadata and convert to the device-independent sRGB colour space
+        file.size = file.buffer.length;
+      } catch (e) {
+        reportErrorToSentry(e, { user });
+        throw new Error('The image is corrupted');
+      }
     }
 
     /**
diff --git a/test/mocks/files/transactions.csv b/test/mocks/files/transactions.csv
new file mode 100644
index 00000000000..038e1a10c85
--- /dev/null
+++ b/test/mocks/files/transactions.csv
@@ -0,0 +1,4 @@
+date,description,amount
+2020-01-01,description1,100.00
+2020-01-02,description2,200.00
+2020-01-03,description3,300.00
\ No newline at end of file
diff --git a/test/mocks/images/corrupt.jpg b/test/mocks/images/corrupt.jpg
new file mode 100644
index 00000000000..40314d4666a
--- /dev/null
+++ b/test/mocks/images/corrupt.jpg
@@ -0,0 +1 @@
+Not a valid image
diff --git a/test/mocks/images/empty.jpg b/test/mocks/images/empty.jpg
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/test/server/graphql/v2/mutation/CreateProjectMutation.test.ts b/test/server/graphql/v2/mutation/CreateProjectMutation.test.ts
index 7b6a1438cc3..a42fed9a36d 100644
--- a/test/server/graphql/v2/mutation/CreateProjectMutation.test.ts
+++ b/test/server/graphql/v2/mutation/CreateProjectMutation.test.ts
@@ -12,6 +12,8 @@ const createProjectMutation = gql`
       slug
       hostFeePercent
       hostFeesStructure
+      imageUrl
+      backgroundImageUrl
       socialLinks {
         type
         url
@@ -64,6 +66,8 @@ describe('server/graphql/v2/mutation/CreateProjectMutation', () => {
     const parent = { legacyId: parentCollective.id };
     const mutationArgs = { parent, project: { ...VALID_PROJECT_ATTRIBUTES, slug: randStr() } };
     const result = await utils.graphqlQueryV2(createProjectMutation, mutationArgs, adminUser);
+    result.errors && console.error(result.errors);
+    expect(result.errors).to.not.exist;
     const project = result.data.createProject;
     expect(project.hostFeesStructure).to.equal('DEFAULT');
   });
@@ -95,4 +99,97 @@ describe('server/graphql/v2/mutation/CreateProjectMutation', () => {
     const project = result.data.createProject;
     expect(project.socialLinks).to.deep.equal(socialLinks);
   });
+
+  describe('images', async () => {
+    it('can be set', async () => {
+      const adminUser = await fakeUser();
+      const parentCollective = await fakeCollective({ admin: adminUser });
+      const parent = { legacyId: parentCollective.id };
+      const mutationArgs = {
+        parent,
+        project: {
+          ...VALID_PROJECT_ATTRIBUTES,
+          slug: randStr(),
+          image: utils.getMockFileUpload(),
+          backgroundImage: utils.getMockFileUpload(),
+        },
+      };
+      const result = await utils.graphqlQueryV2(createProjectMutation, mutationArgs, adminUser);
+      result.errors && console.error(result.errors);
+      expect(result.errors).to.not.exist;
+      const project = result.data.createProject;
+      expect(project.imageUrl).to.exist;
+      expect(project.backgroundImageUrl).to.exist;
+    });
+
+    it('validates the type', async () => {
+      const adminUser = await fakeUser();
+      const parentCollective = await fakeCollective({ admin: adminUser });
+      const parent = { legacyId: parentCollective.id };
+      const mutationArgs = {
+        parent,
+        project: {
+          ...VALID_PROJECT_ATTRIBUTES,
+          slug: randStr(),
+          image: utils.getMockFileUpload('files/transactions.csv'),
+        },
+      };
+      const result = await utils.graphqlQueryV2(createProjectMutation, mutationArgs, adminUser);
+      expect(result.errors).to.exist;
+      expect(result.errors[0].message).to.eq(
+        'Mimetype of the file should be one of: image/png, image/jpeg, image/gif, image/webp',
+      );
+    });
+
+    it('validates the min size', async () => {
+      const adminUser = await fakeUser();
+      const parentCollective = await fakeCollective({ admin: adminUser });
+      const parent = { legacyId: parentCollective.id };
+      const mutationArgs = {
+        parent,
+        project: {
+          ...VALID_PROJECT_ATTRIBUTES,
+          slug: randStr(),
+          image: utils.getMockFileUpload('images/empty.jpg'),
+        },
+      };
+      const result = await utils.graphqlQueryV2(createProjectMutation, mutationArgs, adminUser);
+      expect(result.errors).to.exist;
+      expect(result.errors[0].message).to.eq('File is empty');
+    });
+
+    it('validates the max size', async () => {
+      const adminUser = await fakeUser();
+      const parentCollective = await fakeCollective({ admin: adminUser });
+      const parent = { legacyId: parentCollective.id };
+      const mutationArgs = {
+        parent,
+        project: {
+          ...VALID_PROJECT_ATTRIBUTES,
+          slug: randStr(),
+          image: utils.getMockFileUpload('images/camera.png', { simulatedSize: 100_000_000 }),
+        },
+      };
+      const result = await utils.graphqlQueryV2(createProjectMutation, mutationArgs, adminUser);
+      expect(result.errors).to.exist;
+      expect(result.errors[0].message).to.eq('File size cannot exceed 10MB');
+    });
+
+    it('must not be corrupted', async () => {
+      const adminUser = await fakeUser();
+      const parentCollective = await fakeCollective({ admin: adminUser });
+      const parent = { legacyId: parentCollective.id };
+      const mutationArgs = {
+        parent,
+        project: {
+          ...VALID_PROJECT_ATTRIBUTES,
+          slug: randStr(),
+          image: utils.getMockFileUpload('images/corrupt.jpg'),
+        },
+      };
+      const result = await utils.graphqlQueryV2(createProjectMutation, mutationArgs, adminUser);
+      expect(result.errors).to.exist;
+      expect(result.errors[0].message).to.eq('The image is corrupted');
+    });
+  });
 });
diff --git a/test/server/graphql/v2/mutation/VendorMutations.test.ts b/test/server/graphql/v2/mutation/VendorMutations.test.ts
index 2becece80cd..859ffb09bf5 100644
--- a/test/server/graphql/v2/mutation/VendorMutations.test.ts
+++ b/test/server/graphql/v2/mutation/VendorMutations.test.ts
@@ -5,7 +5,7 @@ import { CollectiveType } from '../../../../../server/constants/collectives';
 import models from '../../../../../server/models';
 import { LEGAL_DOCUMENT_TYPE } from '../../../../../server/models/LegalDocument';
 import { fakeCollective, fakeHost, fakeTransaction, fakeUser } from '../../../../test-helpers/fake-data';
-import { graphqlQueryV2 } from '../../../../utils';
+import { getMockFileUpload, graphqlQueryV2 } from '../../../../utils';
 
 describe('server/graphql/v2/mutation/VendorMutations', () => {
   const vendorData = {
@@ -113,6 +113,28 @@ describe('server/graphql/v2/mutation/VendorMutations', () => {
       const location = await vendor.getLocation();
       expect(location.address).to.equal('Zorg Planet, 123');
     });
+
+    it('creates a vendor account with an image', async () => {
+      const result = await graphqlQueryV2(
+        createVendorMutation,
+        {
+          host: { legacyId: host.id },
+          vendor: {
+            ...vendorData,
+            image: getMockFileUpload('images/camera.png'),
+            backgroundImage: getMockFileUpload('images/camera.png'),
+          },
+        },
+        hostAdminUser,
+      );
+      result.errors && console.error(result.errors);
+      expect(result.errors).to.not.exist;
+
+      const vendor = await models.Collective.findByPk(result.data?.createVendor?.legacyId);
+      expect(vendor).to.exist;
+      expect(vendor.image).to.match(/\/account-avatar\/.+\/camera.png/);
+      expect(vendor.backgroundImage).to.match(/\/account-banner\/.+\/camera.png/);
+    });
   });
 
   describe('editVendor', () => {
@@ -179,6 +201,8 @@ describe('server/graphql/v2/mutation/VendorMutations', () => {
           taxId: 'BE0411905847',
           notes: 'Zorg is still great vendor',
         },
+        image: getMockFileUpload('images/camera.png'),
+        backgroundImage: getMockFileUpload('images/camera.png'),
       };
       const result = await graphqlQueryV2(
         editVendorMutation,
@@ -198,6 +222,8 @@ describe('server/graphql/v2/mutation/VendorMutations', () => {
       expect(vendor.legalName).to.equal('Zorg 2 Inc');
       expect(vendor.settings.VAT).to.deep.equal({ number: newVendorData.vendorInfo.taxId, type: 'OWN' });
       expect(vendor.data.vendorInfo).to.deep.equal({ ...vendorData.vendorInfo, ...newVendorData.vendorInfo });
+      expect(vendor.image).to.match(/\/account-avatar\/.+\/camera.png/);
+      expect(vendor.backgroundImage).to.match(/\/account-banner\/.+\/camera.png/);
 
       const location = await vendor.getLocation();
       expect(location.address).to.equal('Zorg Avenue, 1');
diff --git a/test/utils.js b/test/utils.js
index e44fee1c0a3..87a554a5d3b 100644
--- a/test/utils.js
+++ b/test/utils.js
@@ -649,17 +649,29 @@ export const useIntegrationTestRecorder = (baseUrl, testFileName, preProcessNock
   });
 };
 
-export const getMockFileUpload = ({ mockFile = 'camera.png' } = {}) => {
+/**
+ * @param {"images/camera.png"|"images/empty.jpg"|"images/corrupt.jpg"|"files/transactions.csv"} mockFile
+ * @param {object} options
+ * @param {number} options.simulatedSize - An approximate size to simulate the file size in bytes (to test for large files)
+ */
+export const getMockFileUpload = (mockFile = 'images/camera.png', { simulatedSize } = {}) => {
   const file = new Upload();
+  const mimeType = mockFile.includes('.csv') ? 'text/csv' : mockFile.includes('.png') ? 'image/png' : 'image/jpeg';
+
   file.promise = Promise.resolve({
     filename: mockFile,
-    mimetype: 'image/png',
+    mimetype: mimeType,
     encoding: 'binary',
     createReadStream: () => {
       const stream = new Readable();
-      const imagePath = path.join(__dirname, `./mocks/images/${mockFile}`);
+      const imagePath = path.join(__dirname, `./mocks/${mockFile}`);
       const fileContent = fs.readFileSync(imagePath);
       stream.push(fileContent);
+      if (simulatedSize) {
+        const padding = Buffer.alloc(simulatedSize - fileContent.length);
+        stream.push(padding);
+      }
+
       stream.push(null);
       return stream;
     },

From 2ae37cf7547865fb80aa494f8431f305e3fba9d8 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Wed, 27 Nov 2024 09:45:01 +0100
Subject: [PATCH 087/129] test: Improve stability for email checks (#10496)

---
 .../v2/mutation/ExpenseMutations.test.js      |  11 +-
 .../models/TransactionSettlement.test.ts      |   6 +-
 test/{utils.js => utils.ts}                   | 159 ++++++++++++++----
 3 files changed, 133 insertions(+), 43 deletions(-)
 rename test/{utils.js => utils.ts} (85%)

diff --git a/test/server/graphql/v2/mutation/ExpenseMutations.test.js b/test/server/graphql/v2/mutation/ExpenseMutations.test.js
index e8aef1af319..c0d3f650ecf 100644
--- a/test/server/graphql/v2/mutation/ExpenseMutations.test.js
+++ b/test/server/graphql/v2/mutation/ExpenseMutations.test.js
@@ -55,6 +55,7 @@ import {
   seedDefaultVendors,
   snapshotTransactions,
   waitForCondition,
+  waitForEmail,
 } from '../../../../utils';
 
 const SECRET_KEY = config.dbEncryption.secretKey;
@@ -1983,11 +1984,11 @@ describe('server/graphql/v2/mutation/ExpenseMutations', () => {
         expect(expense.data.items[0].description).to.equal('Item 1');
         expect(expense.data.payee).to.contain({ email: 'test@email.com', name: 'test' });
 
-        await waitForCondition(() => emailSendMessageSpy.callCount > 0);
-        expect(emailSendMessageSpy).calledWith(
-          'test@email.com',
-          'An expense you were invited to submit has been updated',
-        );
+        await waitForEmail(emailSendMessageSpy, [
+          { to: 'test@email.com' },
+          { subject: 'An expense you were invited to submit has been updated' },
+          { html: `/expenses/${expense.id}`, op: 'contains' },
+        ]);
       });
 
       it('invited external user can decline DRAFT expense invite', async () => {
diff --git a/test/server/models/TransactionSettlement.test.ts b/test/server/models/TransactionSettlement.test.ts
index 2e51cfa4d74..fb454912d71 100644
--- a/test/server/models/TransactionSettlement.test.ts
+++ b/test/server/models/TransactionSettlement.test.ts
@@ -174,7 +174,7 @@ describe('server/models/TransactionSettlement', () => {
   it('1. getHostDebts returns all debts for host', async () => {
     const debts = await TransactionSettlement.getHostDebts(host.id);
     await utils.preloadAssociationsForTransactions(debts, SNAPSHOT_COLUMNS);
-    utils.snapshotTransactions(debts, { columns: SNAPSHOT_COLUMNS, loadAssociations: true });
+    utils.snapshotTransactions(debts, { columns: SNAPSHOT_COLUMNS });
   });
 
   it('2. updateTransactionsSettlementStatus updates statuses selectively', async () => {
@@ -186,13 +186,13 @@ describe('server/models/TransactionSettlement', () => {
 
     const updatedDebts = await TransactionSettlement.getHostDebts(host.id);
     await utils.preloadAssociationsForTransactions(updatedDebts, SNAPSHOT_COLUMNS);
-    utils.snapshotTransactions(updatedDebts, { columns: SNAPSHOT_COLUMNS, loadAssociations: true });
+    utils.snapshotTransactions(updatedDebts, { columns: SNAPSHOT_COLUMNS });
   });
 
   it('3. getHostDebts can then filter by settlement status', async () => {
     const debts = await TransactionSettlement.getHostDebts(host.id, TransactionSettlementStatus.OWED);
     await utils.preloadAssociationsForTransactions(debts, SNAPSHOT_COLUMNS);
-    utils.snapshotTransactions(debts, { columns: SNAPSHOT_COLUMNS, loadAssociations: true });
+    utils.snapshotTransactions(debts, { columns: SNAPSHOT_COLUMNS });
   });
 
   it('4. getAccountsWithOwedSettlements returns all accounts with OWED debts', async () => {
diff --git a/test/utils.js b/test/utils.ts
similarity index 85%
rename from test/utils.js
rename to test/utils.ts
index 87a554a5d3b..12f30443c44 100644
--- a/test/utils.js
+++ b/test/utils.ts
@@ -13,7 +13,7 @@ import Upload from 'graphql-upload/Upload.js';
 import { cloneDeep, get, groupBy, isArray, omit, values } from 'lodash';
 import markdownTable from 'markdown-table';
 import nock from 'nock';
-import { assert } from 'sinon';
+import sinon, { assert } from 'sinon';
 import speakeasy from 'speakeasy';
 
 import * as dbRestore from '../scripts/db_restore';
@@ -27,7 +27,7 @@ import { calcFee } from '../server/lib/payments';
 /* Server code being used */
 import stripe, { convertToStripeAmount } from '../server/lib/stripe';
 import { formatCurrency } from '../server/lib/utils';
-import models, { sequelize } from '../server/models';
+import models, { sequelize, UserToken } from '../server/models';
 
 /* Test data */
 import jsonData from './mocks/data';
@@ -116,7 +116,20 @@ export const makeRequest = (
   headers = {},
   userToken = undefined,
   personalToken = undefined,
-) => {
+): {
+  remoteUser: typeof remoteUser;
+  jwtPayload: typeof jwtPayload;
+  body: { query: string };
+  loaders: ReturnType<typeof loaders>;
+  headers: typeof headers;
+  header: (key: string) => string;
+  get: (key: string) => string;
+  userToken: typeof userToken;
+  personalToken: typeof personalToken;
+  res: { cookie: () => void };
+  query?: string;
+  variables?: Record<string, unknown>;
+} => {
   return {
     remoteUser,
     jwtPayload,
@@ -163,7 +176,14 @@ export const getResumableSleep = () => {
  * @param {*} options: { timeout, delay }
  * @returns {Promise}
  */
-export const waitForCondition = async (cond, options = {}) => {
+export const waitForCondition = async (
+  cond,
+  options: {
+    timeout?: number;
+    delay?: number;
+    onFailure?: () => void;
+  } = {},
+) => {
   const timeout = options?.timeout || 10000;
   let time = 0;
   while (time < timeout) {
@@ -181,6 +201,65 @@ export const waitForCondition = async (cond, options = {}) => {
   assert.fail(`Timeout waiting for condition: ${cond.toString()}`);
   throw new Error('Timeout waiting for condition', cond);
 };
+
+type EmailMatcher = {
+  /** @default eq */
+  op?: 'eq' | 'contains' | 'startsWith' | 'endsWith';
+} & ({ to: string } | { subject: string } | { text: string } | { html: string } | { bcc: string } | { listId: string });
+
+/**
+ * A specialization of `waitForCondition` that waits for an email
+ */
+export const waitForEmail = async (
+  emailSpy: sinon.Spy,
+  matchers: EmailMatcher | EmailMatcher[],
+  {
+    timeout = 10000,
+    matcherStrategy = 'every',
+  }: {
+    timeout?: number;
+    matcherStrategy?: 'every' | 'some';
+  } = {},
+) => {
+  const matchersArray = Array.isArray(matchers) ? matchers : [matchers];
+  return waitForCondition(
+    () =>
+      emailSpy.args?.find(email => {
+        return matchersArray[matcherStrategy](matcher => {
+          const [to, subject, html, meta] = email;
+          const { text, bcc, listId } = meta;
+          const allValues = { to, subject, text, html, bcc, listId };
+          const valueKeys = Object.keys(matcher).filter(k => k !== 'op');
+          return valueKeys.every(valueKey => {
+            const value = allValues[valueKey];
+            if (typeof value !== 'string') {
+              return false;
+            }
+
+            switch (matcher.op) {
+              case 'contains':
+                return value.includes(matcher[valueKey]);
+              case 'startsWith':
+                return value.startsWith(matcher[valueKey]);
+              case 'endsWith':
+                return value.endsWith(matcher[valueKey]);
+              default:
+                return value === matcher[valueKey];
+            }
+          });
+        });
+      }),
+    {
+      timeout: timeout,
+      onFailure: () => {
+        assert.fail(
+          `Email not found with matchers: ${JSON.stringify(matchers)} in ${emailSpy.args?.length ? JSON.stringify(emailSpy.args) : 'an empty inbox'}`,
+        );
+      },
+    },
+  );
+};
+
 /**
  * This function allows to test queries and mutations against a specific schema.
  * @param {string} query - Queries and Mutations to serve against the type schema. Example: `query Expense($id: Int!) { Expense(id: $id) { description } }`
@@ -190,13 +269,13 @@ export const waitForCondition = async (cond, options = {}) => {
  */
 export const graphqlQuery = async (
   query,
-  variables,
-  remoteUser,
+  variables = null,
+  remoteUser = null,
   schema = schemaV1,
-  jwtPayload,
-  headers,
-  userToken,
-  personalToken,
+  jwtPayload = null,
+  headers = null,
+  userToken = null,
+  personalToken = null,
 ) => {
   const prepare = () => {
     if (remoteUser) {
@@ -248,8 +327,14 @@ export async function graphqlQueryV2(
  * @param {object} variables - Variables to use in the queries and mutations. Example: { id: 1 }
  * @param {object} userToken - The user token to add to the context.
  */
-export async function oAuthGraphqlQueryV2(query, variables, userToken = {}, jwtPayload = null, headers = {}) {
-  return graphqlQuery(query, variables, userToken.user, schemaV2, jwtPayload, headers, userToken);
+export async function oAuthGraphqlQueryV2(
+  query,
+  variables,
+  userToken: UserToken = null,
+  jwtPayload = null,
+  headers = {},
+) {
+  return graphqlQuery(query, variables, userToken?.user, schemaV2, jwtPayload, headers, userToken);
 }
 
 /**
@@ -315,19 +400,6 @@ export const separator = length => {
 
 /* ---- Stripe Helpers ---- */
 
-export const createStripeToken = async () => {
-  return stripe.tokens
-    .create({
-      card: {
-        number: '4242424242424242',
-        exp_month: 12, // eslint-disable-line camelcase
-        exp_year: 2028, // eslint-disable-line camelcase
-        cvc: 222,
-      },
-    })
-    .then(st => st.id);
-};
-
 /** Stub Stripe methods used while creating transactions
  *
  * @param {sinon.sandbox} sandbox is the sandbox that the test created
@@ -489,7 +561,7 @@ export const nockFixerRates = ratesConfig => {
   nock('https://data.fixer.io')
     .persist()
     .get(/.*/)
-    .query(({ base, symbols }) => {
+    .query(({ base, symbols }: { base: string; symbols: string }) => {
       const splitSymbols = symbols.split(',');
       if (splitSymbols.every(symbol => Boolean(ratesConfig[base][symbol]))) {
         logger.debug(`Fixer: Returning mock value for ${base} -> ${symbols}`);
@@ -499,7 +571,7 @@ export const nockFixerRates = ratesConfig => {
       }
     })
     .reply(url => {
-      const { base, symbols } = querystring.parse(url);
+      const { base, symbols } = querystring.parse(url) as { base: string; symbols: string };
       return [
         200,
         {
@@ -582,7 +654,13 @@ export const printLedger = async (columns = ['type', 'amount', 'CollectiveId', '
  * Generate a snapshot using a markdown table, aliasing columns for a prettier output.
  * If associations (collective, host, ...etc) are loaded, their names will be used for the output.
  */
-export const snapshotTransactions = (transactions, params = {}) => {
+export const snapshotTransactions = (
+  transactions,
+  params: {
+    columns?: string[];
+    prettyAmounts?: boolean;
+  } = {},
+) => {
   if (!transactions?.length) {
     throw new Error('snapshotTransactions does not support empty arrays');
   }
@@ -593,7 +671,16 @@ export const snapshotTransactions = (transactions, params = {}) => {
 /**
  * Makes a full snapshot of the ledger
  */
-export const snapshotLedger = async (columns, { where = null, order = [['id', 'DESC']] } = {}) => {
+export const snapshotLedger = async (
+  columns,
+  {
+    where = null,
+    order = [['id', 'DESC']],
+  }: {
+    where?: Parameters<typeof models.Transaction.findAll>[0]['where'];
+    order?: Parameters<typeof models.Transaction.findAll>[0]['order'];
+  } = {},
+) => {
   const transactions = await models.Transaction.findAll({ where, order });
   await preloadAssociationsForTransactions(transactions, columns);
   if (columns.includes('settlementStatus')) {
@@ -649,12 +736,14 @@ export const useIntegrationTestRecorder = (baseUrl, testFileName, preProcessNock
   });
 };
 
-/**
- * @param {"images/camera.png"|"images/empty.jpg"|"images/corrupt.jpg"|"files/transactions.csv"} mockFile
- * @param {object} options
- * @param {number} options.simulatedSize - An approximate size to simulate the file size in bytes (to test for large files)
- */
-export const getMockFileUpload = (mockFile = 'images/camera.png', { simulatedSize } = {}) => {
+export const getMockFileUpload = (
+  mockFile:
+    | 'images/camera.png'
+    | 'images/empty.jpg'
+    | 'images/corrupt.jpg'
+    | 'files/transactions.csv' = 'images/camera.png',
+  { simulatedSize }: { simulatedSize?: number } = {},
+) => {
   const file = new Upload();
   const mimeType = mockFile.includes('.csv') ? 'text/csv' : mockFile.includes('.png') ? 'image/png' : 'image/jpeg';
 

From d2b9e1b712c1f89051124808acf8ed5f72984946 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Thu, 28 Nov 2024 09:35:24 +0100
Subject: [PATCH 088/129] fix(migration): remove invalid Twitter accounts
 (#10493)

---
 ...6101027-remove-invalid-twitter-accounts.js | 47 +++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 migrations/20241126101027-remove-invalid-twitter-accounts.js

diff --git a/migrations/20241126101027-remove-invalid-twitter-accounts.js b/migrations/20241126101027-remove-invalid-twitter-accounts.js
new file mode 100644
index 00000000000..8b19c0bb59f
--- /dev/null
+++ b/migrations/20241126101027-remove-invalid-twitter-accounts.js
@@ -0,0 +1,47 @@
+'use strict';
+
+/** @type {import('sequelize-cli').Migration} */
+module.exports = {
+  async up(queryInterface) {
+    // Remove accounts from inactive collectives
+    await queryInterface.sequelize.query(`
+      WITH affected_accounts AS (
+        SELECT ca.id
+        FROM "ConnectedAccounts" ca
+        INNER JOIN "Collectives" c ON ca."CollectiveId" = c.id
+        WHERE ca.service = 'twitter'
+        AND ca."deletedAt" IS NULL
+        AND c."deletedAt" IS NULL
+        AND c."isActive" IS FALSE
+      ) UPDATE "ConnectedAccounts" ca
+      SET
+        "deletedAt" = NOW(),
+        "settings" = JSONB_SET(COALESCE(ca."settings", '{}'), '{deletedByMigration20241126101027}', 'true')
+      FROM affected_accounts
+      WHERE ca."id" = affected_accounts.id
+    `);
+
+    // Remove accounts that have never been reconnected after the migration
+    await queryInterface.sequelize.query(`
+      UPDATE "ConnectedAccounts"
+      SET
+        "deletedAt" = NOW(),
+        "settings" = JSONB_SET(COALESCE("settings", '{}'), '{deletedByMigration20241126101027}', 'true')
+      WHERE service = 'twitter'
+      AND "deletedAt" IS NULL
+      AND (settings -> 'needsReconnect')::boolean IS TRUE
+    `);
+  },
+
+  async down(queryInterface) {
+    await queryInterface.sequelize.query(`
+      UPDATE "ConnectedAccounts"
+      SET
+        "deletedAt" = NULL,
+        "settings" = "settings" - 'deletedByMigration20241126101027'
+      WHERE service = 'twitter'
+      AND "deletedAt" IS NOT NULL
+      AND (settings -> 'deletedByMigration20241126101027')::boolean IS TRUE
+    `);
+  },
+};

From 8c8f122bd2231fc36dd0f78d0cd97c35635a8f8b Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Thu, 28 Nov 2024 14:10:07 +0100
Subject: [PATCH 089/129] fix(Collective): handle image uploads with size
 format (#10503)

---
 server/lib/collectivelib.ts           | 44 +++++++++++++++---
 server/models/Collective.ts           | 29 ++++++------
 test/server/lib/collectivelib.test.ts | 67 ++++++++++++++++++++++++++-
 test/server/models/Collective.test.js | 18 +++++++
 4 files changed, 134 insertions(+), 24 deletions(-)

diff --git a/server/lib/collectivelib.ts b/server/lib/collectivelib.ts
index b4b5d8c4c06..bcb8b54b09a 100644
--- a/server/lib/collectivelib.ts
+++ b/server/lib/collectivelib.ts
@@ -24,18 +24,48 @@ import { md5 } from './utils';
 const { USER } = CollectiveType;
 
 type ImageUrlOpts = {
-  height?: boolean;
+  height?: number;
   format?: string;
 };
 
+/**
+ * Takes a URL as generated by `getCollectiveAvatarUrl` or `getCollectiveBackgroundImageUrl` and returns
+ * a structured object with the collective slug, image hash, type and height - or null if the URL is invalid.
+ */
+export const parseImageServiceUrl = (url: string) => {
+  try {
+    const parsedUrl = new URL(url);
+    if (parsedUrl.origin === config.host.images) {
+      const regexWithSize =
+        /^\/(?<slug>[^/]+)\/(?<hash>[^/]+)\/(?<type>logo|avatar|background)\/(?<height>\d+)\.(?<format>[a-zA-Z]+)$/;
+      const regexWithoutSize =
+        /^\/(?<slug>[^/]+)\/(?<hash>[^/]+)\/(?<type>logo|avatar|background)\.(?<format>[a-zA-Z]+)$/;
+
+      for (const regex of [regexWithSize, regexWithoutSize]) {
+        const match = parsedUrl.pathname.match(regex);
+        if (match?.groups) {
+          return {
+            ...match.groups,
+            height: match.groups.height ? parseInt(match.groups.height, 10) : undefined,
+          } as {
+            slug: string;
+            hash: string;
+            type: 'logo' | 'avatar' | 'background';
+            height: number | undefined;
+            format: string;
+          };
+        }
+      }
+    }
+  } catch {
+    // Ignore errors
+  }
+
+  return null;
+};
+
 /**
  * Returns an URL for the given collective params
- * @param {String} collectiveSlug
- * @param {String} collectiveType
- * @param {String|null} image
- * @param {Object} args
- *    - height
- *    - format
  */
 export const getCollectiveAvatarUrl = (
   collectiveSlug: string,
diff --git a/server/models/Collective.ts b/server/models/Collective.ts
index 6dfc685ac12..20bbf520d64 100644
--- a/server/models/Collective.ts
+++ b/server/models/Collective.ts
@@ -80,6 +80,7 @@ import {
   getCollectiveAvatarUrl,
   getCollectiveBackgroundImageUrl,
   isCollectiveSlugReserved,
+  parseImageServiceUrl,
   validateSettings,
 } from '../lib/collectivelib';
 import { invalidateContributorsCache } from '../lib/contributors';
@@ -3770,17 +3771,15 @@ Collective.init(
         // A special handler to tolerate what could become a frequent developer mistake: fetching the `imageUrl`
         // from GraphQL then passing this URL (which points to our image proxy) when trying to update the model.
         // This handler detects this and simply ignores the update if the URL is the same as the current one.
-        try {
-          const parsedUrl = new URL(url);
-          if (parsedUrl.origin === config.host.images && this.image) {
-            const format = parsedUrl.pathname.split('.').pop(); // We don't want to compare on the format
-            const currentAvatarUrl = getCollectiveAvatarUrl(this.slug, this.type, this.image, { format });
-            if (currentAvatarUrl === url) {
+        if (this.image) {
+          const imageServiceDetails = parseImageServiceUrl(url);
+          if (imageServiceDetails) {
+            const imageOpts = pick(imageServiceDetails, ['format', 'height']);
+            const expectedUrl = getCollectiveAvatarUrl(this.slug, this.type, this.image, imageOpts);
+            if (expectedUrl === url) {
               return;
             }
           }
-        } catch (e) {
-          // Ignore errors, the validator will take care of throwing the right error message
         }
 
         // In normal cases, just set the value
@@ -3814,17 +3813,15 @@ Collective.init(
         // A special handler to tolerate what could become a frequent developer mistake: fetching the `backgroundImageUrl`
         // from GraphQL then passing this URL (which points to our image proxy) when trying to update the model.
         // This handler detects this and simply ignores the update if the URL is the same as the current one.
-        try {
-          const parsedUrl = new URL(url);
-          if (parsedUrl.origin === config.host.images && this.backgroundImage) {
-            const format = parsedUrl.pathname.split('.').pop(); // We don't want to compare on the format
-            const currentBackgroundUrl = getCollectiveBackgroundImageUrl(this.backgroundImage, this.slug, { format });
-            if (currentBackgroundUrl === url) {
+        if (this.backgroundImage) {
+          const imageServiceDetails = parseImageServiceUrl(url);
+          if (imageServiceDetails) {
+            const imageOpts = pick(imageServiceDetails, ['format', 'height']);
+            const expectedUrl = getCollectiveBackgroundImageUrl(this.backgroundImage, this.slug, imageOpts);
+            if (expectedUrl === url) {
               return;
             }
           }
-        } catch (e) {
-          // Ignore errors, the validator will take care of throwing the right error message
         }
 
         // In normal cases, just set the value
diff --git a/test/server/lib/collectivelib.test.ts b/test/server/lib/collectivelib.test.ts
index 9fc17120807..7388a3bf429 100644
--- a/test/server/lib/collectivelib.test.ts
+++ b/test/server/lib/collectivelib.test.ts
@@ -1,7 +1,8 @@
 import { expect } from 'chai';
+import config from 'config';
 
 import OrderStatuses from '../../../server/constants/order-status';
-import { isCollectiveDeletable } from '../../../server/lib/collectivelib';
+import { isCollectiveDeletable, parseImageServiceUrl } from '../../../server/lib/collectivelib';
 import {
   fakeCollective,
   fakeEvent,
@@ -81,4 +82,68 @@ describe('server/lib/collectivelib', () => {
       expect(await isCollectiveDeletable(parent)).to.be.false;
     });
   });
+
+  describe('parseImageServiceUrl', () => {
+    it('parses valid image URLs without size', () => {
+      expect(parseImageServiceUrl(`${config.host.images}/babel/9a38a01/background.jpg`)).to.deep.equal({
+        slug: 'babel',
+        hash: '9a38a01',
+        type: 'background',
+        format: 'jpg',
+        height: undefined,
+      });
+
+      expect(parseImageServiceUrl(`${config.host.images}/babel/9a38a01/avatar.jpg?foo=bar`)).to.deep.equal({
+        slug: 'babel',
+        hash: '9a38a01',
+        type: 'avatar',
+        format: 'jpg',
+        height: undefined,
+      });
+
+      expect(parseImageServiceUrl(`${config.host.images}/babel/9a38a01/logo.jpg?foo=bar`)).to.deep.equal({
+        slug: 'babel',
+        hash: '9a38a01',
+        type: 'logo',
+        format: 'jpg',
+        height: undefined,
+      });
+    });
+
+    it('parses valid image URLs with size', () => {
+      expect(parseImageServiceUrl(`${config.host.images}/babel/9a38a01/background/960.jpg`)).to.deep.equal({
+        slug: 'babel',
+        hash: '9a38a01',
+        type: 'background',
+        format: 'jpg',
+        height: 960,
+      });
+
+      expect(parseImageServiceUrl(`${config.host.images}/babel/9a38a01/avatar/200.jpg`)).to.deep.equal({
+        slug: 'babel',
+        hash: '9a38a01',
+        type: 'avatar',
+        format: 'jpg',
+        height: 200,
+      });
+
+      expect(parseImageServiceUrl(`${config.host.images}/babel/9a38a01/logo/300.PNG`)).to.deep.equal({
+        slug: 'babel',
+        hash: '9a38a01',
+        type: 'logo',
+        format: 'PNG',
+        height: 300,
+      });
+    });
+
+    it('returns null for invalid image URLs', () => {
+      expect(parseImageServiceUrl(``)).to.be.null;
+      expect(parseImageServiceUrl(`https://random-domain.com/babel/9a38a01/background.jpg`)).to.be.null;
+      expect(parseImageServiceUrl(`${config.host.images}/babel/9a38a01/invalid.jpg`)).to.be.null;
+      expect(parseImageServiceUrl(`${config.host.images}/babel/9a38a01/invalid.jpg`)).to.be.null;
+      expect(parseImageServiceUrl(`${config.host.images}/babel/9a38a01/background/invalid.jpg`)).to.be.null;
+      expect(parseImageServiceUrl(`${config.host.images}/babel/9a38a01/avatar/invalid.jpg`)).to.be.null;
+      expect(parseImageServiceUrl(`${config.host.images}/babel/9a38a01/logo/invalid.jpg`)).to.be.null;
+    });
+  });
 });
diff --git a/test/server/models/Collective.test.js b/test/server/models/Collective.test.js
index 692e8973758..5a567488635 100644
--- a/test/server/models/Collective.test.js
+++ b/test/server/models/Collective.test.js
@@ -338,6 +338,15 @@ describe('server/models/Collective', () => {
         expect(collective.image).to.equal(validImage); // Not updated
       });
 
+      it('tolerates passing an URL from the image service with a size if it is the same as the current one', async () => {
+        const collective = await fakeCollective({ image: validImage });
+        const imageUrl = collective.getImageUrl({ height: 64 });
+        expect(imageUrl).to.not.equal(validImage);
+        expect(imageUrl).to.satisfy(url => url.startsWith(config.host.images));
+        await collective.update({ image: imageUrl });
+        expect(collective.image).to.equal(validImage); // Not updated
+      });
+
       it('tolerates passing an URL from the image service if only the extension differs', async () => {
         const collective = await fakeCollective({ image: validImage });
         const imageUrl = collective.getImageUrl();
@@ -407,6 +416,15 @@ describe('server/models/Collective', () => {
         expect(collective.backgroundImage).to.equal(validImage); // Not updated
       });
 
+      it('tolerates passing an URL from the image service with a size if it is the same as the current one', async () => {
+        const collective = await fakeCollective({ backgroundImage: validImage });
+        const backgroundImageUrl = collective.getBackgroundImageUrl({ height: 64 });
+        expect(backgroundImageUrl).to.not.equal(validImage);
+        expect(backgroundImageUrl).to.satisfy(url => url.startsWith(config.host.images));
+        await collective.update({ backgroundImage: backgroundImageUrl });
+        expect(collective.backgroundImage).to.equal(validImage); // Not updated
+      });
+
       it('tolerates passing an URL from the image service if only the extension differs', async () => {
         const collective = await fakeCollective({ backgroundImage: validImage });
         const backgroundImageUrl = collective.getBackgroundImageUrl();

From e21ec3cc2f17af180a791ba4ade5a998d4b1cf2f Mon Sep 17 00:00:00 2001
From: Leo Kewitz <leo@opencollective.com>
Date: Fri, 29 Nov 2024 06:03:38 -0300
Subject: [PATCH 090/129] Expense lockedFields (#10495)

* feat: add lockedFields property for expense drafts

* chore: update schema

* fix: assert items and amount are set when locking AMOUNT
---
 server/graphql/common/expenses.ts             |  57 +++-
 server/graphql/schemaV2.graphql               |  39 ++-
 .../graphql/v2/enum/ExpenseLockableFields.ts  |  24 ++
 .../graphql/v2/mutation/ExpenseMutations.ts   |  24 +-
 server/graphql/v2/object/Expense.ts           |   8 +
 server/models/Expense.ts                      |   8 +
 .../v2/mutation/ExpenseMutations.test.js      | 300 +++++++++++++++++-
 7 files changed, 454 insertions(+), 6 deletions(-)
 create mode 100644 server/graphql/v2/enum/ExpenseLockableFields.ts

diff --git a/server/graphql/common/expenses.ts b/server/graphql/common/expenses.ts
index 2ac3d49e61a..446016dc5d1 100644
--- a/server/graphql/common/expenses.ts
+++ b/server/graphql/common/expenses.ts
@@ -65,7 +65,12 @@ import { canUseFeature } from '../../lib/user-permissions';
 import { formatCurrency, parseToBoolean } from '../../lib/utils';
 import models, { Collective, sequelize, TransactionsImportRow } from '../../models';
 import AccountingCategory, { AccountingCategoryAppliesTo } from '../../models/AccountingCategory';
-import Expense, { ExpenseDataValuesByRole, ExpenseStatus, ExpenseTaxDefinition } from '../../models/Expense';
+import Expense, {
+  ExpenseDataValuesByRole,
+  ExpenseLockableFields,
+  ExpenseStatus,
+  ExpenseTaxDefinition,
+} from '../../models/Expense';
 import ExpenseAttachedFile from '../../models/ExpenseAttachedFile';
 import ExpenseItem from '../../models/ExpenseItem';
 import { MigrationLogType } from '../../models/MigrationLog';
@@ -1923,6 +1928,8 @@ export async function submitExpenseDraft(
     throw new Unauthorized('You need to submit the right draft key to edit this expense');
   }
 
+  await checkLockedFields(existingExpense, { ...expenseData, payee: requestedPayee || args.expense.payee });
+
   const options = { overrideRemoteUser: undefined, skipPermissionCheck: true, skipActivity: true };
   if (requestedPayee) {
     if (!req.remoteUser?.isAdminOfCollective(requestedPayee)) {
@@ -2011,6 +2018,45 @@ const isDifferentInvitedPayee = (expense: Expense, payee): boolean => {
   return false;
 };
 
+const checkLockedFields = async (
+  existing: Expense,
+  updated: ExpenseData & { payee?: Collective | { legacyId: number } | { email: string; name: string } },
+): Promise<void> => {
+  const lockedFields = existing?.data?.lockedFields;
+  if (!lockedFields) {
+    return;
+  }
+
+  if (lockedFields.includes(ExpenseLockableFields.DESCRIPTION) && isValueChanging(existing, updated, 'description')) {
+    throw new Unauthorized('Description cannot be edited');
+  }
+
+  if (lockedFields.includes(ExpenseLockableFields.TYPE) && isValueChanging(existing, updated, 'type')) {
+    throw new Unauthorized('Type cannot be edited');
+  }
+
+  if (lockedFields.includes(ExpenseLockableFields.PAYEE) && updated.payee) {
+    const expectedPayee = existing.data.payee;
+    if ('id' in expectedPayee) {
+      const updatedId = 'legacyId' in updated.payee ? updated.payee.legacyId : (updated.payee as Collective).id;
+      assert(updatedId && expectedPayee.id === updatedId, new Unauthorized('Payee cannot be edited'));
+    } else if ('email' in expectedPayee) {
+      if ('email' in updated.payee) {
+        assert(expectedPayee.email === updated.payee.email, new Unauthorized('Payee cannot be edited'));
+      } else {
+        const updatedId = 'legacyId' in updated.payee ? updated.payee.legacyId : updated.payee.id;
+        const user = await models.User.findOne({ where: { CollectiveId: updatedId } });
+        assert(user && expectedPayee.email === user.email, new Unauthorized('Payee cannot be edited'));
+      }
+    }
+  }
+
+  if (lockedFields.includes(ExpenseLockableFields.AMOUNT)) {
+    assert(!isValueChanging(existing, updated, 'amount'), new Unauthorized('Amount cannot be edited'));
+    assert(!isValueChanging(existing, updated, 'currency'), new Unauthorized('Currency cannot be edited'));
+  }
+};
+
 export async function sendDraftExpenseInvite(
   req: express.Request,
   expense: Expense,
@@ -2062,6 +2108,8 @@ export async function editExpenseDraft(req: express.Request, expenseData: Expens
     },
   };
 
+  await checkLockedFields(existingExpense, expenseData);
+
   if (args.expense.payee && isDifferentInvitedPayee(existingExpense, args.expense.payee)) {
     const payee = args.expense.payee as { email: string; name?: string };
     newExpenseValues.data['payee'] = payee;
@@ -2256,6 +2304,13 @@ export async function editExpense(
     }
   }
 
+  await checkLockedFields(expense, {
+    ...expenseData,
+    items: updatedItemsData,
+    amount: models.Expense.computeTotalAmountForExpense(updatedItemsData, taxes),
+    payee: options?.overrideRemoteUser?.collective || expenseData.fromCollective,
+  });
+
   // Let's take the opportunity to update collective's location
   const existingLocation = await fromCollective.getLocation();
   if (
diff --git a/server/graphql/schemaV2.graphql b/server/graphql/schemaV2.graphql
index e4de216a242..3c77538be26 100644
--- a/server/graphql/schemaV2.graphql
+++ b/server/graphql/schemaV2.graphql
@@ -2547,6 +2547,11 @@ type Expense {
   The merchant ID for this expense
   """
   merchantId: String
+
+  """
+  Fields that cannot be edited on this expense
+  """
+  lockedFields: [ExpenseLockableFields]
 }
 
 """
@@ -4153,7 +4158,7 @@ type Contributor {
   If the contributor has a page on Open Collective, this is the slug to link to it. Always null for incognito contributors
   """
   collectiveSlug: String @deprecated(reason: "2024-08-26: Use account.slug instead")
-  account: String
+  account: Account
 
   """
   Contributor avatar or logo
@@ -7538,6 +7543,31 @@ enum SecurityCheckLevel {
   HIGH
 }
 
+"""
+All fields that can be locked on an expense draft
+"""
+enum ExpenseLockableFields {
+  """
+  Locks items' amount and currency, and it also blocks the hability to add new items.
+  """
+  AMOUNT
+
+  """
+  Locks the payee field, if the user is not on the platform it locks its email.
+  """
+  PAYEE
+
+  """
+  Locks the description field.
+  """
+  DESCRIPTION
+
+  """
+  Locks the type field.
+  """
+  TYPE
+}
+
 """
 Fields for the user permissions on an transaction
 """
@@ -19496,7 +19526,12 @@ type Mutation {
     """
     Skip sending the invite email
     """
-    skipInvite: Boolean = false
+    skipInvite: Boolean! = false
+
+    """
+    Fields that the user should not be able to edit when submitting the draft
+    """
+    lockedFields: [ExpenseLockableFields]
   ): Expense!
 
   """
diff --git a/server/graphql/v2/enum/ExpenseLockableFields.ts b/server/graphql/v2/enum/ExpenseLockableFields.ts
new file mode 100644
index 00000000000..64e5ce573ce
--- /dev/null
+++ b/server/graphql/v2/enum/ExpenseLockableFields.ts
@@ -0,0 +1,24 @@
+import { GraphQLEnumType } from 'graphql';
+
+import { ExpenseLockableFields } from '../../../models/Expense';
+
+const values: Record<ExpenseLockableFields, { description: string }> = {
+  [ExpenseLockableFields.AMOUNT]: {
+    description: "Locks items' amount and currency, and it also blocks the hability to add new items.",
+  },
+  [ExpenseLockableFields.PAYEE]: {
+    description: 'Locks the payee field, if the user is not on the platform it locks its email.',
+  },
+  [ExpenseLockableFields.DESCRIPTION]: {
+    description: 'Locks the description field.',
+  },
+  [ExpenseLockableFields.TYPE]: {
+    description: 'Locks the type field.',
+  },
+};
+
+export const GraphQLExpenseLockableFields = new GraphQLEnumType({
+  name: 'ExpenseLockableFields',
+  description: 'All fields that can be locked on an expense draft',
+  values,
+});
diff --git a/server/graphql/v2/mutation/ExpenseMutations.ts b/server/graphql/v2/mutation/ExpenseMutations.ts
index 9d4af1c3014..c7c0449a5b5 100644
--- a/server/graphql/v2/mutation/ExpenseMutations.ts
+++ b/server/graphql/v2/mutation/ExpenseMutations.ts
@@ -1,9 +1,12 @@
+import assert from 'assert';
+
 import express from 'express';
 import {
   GraphQLBoolean,
   GraphQLEnumType,
   GraphQLInputObjectType,
   GraphQLInt,
+  GraphQLList,
   GraphQLNonNull,
   GraphQLString,
 } from 'graphql';
@@ -17,7 +20,7 @@ import RateLimit from '../../../lib/rate-limit';
 import twoFactorAuthLib from '../../../lib/two-factor-authentication/lib';
 import models from '../../../models';
 import { CommentType } from '../../../models/Comment';
-import ExpenseModel from '../../../models/Expense';
+import ExpenseModel, { ExpenseLockableFields } from '../../../models/Expense';
 import { createComment } from '../../common/comment';
 import {
   approveExpense,
@@ -45,6 +48,7 @@ import {
 } from '../../common/expenses';
 import { checkRemoteUserCanUseExpenses, enforceScope } from '../../common/scope-check';
 import { NotFound, RateLimitExceeded, Unauthorized, ValidationFailed } from '../../errors';
+import { GraphQLExpenseLockableFields } from '../enum/ExpenseLockableFields';
 import { GraphQLExpenseProcessAction } from '../enum/ExpenseProcessAction';
 import { GraphQLFeesPayer } from '../enum/FeesPayer';
 import { GraphQLPaymentMethodService } from '../enum/PaymentMethodService';
@@ -460,6 +464,10 @@ const expenseMutations = {
         description: 'Skip sending the invite email',
         defaultValue: false,
       },
+      lockedFields: {
+        type: new GraphQLList(GraphQLExpenseLockableFields),
+        description: 'Fields that the user should not be able to edit when submitting the draft',
+      },
     },
     async resolve(_: void, args, req: express.Request): Promise<ExpenseModel> {
       checkRemoteUserCanUseExpenses(req);
@@ -508,6 +516,17 @@ const expenseMutations = {
         payee.email = payee.email.toLowerCase();
       }
 
+      const amount = models.Expense.computeTotalAmountForExpense(items, expenseData.tax);
+
+      if (args.lockedFields?.includes(ExpenseLockableFields.AMOUNT)) {
+        assert(items.length > 0, new ValidationFailed('You need to provide at least one item to lock the amount'));
+        assert(
+          items.every(item => item.amount),
+          new ValidationFailed('All items must have an amount to lock the total amount'),
+        );
+        assert(amount > 0, new ValidationFailed('The total amount must be greater than 0'));
+      }
+
       const expense = await models.Expense.create({
         ...pick(expenseData, DRAFT_EXPENSE_FIELDS),
         status: expenseStatus.DRAFT,
@@ -517,7 +536,7 @@ const expenseMutations = {
         UserId: remoteUser.id,
         currency: expenseData.currency || collective.currency,
         incurredAt: new Date(),
-        amount: models.Expense.computeTotalAmountForExpense(items, expenseData.tax),
+        amount,
         data: {
           items: expenseData.items,
           attachedFiles: expenseData.attachedFiles,
@@ -531,6 +550,7 @@ const expenseMutations = {
           taxes: expenseData.tax,
           reference: expenseData.reference,
           notify: !args.skipInvite,
+          lockedFields: args.lockedFields,
         },
       });
 
diff --git a/server/graphql/v2/object/Expense.ts b/server/graphql/v2/object/Expense.ts
index d4e68e7e94a..ef71231b246 100644
--- a/server/graphql/v2/object/Expense.ts
+++ b/server/graphql/v2/object/Expense.ts
@@ -31,6 +31,7 @@ import { CommentCollection } from '../collection/CommentCollection';
 import { GraphQLLegalDocumentCollection } from '../collection/LegalDocumentCollection';
 import { GraphQLCurrency } from '../enum';
 import { GraphQLExpenseCurrencySource } from '../enum/ExpenseCurrencySource';
+import { GraphQLExpenseLockableFields } from '../enum/ExpenseLockableFields';
 import GraphQLExpenseStatus from '../enum/ExpenseStatus';
 import { GraphQLExpenseType } from '../enum/ExpenseType';
 import { GraphQLFeesPayer } from '../enum/FeesPayer';
@@ -668,6 +669,13 @@ export const GraphQLExpense = new GraphQLObjectType<ExpenseModel, express.Reques
           }
         },
       },
+      lockedFields: {
+        type: new GraphQLList(GraphQLExpenseLockableFields),
+        description: 'Fields that cannot be edited on this expense',
+        async resolve(expense) {
+          return expense.data?.lockedFields || [];
+        },
+      },
     };
   },
 });
diff --git a/server/models/Expense.ts b/server/models/Expense.ts
index cc850bd7342..b822f934c68 100644
--- a/server/models/Expense.ts
+++ b/server/models/Expense.ts
@@ -74,6 +74,13 @@ export type ExpenseTaxDefinition = {
   idNumber?: string;
 };
 
+export enum ExpenseLockableFields {
+  AMOUNT = 'AMOUNT',
+  PAYEE = 'PAYEE',
+  DESCRIPTION = 'DESCRIPTION',
+  TYPE = 'TYPE',
+}
+
 class Expense extends Model<InferAttributes<Expense>, InferCreationAttributes<Expense>> {
   public declare readonly id: CreationOptional<number>;
   public declare UserId: ForeignKey<User['id']>;
@@ -102,6 +109,7 @@ class Expense extends Model<InferAttributes<Expense>, InferCreationAttributes<Ex
     };
     draftKey?: string;
     taxes?: ExpenseTaxDefinition[];
+    lockedFields?: ExpenseLockableFields[];
   };
 
   public declare currency: SupportedCurrency;
diff --git a/test/server/graphql/v2/mutation/ExpenseMutations.test.js b/test/server/graphql/v2/mutation/ExpenseMutations.test.js
index c0d3f650ecf..1c3cef6f36c 100644
--- a/test/server/graphql/v2/mutation/ExpenseMutations.test.js
+++ b/test/server/graphql/v2/mutation/ExpenseMutations.test.js
@@ -2054,6 +2054,286 @@ describe('server/graphql/v2/mutation/ExpenseMutations', () => {
         const activities = await expense.getActivities({ where: { type: 'collective.expense.invite.declined' } });
         expect(activities).to.have.length(1);
       });
+
+      describe('lockedFields', () => {
+        it('cannot update PAYEE by ID', async () => {
+          const expectedUser = await fakeUser();
+          const expense = await fakeExpense({
+            data: { draftKey: 'fake-key', lockedFields: ['PAYEE'], payee: { id: expectedUser.CollectiveId } },
+            status: expenseStatus.DRAFT,
+          });
+          const anotherUser = await fakeUser();
+
+          let result = await graphqlQueryV2(
+            editExpenseMutation,
+            {
+              expense: {
+                id: idEncode(expense.id, IDENTIFIER_TYPES.EXPENSE),
+
+                payee: {
+                  legacyId: 122,
+                },
+              },
+              draftKey: 'fake-key',
+            },
+            anotherUser,
+          );
+          expect(result.errors[0].message).to.include('Payee cannot be edited');
+
+          result = await graphqlQueryV2(
+            editExpenseMutation,
+            {
+              expense: {
+                id: idEncode(expense.id, IDENTIFIER_TYPES.EXPENSE),
+
+                payee: {
+                  name: 'New Folk',
+                  email: randEmail(),
+                  organization: {
+                    name: 'Folk Ventures',
+                    slug: randStr('folk-'),
+                  },
+                },
+              },
+              draftKey: 'fake-key',
+            },
+            anotherUser,
+          );
+          expect(result.errors[0].message).to.include('Payee cannot be edited');
+
+          result = await graphqlQueryV2(
+            editExpenseMutation,
+            {
+              expense: {
+                id: idEncode(expense.id, IDENTIFIER_TYPES.EXPENSE),
+
+                payee: {
+                  legacyId: expectedUser.CollectiveId,
+                },
+              },
+              draftKey: 'fake-key',
+            },
+            expectedUser,
+          );
+          result.errors && console.error(result.errors);
+          expect(result.errors).to.not.exist;
+        });
+
+        it('cannot update invited PAYEE by email with different email', async () => {
+          const email = randEmail();
+          const expense = await fakeExpense({
+            data: { draftKey: 'fake-key', lockedFields: ['PAYEE'], payee: { email } },
+            status: expenseStatus.DRAFT,
+          });
+          const anotherUser = await fakeUser();
+          let result = await graphqlQueryV2(
+            editExpenseMutation,
+            {
+              expense: {
+                id: idEncode(expense.id, IDENTIFIER_TYPES.EXPENSE),
+                payee: {
+                  name: 'New Folk',
+                  email: randEmail(),
+                },
+              },
+              draftKey: 'fake-key',
+            },
+            anotherUser,
+          );
+          expect(result.errors[0].message).to.include('Payee cannot be edited');
+
+          result = await graphqlQueryV2(
+            editExpenseMutation,
+            {
+              expense: {
+                id: idEncode(expense.id, IDENTIFIER_TYPES.EXPENSE),
+                payee: {
+                  name: 'New Folk',
+                  email,
+                },
+              },
+              draftKey: 'fake-key',
+            },
+            anotherUser,
+          );
+          expect(result.errors).to.not.exist;
+        });
+
+        it('cannot update invited PAYEE by email with different user', async () => {
+          const correctUser = await fakeUser();
+          const expense = await fakeExpense({
+            data: { draftKey: 'fake-key', lockedFields: ['PAYEE'], payee: { email: correctUser.email } },
+            status: expenseStatus.DRAFT,
+          });
+          const anotherUser = await fakeUser();
+          let result = await graphqlQueryV2(
+            editExpenseMutation,
+            {
+              expense: {
+                id: idEncode(expense.id, IDENTIFIER_TYPES.EXPENSE),
+                payee: {
+                  legacyId: anotherUser.CollectiveId,
+                },
+              },
+              draftKey: 'fake-key',
+            },
+            anotherUser,
+          );
+          expect(result.errors[0].message).to.include('Payee cannot be edited');
+
+          result = await graphqlQueryV2(
+            editExpenseMutation,
+            {
+              expense: {
+                id: idEncode(expense.id, IDENTIFIER_TYPES.EXPENSE),
+                payee: {
+                  legacyId: correctUser.CollectiveId,
+                },
+              },
+              draftKey: 'fake-key',
+            },
+            correctUser,
+          );
+          expect(result.errors).to.not.exist;
+        });
+
+        it('cannot update DESCRIPTION or TYPE', async () => {
+          const expense = await fakeExpense({
+            type: 'INVOICE',
+            description: 'TEST',
+            data: { draftKey: 'fake-key', lockedFields: ['DESCRIPTION', 'TYPE'] },
+            status: expenseStatus.DRAFT,
+          });
+          const anotherUser = await fakeUser();
+
+          let result = await graphqlQueryV2(
+            editExpenseMutation,
+            {
+              expense: {
+                id: idEncode(expense.id, IDENTIFIER_TYPES.EXPENSE),
+                description: 'This is a test.',
+                type: 'INVOICE',
+                payee: {
+                  name: 'New Folk',
+                  email: randEmail(),
+                  organization: {
+                    name: 'Folk Ventures',
+                    slug: randStr('folk-'),
+                  },
+                },
+              },
+              draftKey: 'fake-key',
+            },
+            anotherUser,
+          );
+          expect(result.errors[0].message).to.include('Description cannot be edited');
+
+          result = await graphqlQueryV2(
+            editExpenseMutation,
+            {
+              expense: {
+                id: idEncode(expense.id, IDENTIFIER_TYPES.EXPENSE),
+                description: 'TEST',
+                type: 'RECEIPT',
+                payee: {
+                  name: 'New Folk',
+                  email: randEmail(),
+                  organization: {
+                    name: 'Folk Ventures',
+                    slug: randStr('folk-'),
+                  },
+                },
+              },
+              draftKey: 'fake-key',
+            },
+            anotherUser,
+          );
+          expect(result.errors[0].message).to.include('Type cannot be edited');
+        });
+
+        it('cannot update AMOUNT', async () => {
+          const expense = await fakeExpense({
+            amount: 1000,
+            currency: 'USD',
+            data: { draftKey: 'fake-key', lockedFields: ['AMOUNT'] },
+            status: expenseStatus.DRAFT,
+          });
+          const anotherUser = await fakeUser();
+
+          let result = await graphqlQueryV2(
+            editExpenseMutation,
+            {
+              expense: {
+                id: idEncode(expense.id, IDENTIFIER_TYPES.EXPENSE),
+                currency: 'USD',
+                items: [
+                  {
+                    amount: 2000,
+                    incurredAt: new Date(),
+                    description: 'Item 1',
+                  },
+                ],
+                payee: {
+                  name: 'New Folk',
+                  email: randEmail(),
+                },
+              },
+              draftKey: 'fake-key',
+            },
+            anotherUser,
+          );
+          expect(result.errors[0].message).to.include('Amount cannot be edited');
+
+          result = await graphqlQueryV2(
+            editExpenseMutation,
+            {
+              expense: {
+                id: idEncode(expense.id, IDENTIFIER_TYPES.EXPENSE),
+                currency: 'EUR',
+                items: [
+                  {
+                    amount: 2000,
+                    incurredAt: new Date(),
+                    description: 'Item 1',
+                  },
+                ],
+                payee: {
+                  name: 'New Folk',
+                  email: randEmail(),
+                },
+              },
+              draftKey: 'fake-key',
+            },
+            anotherUser,
+          );
+          expect(result.errors[0].message).to.include('Currency cannot be edited');
+
+          result = await graphqlQueryV2(
+            editExpenseMutation,
+            {
+              expense: {
+                id: idEncode(expense.id, IDENTIFIER_TYPES.EXPENSE),
+                currency: 'USD',
+                description: 'This is a test.',
+                items: [
+                  {
+                    amount: 1000,
+                    incurredAt: new Date(),
+                    description: 'Item 1',
+                  },
+                ],
+                payee: {
+                  name: 'New Folk',
+                  email: randEmail(),
+                },
+              },
+              draftKey: 'fake-key',
+            },
+            anotherUser,
+          );
+          expect(result.errors).to.not.exist;
+        });
+      });
     });
 
     it('resets paid card charge expense missing details status', async () => {
@@ -4213,12 +4493,19 @@ describe('server/graphql/v2/mutation/ExpenseMutations', () => {
         $expense: ExpenseInviteDraftInput!
         $account: AccountReferenceInput!
         $skipInvite: Boolean
+        $lockedFields: [ExpenseLockableFields]
       ) {
-        draftExpenseAndInviteUser(expense: $expense, account: $account, skipInvite: $skipInvite) {
+        draftExpenseAndInviteUser(
+          expense: $expense
+          account: $account
+          skipInvite: $skipInvite
+          lockedFields: $lockedFields
+        ) {
           id
           legacyId
           status
           draft
+          lockedFields
         }
       }
     `;
@@ -4355,5 +4642,16 @@ describe('server/graphql/v2/mutation/ExpenseMutations', () => {
       expect(expense.status).to.eq(expenseStatus.DRAFT);
       expect(emailLib.sendMessage.callCount).to.eq(0);
     });
+
+    it('allows user to lock expense fields', async () => {
+      const result = await graphqlQueryV2(
+        draftExpenseAndInviteUserMutation,
+        { expense: invoice, account: { legacyId: collective.id }, lockedFields: ['AMOUNT', 'TYPE'] },
+        user,
+      );
+
+      const draftedExpense = result.data.draftExpenseAndInviteUser;
+      expect(draftedExpense.lockedFields).to.deep.equal(['AMOUNT', 'TYPE']);
+    });
   });
 });

From 17fda0687b69eedac50e0b782fd6470c71398059 Mon Sep 17 00:00:00 2001
From: Leo Kewitz <leo@opencollective.com>
Date: Fri, 29 Nov 2024 10:33:06 -0300
Subject: [PATCH 091/129] fix: expenses.lastCommentBy deleted comment false
 positive (#10505)

---
 .../graphql/v2/query/collection/ExpensesCollectionQuery.ts  | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/graphql/v2/query/collection/ExpensesCollectionQuery.ts b/server/graphql/v2/query/collection/ExpensesCollectionQuery.ts
index 014677bf091..10a9782bcc5 100644
--- a/server/graphql/v2/query/collection/ExpensesCollectionQuery.ts
+++ b/server/graphql/v2/query/collection/ExpensesCollectionQuery.ts
@@ -394,7 +394,7 @@ export const ExpensesCollectionQueryResolver = async (
     if (CollectiveIds.length) {
       conditions.push(
         sequelize.literal(
-          `(SELECT "FromCollectiveId" FROM "Comments" WHERE "Comments"."ExpenseId" = "Expense"."id" ORDER BY "id" DESC LIMIT 1)
+          `(SELECT "FromCollectiveId" FROM "Comments" WHERE "Comments"."deletedAt" IS NULL AND "Comments"."ExpenseId" = "Expense"."id" ORDER BY "id" DESC LIMIT 1)
             IN (
               SELECT "MemberCollectiveId" FROM "Members" WHERE
               "role" = 'ADMIN' AND "deletedAt" IS NULL AND
@@ -407,7 +407,7 @@ export const ExpensesCollectionQueryResolver = async (
     if (args.lastCommentBy.includes('USER')) {
       conditions.push(
         sequelize.literal(
-          `(SELECT "CreatedByUserId" FROM "Comments" WHERE "Comments"."ExpenseId" = "Expense"."id" ORDER BY "id" DESC LIMIT 1) = "Expense"."UserId"`,
+          `(SELECT "CreatedByUserId" FROM "Comments" WHERE "Comments"."deletedAt" IS NULL AND "Comments"."ExpenseId" = "Expense"."id" ORDER BY "id" DESC LIMIT 1) = "Expense"."UserId"`,
         ),
       );
     }
@@ -448,7 +448,7 @@ export const ExpensesCollectionQueryResolver = async (
   const { offset, limit } = args;
 
   const fetchNodes = () => {
-    return Expense.findAll({ include, where, order, offset, limit });
+    return Expense.findAll({ include, where, order, offset, limit, logging: true });
   };
 
   const fetchTotalCount = () => {

From 595826cb4f9455dd4af6228438a0091795318dc8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Hodierne?= <francois@hodierne.net>
Date: Mon, 2 Dec 2024 10:46:10 +0100
Subject: [PATCH 092/129] reject contributions even if cancelled (#10502)

allow to cleanup accounts from undesired past recurring contributors
---
 cron/disabled/reject-contributions.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/cron/disabled/reject-contributions.js b/cron/disabled/reject-contributions.js
index 9e318f3672f..3b2dc82197a 100644
--- a/cron/disabled/reject-contributions.js
+++ b/cron/disabled/reject-contributions.js
@@ -17,7 +17,7 @@ import { runCronJob } from '../utils';
 const query = `SELECT "Orders"."id"
   FROM "Orders", "Collectives", "Collectives" as "FromCollectives"
   WHERE "Orders"."CollectiveId" = "Collectives"."id" AND "FromCollectives"."id" = "Orders"."FromCollectiveId"
-  AND "Orders"."status" IN ('ACTIVE', 'PAID')
+  AND "Orders"."status" IN ('ACTIVE', 'PAID', 'CANCELLED')
   AND "Orders"."deletedAt" IS NULL
   AND "Collectives"."settings"->'moderation'->'rejectedCategories' IS NOT NULL
   AND jsonb_array_length("Collectives"."settings"->'moderation'->'rejectedCategories') > 0
@@ -108,7 +108,7 @@ async function run({ dryRun, limit, force } = {}) {
             } else if (force) {
               await createRefundTransaction(transaction, 0, null);
             } else {
-              if (order.status === 'PAID') {
+              if (order.status === 'PAID' || order.status === 'CANCELLED') {
                 shouldNotifyContributor = false;
               }
             }
@@ -126,7 +126,7 @@ async function run({ dryRun, limit, force } = {}) {
       }
     } else {
       logger.info(`  - No transaction found`);
-      if (order.status === 'PAID') {
+      if (order.status === 'PAID' || order.status === 'CANCELLED') {
         shouldNotifyContributor = false;
       }
     }

From c2796c1ac14e27eb4930c71a82e2b9b4ad444a81 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Mon, 2 Dec 2024 11:22:43 +0100
Subject: [PATCH 093/129] test: Add coverage for Elastic Search (#10498)

---
 .github/workflows/ci.yml                      |  13 +-
 config/ci.json                                |   3 +
 config/test.json                              |   3 +
 scripts/search.ts                             |   7 +-
 server/graphql/loaders/index.js               |   2 +-
 server/graphql/loaders/search.ts              |  36 +-
 server/graphql/v2/query/SearchQuery.ts        |  10 +-
 .../ElasticSearchCollectivesAdapter.ts        |   2 +-
 .../adapters/ElasticSearchExpensesAdapter.ts  |   1 +
 .../ElasticSearchTransactionsAdapter.ts       |   8 +-
 .../adapters/ElasticSearchUpdatesAdapter.ts   |   4 +
 server/lib/elastic-search/graphql-search.ts   |   1 -
 server/lib/elastic-search/search.ts           |  22 +-
 server/lib/elastic-search/sync.ts             |   5 +
 server/lib/sql-search.ts                      |  11 +-
 server/models/User.ts                         |  11 +-
 .../mutation/HostApplicationMutations.test.ts |   3 +-
 .../graphql/v2/query/SearchQuery.test.ts      | 610 ++++++++++++++++++
 test/test-helpers/fake-data.ts                |   4 +-
 19 files changed, 706 insertions(+), 50 deletions(-)
 create mode 100644 test/server/graphql/v2/query/SearchQuery.test.ts

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 42feb40a08c..fd87f94c0b0 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -269,7 +269,18 @@ jobs:
         ports:
           - 5432:5432
         options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
-
+      elastic:
+        image: elasticsearch:8.15.2
+        ports:
+          - 9200:9200
+        env:
+          discovery.type: single-node
+          xpack.security.enabled: false
+        options: >-
+          --health-cmd="curl --silent --fail http://localhost:9200/_cluster/health || exit 1"
+          --health-interval=10s
+          --health-timeout=15s
+          --health-retries=30
     steps:
       - name: Checkout
         uses: actions/checkout@v4
diff --git a/config/ci.json b/config/ci.json
index d05e14fabb9..50fecab3eff 100644
--- a/config/ci.json
+++ b/config/ci.json
@@ -6,6 +6,9 @@
       "benchmark": true
     }
   },
+  "elasticSearch": {
+    "url": "http://localhost:9200"
+  },
   "fees": {
     "default": {
       "hostPercent": 5,
diff --git a/config/test.json b/config/test.json
index 04b1de70183..60ec13e2174 100644
--- a/config/test.json
+++ b/config/test.json
@@ -3,6 +3,9 @@
   "database": {
     "url": "postgres://opencollective@127.0.0.1:5432/opencollective_test"
   },
+  "elasticSearch": {
+    "url": "http://localhost:9200"
+  },
   "fees": {
     "default": {
       "hostPercent": 5,
diff --git a/scripts/search.ts b/scripts/search.ts
index 988fadfc7f4..e0bdf04620e 100644
--- a/scripts/search.ts
+++ b/scripts/search.ts
@@ -179,19 +179,18 @@ program
     const limit = parseInt(options.limit, 10);
     const account = options.account && (await models.Collective.findBySlug(options.account));
     const host = options.host && (await models.Collective.findBySlug(options.host));
-    let adminOfAccountIds = [];
+    let asUser = null;
     if (options.as) {
       const asCollective = await models.Collective.findBySlug(options.as);
-      const asUser = asCollective && (await models.User.findOne({ where: { CollectiveId: asCollective.id } }));
+      asUser = asCollective && (await models.User.findOne({ where: { CollectiveId: asCollective.id } }));
       if (!asUser) {
         throw new Error(`User not found: ${options.as}`);
       }
 
       await asUser.populateRoles();
-      adminOfAccountIds = Object.keys(asUser.rolesByCollectiveId).filter(id => asUser.isAdmin(id));
     }
 
-    const result = await elasticSearchGlobalSearch(indexes, query, limit, adminOfAccountIds, account, host);
+    const result = await elasticSearchGlobalSearch(indexes, query, limit, asUser, account, host);
     console.log('Result', JSON.stringify(result, null, 2));
   });
 
diff --git a/server/graphql/loaders/index.js b/server/graphql/loaders/index.js
index 7e516396d8c..cf4f39ac560 100644
--- a/server/graphql/loaders/index.js
+++ b/server/graphql/loaders/index.js
@@ -926,7 +926,7 @@ export const loaders = req => {
   /** *** TransactionsImports *****/
   context.loaders.TransactionsImport.stats = generateTransactionsImportStatsLoader();
 
-  context.loaders.search = generateSearchLoaders();
+  context.loaders.search = generateSearchLoaders(req);
 
   return context.loaders;
 };
diff --git a/server/graphql/loaders/search.ts b/server/graphql/loaders/search.ts
index 82aca51ddae..07f2f07b723 100644
--- a/server/graphql/loaders/search.ts
+++ b/server/graphql/loaders/search.ts
@@ -43,7 +43,7 @@ export type SearchResultBucket = {
 /**
  * A loader to batch search requests on multiple indexes into a single ElasticSearch query.
  */
-export const generateSearchLoaders = () => {
+export const generateSearchLoaders = req => {
   return new DataLoader<SearchParams, SearchResultBucket>(async (entries: SearchParams[]) => {
     const groupedRequests = groupBy(entries, 'requestId');
     const requestsResults = new Map<string, SearchResponse>();
@@ -57,26 +57,32 @@ export const generateSearchLoaders = () => {
     // Go through all the search request (one `search` field in the query = one request)
     for (const requestId in groupedRequests) {
       const firstRequest = groupedRequests[requestId][0];
-      const { searchTerm, limit, adminOfAccountIds, account, host } = firstRequest;
+      const { searchTerm, limit, account, host } = firstRequest;
       const indexes = groupedRequests[requestId].map(entry => entry.index) as ElasticSearchIndexName[];
-      const results = await elasticSearchGlobalSearch(indexes, searchTerm, limit, adminOfAccountIds, account, host);
-      if (results._shards.failures) {
-        reportMessageToSentry('ElasticSearch search shard failures', {
-          extra: {
-            failures: results._shards.failures,
-            request: firstRequest,
-            indexes,
-          },
-        });
-      }
+      const results = await elasticSearchGlobalSearch(indexes, searchTerm, limit, req.remoteUser, account, host);
+      if (results) {
+        if (results._shards?.failures) {
+          reportMessageToSentry('ElasticSearch search shard failures', {
+            extra: {
+              failures: results._shards.failures,
+              request: firstRequest,
+              indexes,
+            },
+          });
+        }
 
-      requestsResults.set(requestId, results);
+        requestsResults.set(requestId, results);
+      }
     }
 
     return entries.map(entry => {
       const results = requestsResults.get(entry.requestId);
-      const resultsAggregationsByIndex = results.aggregations.by_index as AggregationsMultiBucketAggregateBase;
-      const buckets = resultsAggregationsByIndex.buckets as Array<SearchResultBucket>;
+      const resultsAggregationsByIndex = results?.aggregations?.by_index as AggregationsMultiBucketAggregateBase;
+      const buckets = resultsAggregationsByIndex?.buckets as Array<SearchResultBucket>;
+      if (!buckets) {
+        return null;
+      }
+
       return buckets.find(bucket => bucket.key === entry.index);
     });
   });
diff --git a/server/graphql/v2/query/SearchQuery.ts b/server/graphql/v2/query/SearchQuery.ts
index e9e6e5050e7..56cd909ec39 100644
--- a/server/graphql/v2/query/SearchQuery.ts
+++ b/server/graphql/v2/query/SearchQuery.ts
@@ -44,13 +44,13 @@ const SearchQuery = {
     },
   },
   async resolve(_: void, { searchTerm, ...args }, req: express.Request) {
-    if (config.env === 'production' && !req.remoteUser?.isRoot()) {
+    const { remoteUser } = req;
+    if (config.env === 'production' && !remoteUser?.isRoot()) {
       throw new Error('This query is only available to root users in production');
     }
 
     const host = args.host && (await fetchAccountWithReference(args.host));
     const account = args.account && (await fetchAccountWithReference(args.account));
-    const adminOfAccountIds = req.remoteUser?.getAdministratedCollectiveIds() ?? [];
     const limit = args.defaultLimit;
 
     // Fall back to Postgres in non-production environments if ElasticSearch is not configured
@@ -63,8 +63,8 @@ const SearchQuery = {
 
     // Elastic search
     if (useElasticSearch) {
-      const requestId = getElasticSearchQueryId(req.remoteUser, host, account, searchTerm);
-      const query = { requestId, limit, searchTerm, adminOfAccountIds, account, host };
+      const requestId = getElasticSearchQueryId(remoteUser, host, account, searchTerm);
+      const query = { requestId, limit, searchTerm, account, host };
       return {
         results: {
           accounts: getElasticSearchIndexResolver(req, 'collectives', query),
@@ -80,7 +80,7 @@ const SearchQuery = {
     }
     // This falls back to Postgres as a search engine, which is not efficient and should be used only for dev/debugging.
     else {
-      const query = { searchTerm, limit, adminOfAccountIds, host, account, timeout: args.timeout };
+      const query = { searchTerm, limit, remoteUser, host, account, timeout: args.timeout };
       return {
         results: {
           accounts: getSQLSearchResolver(models.Collective, query),
diff --git a/server/lib/elastic-search/adapters/ElasticSearchCollectivesAdapter.ts b/server/lib/elastic-search/adapters/ElasticSearchCollectivesAdapter.ts
index 0eb7b573859..244ce97d91c 100644
--- a/server/lib/elastic-search/adapters/ElasticSearchCollectivesAdapter.ts
+++ b/server/lib/elastic-search/adapters/ElasticSearchCollectivesAdapter.ts
@@ -90,7 +90,7 @@ export class ElasticSearchCollectivesAdapter implements ElasticSearchModelAdapte
             should: [
               { terms: { HostCollectiveId: adminOfAccountIds } },
               { terms: { ParentCollectiveId: adminOfAccountIds } },
-              { terms: { CollectiveId: adminOfAccountIds } },
+              { terms: { id: adminOfAccountIds } },
             ],
           },
         },
diff --git a/server/lib/elastic-search/adapters/ElasticSearchExpensesAdapter.ts b/server/lib/elastic-search/adapters/ElasticSearchExpensesAdapter.ts
index 656ccbb124f..3bdf253e391 100644
--- a/server/lib/elastic-search/adapters/ElasticSearchExpensesAdapter.ts
+++ b/server/lib/elastic-search/adapters/ElasticSearchExpensesAdapter.ts
@@ -87,6 +87,7 @@ export class ElasticSearchExpensesAdapter implements ElasticSearchModelAdapter {
               { terms: { HostCollectiveId: adminOfAccountIds } },
               { terms: { ParentCollectiveId: adminOfAccountIds } },
               { terms: { CollectiveId: adminOfAccountIds } },
+              { terms: { FromCollectiveId: adminOfAccountIds } },
             ],
           },
         };
diff --git a/server/lib/elastic-search/adapters/ElasticSearchTransactionsAdapter.ts b/server/lib/elastic-search/adapters/ElasticSearchTransactionsAdapter.ts
index ab6ed49640d..d411eea5c93 100644
--- a/server/lib/elastic-search/adapters/ElasticSearchTransactionsAdapter.ts
+++ b/server/lib/elastic-search/adapters/ElasticSearchTransactionsAdapter.ts
@@ -18,6 +18,7 @@ export class ElasticSearchTransactionsAdapter implements ElasticSearchModelAdapt
       kind: { type: 'keyword' },
       description: { type: 'text' },
       uuid: { type: 'keyword' },
+      TransactionGroup: { type: 'keyword' },
       // Relationships
       CollectiveId: { type: 'keyword' },
       FromCollectiveId: { type: 'keyword' },
@@ -54,6 +55,7 @@ export class ElasticSearchTransactionsAdapter implements ElasticSearchModelAdapt
       CollectiveId: instance.CollectiveId,
       FromCollectiveId: instance.FromCollectiveId,
       HostCollectiveId: instance.HostCollectiveId,
+      TransactionGroup: instance.TransactionGroup,
       merchantId: instance.merchantId,
     };
   }
@@ -63,9 +65,9 @@ export class ElasticSearchTransactionsAdapter implements ElasticSearchModelAdapt
     return {
       default: 'PUBLIC' as const,
       fields: {
-        merchantId: {
-          terms: { HostCollectiveId: adminOfAccountIds },
-        },
+        merchantId: !adminOfAccountIds.length
+          ? ('FORBIDDEN' as const)
+          : { terms: { HostCollectiveId: adminOfAccountIds } },
       },
     };
     /* eslint-enable camelcase */
diff --git a/server/lib/elastic-search/adapters/ElasticSearchUpdatesAdapter.ts b/server/lib/elastic-search/adapters/ElasticSearchUpdatesAdapter.ts
index a7fa376faa3..8222f101314 100644
--- a/server/lib/elastic-search/adapters/ElasticSearchUpdatesAdapter.ts
+++ b/server/lib/elastic-search/adapters/ElasticSearchUpdatesAdapter.ts
@@ -16,6 +16,8 @@ export class ElasticSearchUpdatesAdapter implements ElasticSearchModelAdapter {
       createdAt: { type: 'date' },
       updatedAt: { type: 'date' },
       html: { type: 'text' },
+      title: { type: 'text' },
+      slug: { type: 'keyword' },
       isPrivate: { type: 'boolean' },
       // Relationships
       CollectiveId: { type: 'keyword' },
@@ -55,7 +57,9 @@ export class ElasticSearchUpdatesAdapter implements ElasticSearchModelAdapter {
       createdAt: instance.createdAt,
       updatedAt: instance.updatedAt,
       isPrivate: instance.isPrivate,
+      slug: instance.slug,
       html: stripHTMLOrEmpty(instance.html),
+      title: instance.title,
       CollectiveId: instance.CollectiveId,
       FromCollectiveId: instance.FromCollectiveId,
       CreatedByUserId: instance.CreatedByUserId,
diff --git a/server/lib/elastic-search/graphql-search.ts b/server/lib/elastic-search/graphql-search.ts
index d4d7c6e6bf7..b8d770e22fe 100644
--- a/server/lib/elastic-search/graphql-search.ts
+++ b/server/lib/elastic-search/graphql-search.ts
@@ -80,7 +80,6 @@ export const getElasticSearchIndexResolver = (
     requestId: string;
     searchTerm: string;
     limit: number;
-    adminOfAccountIds: number[];
     account: Collective;
     host: Collective;
   },
diff --git a/server/lib/elastic-search/search.ts b/server/lib/elastic-search/search.ts
index 356e5acb823..6bf5762f249 100644
--- a/server/lib/elastic-search/search.ts
+++ b/server/lib/elastic-search/search.ts
@@ -4,7 +4,7 @@
 
 import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
 
-import { Collective } from '../../models';
+import { Collective, User } from '../../models';
 
 import { ElasticSearchModelsAdapters } from './adapters';
 import { getElasticSearchClient } from './client';
@@ -38,7 +38,7 @@ const getAccountFilterConditions = (account: Collective, host: Collective) => {
 const buildQuery = (
   searchTerm: string,
   indexes: ElasticSearchIndexName[],
-  adminOfAccountIds: number[],
+  remoteUser: User | null,
   account: Collective,
   host: Collective,
 ): {
@@ -49,6 +49,9 @@ const buildQuery = (
   const accountConditions = getAccountFilterConditions(account, host);
   const fetchedFields = new Set<string>();
   const fetchedIndexes = new Set<ElasticSearchIndexName>();
+  const adminOfAccountIds = !remoteUser ? [] : remoteUser.getAdministratedCollectiveIds();
+  const isRoot = remoteUser && remoteUser.isRoot();
+
   const query: QueryDslQueryContainer = {
     /* eslint-disable camelcase */
     bool: {
@@ -59,7 +62,7 @@ const buildQuery = (
         const adapter = ElasticSearchModelsAdapters[index];
 
         // Avoid searching on private indexes if the user is not an admin of anything
-        const permissions = adapter.getIndexPermissions(adminOfAccountIds);
+        const permissions = isRoot ? { default: 'PUBLIC' } : adapter.getIndexPermissions(adminOfAccountIds);
         if (permissions.default === 'FORBIDDEN') {
           return [];
         }
@@ -69,7 +72,7 @@ const buildQuery = (
         const isSearchableField = field => ['keyword', 'text'].includes(getField(field).type);
         const allFields = Object.keys(adapter.mappings.properties);
         const searchableFields = allFields.filter(isSearchableField);
-        const publicFields = searchableFields.filter(field => !permissions.fields?.[field]);
+        const publicFields = searchableFields.filter(field => !permissions['fields']?.[field]);
 
         // Register fetched fields and indexes for later reuse in the aggregation
         allFields.forEach(field => fetchedFields.add(field));
@@ -92,7 +95,7 @@ const buildQuery = (
                     fields: publicFields,
                   },
                 },
-                ...Object.entries(permissions.fields || {})
+                ...Object.entries(permissions['fields'] || {})
                   .filter(([, conditions]) => conditions !== 'FORBIDDEN')
                   .map(([field, conditions]) => {
                     return {
@@ -118,12 +121,17 @@ export const elasticSearchGlobalSearch = async (
   requestedIndexes: ElasticSearchIndexName[],
   searchTerm: string,
   limit: number,
-  adminOfAccountIds: number[],
+  remoteUser: User | null,
   account: Collective,
   host: Collective,
 ) => {
   const client = getElasticSearchClient({ throwIfUnavailable: true });
-  const { query, fields, indexes } = buildQuery(searchTerm, requestedIndexes, adminOfAccountIds, account, host);
+  const { query, fields, indexes } = buildQuery(searchTerm, requestedIndexes, remoteUser, account, host);
+
+  // Due to permissions, we may end up searching on no index at all (e.g. trying to search for comments while unauthenticated)
+  if (indexes.size === 0) {
+    return null;
+  }
 
   return client.search({
     /* eslint-disable camelcase */
diff --git a/server/lib/elastic-search/sync.ts b/server/lib/elastic-search/sync.ts
index c85e2df75fa..c668ea348df 100644
--- a/server/lib/elastic-search/sync.ts
+++ b/server/lib/elastic-search/sync.ts
@@ -111,3 +111,8 @@ export const deleteElasticSearchIndex = async (indexName: ElasticSearchIndexName
   const client = getElasticSearchClient({ throwIfUnavailable: true });
   await client.indices.delete({ index: indexName });
 };
+
+export const waitForAllIndexesRefresh = async () => {
+  const client = getElasticSearchClient({ throwIfUnavailable: true });
+  await client.indices.refresh({ index: '_all' });
+};
diff --git a/server/lib/sql-search.ts b/server/lib/sql-search.ts
index 40a6829d698..1a707bb427c 100644
--- a/server/lib/sql-search.ts
+++ b/server/lib/sql-search.ts
@@ -15,7 +15,7 @@ import {
   getAmountRangeQuery,
   makeConsolidatedBalanceSubquery,
 } from '../graphql/v2/input/AmountRangeInput';
-import models, { Op, sequelize } from '../models';
+import models, { Op, sequelize, User } from '../models';
 
 import { floatAmountToCents } from './math';
 import RateLimit, { ONE_HOUR_IN_SECONDS } from './rate-limit';
@@ -597,10 +597,11 @@ export const getExpenseTagFrequencies = async args => {
 const getSQLSearchConditionsForModel = (
   model: ModelStatic<Model>,
   searchTerm: string,
-  adminOfAccountIds: number[],
+  remoteUser: User,
   host?: InstanceType<typeof models.Collective>,
   account?: InstanceType<typeof models.Collective>,
 ) => {
+  const adminOfAccountIds = remoteUser?.getAdministratedCollectiveIds?.() || [];
   if (model instanceof models.Collective) {
     return {
       where: {
@@ -794,18 +795,18 @@ export const getSQLSearchResolver = (
     account,
     searchTerm,
     timeout,
-    adminOfAccountIds,
+    remoteUser,
   }: {
     limit: number;
     host?: InstanceType<typeof models.Collective>;
     account?: InstanceType<typeof models.Collective>;
     searchTerm: string;
     timeout: number;
-    adminOfAccountIds: number[];
+    remoteUser: User | null;
   },
 ) => {
   const timeoutMessage = 'Field resolution timed out';
-  const query = getSQLSearchConditionsForModel(model, searchTerm, adminOfAccountIds, host, account);
+  const query = getSQLSearchConditionsForModel(model, searchTerm, remoteUser, host, account);
   const order = [['id', 'ASC']] as Order;
   return {
     collection: {
diff --git a/server/models/User.ts b/server/models/User.ts
index 9a66c0ff085..b94027e5dcb 100644
--- a/server/models/User.ts
+++ b/server/models/User.ts
@@ -3,7 +3,7 @@ import { isEmailBurner } from 'burner-email-providers';
 import config from 'config';
 import debugLib from 'debug';
 import slugify from 'limax';
-import { defaults, get, intersection, isEmpty, pick } from 'lodash';
+import { defaults, get, intersection, isEmpty, pick, uniq } from 'lodash';
 import { CreationOptional, InferAttributes, InferCreationAttributes, NonAttribute } from 'sequelize';
 import Temporal from 'sequelize-temporal';
 
@@ -256,9 +256,12 @@ class User extends Model<InferAttributes<User>, InferCreationAttributes<User>> {
       logger.debug(new Error().stack);
       return [];
     } else {
-      return Object.keys(this.rolesByCollectiveId)
-        .filter(CollectiveId => this.rolesByCollectiveId[CollectiveId].includes(MemberRoles.ADMIN))
-        .map(Number);
+      return uniq([
+        this.CollectiveId,
+        ...Object.keys(this.rolesByCollectiveId)
+          .filter(CollectiveId => this.rolesByCollectiveId[CollectiveId].includes(MemberRoles.ADMIN))
+          .map(Number),
+      ]);
     }
   };
 
diff --git a/test/server/graphql/v2/mutation/HostApplicationMutations.test.ts b/test/server/graphql/v2/mutation/HostApplicationMutations.test.ts
index 361f2c5913f..ed6bb8fb41b 100644
--- a/test/server/graphql/v2/mutation/HostApplicationMutations.test.ts
+++ b/test/server/graphql/v2/mutation/HostApplicationMutations.test.ts
@@ -11,6 +11,7 @@ import VirtualCardProviders from '../../../../../server/constants/virtual-card-p
 import { GraphQLProcessHostApplicationAction } from '../../../../../server/graphql/v2/enum';
 import emailLib from '../../../../../server/lib/email';
 import models from '../../../../../server/models';
+import { HostApplicationStatus } from '../../../../../server/models/HostApplication';
 import { VirtualCardStatus } from '../../../../../server/models/VirtualCard';
 import * as stripeVirtualCardService from '../../../../../server/paymentProviders/stripe/virtual-cards';
 import { randEmail } from '../../../../stores';
@@ -173,7 +174,7 @@ describe('server/graphql/v2/mutation/HostApplicationMutations', () => {
       application = await fakeHostApplication({
         CollectiveId: collective.id,
         HostCollectiveId: host.id,
-        status: 'PENDING',
+        status: HostApplicationStatus.PENDING,
       });
       tiersInDifferentCurrency = await Promise.all([
         fakeTier({ CollectiveId: collective.id, currency: 'VUV' }),
diff --git a/test/server/graphql/v2/query/SearchQuery.test.ts b/test/server/graphql/v2/query/SearchQuery.test.ts
new file mode 100644
index 00000000000..bef0f5bb674
--- /dev/null
+++ b/test/server/graphql/v2/query/SearchQuery.test.ts
@@ -0,0 +1,610 @@
+import { Client } from '@elastic/elasticsearch';
+import { expect } from 'chai';
+import config from 'config';
+import gql from 'fake-tag';
+import { isNil } from 'lodash';
+import sinon from 'sinon';
+
+import PlatformConstants from '../../../../../server/constants/platform';
+import { TransactionKind } from '../../../../../server/constants/transaction-kind';
+import * as ElasticSearchClientSingletonLib from '../../../../../server/lib/elastic-search/client';
+import { ElasticSearchIndexName } from '../../../../../server/lib/elastic-search/constants';
+import {
+  createElasticSearchIndex,
+  deleteElasticSearchIndex,
+  syncElasticSearchIndex,
+  waitForAllIndexesRefresh,
+} from '../../../../../server/lib/elastic-search/sync';
+import { User } from '../../../../../server/models';
+import { CommentType } from '../../../../../server/models/Comment';
+import {
+  fakeActiveHost,
+  fakeCollective,
+  fakeComment,
+  fakeExpense,
+  fakeHostApplication,
+  fakeOrder,
+  fakeOrganization,
+  fakeProject,
+  fakeTier,
+  fakeTransaction,
+  fakeUpdate,
+  fakeUser,
+} from '../../../../test-helpers/fake-data';
+import { graphqlQueryV2, resetTestDB } from '../../../../utils';
+
+describe('server/graphql/v2/query/SearchQuery', () => {
+  const searchQuery = gql`
+    query Search(
+      $searchTerm: String!
+      $includeAccounts: Boolean!
+      $includeComments: Boolean!
+      $includeExpenses: Boolean!
+      $includeHostApplications: Boolean!
+      $includeOrders: Boolean!
+      $includeTiers: Boolean!
+      $includeTransactions: Boolean!
+      $includeUpdates: Boolean!
+    ) {
+      search(searchTerm: $searchTerm) {
+        results {
+          accounts @include(if: $includeAccounts) {
+            highlights
+            collection {
+              totalCount
+              nodes {
+                id
+                slug
+                name
+              }
+            }
+          }
+          comments @include(if: $includeComments) {
+            highlights
+            collection {
+              totalCount
+              nodes {
+                id
+              }
+            }
+          }
+          expenses @include(if: $includeExpenses) {
+            highlights
+            collection {
+              totalCount
+              nodes {
+                id
+              }
+            }
+          }
+          hostApplications @include(if: $includeHostApplications) {
+            highlights
+            collection {
+              totalCount
+              nodes {
+                id
+              }
+            }
+          }
+          orders @include(if: $includeOrders) {
+            highlights
+            collection {
+              totalCount
+              nodes {
+                id
+              }
+            }
+          }
+          tiers @include(if: $includeTiers) {
+            highlights
+            collection {
+              totalCount
+              nodes {
+                id
+              }
+            }
+          }
+          transactions @include(if: $includeTransactions) {
+            highlights
+            collection {
+              totalCount
+              nodes {
+                id
+              }
+            }
+          }
+          updates @include(if: $includeUpdates) {
+            highlights
+            collection {
+              totalCount
+              nodes {
+                id
+              }
+            }
+          }
+        }
+      }
+    }
+  `;
+
+  const callSearchQuery = async (
+    searchTerm: string,
+    {
+      includeAccounts = false,
+      includeComments = false,
+      includeExpenses = false,
+      includeHostApplications = false,
+      includeOrders = false,
+      includeTiers = false,
+      includeTransactions = false,
+      includeUpdates = false,
+    } = {},
+    remoteUser?: User,
+  ) => {
+    return graphqlQueryV2(
+      searchQuery,
+      {
+        searchTerm,
+        includeAccounts,
+        includeComments,
+        includeExpenses,
+        includeHostApplications,
+        includeOrders,
+        includeTiers,
+        includeTransactions,
+        includeUpdates,
+      },
+      remoteUser,
+    );
+  };
+
+  let sandbox: sinon.SinonSandbox,
+    elasticSearchClient: Client,
+    testUsers: {
+      hostAdmin: User;
+      collectiveAdmin: User;
+      projectAdmin: User;
+      randomUser: User;
+      fromUser: User;
+      rootUser: User;
+    };
+
+  before(async () => {
+    await resetTestDB();
+
+    // Seed data
+    testUsers = {
+      hostAdmin: await fakeUser(),
+      collectiveAdmin: await fakeUser(),
+      projectAdmin: await fakeUser(),
+      randomUser: await fakeUser(),
+      fromUser: await fakeUser(),
+      rootUser: await fakeUser({ data: { isRoot: true } }),
+    };
+
+    const platform = await fakeOrganization({ name: 'Open Collective', id: PlatformConstants.PlatformCollectiveId });
+    await platform.addUserWithRole(testUsers.rootUser, 'ADMIN');
+
+    const host = await fakeActiveHost({
+      name: 'Incredible Host',
+      slug: 'incredible-host',
+      admin: testUsers.hostAdmin,
+    });
+
+    const collective = await fakeCollective({
+      name: 'Incredible Collective with AUniqueCollectiveName',
+      HostCollectiveId: host.id,
+      slug: 'incredible',
+      admin: testUsers.collectiveAdmin,
+    });
+
+    const project = await fakeProject({
+      name: 'Incredible Project',
+      legalName: 'SecretProjectLegalName',
+      slug: 'incredible-project',
+      ParentCollectiveId: collective.id,
+      admin: testUsers.projectAdmin,
+    });
+
+    const expense = await fakeExpense({
+      CollectiveId: project.id,
+      FromCollectiveId: testUsers.fromUser.CollectiveId,
+      UserId: testUsers.fromUser.id,
+      privateMessage: '<div>AVerySecretExpensePrivateMessage</div>',
+      invoiceInfo: 'AVerySecretExpenseInvoiceInfo',
+      reference: 'AVerySecretExpenseReference',
+    });
+
+    // A regular comment
+    await fakeComment({
+      CollectiveId: project.id,
+      FromCollectiveId: testUsers.fromUser.CollectiveId,
+      CreatedByUserId: testUsers.fromUser.id,
+      ExpenseId: expense.id,
+      html: '<div>AVerySecretComment</div>',
+    });
+
+    // A private note from the host admin
+    await fakeComment({
+      CollectiveId: project.id,
+      FromCollectiveId: testUsers.hostAdmin.CollectiveId,
+      CreatedByUserId: testUsers.hostAdmin.id,
+      ExpenseId: expense.id,
+      html: '<div>AVerySecretPrivateNoteForHostAdmins</div>',
+      type: CommentType.PRIVATE_NOTE,
+    });
+
+    await fakeHostApplication({
+      CollectiveId: collective.id,
+      HostCollectiveId: host.id,
+      CreatedByUserId: testUsers.rootUser.id,
+      message: 'AVerySecretHostApplicationMessage',
+    });
+
+    await fakeTier({
+      CollectiveId: project.id,
+      name: 'Incredible Tier',
+      description: 'AVeryUniqueTierDescription',
+      longDescription: 'AVeryUniqueTierLongDescription',
+      slug: 'a-very-unique-incredible-tier',
+    });
+
+    const order = await fakeOrder({
+      CollectiveId: project.id,
+      FromCollectiveId: testUsers.fromUser.CollectiveId,
+      CreatedByUserId: testUsers.fromUser.id,
+      description: 'AVeryUniqueOrderDescription',
+    });
+
+    await fakeTransaction(
+      {
+        kind: TransactionKind.CONTRIBUTION,
+        OrderId: order.id,
+        CollectiveId: project.id,
+        FromCollectiveId: testUsers.fromUser.CollectiveId,
+        amount: 1000,
+        HostCollectiveId: host.id,
+        description: 'AVeryUniqueTransactionDescription',
+        data: { capture: { id: 'AVeryUniqueTransactionCaptureId' } },
+      },
+      {
+        createDoubleEntry: true,
+      },
+    );
+
+    // A public update
+    await fakeUpdate({
+      FromCollectiveId: testUsers.fromUser.CollectiveId,
+      CollectiveId: project.id,
+      CreatedByUserId: testUsers.fromUser.id,
+      html: '<div>AVeryUniqueUpdateHtml</div>',
+      title: 'AVeryUniqueUpdateTitle',
+    });
+
+    // A private update
+    await fakeUpdate({
+      FromCollectiveId: testUsers.fromUser.CollectiveId,
+      CollectiveId: project.id,
+      CreatedByUserId: testUsers.fromUser.id,
+      html: '<div>AVeryUniquePrivateUpdateHtml</div>',
+      title: 'AVeryUniquePrivateUpdateTitle',
+      isPrivate: true,
+    });
+
+    // Populate roles for all test users
+    await Promise.all(Object.values(testUsers).map(user => user.populateRoles()));
+
+    // Reset Elastic search
+    for (const indexName of Object.values(ElasticSearchIndexName)) {
+      await deleteElasticSearchIndex(indexName, { throwIfMissing: false });
+      await createElasticSearchIndex(indexName);
+      await syncElasticSearchIndex(indexName);
+    }
+
+    await waitForAllIndexesRefresh();
+
+    // Stub Elastic search client
+    elasticSearchClient = new Client({ node: config.elasticSearch.url });
+  });
+
+  beforeEach(() => {
+    sandbox = sinon.createSandbox();
+    sandbox.stub(ElasticSearchClientSingletonLib, 'getElasticSearchClient').returns(elasticSearchClient);
+  });
+
+  afterEach(() => {
+    sandbox.restore();
+  });
+
+  it('should search only in requested indexes', async () => {
+    const searchSpy = sandbox.spy(elasticSearchClient, 'search');
+
+    const queryResult = await callSearchQuery('iNcReDiBlE', { includeAccounts: true, includeExpenses: true });
+    queryResult.errors && console.error(queryResult.errors);
+    expect(queryResult.errors).to.be.undefined;
+
+    const results = queryResult.data.search.results;
+    expect(results.accounts.collection.totalCount).to.eq(3); // Collective + host + project
+    expect(results.accounts.collection.nodes).to.have.length(3);
+
+    expect(results.comments).to.be.undefined;
+
+    expect(searchSpy.callCount).to.eq(1);
+    expect(searchSpy.firstCall.args[0].index).to.eq('collectives,expenses');
+  });
+
+  describe('permissions', () => {
+    const testPermissionsForField = (
+      index: string,
+      uniqueValue: string,
+      permissions: Record<keyof typeof testUsers, number> & { unauthenticated: number },
+    ) => {
+      const getIncludes = (index: string) => {
+        switch (index) {
+          case 'accounts':
+            return { includeAccounts: true };
+          case 'comments':
+            return { includeComments: true };
+          case 'expenses':
+            return { includeExpenses: true };
+          case 'hostApplications':
+            return { includeHostApplications: true };
+          case 'orders':
+            return { includeOrders: true };
+          case 'tiers':
+            return { includeTiers: true };
+          case 'transactions':
+            return { includeTransactions: true };
+          case 'updates':
+            return { includeUpdates: true };
+          default:
+            return {};
+        }
+      };
+
+      for (const [userKey, permission] of Object.entries(permissions)) {
+        if (!isNil(permission)) {
+          it(`can ${permission ? '' : 'not '}be used by ${userKey}`, async () => {
+            const queryResult = await callSearchQuery(uniqueValue, getIncludes(index), testUsers[userKey]);
+            queryResult.errors && console.error(queryResult.errors);
+            expect(queryResult.errors).to.be.undefined;
+            expect(queryResult.data.search.results[index].collection.totalCount).to.eq(permission);
+          });
+        }
+      }
+    };
+
+    describe('accounts', () => {
+      describe('name', () => {
+        testPermissionsForField('accounts', 'AUniqueCollectiveName', {
+          hostAdmin: 1,
+          collectiveAdmin: 1,
+          projectAdmin: 1,
+          randomUser: 1,
+          rootUser: 1,
+          unauthenticated: 1,
+          fromUser: null, // doesn't apply
+        });
+      });
+
+      describe('legalName', () => {
+        testPermissionsForField('accounts', 'SecretProjectLegalName', {
+          hostAdmin: 1,
+          collectiveAdmin: 1,
+          projectAdmin: 1,
+          randomUser: 0,
+          rootUser: 1,
+          unauthenticated: 0,
+          fromUser: null, // doesn't apply
+        });
+      });
+    });
+
+    describe('comments', () => {
+      describe('html for regular comments', () => {
+        testPermissionsForField('comments', 'AVerySecretComment', {
+          hostAdmin: 1,
+          collectiveAdmin: 1,
+          projectAdmin: 1,
+          randomUser: 0,
+          rootUser: 1,
+          fromUser: 1,
+          unauthenticated: 0,
+        });
+      });
+
+      describe('html for private notes', () => {
+        testPermissionsForField('comments', 'AVerySecretPrivateNoteForHostAdmins', {
+          hostAdmin: 1,
+          collectiveAdmin: 0,
+          projectAdmin: 0,
+          randomUser: 0,
+          rootUser: 1,
+          fromUser: 0,
+          unauthenticated: 0,
+        });
+      });
+    });
+
+    describe('expenses', () => {
+      describe('privateMessage', () => {
+        testPermissionsForField('expenses', 'AVerySecretExpensePrivateMessage', {
+          hostAdmin: 1,
+          collectiveAdmin: 1,
+          projectAdmin: 1,
+          randomUser: 0,
+          rootUser: 1,
+          fromUser: 1,
+          unauthenticated: 0,
+        });
+      });
+
+      describe('invoiceInfo', () => {
+        testPermissionsForField('expenses', 'AVerySecretExpenseInvoiceInfo', {
+          hostAdmin: 1,
+          collectiveAdmin: 1,
+          projectAdmin: 1,
+          randomUser: 0,
+          rootUser: 1,
+          fromUser: 1,
+          unauthenticated: 0,
+        });
+      });
+
+      describe('reference', () => {
+        testPermissionsForField('expenses', 'AVerySecretExpenseReference', {
+          hostAdmin: 1,
+          collectiveAdmin: 1,
+          projectAdmin: 1,
+          randomUser: 0,
+          rootUser: 1,
+          fromUser: 1,
+          unauthenticated: 0,
+        });
+      });
+    });
+
+    describe('hostApplications', () => {
+      describe('message', () => {
+        testPermissionsForField('hostApplications', 'AVerySecretHostApplicationMessage', {
+          hostAdmin: 1,
+          collectiveAdmin: 1,
+          rootUser: 1,
+          randomUser: 0,
+          fromUser: null, // doesn't apply
+          projectAdmin: null, // doesn't apply
+          unauthenticated: 0,
+        });
+      });
+    });
+
+    describe('orders', () => {
+      describe('description', () => {
+        testPermissionsForField('orders', 'AVeryUniqueOrderDescription', {
+          hostAdmin: 1,
+          collectiveAdmin: 1,
+          projectAdmin: 1,
+          randomUser: 1,
+          rootUser: 1,
+          fromUser: 1,
+          unauthenticated: 1,
+        });
+      });
+    });
+
+    describe('tiers', () => {
+      describe('description', () => {
+        testPermissionsForField('tiers', 'AVeryUniqueTierDescription', {
+          hostAdmin: 1,
+          collectiveAdmin: 1,
+          projectAdmin: 1,
+          randomUser: 1,
+          rootUser: 1,
+          fromUser: 1,
+          unauthenticated: 1,
+        });
+      });
+
+      describe('longDescription', () => {
+        testPermissionsForField('tiers', 'AVeryUniqueTierLongDescription', {
+          hostAdmin: 1,
+          collectiveAdmin: 1,
+          projectAdmin: 1,
+          randomUser: 1,
+          rootUser: 1,
+          fromUser: 1,
+          unauthenticated: 1,
+        });
+      });
+
+      describe('name', () => {
+        testPermissionsForField('tiers', 'Incredible Tier', {
+          hostAdmin: 1,
+          collectiveAdmin: 1,
+          projectAdmin: 1,
+          randomUser: 1,
+          rootUser: 1,
+          fromUser: 1,
+          unauthenticated: 1,
+        });
+      });
+
+      describe('slug', () => {
+        testPermissionsForField('tiers', 'a-very-unique-incredible-tier', {
+          hostAdmin: 1,
+          collectiveAdmin: 1,
+          projectAdmin: 1,
+          randomUser: 1,
+          rootUser: 1,
+          fromUser: 1,
+          unauthenticated: 1,
+        });
+      });
+    });
+
+    describe('transactions', () => {
+      describe('description', () => {
+        testPermissionsForField('transactions', 'AVeryUniqueTransactionDescription', {
+          // Using 2 for CREDIT + DEBIT
+          hostAdmin: 2,
+          collectiveAdmin: 2,
+          projectAdmin: 2,
+          randomUser: 2,
+          rootUser: 2,
+          fromUser: 2,
+          unauthenticated: 2,
+        });
+      });
+
+      describe('merchantId', () => {
+        testPermissionsForField('transactions', 'AVeryUniqueTransactionCaptureId', {
+          hostAdmin: 1,
+          collectiveAdmin: 0,
+          projectAdmin: 0,
+          randomUser: 0,
+          rootUser: 2,
+          fromUser: 0,
+          unauthenticated: 0,
+        });
+      });
+    });
+
+    describe('updates', () => {
+      describe('html for public updates', () => {
+        testPermissionsForField('updates', 'AVeryUniqueUpdateHtml', {
+          hostAdmin: 1,
+          collectiveAdmin: 1,
+          projectAdmin: 1,
+          randomUser: 1,
+          rootUser: 1,
+          fromUser: 1,
+          unauthenticated: 1,
+        });
+      });
+
+      describe('html for private updates', () => {
+        testPermissionsForField('updates', 'AVeryUniquePrivateUpdateHtml', {
+          hostAdmin: 1,
+          collectiveAdmin: 1,
+          projectAdmin: 1,
+          randomUser: 0,
+          rootUser: 1,
+          fromUser: 0,
+          unauthenticated: 0,
+        });
+      });
+
+      describe('title', () => {
+        testPermissionsForField('updates', 'AVeryUniqueUpdateTitle', {
+          hostAdmin: 1,
+          collectiveAdmin: 1,
+          projectAdmin: 1,
+          randomUser: 1,
+          rootUser: 1,
+          fromUser: 1,
+          unauthenticated: 1,
+        });
+      });
+    });
+  });
+});
diff --git a/test/test-helpers/fake-data.ts b/test/test-helpers/fake-data.ts
index 717074ecf68..3489d9c0d65 100644
--- a/test/test-helpers/fake-data.ts
+++ b/test/test-helpers/fake-data.ts
@@ -50,7 +50,7 @@ import AccountingCategory from '../../server/models/AccountingCategory';
 import Application, { ApplicationType } from '../../server/models/Application';
 import Comment from '../../server/models/Comment';
 import Conversation from '../../server/models/Conversation';
-import { HostApplicationStatus } from '../../server/models/HostApplication';
+import HostApplication, { HostApplicationStatus } from '../../server/models/HostApplication';
 import LegalDocument, { LEGAL_DOCUMENT_SERVICE } from '../../server/models/LegalDocument';
 import { MemberModelInterface } from '../../server/models/Member';
 import MemberInvitation from '../../server/models/MemberInvitation';
@@ -210,7 +210,7 @@ export const fakeActiveHost = async (hostData: Parameters<typeof fakeCollective>
 };
 
 /** Create a fake host application */
-export const fakeHostApplication = async data => {
+export const fakeHostApplication = async (data: Partial<InferCreationAttributes<HostApplication>> = {}) => {
   const CollectiveId = data.CollectiveId || (await fakeCollective()).id;
   const HostCollectiveId = data.HostCollectiveId || (await fakeHost()).id;
   return models.HostApplication.create({

From 2431d04e09bf4e9a6f62cb2a9b35e92f5d902c5c Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Mon, 2 Dec 2024 11:22:56 +0100
Subject: [PATCH 094/129] chore(Expenses): remove logging (#10510)

---
 server/graphql/v2/query/collection/ExpensesCollectionQuery.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/graphql/v2/query/collection/ExpensesCollectionQuery.ts b/server/graphql/v2/query/collection/ExpensesCollectionQuery.ts
index 10a9782bcc5..66b8da0369c 100644
--- a/server/graphql/v2/query/collection/ExpensesCollectionQuery.ts
+++ b/server/graphql/v2/query/collection/ExpensesCollectionQuery.ts
@@ -448,7 +448,7 @@ export const ExpensesCollectionQueryResolver = async (
   const { offset, limit } = args;
 
   const fetchNodes = () => {
-    return Expense.findAll({ include, where, order, offset, limit, logging: true });
+    return Expense.findAll({ include, where, order, offset, limit });
   };
 
   const fetchTotalCount = () => {

From ed9e0107abdbf41421d3542f5cbbaf09eccc90c5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Hodierne?= <francois@hodierne.net>
Date: Mon, 2 Dec 2024 11:24:42 +0100
Subject: [PATCH 095/129] reject-contributions: skip notification when
 Transaction already refunded (#10511)

---
 cron/disabled/reject-contributions.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/cron/disabled/reject-contributions.js b/cron/disabled/reject-contributions.js
index 3b2dc82197a..bf5f6041d3f 100644
--- a/cron/disabled/reject-contributions.js
+++ b/cron/disabled/reject-contributions.js
@@ -123,6 +123,9 @@ async function run({ dryRun, limit, force } = {}) {
         }
       } else {
         logger.info(`  - Transaction already refunded`);
+        if (order.status === 'PAID' || order.status === 'CANCELLED') {
+          shouldNotifyContributor = false;
+        }
       }
     } else {
       logger.info(`  - No transaction found`);

From 23be04c21c00e73ca2f9ca2e79ecb059c24d62b3 Mon Sep 17 00:00:00 2001
From: Henrique <hdiniz@users.noreply.github.com>
Date: Mon, 2 Dec 2024 08:02:03 -0300
Subject: [PATCH 096/129] Reuse stripe error message mapping (#10507)

* Reuse stripe error message mapping

* Fix test case
---
 server/paymentProviders/stripe/common.ts      | 34 ++++++++++++++++++
 server/paymentProviders/stripe/creditcard.ts  | 35 +++----------------
 server/paymentProviders/stripe/webhook.ts     |  6 ++--
 .../paymentProviders/stripe/webhook.test.ts   |  2 +-
 4 files changed, 44 insertions(+), 33 deletions(-)

diff --git a/server/paymentProviders/stripe/common.ts b/server/paymentProviders/stripe/common.ts
index be7ec763194..1a4817f2134 100644
--- a/server/paymentProviders/stripe/common.ts
+++ b/server/paymentProviders/stripe/common.ts
@@ -672,3 +672,37 @@ async function createOrRetrieveStripePaymentMethod(
     data: paymentMethodData,
   });
 }
+
+export const UNKNOWN_ERROR_MSG = 'Something went wrong with the payment, please contact support@opencollective.com.';
+
+export function userFriendlyErrorMessage(error: { message: string }) {
+  const identifiedErrors = {
+    // This object cannot be accessed right now because another API request or Stripe process is currently accessing it.
+    // If you see this error intermittently, retry the request.
+    // If you see this error frequently and are making multiple concurrent requests to a single object, make your requests serially or at a lower rate.
+    'This object cannot be accessed right now because another API request or Stripe process is currently accessing it.':
+      'Payment Processing error (API request).',
+    // You cannot confirm this PaymentIntent because it's missing a payment method.
+    // To confirm the PaymentIntent with cus_9cNHqpdWYOV4aH, specify a payment method attached to this customer along with the customer ID.
+    "You cannot confirm this PaymentIntent because it's missing a payment method.":
+      'Internal Payment error (invalid PaymentIntent)',
+    // You have exceeded the maximum number of declines on this card in the last 24 hour period.
+    // Please contact us via https://support.stripe.com/contact if you need further assistance.
+    'You have exceeded the maximum number of declines on this card': 'Your card was declined.',
+    // An error occurred while processing your card. Try again in a little bit.
+    'An error occurred while processing your card.': 'Payment Processing error (API error).',
+    // This account cannot currently make live charges.
+    // If you are a customer trying to make a purchase, please contact the owner of this site.
+    // Your transaction has not been processed.
+    'This account cannot currently make live charges.': 'Payment Processing error (Host error).',
+    // This is a new unhandled error. We think customers should delete the card and add it again.
+    // eslint-disable-next-line camelcase
+    card_error_authentication_required: 'There is an issue with your card, please contact support@opencollective.com.',
+  };
+  const errorKey = Object.keys(identifiedErrors).find(errorMessage => error.message.includes(errorMessage));
+  if (errorKey) {
+    return identifiedErrors[errorKey];
+  }
+
+  return null;
+}
diff --git a/server/paymentProviders/stripe/creditcard.ts b/server/paymentProviders/stripe/creditcard.ts
index 87330742983..7b601fa2f4c 100644
--- a/server/paymentProviders/stripe/creditcard.ts
+++ b/server/paymentProviders/stripe/creditcard.ts
@@ -19,10 +19,10 @@ import {
   refundTransaction,
   refundTransactionOnlyInDatabase,
   resolvePaymentMethodForOrder,
+  UNKNOWN_ERROR_MSG,
+  userFriendlyErrorMessage,
 } from './common';
 
-const UNKNOWN_ERROR_MSG = 'Something went wrong with the payment, please contact support@opencollective.com.';
-
 /**
  * Returns a Promise with the transaction created
  * Creates and confirms a payment intent, on success creates associated transactions
@@ -198,34 +198,9 @@ export default {
         throw error;
       }
 
-      // Here, we do a partial check and rewrite the error.
-      const identifiedErrors = {
-        // This object cannot be accessed right now because another API request or Stripe process is currently accessing it.
-        // If you see this error intermittently, retry the request.
-        // If you see this error frequently and are making multiple concurrent requests to a single object, make your requests serially or at a lower rate.
-        'This object cannot be accessed right now because another API request or Stripe process is currently accessing it.':
-          'Payment Processing error (API request).',
-        // You cannot confirm this PaymentIntent because it's missing a payment method.
-        // To confirm the PaymentIntent with cus_9cNHqpdWYOV4aH, specify a payment method attached to this customer along with the customer ID.
-        "You cannot confirm this PaymentIntent because it's missing a payment method.":
-          'Internal Payment error (invalid PaymentIntent)',
-        // You have exceeded the maximum number of declines on this card in the last 24 hour period.
-        // Please contact us via https://support.stripe.com/contact if you need further assistance.
-        'You have exceeded the maximum number of declines on this card': 'Your card was declined.',
-        // An error occurred while processing your card. Try again in a little bit.
-        'An error occurred while processing your card.': 'Payment Processing error (API error).',
-        // This account cannot currently make live charges.
-        // If you are a customer trying to make a purchase, please contact the owner of this site.
-        // Your transaction has not been processed.
-        'This account cannot currently make live charges.': 'Payment Processing error (Host error).',
-        // This is a new unhandled error. We think customers should delete the card and add it again.
-        // eslint-disable-next-line camelcase
-        card_error_authentication_required:
-          'There is an issue with your card, please contact support@opencollective.com.',
-      };
-      const errorKey = Object.keys(identifiedErrors).find(errorMessage => error.message.includes(errorMessage));
-      if (errorKey) {
-        throw new Error(identifiedErrors[errorKey]);
+      const userFriendlyError = userFriendlyErrorMessage(error);
+      if (userFriendlyError) {
+        throw new Error(userFriendlyError);
       }
 
       logger.error(`Unknown Stripe Payment Error: ${error.message}`);
diff --git a/server/paymentProviders/stripe/webhook.ts b/server/paymentProviders/stripe/webhook.ts
index 27bd79c99e9..abb4d2e1617 100644
--- a/server/paymentProviders/stripe/webhook.ts
+++ b/server/paymentProviders/stripe/webhook.ts
@@ -31,7 +31,7 @@ import Order from '../../models/Order';
 import PaymentMethod from '../../models/PaymentMethod';
 
 import { getVirtualCardForTransaction } from './../utils';
-import { createChargeTransactions, createPaymentMethod } from './common';
+import { createChargeTransactions, createPaymentMethod, UNKNOWN_ERROR_MSG, userFriendlyErrorMessage } from './common';
 import * as virtualcard from './virtual-cards';
 
 const debug = debugLib('stripe');
@@ -320,7 +320,9 @@ export const paymentIntentFailed = async (event: Stripe.Event) => {
     data: { ...order.data, paymentIntent },
   });
 
-  sendOrderFailedEmail(order, reason);
+  const userFriendlyError = userFriendlyErrorMessage({ message: reason }) || UNKNOWN_ERROR_MSG;
+
+  sendOrderFailedEmail(order, userFriendlyError);
 };
 
 export const chargeDisputeCreated = async (event: Stripe.Event) => {
diff --git a/test/server/paymentProviders/stripe/webhook.test.ts b/test/server/paymentProviders/stripe/webhook.test.ts
index 86183b0ccf0..7c1dfceae88 100644
--- a/test/server/paymentProviders/stripe/webhook.test.ts
+++ b/test/server/paymentProviders/stripe/webhook.test.ts
@@ -617,7 +617,7 @@ describe('webhook', () => {
           {
             dataValues: { id: order.id },
           },
-          "You invested all your money on FTX and now you don't have anything left",
+          'Something went wrong with the payment, please contact support@opencollective.com.',
         );
       });
     });

From 8ddd14bbeba3866409f621b06c2106e334d9e505 Mon Sep 17 00:00:00 2001
From: Henrique <hdiniz@users.noreply.github.com>
Date: Mon, 2 Dec 2024 08:10:08 -0300
Subject: [PATCH 097/129] Add new expense policy object and allow comment when
 creating expense (#10447)

* Add new expense policies

* Add private comment when creating expense

* Show payout method currencies

* migrate expense policy

* mark expensePolicy field as virtual

* Fix payout method field check

* Fix test case

* Fix test case

* Fix expense policy settter

* Fix expensePolicy migration rollback

* Update graphql
---
 ...08-migrate-expense-policies-to-policies.js |  34 +++++
 server/constants/policies.ts                  |  11 ++
 server/graphql/schemaV1.graphql               |   7 +
 server/graphql/schemaV2.graphql               | 123 +++++++++++++++---
 server/graphql/v2/input/PoliciesInput.ts      |  12 +-
 server/graphql/v2/interface/Account.ts        |   1 +
 .../graphql/v2/mutation/ExpenseMutations.ts   |  15 +++
 server/graphql/v2/object/Policies.ts          |  13 ++
 server/lib/utils.js                           |   6 +-
 server/models/Collective.ts                   |  37 +++++-
 server/models/PayoutMethod.ts                 |   4 +-
 11 files changed, 234 insertions(+), 29 deletions(-)
 create mode 100644 migrations/20241103183508-migrate-expense-policies-to-policies.js

diff --git a/migrations/20241103183508-migrate-expense-policies-to-policies.js b/migrations/20241103183508-migrate-expense-policies-to-policies.js
new file mode 100644
index 00000000000..ab3ea3d4603
--- /dev/null
+++ b/migrations/20241103183508-migrate-expense-policies-to-policies.js
@@ -0,0 +1,34 @@
+'use strict';
+
+/** @type {import('sequelize-cli').Migration} */
+module.exports = {
+  async up(queryInterface) {
+    await queryInterface.sequelize.query(`
+      UPDATE "Collectives" SET
+      data = jsonb_set(
+        data,
+        '{policies,EXPENSE_POLICIES}',
+        jsonb_build_object(
+          'invoicePolicy', "expensePolicy",
+          'receiptPolicy', "expensePolicy",
+          'titlePolicy', ''
+        )
+      )
+      WHERE TRIM("expensePolicy") <> '' AND "expensePolicy" IS NOT NULL;
+    `);
+
+    await queryInterface.removeColumn('Collectives', 'expensePolicy');
+  },
+
+  async down(queryInterface, Sequelize) {
+    await queryInterface.addColumn('Collectives', 'expensePolicy', {
+      type: Sequelize.TEXT,
+    });
+    await queryInterface.sequelize.query(`
+      UPDATE "Collectives" SET
+      data = data #- '{policies,EXPENSE_POLICIES}',
+      "expensePolicy" = data#>>'{policies,EXPENSE_POLICIES,invoicePolicy}'
+      WHERE data#>'{policies,EXPENSE_POLICIES}' IS NOT NULL;
+    `);
+  },
+};
diff --git a/server/constants/policies.ts b/server/constants/policies.ts
index 8626f181497..45782659d65 100644
--- a/server/constants/policies.ts
+++ b/server/constants/policies.ts
@@ -19,9 +19,15 @@ enum POLICIES {
   EXPENSE_PUBLIC_VENDORS = 'EXPENSE_PUBLIC_VENDORS',
   // When enabled, admins of the collective are allowed to see the payout methods of expenses
   COLLECTIVE_ADMINS_CAN_SEE_PAYOUT_METHODS = 'COLLECTIVE_ADMINS_CAN_SEE_PAYOUT_METHODS',
+  EXPENSE_POLICIES = 'EXPENSE_POLICIES',
 }
 
 export type Policies = Partial<{
+  [POLICIES.EXPENSE_POLICIES]: {
+    invoicePolicy: string;
+    receiptPolicy: string;
+    titlePolicy: string;
+  };
   [POLICIES.EXPENSE_AUTHOR_CANNOT_APPROVE]: {
     enabled: boolean;
     amountInCents: number;
@@ -48,6 +54,11 @@ export type Policies = Partial<{
 }>;
 
 export const DEFAULT_POLICIES: { [T in POLICIES]: Policies[T] } = {
+  [POLICIES.EXPENSE_POLICIES]: {
+    invoicePolicy: '',
+    receiptPolicy: '',
+    titlePolicy: '',
+  },
   [POLICIES.EXPENSE_AUTHOR_CANNOT_APPROVE]: {
     enabled: false,
     amountInCents: 0,
diff --git a/server/graphql/schemaV1.graphql b/server/graphql/schemaV1.graphql
index d2114eed653..889fb7255d0 100644
--- a/server/graphql/schemaV1.graphql
+++ b/server/graphql/schemaV1.graphql
@@ -1136,6 +1136,7 @@ type PlanType {
 
 type Policies {
   id: String
+  EXPENSE_POLICIES: EXPENSE_POLICIES
   EXPENSE_AUTHOR_CANNOT_APPROVE: EXPENSE_AUTHOR_CANNOT_APPROVE
   REQUIRE_2FA_FOR_ADMINS: Boolean
   COLLECTIVE_ADMINS_CAN_REFUND: Boolean
@@ -1146,6 +1147,12 @@ type Policies {
   COLLECTIVE_ADMINS_CAN_SEE_PAYOUT_METHODS: Boolean
 }
 
+type EXPENSE_POLICIES {
+  invoicePolicy: String
+  receiptPolicy: String
+  titlePolicy: String
+}
+
 type EXPENSE_AUTHOR_CANNOT_APPROVE {
   amountInCents: Int
   enabled: Boolean
diff --git a/server/graphql/schemaV2.graphql b/server/graphql/schemaV2.graphql
index 3c77538be26..a89a0b27efa 100644
--- a/server/graphql/schemaV2.graphql
+++ b/server/graphql/schemaV2.graphql
@@ -204,7 +204,7 @@ interface Account {
   The currency of the account
   """
   currency: Currency!
-  expensePolicy: String
+  expensePolicy: String @deprecated(reason: "2024-11-04: Please use policies.EXPENSE_POLICIES")
 
   """
   Defines if the contributors wants to be incognito (name not displayed)
@@ -2671,7 +2671,7 @@ type Host implements Account & AccountWithContributions {
   The currency of the account
   """
   currency: Currency!
-  expensePolicy: String
+  expensePolicy: String @deprecated(reason: "2024-11-04: Please use policies.EXPENSE_POLICIES")
 
   """
   Defines if the contributors wants to be incognito (name not displayed)
@@ -5848,6 +5848,7 @@ enum VirtualCardStatus {
 
 type Policies {
   id: String
+  EXPENSE_POLICIES: EXPENSE_POLICIES
   EXPENSE_AUTHOR_CANNOT_APPROVE: EXPENSE_AUTHOR_CANNOT_APPROVE
   REQUIRE_2FA_FOR_ADMINS: Boolean
   COLLECTIVE_ADMINS_CAN_REFUND: Boolean
@@ -5858,6 +5859,12 @@ type Policies {
   COLLECTIVE_ADMINS_CAN_SEE_PAYOUT_METHODS: Boolean
 }
 
+type EXPENSE_POLICIES {
+  invoicePolicy: String
+  receiptPolicy: String
+  titlePolicy: String
+}
+
 type EXPENSE_AUTHOR_CANNOT_APPROVE {
   amountInCents: Int
   enabled: Boolean
@@ -7758,7 +7765,7 @@ type Bot implements Account {
   The currency of the account
   """
   currency: Currency!
-  expensePolicy: String
+  expensePolicy: String @deprecated(reason: "2024-11-04: Please use policies.EXPENSE_POLICIES")
 
   """
   Defines if the contributors wants to be incognito (name not displayed)
@@ -8615,7 +8622,7 @@ type Collective implements Account & AccountWithHost & AccountWithContributions
   The currency of the account
   """
   currency: Currency!
-  expensePolicy: String
+  expensePolicy: String @deprecated(reason: "2024-11-04: Please use policies.EXPENSE_POLICIES")
 
   """
   Defines if the contributors wants to be incognito (name not displayed)
@@ -10003,7 +10010,7 @@ type Event implements Account & AccountWithHost & AccountWithContributions & Acc
   The currency of the account
   """
   currency: Currency!
-  expensePolicy: String
+  expensePolicy: String @deprecated(reason: "2024-11-04: Please use policies.EXPENSE_POLICIES")
 
   """
   Defines if the contributors wants to be incognito (name not displayed)
@@ -11111,7 +11118,7 @@ type Individual implements Account {
   The currency of the account
   """
   currency: Currency!
-  expensePolicy: String
+  expensePolicy: String @deprecated(reason: "2024-11-04: Please use policies.EXPENSE_POLICIES")
 
   """
   Defines if the contributors wants to be incognito (name not displayed)
@@ -12174,7 +12181,7 @@ type Organization implements Account & AccountWithContributions {
   The currency of the account
   """
   currency: Currency!
-  expensePolicy: String
+  expensePolicy: String @deprecated(reason: "2024-11-04: Please use policies.EXPENSE_POLICIES")
 
   """
   Defines if the contributors wants to be incognito (name not displayed)
@@ -13126,7 +13133,7 @@ type Vendor implements Account & AccountWithContributions {
   The currency of the account
   """
   currency: Currency!
-  expensePolicy: String
+  expensePolicy: String @deprecated(reason: "2024-11-04: Please use policies.EXPENSE_POLICIES")
 
   """
   Defines if the contributors wants to be incognito (name not displayed)
@@ -16712,7 +16719,7 @@ type Fund implements Account & AccountWithHost & AccountWithContributions {
   The currency of the account
   """
   currency: Currency!
-  expensePolicy: String
+  expensePolicy: String @deprecated(reason: "2024-11-04: Please use policies.EXPENSE_POLICIES")
 
   """
   Defines if the contributors wants to be incognito (name not displayed)
@@ -17698,7 +17705,7 @@ type Project implements Account & AccountWithHost & AccountWithContributions & A
   The currency of the account
   """
   currency: Currency!
-  expensePolicy: String
+  expensePolicy: String @deprecated(reason: "2024-11-04: Please use policies.EXPENSE_POLICIES")
 
   """
   Defines if the contributors wants to be incognito (name not displayed)
@@ -19452,6 +19459,11 @@ type Mutation {
     If the expense was imported, this is the reference to the row
     """
     transactionsImportRow: TransactionsImportRowReferenceInput
+
+    """
+    A optional private comment to add to the created expense
+    """
+    privateComment: String
   ): Expense!
 
   """
@@ -20817,6 +20829,16 @@ input CollectiveCreateInput {
   githubHandle: String @deprecated(reason: "2022-06-03: Please use repositoryUrl")
   repositoryUrl: String @deprecated(reason: "2023-01-16: Please use socialLinks")
   settings: JSON
+
+  """
+  The profile avatar image
+  """
+  image: Upload
+
+  """
+  The profile background image, for the banner and social media sharing
+  """
+  backgroundImage: Upload
 }
 
 """
@@ -20854,6 +20876,11 @@ input LocationInput {
   structured: JSON
 }
 
+"""
+The `Upload` scalar type represents a file upload.
+"""
+scalar Upload
+
 input IndividualCreateInput {
   name: String!
   email: String!
@@ -20899,6 +20926,16 @@ input EventCreateInput {
   Timezone of the Event (TZ database format, e.g. UTC or Europe/Berlin)
   """
   timezone: String!
+
+  """
+  The profile avatar image
+  """
+  image: Upload
+
+  """
+  The profile background image, for the banner and social media sharing
+  """
+  backgroundImage: Upload
 }
 
 input FundCreateInput {
@@ -20907,6 +20944,16 @@ input FundCreateInput {
   description: String!
   tags: [String]
   settings: JSON
+
+  """
+  The profile avatar image
+  """
+  image: Upload
+
+  """
+  The profile background image, for the banner and social media sharing
+  """
+  backgroundImage: Upload
 }
 
 input OrganizationCreateInput {
@@ -20916,6 +20963,16 @@ input OrganizationCreateInput {
   description: String!
   website: String @deprecated(reason: "2024-11-12: Please use socialLinks")
   settings: JSON
+
+  """
+  The profile avatar image
+  """
+  image: Upload
+
+  """
+  The profile background image, for the banner and social media sharing
+  """
+  backgroundImage: Upload
 }
 
 input ProjectCreateInput {
@@ -20929,6 +20986,16 @@ input ProjectCreateInput {
   The social links in order of preference
   """
   socialLinks: [SocialLinkInput!]
+
+  """
+  The profile avatar image
+  """
+  image: Upload
+
+  """
+  The profile background image, for the banner and social media sharing
+  """
+  backgroundImage: Upload
 }
 
 input SocialLinkInput {
@@ -20985,6 +21052,7 @@ input AccountUpdateInput {
 }
 
 input PoliciesInput {
+  EXPENSE_POLICIES: PoliciesExpensePolicies
   EXPENSE_AUTHOR_CANNOT_APPROVE: PoliciesCollectiveExpenseAuthorCannotApprove
   REQUIRE_2FA_FOR_ADMINS: Boolean
   COLLECTIVE_ADMINS_CAN_REFUND: Boolean
@@ -20994,6 +21062,12 @@ input PoliciesInput {
   COLLECTIVE_ADMINS_CAN_SEE_PAYOUT_METHODS: Boolean
 }
 
+input PoliciesExpensePolicies {
+  invoicePolicy: String
+  receiptPolicy: String
+  titlePolicy: String
+}
+
 input PoliciesCollectiveExpenseAuthorCannotApprove {
   amountInCents: Int
   enabled: Boolean
@@ -21928,11 +22002,6 @@ type IndividualConfirmEmailResponse {
   sessionToken: String
 }
 
-"""
-The `Upload` scalar type represents a file upload.
-"""
-scalar Upload
-
 input MemberInvitationReferenceInput {
   """
   The public id identifying the member invitation (ie: dgm9bnk8-0437xqry-ejpvzeol-jdayw5re)
@@ -22933,9 +23002,19 @@ input VendorCreateInput {
   legalName: String
   tags: [NonEmptyString]
   location: LocationInput
-  imageUrl: String
+  imageUrl: String @deprecated(reason: "2024-11-26: Please use image + backgroundImage fields")
   vendorInfo: VendorInfoInput
   payoutMethod: PayoutMethodInput
+
+  """
+  The profile avatar image
+  """
+  image: Upload
+
+  """
+  The profile background image, for the banner and social media sharing
+  """
+  backgroundImage: Upload
 }
 
 """
@@ -22977,7 +23056,17 @@ input VendorEditInput {
   legalName: String
   tags: [NonEmptyString]
   location: LocationInput
-  imageUrl: String
+  imageUrl: String @deprecated(reason: "2024-11-26: Please use image + backgroundImage fields")
   vendorInfo: VendorInfoInput
   payoutMethod: PayoutMethodInput
+
+  """
+  The profile avatar image
+  """
+  image: Upload
+
+  """
+  The profile background image, for the banner and social media sharing
+  """
+  backgroundImage: Upload
 }
diff --git a/server/graphql/v2/input/PoliciesInput.ts b/server/graphql/v2/input/PoliciesInput.ts
index 13b5cb84e4c..4fd93479d08 100644
--- a/server/graphql/v2/input/PoliciesInput.ts
+++ b/server/graphql/v2/input/PoliciesInput.ts
@@ -1,4 +1,4 @@
-import { GraphQLBoolean, GraphQLInputObjectType, GraphQLInt } from 'graphql';
+import { GraphQLBoolean, GraphQLInputObjectType, GraphQLInt, GraphQLString } from 'graphql';
 
 import POLICIES from '../../../constants/policies';
 import { GraphQLPolicyApplication } from '../enum/PolicyApplication';
@@ -6,6 +6,16 @@ import { GraphQLPolicyApplication } from '../enum/PolicyApplication';
 export const GraphQLPoliciesInput = new GraphQLInputObjectType({
   name: 'PoliciesInput',
   fields: () => ({
+    [POLICIES.EXPENSE_POLICIES]: {
+      type: new GraphQLInputObjectType({
+        name: 'PoliciesExpensePolicies',
+        fields: () => ({
+          invoicePolicy: { type: GraphQLString },
+          receiptPolicy: { type: GraphQLString },
+          titlePolicy: { type: GraphQLString },
+        }),
+      }),
+    },
     [POLICIES.EXPENSE_AUTHOR_CANNOT_APPROVE]: {
       type: new GraphQLInputObjectType({
         name: 'PoliciesCollectiveExpenseAuthorCannotApprove',
diff --git a/server/graphql/v2/interface/Account.ts b/server/graphql/v2/interface/Account.ts
index e4cb38a0906..9fc9a8e4c2c 100644
--- a/server/graphql/v2/interface/Account.ts
+++ b/server/graphql/v2/interface/Account.ts
@@ -180,6 +180,7 @@ const accountFieldsDefinition = () => ({
   },
   expensePolicy: {
     type: GraphQLString,
+    deprecationReason: '2024-11-04: Please use policies.EXPENSE_POLICIES',
   },
   isIncognito: {
     type: new GraphQLNonNull(GraphQLBoolean),
diff --git a/server/graphql/v2/mutation/ExpenseMutations.ts b/server/graphql/v2/mutation/ExpenseMutations.ts
index c7c0449a5b5..e55027e7969 100644
--- a/server/graphql/v2/mutation/ExpenseMutations.ts
+++ b/server/graphql/v2/mutation/ExpenseMutations.ts
@@ -99,6 +99,10 @@ const expenseMutations = {
         type: GraphQLTransactionsImportRowReferenceInput,
         description: 'If the expense was imported, this is the reference to the row',
       },
+      privateComment: {
+        type: GraphQLString,
+        description: 'A optional private comment to add to the created expense',
+      },
     },
     async resolve(_: void, args, req: express.Request): Promise<ExpenseModel> {
       checkRemoteUserCanUseExpenses(req);
@@ -148,6 +152,17 @@ const expenseMutations = {
         await models.RecurringExpense.createFromExpense(expense, args.recurring.interval, args.recurring.endsAt);
       }
 
+      if (args.privateComment) {
+        await createComment(
+          {
+            ExpenseId: expense.id,
+            html: args.privateComment,
+            type: CommentType.PRIVATE_NOTE,
+          },
+          req,
+        );
+      }
+
       return expense;
     },
   },
diff --git a/server/graphql/v2/object/Policies.ts b/server/graphql/v2/object/Policies.ts
index bbc5a5824bb..b1ca2e8bf40 100644
--- a/server/graphql/v2/object/Policies.ts
+++ b/server/graphql/v2/object/Policies.ts
@@ -17,6 +17,19 @@ export const GraphQLPolicies = new GraphQLObjectType({
       type: GraphQLString,
       resolve: getIdEncodeResolver(IDENTIFIER_TYPES.ACCOUNT),
     },
+    [POLICIES.EXPENSE_POLICIES]: {
+      type: new GraphQLObjectType({
+        name: POLICIES.EXPENSE_POLICIES,
+        fields: () => ({
+          invoicePolicy: { type: GraphQLString },
+          receiptPolicy: { type: GraphQLString },
+          titlePolicy: { type: GraphQLString },
+        }),
+      }),
+      async resolve(account) {
+        return await getPolicy(account, POLICIES.EXPENSE_POLICIES);
+      },
+    },
     [POLICIES.EXPENSE_AUTHOR_CANNOT_APPROVE]: {
       type: new GraphQLObjectType({
         name: POLICIES.EXPENSE_AUTHOR_CANNOT_APPROVE,
diff --git a/server/lib/utils.js b/server/lib/utils.js
index 3428b5ce1e2..d7298c22cf1 100644
--- a/server/lib/utils.js
+++ b/server/lib/utils.js
@@ -6,7 +6,7 @@ import { URL } from 'url';
 import config from 'config';
 import fastRedact from 'fast-redact';
 import pdf from 'html-pdf';
-import { filter, get, isEqual, isObject, omit, padStart, sumBy } from 'lodash';
+import { filter, get, isObject, omit, padStart, sumBy } from 'lodash';
 import moment from 'moment';
 import pFilter from 'p-filter';
 
@@ -484,9 +484,7 @@ export const filterUntil = (list, filterFunc, conditionFunc) => {
  * @returns boolean: True if `obj` has ony the keys passed in `keys`
  */
 export const objHasOnlyKeys = (obj, keys) => {
-  const sortedObjKeys = Object.keys(obj).sort();
-  const sortedKeys = [...keys].sort();
-  return isEqual(sortedObjKeys, sortedKeys);
+  return Object.keys(obj).every(k => keys.includes(k));
 };
 
 /**
diff --git a/server/models/Collective.ts b/server/models/Collective.ts
index 20bbf520d64..ec8ec247212 100644
--- a/server/models/Collective.ts
+++ b/server/models/Collective.ts
@@ -59,7 +59,7 @@ import FEATURE from '../constants/feature';
 import OrderStatuses from '../constants/order-status';
 import { PAYMENT_METHOD_SERVICE, PAYMENT_METHOD_TYPE } from '../constants/paymentMethods';
 import plans, { HostPlan } from '../constants/plans';
-import POLICIES, { Policies } from '../constants/policies';
+import POLICIES, { DEFAULT_POLICIES, Policies } from '../constants/policies';
 import roles, { MemberRoleLabels } from '../constants/roles';
 import { hasOptedOutOfFeature, isFeatureAllowedForCollectiveType } from '../lib/allowed-features';
 import {
@@ -291,6 +291,7 @@ class Collective extends Model<
   public declare platformFeePercent: number;
   public declare description: string;
   public declare longDescription: string;
+  /** @deprecated Use policies @see {@link Policies.EXPENSE_POLICIES}*/
   public declare expensePolicy: string;
   public declare contributionPolicy: string;
   public declare currency: SupportedCurrency;
@@ -3496,7 +3497,7 @@ class Collective extends Model<
     return metrics;
   };
 
-  setPolicies = async function (policies) {
+  setPolicies = async function (policies: Policies) {
     for (const policy of Object.keys(policies)) {
       if (!POLICIES[policy]) {
         throw new Error(`Policy ${policy} is not supported`);
@@ -3712,15 +3713,41 @@ Collective.init(
     },
 
     expensePolicy: {
-      type: DataTypes.TEXT, // HTML
+      type: DataTypes.VIRTUAL, // HTML
       validate: {
         len: [0, 50000], // just to prevent people from putting a lot of text in there
       },
+      get() {
+        const currentPolicy =
+          this.data?.policies?.[POLICIES.EXPENSE_POLICIES] || DEFAULT_POLICIES[POLICIES.EXPENSE_POLICIES];
+
+        return currentPolicy?.invoicePolicy;
+      },
       set(expensePolicy: string) {
+        const currentPolicy =
+          this.data?.policies?.[POLICIES.EXPENSE_POLICIES] || DEFAULT_POLICIES[POLICIES.EXPENSE_POLICIES];
         if (expensePolicy) {
-          this.setDataValue('expensePolicy', sanitizeHTML(expensePolicy, optsSanitizeHtmlForSimplified));
+          const data = this.getDataValue('data');
+          const newPolicies = {
+            ...(data?.policies || {}),
+            [POLICIES.EXPENSE_POLICIES]: {
+              ...currentPolicy,
+              invoicePolicy: sanitizeHTML(expensePolicy, optsSanitizeHtmlForSimplified),
+              receiptPolicy: sanitizeHTML(expensePolicy, optsSanitizeHtmlForSimplified),
+            },
+          };
+          this.setDataValue('data', { data: { ...data, policies: newPolicies } });
         } else {
-          this.setDataValue('expensePolicy', null);
+          const data = this.getDataValue('data');
+          const newPolicies = {
+            ...(data?.policies || {}),
+            [POLICIES.EXPENSE_POLICIES]: {
+              ...currentPolicy,
+              invoicePolicy: '',
+              receiptPolicy: '',
+            },
+          };
+          this.setDataValue('data', { data: { ...data, policies: newPolicies } });
         }
       },
     },
diff --git a/server/models/PayoutMethod.ts b/server/models/PayoutMethod.ts
index e970ca2516f..c0bc6058f08 100644
--- a/server/models/PayoutMethod.ts
+++ b/server/models/PayoutMethod.ts
@@ -242,13 +242,13 @@ PayoutMethod.init(
           if (this.type === PayoutMethodTypes.PAYPAL) {
             if (!value || !value.email || !isEmail(value.email)) {
               throw new Error('Invalid PayPal email address');
-            } else if (!objHasOnlyKeys(value, ['email'])) {
+            } else if (!objHasOnlyKeys(value, ['email', 'currency'])) {
               throw new Error('Data for this payout method contains too much information');
             }
           } else if (this.type === PayoutMethodTypes.OTHER) {
             if (!value || !value.content || typeof value.content !== 'string') {
               throw new Error('Invalid format of custom payout method');
-            } else if (!objHasOnlyKeys(value, ['content'])) {
+            } else if (!objHasOnlyKeys(value, ['content', 'currency'])) {
               throw new Error('Data for this payout method contains too much information');
             }
           } else if (this.type === PayoutMethodTypes.BANK_ACCOUNT) {

From 06eebb7b85389b5b26bd0f30f2d181ac14faa978 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Tue, 3 Dec 2024 09:50:54 +0100
Subject: [PATCH 098/129] enhancement(CreateProject): add the ability to
 disable contributions (#10497)

* enhancement(CreateProject): add the ability to disable contributions

* enhancement(Features): checks for receive contributions flag
---
 checks/model/collectives.js                   | 25 ++++++++++
 server/graphql/common/features.ts             |  8 ++-
 server/graphql/schemaV2.graphql               |  5 ++
 server/graphql/v1/mutations/orders.js         | 50 +++++++++++--------
 .../v2/mutation/CreateCollectiveMutation.js   | 17 ++++---
 .../v2/mutation/CreateProjectMutation.js      | 15 +++++-
 server/graphql/v2/mutation/OrderMutations.js  | 16 +++++-
 server/models/Collective.ts                   |  2 +-
 .../v2/mutation/AddedFundsMutations.test.js   | 19 +++++++
 .../v2/mutation/CreateProjectMutation.test.ts | 24 ++++++++-
 .../v2/mutation/OrderMutations.test.ts        | 34 +++++++++++++
 test/test-helpers/fake-data.ts                |  1 +
 12 files changed, 182 insertions(+), 34 deletions(-)

diff --git a/checks/model/collectives.js b/checks/model/collectives.js
index b1bfafd2412..2fa32fdb20b 100644
--- a/checks/model/collectives.js
+++ b/checks/model/collectives.js
@@ -25,8 +25,33 @@ async function checkDeletedUsers() {
   }
 }
 
+async function checkActiveApprovedAtInconsistency() {
+  const message = 'approvedAt and isActive are inconsistent (no auto fix)';
+
+  const [results] = await sequelize.query(
+    `
+    SELECT
+      COUNT(*) FILTER (WHERE "isActive" IS TRUE and "approvedAt" IS NULL) as "activeUnapproved",
+      COUNT(*) FILTER (WHERE "isActive" IS NOT TRUE and "approvedAt" IS NOT NULL) as "inactiveApproved"
+    FROM "Collectives"
+    WHERE "deletedAt" IS NULL
+    AND (
+      ("isActive" IS TRUE and "approvedAt" IS NULL)
+      OR ("isActive" IS NOT TRUE and "approvedAt" IS NOT NULL)
+    )`,
+    { type: sequelize.QueryTypes.SELECT, raw: true },
+  );
+
+  if (results.activeUnapproved > 0 || results.inactiveApproved > 0) {
+    throw new Error(
+      `${message} (${results[0].activeUnapproved} activeUnapproved, ${results[0].inactiveApproved} inactiveApproved)`,
+    );
+  }
+}
+
 export async function checkCollectives() {
   await checkDeletedUsers();
+  await checkActiveApprovedAtInconsistency();
 }
 
 if (!module.parent) {
diff --git a/server/graphql/common/features.ts b/server/graphql/common/features.ts
index 73cbc6b2c65..11bde6bfe81 100644
--- a/server/graphql/common/features.ts
+++ b/server/graphql/common/features.ts
@@ -38,7 +38,7 @@ const checkIsActiveIfExistsInDB = async (
   return checkIsActive(checkExistsInDB(query, queryOptions), fallback);
 };
 
-export const checkReceiveFinancialContributions = async (collective, req) => {
+export const checkReceiveFinancialContributions = async (collective, req, { ignoreActive = false } = {}) => {
   if (!collective.HostCollectiveId || !collective.approvedAt) {
     return FEATURE_STATUS.DISABLED;
   } else if (!collective.isActive) {
@@ -49,6 +49,8 @@ export const checkReceiveFinancialContributions = async (collective, req) => {
     !req.remoteUser?.isAdminOfCollectiveOrHost(collective)
   ) {
     return FEATURE_STATUS.UNSUPPORTED;
+  } else if (isFeatureBlockedForAccount(collective, FEATURE.RECEIVE_FINANCIAL_CONTRIBUTIONS)) {
+    return FEATURE_STATUS.DISABLED;
   }
 
   // Check if contributions are disabled at the host level
@@ -68,6 +70,10 @@ export const checkReceiveFinancialContributions = async (collective, req) => {
     }
   }
 
+  if (ignoreActive) {
+    return FEATURE_STATUS.AVAILABLE;
+  }
+
   return checkIsActiveIfExistsInDB(
     `SELECT 1 FROM "Orders"
       WHERE "CollectiveId" = :CollectiveId
diff --git a/server/graphql/schemaV2.graphql b/server/graphql/schemaV2.graphql
index a89a0b27efa..9096f014e99 100644
--- a/server/graphql/schemaV2.graphql
+++ b/server/graphql/schemaV2.graphql
@@ -18913,6 +18913,11 @@ type Mutation {
     Reference to the parent Account creating the Project.
     """
     parent: AccountReferenceInput
+
+    """
+    Set to true to disable contributions to this project. Host admins will still be able to add funds.
+    """
+    disableContributions: Boolean! = false
   ): Project
 
   """
diff --git a/server/graphql/v1/mutations/orders.js b/server/graphql/v1/mutations/orders.js
index bbff6e9d6a2..f8c980fb749 100644
--- a/server/graphql/v1/mutations/orders.js
+++ b/server/graphql/v1/mutations/orders.js
@@ -25,10 +25,12 @@ import twoFactorAuthLib from '../../../lib/two-factor-authentication';
 import { canUseFeature } from '../../../lib/user-permissions';
 import { formatCurrency } from '../../../lib/utils';
 import models, { Op, Order } from '../../../models';
+import { checkReceiveFinancialContributions } from '../../common/features';
 import {
   BadRequest,
   FeatureNotAllowedForUser,
   FeatureNotSupportedForCollective,
+  Forbidden,
   NotFound,
   Unauthorized,
   ValidationFailed,
@@ -221,7 +223,33 @@ export async function createOrder(order, req) {
 
   if (remoteUser && !canUseFeature(remoteUser, FEATURE.ORDER)) {
     throw new FeatureNotAllowedForUser();
-  } else if (!remoteUser) {
+  }
+
+  // Check the existence of the recipient Collective
+  if (!order.collective?.id) {
+    throw new Error('Collective not found');
+  }
+
+  const collective = await loaders.Collective.byId.load(order.collective.id);
+  if (!collective) {
+    throw new Error(`No collective found: ${order.collective.id || order.collective.website}`);
+  }
+
+  if (order.fromCollective && order.fromCollective.id === collective.id) {
+    throw new Error('Orders cannot be created for a collective by that same collective.');
+  }
+
+  const host = await collective.getHostCollective({ loaders: req.loaders });
+  if (!host) {
+    throw new Error('This collective has no host and cannot accept financial contributions at this time.');
+  }
+
+  const receiveOrdersStatus = await checkReceiveFinancialContributions(collective, req, { ignoreActive: true });
+  if (!['ACTIVE', 'AVAILABLE'].includes(receiveOrdersStatus)) {
+    throw new Forbidden('This collective cannot receive financial contributions');
+  }
+
+  if (!remoteUser) {
     await checkGuestContribution(order, loaders);
   }
 
@@ -262,26 +290,6 @@ export async function createOrder(order, req) {
     // ---- Set defaults ----
     order.quantity = order.quantity || 1;
     order.taxAmount = order.taxAmount || 0;
-
-    // Check the existence of the recipient Collective
-    if (!order.collective?.id) {
-      throw new Error('Collective not found');
-    }
-
-    const collective = await loaders.Collective.byId.load(order.collective.id);
-    if (!collective) {
-      throw new Error(`No collective found: ${order.collective.id || order.collective.website}`);
-    }
-
-    if (order.fromCollective && order.fromCollective.id === collective.id) {
-      throw new Error('Orders cannot be created for a collective by that same collective.');
-    }
-
-    const host = await collective.getHostCollective({ loaders: req.loaders });
-    if (!host) {
-      throw new Error('This collective has no host and cannot accept financial contributions at this time.');
-    }
-
     order.collective = collective;
 
     let tier;
diff --git a/server/graphql/v2/mutation/CreateCollectiveMutation.js b/server/graphql/v2/mutation/CreateCollectiveMutation.js
index d9081bb1ba0..e0aa4bc7c63 100644
--- a/server/graphql/v2/mutation/CreateCollectiveMutation.js
+++ b/server/graphql/v2/mutation/CreateCollectiveMutation.js
@@ -183,6 +183,12 @@ async function createCollective(_, args, req) {
           shouldAutomaticallyApprove = true;
         }
       }
+
+      // In test/dev environments, we can skip the approval process
+      if (args.skipApprovalTestOnly && !isProd) {
+        shouldAutomaticallyApprove = true;
+      }
+
       // Add the host if any
       if (host) {
         await collective.addHost(host, remoteUser, {
@@ -231,12 +237,6 @@ const createCollectiveMutation = {
       description: 'User information to create along with the collective',
       type: GraphQLIndividualCreateInput,
     },
-    automateApprovalWithGithub: {
-      description: 'Whether to trigger the automated approval for Open Source collectives with GitHub.',
-      type: GraphQLBoolean,
-      defaultValue: false,
-      deprecationReason: '2022-10-12: This is now automated',
-    },
     message: {
       type: GraphQLString,
       description: 'A message to attach for the host to review the application',
@@ -258,6 +258,11 @@ const createCollectiveMutation = {
       type: new GraphQLList(GraphQLInviteMemberInput),
       description: 'List of members to invite on Collective creation.',
     },
+    skipApprovalTestOnly: {
+      description: 'Marks the collective as approved directly. Only available in test/CI environments.',
+      type: GraphQLBoolean,
+      defaultValue: false,
+    },
   },
   resolve: (_, args, req) => {
     return createCollective(_, args, req);
diff --git a/server/graphql/v2/mutation/CreateProjectMutation.js b/server/graphql/v2/mutation/CreateProjectMutation.js
index c2f0a4361f1..9aa20c5bce7 100644
--- a/server/graphql/v2/mutation/CreateProjectMutation.js
+++ b/server/graphql/v2/mutation/CreateProjectMutation.js
@@ -1,6 +1,7 @@
-import { GraphQLNonNull } from 'graphql';
-import { pick } from 'lodash';
+import { GraphQLBoolean, GraphQLNonNull } from 'graphql';
+import { pick, set } from 'lodash';
 
+import FEATURE from '../../../constants/feature';
 import roles from '../../../constants/roles';
 import { canUseSlug } from '../../../lib/collectivelib';
 import models, { sequelize } from '../../../models';
@@ -50,8 +51,13 @@ async function createProject(_, args, req) {
     ParentCollectiveId: parent.id,
     CreatedByUserId: req.remoteUser.id,
     settings: { ...DEFAULT_PROJECT_SETTINGS, ...args.project.settings },
+    data: {},
   };
 
+  if (args.disableContributions) {
+    set(projectData.data, `features.${FEATURE.RECEIVE_FINANCIAL_CONTRIBUTIONS}`, false);
+  }
+
   if (!canUseSlug(projectData.slug, req.remoteUser)) {
     throw new Error(`The slug '${projectData.slug}' is not allowed.`);
   }
@@ -104,6 +110,11 @@ const createProjectMutation = {
       description: 'Reference to the parent Account creating the Project.',
       type: GraphQLAccountReferenceInput,
     },
+    disableContributions: {
+      description: 'Set to true to disable contributions to this project. Host admins will still be able to add funds.',
+      type: new GraphQLNonNull(GraphQLBoolean),
+      defaultValue: false,
+    },
   },
   resolve: (_, args, req) => {
     return createProject(_, args, req);
diff --git a/server/graphql/v2/mutation/OrderMutations.js b/server/graphql/v2/mutation/OrderMutations.js
index 2eb9793a412..49547e3b4f7 100644
--- a/server/graphql/v2/mutation/OrderMutations.js
+++ b/server/graphql/v2/mutation/OrderMutations.js
@@ -45,7 +45,14 @@ import { updateSubscriptionWithPaypal } from '../../../paymentProviders/paypal/s
 import { checkReceiveFinancialContributions } from '../../common/features';
 import * as OrdersLib from '../../common/orders';
 import { checkRemoteUserCanRoot, checkRemoteUserCanUseOrders, checkScope } from '../../common/scope-check';
-import { BadRequest, FeatureNotAllowedForUser, NotFound, Unauthorized, ValidationFailed } from '../../errors';
+import {
+  BadRequest,
+  FeatureNotAllowedForUser,
+  Forbidden,
+  NotFound,
+  Unauthorized,
+  ValidationFailed,
+} from '../../errors';
 import {
   confirmOrder as confirmOrderLegacy,
   createOrder as createOrderLegacy,
@@ -958,6 +965,13 @@ const orderMutations = {
 
       const toAccount = await fetchAccountWithReference(paymentIntentInput.toAccount, { throwIfMissing: true });
       const hostStripeAccount = await toAccount.getHostStripeAccount();
+      if (
+        !['ACTIVE', 'AVAILABLE'].includes(
+          await checkReceiveFinancialContributions(toAccount, req, { ignoreActive: true }),
+        )
+      ) {
+        throw new Forbidden('This collective cannot receive financial contributions');
+      }
 
       const isPlatformHost = hostStripeAccount.username === config.stripe.accountId;
 
diff --git a/server/models/Collective.ts b/server/models/Collective.ts
index ec8ec247212..4f955d9d331 100644
--- a/server/models/Collective.ts
+++ b/server/models/Collective.ts
@@ -176,7 +176,7 @@ type Settings = {
 
 type Data = Partial<{
   policies: Policies;
-  features: Record<FEATURE, boolean>;
+  features: Partial<Record<FEATURE, boolean>>;
   address: StructuredAddress;
   replyToEmail: string;
   isTrustedHost: boolean;
diff --git a/test/server/graphql/v2/mutation/AddedFundsMutations.test.js b/test/server/graphql/v2/mutation/AddedFundsMutations.test.js
index 7d1894c4e13..3298429e70e 100644
--- a/test/server/graphql/v2/mutation/AddedFundsMutations.test.js
+++ b/test/server/graphql/v2/mutation/AddedFundsMutations.test.js
@@ -268,6 +268,25 @@ describe('server/graphql/v2/mutation/AddedFundsMutations', () => {
       expect(result.data.addFunds.accountingCategory.id).to.equal(encodedAccountingCategoryId);
     });
 
+    it('can add funds as host admin even if RECEIVE_FINANCIAL_CONTRIBUTIONS is false', async () => {
+      const collective = await fakeCollective({ settings: { features: { RECEIVE_FINANCIAL_CONTRIBUTIONS: false } } });
+      const hostAdmin = await fakeUser();
+      await collective.host.addUserWithRole(hostAdmin, roles.ADMIN);
+      const result = await graphqlQueryV2(
+        addFundsMutation,
+        {
+          ...validMutationVariables,
+          account: { legacyId: collective.id },
+          fromAccount: { legacyId: randomUser.CollectiveId },
+        },
+        hostAdmin,
+      );
+      result.errors && console.error(result.errors);
+      expect(result.errors).to.not.exist;
+      expect(result.data.addFunds.amount.valueInCents).to.equal(2000);
+      expect(result.data.addFunds.amount.currency).to.equal('USD');
+    });
+
     it('can add funds as host admin with authorization', async () => {
       const userToken = await fakeUserToken({ scope: ['host'], UserId: hostAdmin.id });
       const result = await oAuthGraphqlQueryV2(
diff --git a/test/server/graphql/v2/mutation/CreateProjectMutation.test.ts b/test/server/graphql/v2/mutation/CreateProjectMutation.test.ts
index a42fed9a36d..af2a3a5fb39 100644
--- a/test/server/graphql/v2/mutation/CreateProjectMutation.test.ts
+++ b/test/server/graphql/v2/mutation/CreateProjectMutation.test.ts
@@ -5,8 +5,12 @@ import { fakeCollective, fakeUser, randStr } from '../../../../test-helpers/fake
 import * as utils from '../../../../utils';
 
 const createProjectMutation = gql`
-  mutation CreateProject($project: ProjectCreateInput!, $parent: AccountReferenceInput!) {
-    createProject(project: $project, parent: $parent) {
+  mutation CreateProject(
+    $project: ProjectCreateInput!
+    $parent: AccountReferenceInput!
+    $disableContributions: Boolean
+  ) {
+    createProject(project: $project, parent: $parent, disableContributions: $disableContributions) {
       id
       name
       slug
@@ -18,6 +22,9 @@ const createProjectMutation = gql`
         type
         url
       }
+      features {
+        RECEIVE_FINANCIAL_CONTRIBUTIONS
+      }
     }
   }
 `;
@@ -100,6 +107,19 @@ describe('server/graphql/v2/mutation/CreateProjectMutation', () => {
     expect(project.socialLinks).to.deep.equal(socialLinks);
   });
 
+  it('can disable contributions to the project', async () => {
+    const adminUser = await fakeUser();
+    const parentCollective = await fakeCollective({ admin: adminUser });
+    const parent = { legacyId: parentCollective.id };
+    const disableContributions = true;
+    const mutationArgs = { parent, project: { ...VALID_PROJECT_ATTRIBUTES, slug: randStr() }, disableContributions };
+    const result = await utils.graphqlQueryV2(createProjectMutation, mutationArgs, adminUser);
+    result.errors && console.error(result.errors);
+    expect(result.errors).to.not.exist;
+    const project = result.data.createProject;
+    expect(project.features.RECEIVE_FINANCIAL_CONTRIBUTIONS).to.equal('DISABLED');
+  });
+
   describe('images', async () => {
     it('can be set', async () => {
       const adminUser = await fakeUser();
diff --git a/test/server/graphql/v2/mutation/OrderMutations.test.ts b/test/server/graphql/v2/mutation/OrderMutations.test.ts
index 4017704a340..e234c1ce6a5 100644
--- a/test/server/graphql/v2/mutation/OrderMutations.test.ts
+++ b/test/server/graphql/v2/mutation/OrderMutations.test.ts
@@ -763,6 +763,40 @@ describe('server/graphql/v2/mutation/OrderMutations', () => {
           expect(result.errors[0].message).to.equal('Account Not Found');
         });
 
+        it('collective must not have RECEIVE_FINANCIAL_CONTRIBUTIONS disabled', async () => {
+          const fromUser = await fakeUser();
+          const collective = await fakeCollective({
+            admin: fromUser,
+            HostCollectiveId: host.id,
+            data: { features: { RECEIVE_FINANCIAL_CONTRIBUTIONS: false } },
+          });
+          const orderData = {
+            ...validOrderParams,
+            toAccount: { legacyId: collective.id },
+            fromAccount: { legacyId: fromUser.CollectiveId },
+          };
+          const result = await callCreateOrder({ order: orderData }, fromUser);
+          expect(result.errors).to.exist;
+          expect(result.errors[0].message).to.equal('This collective cannot receive financial contributions');
+        });
+
+        it('collective must not have ALL features disabled', async () => {
+          const fromUser = await fakeUser();
+          const collective = await fakeCollective({
+            admin: fromUser,
+            data: { features: { ALL: false } },
+            HostCollectiveId: host.id,
+          });
+          const orderData = {
+            ...validOrderParams,
+            toAccount: { legacyId: collective.id },
+            fromAccount: { legacyId: fromUser.CollectiveId },
+          };
+          const result = await callCreateOrder({ order: orderData }, fromUser);
+          expect(result.errors).to.exist;
+          expect(result.errors[0].message).to.equal('This collective cannot receive financial contributions');
+        });
+
         it('tier must exist', async () => {
           const fromUser = await fakeUser();
           const orderData = { ...validOrderParams, tier: { legacyId: 9999999 } };
diff --git a/test/test-helpers/fake-data.ts b/test/test-helpers/fake-data.ts
index 3489d9c0d65..23f1491f239 100644
--- a/test/test-helpers/fake-data.ts
+++ b/test/test-helpers/fake-data.ts
@@ -202,6 +202,7 @@ export const fakeActiveHost = async (hostData: Parameters<typeof fakeCollective>
     HostCollectiveId: null,
     isHostAccount: true,
     isActive: true,
+    approvedAt: new Date(),
     ...hostData,
   });
 

From b37eeb4f7d291e6441a0726f8ded58e2e2fd5f60 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 3 Dec 2024 10:45:52 +0100
Subject: [PATCH 099/129] fix(deps): update dependency lru-cache to v11.0.2
 (#10514)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 95779bafa7f..ac3918510a0 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -79,7 +79,7 @@
         "juice": "10.0.1",
         "limax": "4.1.0",
         "lodash": "4.17.21",
-        "lru-cache": "11.0.1",
+        "lru-cache": "11.0.2",
         "moment": "2.30.1",
         "moment-timezone": "0.5.46",
         "multer": "1.4.5-lts.1",
@@ -20606,9 +20606,9 @@
       }
     },
     "node_modules/lru-cache": {
-      "version": "11.0.1",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.0.1.tgz",
-      "integrity": "sha512-CgeuL5uom6j/ZVrg7G/+1IXqRY8JXX4Hghfy5YE0EhoYQWvndP1kufu58cmZLNIDKnRhZrXfdS9urVWx98AipQ==",
+      "version": "11.0.2",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.0.2.tgz",
+      "integrity": "sha512-123qHRfJBmo2jXDbo/a5YOQrJoHF/GNQTLzQ5+IdK5pWpceK17yRc6ozlWd25FxvGKQbIUs91fDFkXmDHTKcyA==",
       "license": "ISC",
       "engines": {
         "node": "20 || >=22"
diff --git a/package.json b/package.json
index 54f99b8f0f6..06c66bd00eb 100644
--- a/package.json
+++ b/package.json
@@ -100,7 +100,7 @@
     "juice": "10.0.1",
     "limax": "4.1.0",
     "lodash": "4.17.21",
-    "lru-cache": "11.0.1",
+    "lru-cache": "11.0.2",
     "moment": "2.30.1",
     "moment-timezone": "0.5.46",
     "multer": "1.4.5-lts.1",

From e2d71d3f1420ad06096f95a69fdd9a78e5f9504c Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 3 Dec 2024 10:46:04 +0100
Subject: [PATCH 100/129] fix(deps): update dependency dotenv to v16.4.6
 (#10513)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 9 +++++----
 package.json      | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index ac3918510a0..5dc42d848e2 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -53,7 +53,7 @@
         "dataloader-sequelize": "2.3.3",
         "debug": "4.3.7",
         "deepmerge": "4.3.1",
-        "dotenv": "16.4.5",
+        "dotenv": "16.4.6",
         "errorhandler": "1.5.1",
         "express": "4.21.1",
         "express-basic-auth": "1.2.1",
@@ -15186,9 +15186,10 @@
       }
     },
     "node_modules/dotenv": {
-      "version": "16.4.5",
-      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.4.5.tgz",
-      "integrity": "sha512-ZmdL2rui+eB2YwhsWzjInR8LldtZHGDoQ1ugH85ppHKwpUHL7j7rN0Ti9NCnGiQbhaZ11FpR+7ao1dNsmduNUg==",
+      "version": "16.4.6",
+      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.4.6.tgz",
+      "integrity": "sha512-JhcR/+KIjkkjiU8yEpaB/USlzVi3i5whwOjpIRNGi9svKEXZSe+Qp6IWAjFjv+2GViAoDRCUv/QLNziQxsLqDg==",
+      "license": "BSD-2-Clause",
       "engines": {
         "node": ">=12"
       },
diff --git a/package.json b/package.json
index 06c66bd00eb..2f93d882a28 100644
--- a/package.json
+++ b/package.json
@@ -74,7 +74,7 @@
     "dataloader-sequelize": "2.3.3",
     "debug": "4.3.7",
     "deepmerge": "4.3.1",
-    "dotenv": "16.4.5",
+    "dotenv": "16.4.6",
     "errorhandler": "1.5.1",
     "express": "4.21.1",
     "express-basic-auth": "1.2.1",

From 083ea7d9eb747f469cebc4f324ce3f42a7014d6b Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 3 Dec 2024 10:46:43 +0100
Subject: [PATCH 101/129] fix(deps): update dependency axios to v1.7.8 (#10512)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 5dc42d848e2..6f7f0f0e1e9 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -33,7 +33,7 @@
         "@superfaceai/passport-twitter-oauth2": "1.2.4",
         "argparse": "2.0.1",
         "async-mutex": "0.5.0",
-        "axios": "1.7.7",
+        "axios": "1.7.8",
         "babel-plugin-add-module-exports": "1.0.4",
         "bayes": "1.0.0",
         "bcrypt": "5.1.1",
@@ -13139,9 +13139,9 @@
       "optional": true
     },
     "node_modules/axios": {
-      "version": "1.7.7",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.7.tgz",
-      "integrity": "sha512-S4kL7XrjgBmvdGut0sN3yJxqYzrDOnivkBiN0OFs6hLiUam3UPvswUo0kqGyhqUZGEOytHyumEdXsAkgCOUf3Q==",
+      "version": "1.7.8",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.8.tgz",
+      "integrity": "sha512-Uu0wb7KNqK2t5K+YQyVCLM76prD5sRFjKHbJYCP1J7JFGEQ6nN7HWn9+04LAeiJ3ji54lgS/gZCH1oxyrf1SPw==",
       "license": "MIT",
       "dependencies": {
         "follow-redirects": "^1.15.6",
diff --git a/package.json b/package.json
index 2f93d882a28..2d6050c49bf 100644
--- a/package.json
+++ b/package.json
@@ -54,7 +54,7 @@
     "@superfaceai/passport-twitter-oauth2": "1.2.4",
     "argparse": "2.0.1",
     "async-mutex": "0.5.0",
-    "axios": "1.7.7",
+    "axios": "1.7.8",
     "babel-plugin-add-module-exports": "1.0.4",
     "bayes": "1.0.0",
     "bcrypt": "5.1.1",

From 21e743eef2c1e51325328bcd4ff7efc85395ad96 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Tue, 3 Dec 2024 10:51:57 +0100
Subject: [PATCH 102/129] feat(ElasticSearch): args at the index resolver level
 (#10506)

---
 scripts/search.ts                             |  72 ++++--
 server/graphql/common/typescript-helpers.ts   |  38 +++
 server/graphql/loaders/search.ts              |  28 ++-
 server/graphql/schemaV2.graphql               |  22 +-
 server/graphql/v2/enum/AccountType.js         |  27 ---
 server/graphql/v2/enum/AccountType.ts         |  39 +++
 server/graphql/v2/object/SearchReponse.ts     |  49 ----
 server/graphql/v2/object/SearchResponse.ts    |  26 ++
 server/graphql/v2/query/SearchQuery.ts        |  59 +----
 .../ElasticSearchCollectivesAdapter.ts        |   2 +
 server/lib/elastic-search/constants.ts        |  10 +
 server/lib/elastic-search/graphql-search.ts   | 153 +++++++++---
 server/lib/elastic-search/search.ts           | 133 ++++++----
 server/lib/sql-search.ts                      | 228 +-----------------
 server/lib/utils.js                           |  13 -
 15 files changed, 423 insertions(+), 476 deletions(-)
 create mode 100644 server/graphql/common/typescript-helpers.ts
 delete mode 100644 server/graphql/v2/enum/AccountType.js
 create mode 100644 server/graphql/v2/enum/AccountType.ts
 delete mode 100644 server/graphql/v2/object/SearchReponse.ts
 create mode 100644 server/graphql/v2/object/SearchResponse.ts

diff --git a/scripts/search.ts b/scripts/search.ts
index e0bdf04620e..ff316a479a2 100644
--- a/scripts/search.ts
+++ b/scripts/search.ts
@@ -115,20 +115,59 @@ program
   .argument('[indexes...]', 'Only sync specific indexes')
   .action(async (fromDate, indexesInput) => {
     checkElasticSearchAvailable();
-    const parsedDate = new Date(fromDate);
-    if (isNaN(parsedDate.getTime())) {
-      throw new Error('Invalid date');
-    } else {
-      const allIndexes = Object.values(ElasticSearchIndexName);
-      const indexes = parseIndexesFromInput(indexesInput);
-      const modelsLabels = indexes.length === allIndexes.length ? 'all indices' : indexes.join(', ');
-      logger.info(`Syncing ${modelsLabels} from ${parsedDate.toISOString()}`);
-      for (const indexName of indexes) {
-        await syncElasticSearchIndex(indexName as ElasticSearchIndexName, { fromDate: parsedDate, log: true });
+
+    let parsedDate;
+    if (fromDate !== 'all') {
+      parsedDate = new Date(fromDate);
+      if (isNaN(parsedDate.getTime())) {
+        throw new Error('Invalid date');
       }
+    }
 
-      logger.info('Sync completed!');
+    const allIndexes = Object.values(ElasticSearchIndexName);
+    const indexes = parseIndexesFromInput(indexesInput);
+    const modelsLabels = indexes.length === allIndexes.length ? 'all indices' : indexes.join(', ');
+    logger.info(`Syncing ${modelsLabels} from ${!parsedDate ? 'all time' : parsedDate.toISOString()}`);
+    for (const indexName of indexes) {
+      await syncElasticSearchIndex(indexName as ElasticSearchIndexName, { fromDate: parsedDate, log: true });
     }
+
+    logger.info('Sync completed!');
+  });
+
+// Info command, to get the list of fields in the index
+program
+  .command('info')
+  .description('Show information about the ElasticSearch indices')
+  .argument('[indexes...]', 'Only show information about specific indexes')
+  .action(async indexesInput => {
+    checkElasticSearchAvailable();
+    const indexes = parseIndexesFromInput(indexesInput);
+    const availableIndexes = await getAvailableElasticSearchIndexes();
+    const [availableIndexesToQuery, unknownIndexes] = partition(indexes, index => availableIndexes.includes(index));
+    if (unknownIndexes.length) {
+      logger.warn(`Unknown indexes: ${unknownIndexes.join(', ')}`);
+    }
+
+    const client = getElasticSearchClient();
+    for (const index of availableIndexesToQuery) {
+      const result = await client.indices.getMapping({ index });
+      console.log(`Index: ${index}`);
+      console.log(JSON.stringify(result, null, 2));
+    }
+  });
+
+// Get the values for a single entry in an index
+program
+  .command('get')
+  .description('Get a single entry from an index')
+  .argument('<index>', 'Index name')
+  .argument('<id>', 'Entry ID')
+  .action(async (index, id) => {
+    checkElasticSearchAvailable();
+    const client = getElasticSearchClient();
+    const result = await client.get({ index, id });
+    console.log(JSON.stringify(result, null, 2));
   });
 
 program
@@ -179,18 +218,19 @@ program
     const limit = parseInt(options.limit, 10);
     const account = options.account && (await models.Collective.findBySlug(options.account));
     const host = options.host && (await models.Collective.findBySlug(options.host));
-    let asUser = null;
+    let user = null;
     if (options.as) {
       const asCollective = await models.Collective.findBySlug(options.as);
-      asUser = asCollective && (await models.User.findOne({ where: { CollectiveId: asCollective.id } }));
-      if (!asUser) {
+      user = asCollective && (await models.User.findOne({ where: { CollectiveId: asCollective.id } }));
+      if (!user) {
         throw new Error(`User not found: ${options.as}`);
       }
 
-      await asUser.populateRoles();
+      await user.populateRoles();
     }
 
-    const result = await elasticSearchGlobalSearch(indexes, query, limit, asUser, account, host);
+    const indexInputs = indexes.map(index => ({ index }));
+    const result = await elasticSearchGlobalSearch(indexInputs, query, { account, host, limit, user });
     console.log('Result', JSON.stringify(result, null, 2));
   });
 
diff --git a/server/graphql/common/typescript-helpers.ts b/server/graphql/common/typescript-helpers.ts
new file mode 100644
index 00000000000..70e9884af0e
--- /dev/null
+++ b/server/graphql/common/typescript-helpers.ts
@@ -0,0 +1,38 @@
+import type {
+  GraphQLArgumentConfig,
+  GraphQLBoolean,
+  GraphQLFloat,
+  GraphQLInt,
+  GraphQLList,
+  GraphQLString,
+} from 'graphql';
+import { GraphQLNonEmptyString } from 'graphql-scalars';
+
+import { GraphQLAccountType, GraphQLAccountTypeKeys } from '../v2/enum/AccountType';
+
+type GraphQLTypeForPrimitiveType<T> =
+  // Custom enums
+  T extends GraphQLAccountTypeKeys
+    ? typeof GraphQLAccountType
+    : // Primitive types
+      T extends string
+      ? typeof GraphQLString | typeof GraphQLNonEmptyString
+      : T extends boolean
+        ? typeof GraphQLBoolean
+        : T extends number
+          ? typeof GraphQLInt | typeof GraphQLFloat
+          : // List
+            T extends (infer U)[]
+            ? GraphQLList<GraphQLTypeForPrimitiveType<U>>
+            : // Unsupported types
+              never;
+
+// type GraphQLTypeForPrimitiveTypeWithNull<T> = T extends string
+
+/**
+ * Takes a fields map like `{ myField: number }` and makes it a GraphQLFieldConfigArgumentMap type
+};
+ */
+export type FieldsToGraphQLFieldConfigArgumentMap<T> = {
+  [K in keyof T]: GraphQLArgumentConfig & { type: GraphQLTypeForPrimitiveType<T[K]> };
+};
diff --git a/server/graphql/loaders/search.ts b/server/graphql/loaders/search.ts
index 07f2f07b723..8b2363dd328 100644
--- a/server/graphql/loaders/search.ts
+++ b/server/graphql/loaders/search.ts
@@ -2,10 +2,10 @@ import assert from 'assert';
 
 import { AggregationsMultiBucketAggregateBase, SearchResponse } from '@elastic/elasticsearch/lib/api/types';
 import DataLoader from 'dataloader';
-import { groupBy } from 'lodash';
+import { groupBy, pick } from 'lodash';
 
-import { ElasticSearchIndexName } from '../../lib/elastic-search/constants';
-import { elasticSearchGlobalSearch } from '../../lib/elastic-search/search';
+import { ElasticSearchIndexName, ElasticSearchIndexParams } from '../../lib/elastic-search/constants';
+import { elasticSearchGlobalSearch, ElasticSearchIndexRequest } from '../../lib/elastic-search/search';
 import { reportMessageToSentry } from '../../lib/sentry';
 import { Collective } from '../../models';
 
@@ -13,6 +13,7 @@ type SearchParams = {
   requestId: string;
   searchTerm: string;
   index: string;
+  indexParams: ElasticSearchIndexParams[ElasticSearchIndexName];
   limit: number;
   adminOfAccountIds: number[];
   account: Collective;
@@ -40,6 +41,17 @@ export type SearchResultBucket = {
   };
 };
 
+const getSearchIndexes = (requests: SearchParams[]): ElasticSearchIndexRequest[] => {
+  const results: Partial<Record<ElasticSearchIndexName, ElasticSearchIndexRequest>> = {};
+  for (const request of requests) {
+    if (!results[request.index]) {
+      results[request.index] = pick(request, ['index', 'indexParams']);
+    }
+  }
+
+  return Object.values(results);
+};
+
 /**
  * A loader to batch search requests on multiple indexes into a single ElasticSearch query.
  */
@@ -58,8 +70,14 @@ export const generateSearchLoaders = req => {
     for (const requestId in groupedRequests) {
       const firstRequest = groupedRequests[requestId][0];
       const { searchTerm, limit, account, host } = firstRequest;
-      const indexes = groupedRequests[requestId].map(entry => entry.index) as ElasticSearchIndexName[];
-      const results = await elasticSearchGlobalSearch(indexes, searchTerm, limit, req.remoteUser, account, host);
+      const indexes = getSearchIndexes(groupedRequests[requestId]);
+      const results = await elasticSearchGlobalSearch(indexes, searchTerm, {
+        user: req.remoteUser,
+        account,
+        host,
+        limit,
+      });
+
       if (results) {
         if (results._shards?.failures) {
           reportMessageToSentry('ElasticSearch search shard failures', {
diff --git a/server/graphql/schemaV2.graphql b/server/graphql/schemaV2.graphql
index 9096f014e99..474634fe9ae 100644
--- a/server/graphql/schemaV2.graphql
+++ b/server/graphql/schemaV2.graphql
@@ -14837,11 +14837,6 @@ type Query {
     The default limit for each entity type
     """
     defaultLimit: Int! = 10
-
-    """
-    Whether to use ElasticSearch or not
-    """
-    useElasticSearch: Boolean! = true
   ): SearchResponse!
   tagStats(
     """
@@ -18665,7 +18660,22 @@ type SearchResults {
   """
   Search results for Accounts
   """
-  accounts: SearchResultsAccounts
+  accounts(
+    """
+    Type of account
+    """
+    type: AccountType
+
+    """
+    Whether the account is a host or not
+    """
+    isHost: Boolean
+
+    """
+    Tags to filter the accounts
+    """
+    tags: [String]
+  ): SearchResultsAccounts
 
   """
   Search results for Comments
diff --git a/server/graphql/v2/enum/AccountType.js b/server/graphql/v2/enum/AccountType.js
deleted file mode 100644
index 2fe1485e011..00000000000
--- a/server/graphql/v2/enum/AccountType.js
+++ /dev/null
@@ -1,27 +0,0 @@
-import { GraphQLEnumType } from 'graphql';
-
-export const GraphQLAccountType = new GraphQLEnumType({
-  name: 'AccountType',
-  description: 'All account types',
-  values: {
-    BOT: {},
-    COLLECTIVE: {},
-    EVENT: {},
-    FUND: {},
-    INDIVIDUAL: {},
-    ORGANIZATION: {},
-    PROJECT: {},
-    VENDOR: {},
-  },
-});
-
-export const AccountTypeToModelMapping = {
-  BOT: 'BOT',
-  COLLECTIVE: 'COLLECTIVE',
-  EVENT: 'EVENT',
-  FUND: 'FUND',
-  INDIVIDUAL: 'USER',
-  ORGANIZATION: 'ORGANIZATION',
-  PROJECT: 'PROJECT',
-  VENDOR: 'VENDOR',
-};
diff --git a/server/graphql/v2/enum/AccountType.ts b/server/graphql/v2/enum/AccountType.ts
new file mode 100644
index 00000000000..2e59143b5c6
--- /dev/null
+++ b/server/graphql/v2/enum/AccountType.ts
@@ -0,0 +1,39 @@
+import { GraphQLEnumType, GraphQLEnumValueConfig } from 'graphql';
+
+import { CollectiveType } from '../../../constants/collectives';
+
+export type GraphQLAccountTypeKeys =
+  | 'BOT'
+  | 'COLLECTIVE'
+  | 'EVENT'
+  | 'FUND'
+  | 'INDIVIDUAL'
+  | 'ORGANIZATION'
+  | 'PROJECT'
+  | 'VENDOR';
+
+export const GraphQLAccountType = new GraphQLEnumType({
+  name: 'AccountType',
+  description: 'All account types',
+  values: {
+    BOT: {},
+    COLLECTIVE: {},
+    EVENT: {},
+    FUND: {},
+    INDIVIDUAL: {},
+    ORGANIZATION: {},
+    PROJECT: {},
+    VENDOR: {},
+  } satisfies Record<GraphQLAccountTypeKeys, GraphQLEnumValueConfig>,
+});
+
+export const AccountTypeToModelMapping: Record<GraphQLAccountTypeKeys, CollectiveType> = {
+  BOT: CollectiveType.BOT,
+  COLLECTIVE: CollectiveType.COLLECTIVE,
+  EVENT: CollectiveType.EVENT,
+  FUND: CollectiveType.FUND,
+  INDIVIDUAL: CollectiveType.USER,
+  ORGANIZATION: CollectiveType.ORGANIZATION,
+  PROJECT: CollectiveType.PROJECT,
+  VENDOR: CollectiveType.VENDOR,
+};
diff --git a/server/graphql/v2/object/SearchReponse.ts b/server/graphql/v2/object/SearchReponse.ts
deleted file mode 100644
index b1a946ee3f1..00000000000
--- a/server/graphql/v2/object/SearchReponse.ts
+++ /dev/null
@@ -1,49 +0,0 @@
-import { GraphQLNonNull, GraphQLObjectType } from 'graphql';
-import { GraphQLJSONObject } from 'graphql-scalars';
-
-import { GraphQLAccountCollection } from '../collection/AccountCollection';
-import { CommentCollection } from '../collection/CommentCollection';
-import { GraphQLExpenseCollection } from '../collection/ExpenseCollection';
-import { GraphQLHostApplicationCollection } from '../collection/HostApplicationCollection';
-import { GraphQLOrderCollection } from '../collection/OrderCollection';
-import { GraphQLTierCollection } from '../collection/TierCollection';
-import { GraphQLTransactionCollection } from '../collection/TransactionCollection';
-import { GraphQLUpdateCollection } from '../collection/UpdateCollection';
-
-const buildSearchResultsType = (name: string, collectionType: GraphQLObjectType) => {
-  return {
-    description: `Search results for ${name}`,
-    type: new GraphQLObjectType({
-      name: `SearchResults${name}`,
-      fields: {
-        collection: { type: new GraphQLNonNull(collectionType) },
-        highlights: { type: GraphQLJSONObject },
-      },
-    }),
-  };
-};
-
-const GraphQLSearchResults = new GraphQLObjectType({
-  name: 'SearchResults',
-  description: 'Search results for all types',
-  fields: {
-    accounts: buildSearchResultsType('Accounts', GraphQLAccountCollection),
-    comments: buildSearchResultsType('Comments', CommentCollection),
-    expenses: buildSearchResultsType('Expenses', GraphQLExpenseCollection),
-    hostApplications: buildSearchResultsType('HostApplications', GraphQLHostApplicationCollection),
-    orders: buildSearchResultsType('Orders', GraphQLOrderCollection),
-    tiers: buildSearchResultsType('Tiers', GraphQLTierCollection),
-    transactions: buildSearchResultsType('Transactions', GraphQLTransactionCollection),
-    updates: buildSearchResultsType('Updates', GraphQLUpdateCollection),
-  },
-});
-
-export const GraphQLSearchResponse = new GraphQLObjectType({
-  name: 'SearchResponse',
-  fields: () => ({
-    results: {
-      type: new GraphQLNonNull(GraphQLSearchResults),
-      description: 'Search results',
-    },
-  }),
-});
diff --git a/server/graphql/v2/object/SearchResponse.ts b/server/graphql/v2/object/SearchResponse.ts
new file mode 100644
index 00000000000..be295ddd1db
--- /dev/null
+++ b/server/graphql/v2/object/SearchResponse.ts
@@ -0,0 +1,26 @@
+import { GraphQLNonNull, GraphQLObjectType } from 'graphql';
+
+import { getSearchResultFields } from '../../../lib/elastic-search/graphql-search';
+import { GraphQLAccountTypeKeys } from '../enum/AccountType';
+
+export type SearchQueryAccountsResolverArgs = {
+  type: GraphQLAccountTypeKeys;
+  isHost: boolean;
+  tags: string[];
+};
+
+const GraphQLSearchResults = new GraphQLObjectType({
+  name: 'SearchResults',
+  description: 'Search results for all types',
+  fields: getSearchResultFields,
+});
+
+export const GraphQLSearchResponse = new GraphQLObjectType({
+  name: 'SearchResponse',
+  fields: () => ({
+    results: {
+      type: new GraphQLNonNull(GraphQLSearchResults),
+      description: 'Search results',
+    },
+  }),
+});
diff --git a/server/graphql/v2/query/SearchQuery.ts b/server/graphql/v2/query/SearchQuery.ts
index 56cd909ec39..3feadc92b74 100644
--- a/server/graphql/v2/query/SearchQuery.ts
+++ b/server/graphql/v2/query/SearchQuery.ts
@@ -1,14 +1,11 @@
 import config from 'config';
 import express from 'express';
-import { GraphQLBoolean, GraphQLInt, GraphQLNonNull, GraphQLString } from 'graphql';
+import { GraphQLInt, GraphQLNonNull, GraphQLString } from 'graphql';
 
 import { getElasticSearchClient } from '../../../lib/elastic-search/client';
-import { getElasticSearchIndexResolver, getElasticSearchQueryId } from '../../../lib/elastic-search/graphql-search';
-import logger from '../../../lib/logger';
-import { getSQLSearchResolver } from '../../../lib/sql-search';
-import models from '../../../models';
+import { getElasticSearchQueryId } from '../../../lib/elastic-search/graphql-search';
 import { fetchAccountWithReference, GraphQLAccountReferenceInput } from '../input/AccountReferenceInput';
-import { GraphQLSearchResponse } from '../object/SearchReponse';
+import { GraphQLSearchResponse } from '../object/SearchResponse';
 
 const SearchQuery = {
   type: new GraphQLNonNull(GraphQLSearchResponse),
@@ -37,11 +34,6 @@ const SearchQuery = {
       description: 'The default limit for each entity type',
       defaultValue: 10,
     },
-    useElasticSearch: {
-      type: new GraphQLNonNull(GraphQLBoolean),
-      description: 'Whether to use ElasticSearch or not',
-      defaultValue: true,
-    },
   },
   async resolve(_: void, { searchTerm, ...args }, req: express.Request) {
     const { remoteUser } = req;
@@ -53,47 +45,14 @@ const SearchQuery = {
     const account = args.account && (await fetchAccountWithReference(args.account));
     const limit = args.defaultLimit;
 
-    // Fall back to Postgres in non-production environments if ElasticSearch is not configured
-    const hasElasticSearch = Boolean(getElasticSearchClient());
-    let useElasticSearch = hasElasticSearch && args.useElasticSearch;
-    if (args.useElasticSearch && !hasElasticSearch && config.env !== 'production') {
-      logger.warn('ElasticSearch is not configured, falling back to Postgres');
-      useElasticSearch = false;
+    if (!getElasticSearchClient()) {
+      throw new Error(
+        config.env === 'development' ? 'Elastic search is not running' : 'The search is temporarily unavailable',
+      );
     }
 
-    // Elastic search
-    if (useElasticSearch) {
-      const requestId = getElasticSearchQueryId(remoteUser, host, account, searchTerm);
-      const query = { requestId, limit, searchTerm, account, host };
-      return {
-        results: {
-          accounts: getElasticSearchIndexResolver(req, 'collectives', query),
-          comments: getElasticSearchIndexResolver(req, 'comments', query),
-          expenses: getElasticSearchIndexResolver(req, 'expenses', query),
-          hostApplications: getElasticSearchIndexResolver(req, 'host-applications', query),
-          orders: getElasticSearchIndexResolver(req, 'orders', query),
-          tiers: getElasticSearchIndexResolver(req, 'tiers', query),
-          transactions: getElasticSearchIndexResolver(req, 'transactions', query),
-          updates: getElasticSearchIndexResolver(req, 'updates', query),
-        },
-      };
-    }
-    // This falls back to Postgres as a search engine, which is not efficient and should be used only for dev/debugging.
-    else {
-      const query = { searchTerm, limit, remoteUser, host, account, timeout: args.timeout };
-      return {
-        results: {
-          accounts: getSQLSearchResolver(models.Collective, query),
-          comments: getSQLSearchResolver(models.Comment, query),
-          expenses: getSQLSearchResolver(models.Expense, query),
-          hostApplications: getSQLSearchResolver(models.HostApplication, query),
-          orders: getSQLSearchResolver(models.Order, query),
-          tiers: getSQLSearchResolver(models.Tier, query),
-          transactions: getSQLSearchResolver(models.Transaction, query),
-          updates: getSQLSearchResolver(models.Update, query),
-        },
-      };
-    }
+    const requestId = getElasticSearchQueryId(remoteUser, host, account, searchTerm);
+    return { results: { requestId, limit, searchTerm, account, host } }; // Will be digested by `GraphQLSearchResponse`
   },
 };
 
diff --git a/server/lib/elastic-search/adapters/ElasticSearchCollectivesAdapter.ts b/server/lib/elastic-search/adapters/ElasticSearchCollectivesAdapter.ts
index 244ce97d91c..6848670f82b 100644
--- a/server/lib/elastic-search/adapters/ElasticSearchCollectivesAdapter.ts
+++ b/server/lib/elastic-search/adapters/ElasticSearchCollectivesAdapter.ts
@@ -23,6 +23,7 @@ export class ElasticSearchCollectivesAdapter implements ElasticSearchModelAdapte
       isActive: { type: 'boolean' },
       isHostAccount: { type: 'boolean' },
       deactivatedAt: { type: 'date' },
+      tags: { type: 'keyword' },
       // Relationships
       HostCollectiveId: { type: 'keyword' },
       ParentCollectiveId: { type: 'keyword' },
@@ -57,6 +58,7 @@ export class ElasticSearchCollectivesAdapter implements ElasticSearchModelAdapte
       slug: instance.slug,
       name: instance.name,
       type: instance.type,
+      tags: instance.tags,
       legalName: instance.legalName,
       countryISO: instance.countryISO,
       description: instance.description,
diff --git a/server/lib/elastic-search/constants.ts b/server/lib/elastic-search/constants.ts
index 9abd70babf2..753f074c270 100644
--- a/server/lib/elastic-search/constants.ts
+++ b/server/lib/elastic-search/constants.ts
@@ -1,3 +1,5 @@
+import { CollectiveType } from '../../constants/collectives';
+
 export enum ElasticSearchIndexName {
   COLLECTIVES = 'collectives',
   COMMENTS = 'comments',
@@ -8,3 +10,11 @@ export enum ElasticSearchIndexName {
   TIERS = 'tiers',
   HOST_APPLICATIONS = 'host-applications',
 }
+
+export interface ElasticSearchIndexParams extends Record<ElasticSearchIndexName, Record<string, unknown>> {
+  [ElasticSearchIndexName.COLLECTIVES]: {
+    type?: CollectiveType;
+    isHost?: boolean;
+    tags?: string[];
+  };
+}
diff --git a/server/lib/elastic-search/graphql-search.ts b/server/lib/elastic-search/graphql-search.ts
index b8d770e22fe..4c6ca517364 100644
--- a/server/lib/elastic-search/graphql-search.ts
+++ b/server/lib/elastic-search/graphql-search.ts
@@ -3,13 +3,41 @@
  */
 
 import DataLoader from 'dataloader';
+import {
+  GraphQLBoolean,
+  GraphQLFieldConfigArgumentMap,
+  GraphQLList,
+  GraphQLNonNull,
+  GraphQLObjectType,
+  GraphQLString,
+} from 'graphql';
+import { GraphQLJSONObject } from 'graphql-scalars';
 import { groupBy, mapKeys, mapValues } from 'lodash';
 
+import { FieldsToGraphQLFieldConfigArgumentMap } from '../../graphql/common/typescript-helpers';
 import { SearchResultBucket } from '../../graphql/loaders/search';
+import { GraphQLAccountCollection } from '../../graphql/v2/collection/AccountCollection';
+import { CommentCollection } from '../../graphql/v2/collection/CommentCollection';
+import { GraphQLExpenseCollection } from '../../graphql/v2/collection/ExpenseCollection';
+import { GraphQLHostApplicationCollection } from '../../graphql/v2/collection/HostApplicationCollection';
+import { GraphQLOrderCollection } from '../../graphql/v2/collection/OrderCollection';
+import { GraphQLTierCollection } from '../../graphql/v2/collection/TierCollection';
+import { GraphQLTransactionCollection } from '../../graphql/v2/collection/TransactionCollection';
+import { GraphQLUpdateCollection } from '../../graphql/v2/collection/UpdateCollection';
+import { AccountTypeToModelMapping, GraphQLAccountType } from '../../graphql/v2/enum';
 import { idEncode } from '../../graphql/v2/identifiers';
+import type { SearchQueryAccountsResolverArgs } from '../../graphql/v2/object/SearchResponse';
 import { Collective, User } from '../../models';
 
-import { ElasticSearchIndexName } from './constants';
+import { ElasticSearchIndexName, ElasticSearchIndexParams } from './constants';
+
+type GraphQLSearchParams = {
+  requestId: string;
+  searchTerm: string;
+  limit: number;
+  account: Collective;
+  host: Collective;
+};
 
 /**
  * Returns a unique identifier for the ElasticSearch query, which can be used to batch multiple queries together.
@@ -28,13 +56,37 @@ const GraphQLSearchResultsStrategy: Record<
   {
     // A loader to use for loading entities from the (optionally encoded) ID
     loadMany: (req, ids) => DataLoader<unknown, unknown>;
-    // An optional function to encode the ID for use in the GraphQL API
+    // A function to encode the ID for use in the GraphQL API
     getGraphQLId: (result: Record<string, unknown>) => string;
+    // A function to get Elastic Search index-specific parameters from the GraphQL arguments. By default, it returns the raw arguments.
+    prepareArguments?: (args: Record<string, unknown>) => Record<string, unknown>;
+    // Definition of the GraphQL arguments for the search query
+    args?: GraphQLFieldConfigArgumentMap;
   }
 > = {
   [ElasticSearchIndexName.COLLECTIVES]: {
     getGraphQLId: (result: Record<string, unknown>) => idEncode(parseInt(result['id'] as string), 'account'),
     loadMany: (req, ids) => req.loaders.Collective.byId.loadMany(ids),
+    args: {
+      type: {
+        type: GraphQLAccountType,
+        description: 'Type of account',
+      },
+      isHost: {
+        type: GraphQLBoolean,
+        description: 'Whether the account is a host or not',
+      },
+      tags: {
+        type: new GraphQLList(GraphQLString),
+        description: 'Tags to filter the accounts',
+      },
+    } satisfies FieldsToGraphQLFieldConfigArgumentMap<SearchQueryAccountsResolverArgs>,
+    prepareArguments: (
+      args: SearchQueryAccountsResolverArgs,
+    ): ElasticSearchIndexParams[ElasticSearchIndexName.COLLECTIVES] => {
+      // Convert from GraphQL enum to SQL value (INDIVIDUAL -> USER)
+      return { ...args, type: AccountTypeToModelMapping[args.type] };
+    },
   },
   [ElasticSearchIndexName.COMMENTS]: {
     getGraphQLId: (result: Record<string, unknown>) => idEncode(parseInt(result['id'] as string), 'comment'),
@@ -66,44 +118,65 @@ const GraphQLSearchResultsStrategy: Record<
   },
 } as const;
 
-/**
- * Creates a resolver for the given index that fetches the search results using the loader
- * generate by `generateSearchLoaders` in `server/graphql/loaders/search.ts`.
- *
- * The main benefit of this strategy is that we only search the indices that are actually fetched in the
- * original query.
- */
-export const getElasticSearchIndexResolver = (
-  req,
-  index: keyof typeof GraphQLSearchResultsStrategy | `${keyof typeof GraphQLSearchResultsStrategy}`,
-  baseSearchParams: {
-    requestId: string;
-    searchTerm: string;
-    limit: number;
-    account: Collective;
-    host: Collective;
-  },
-) => {
-  return async () => {
-    const strategy = GraphQLSearchResultsStrategy[index];
-    const results = (await req.loaders.search.load({ ...baseSearchParams, index })) as SearchResultBucket;
-    if (!results || results['doc_count'] === 0) {
-      return { collection: { totalCount: 0, offset: 0, limit: baseSearchParams.limit, nodes: () => [] } };
-    }
-
-    const hits = results['top_hits_by_index']['hits']['hits'];
-    const getSQLIdFromHit = hit => hit['_source']['id'];
-    const hitsGroupedBySQLId = groupBy(hits, getSQLIdFromHit);
-    const hitsGroupedByGraphQLKey = mapKeys(hitsGroupedBySQLId, result => strategy.getGraphQLId(result[0]['_source']));
-    const highlights = mapValues(hitsGroupedByGraphQLKey, hits => hits[0]['highlight']);
-    return {
-      highlights,
-      collection: {
-        totalCount: results['doc_count'],
-        offset: 0,
-        limit: baseSearchParams.limit,
-        nodes: () => strategy.loadMany(req, hits.map(getSQLIdFromHit)),
+const buildSearchResultsType = (index: ElasticSearchIndexName, name: string, collectionType: GraphQLObjectType) => {
+  const strategy = GraphQLSearchResultsStrategy[index];
+  return {
+    description: `Search results for ${name}`,
+    args: strategy.args,
+    type: new GraphQLObjectType({
+      name: `SearchResults${name}`,
+      fields: {
+        collection: { type: new GraphQLNonNull(collectionType) },
+        highlights: { type: GraphQLJSONObject },
       },
-    };
+    }),
+    resolve: async (baseSearchParams: GraphQLSearchParams, args, req) => {
+      const indexParams = strategy.prepareArguments ? strategy.prepareArguments(args) : args;
+      const fullSearchParams = { ...baseSearchParams, index, indexParams };
+      const results = (await req.loaders.search.load(fullSearchParams)) as SearchResultBucket;
+
+      if (!results || results['doc_count'] === 0) {
+        return { collection: { totalCount: 0, offset: 0, limit: baseSearchParams.limit, nodes: () => [] } };
+      }
+
+      const hits = results['top_hits_by_index']['hits']['hits'];
+      const getSQLIdFromHit = hit => hit['_source']['id'];
+      const hitsGroupedBySQLId = groupBy(hits, getSQLIdFromHit);
+      const hitsGroupedByGraphQLKey = mapKeys(hitsGroupedBySQLId, result =>
+        strategy.getGraphQLId(result[0]['_source']),
+      );
+      const highlights = mapValues(hitsGroupedByGraphQLKey, hits => hits[0]['highlight']);
+
+      return {
+        highlights,
+        collection: {
+          totalCount: results['doc_count'],
+          offset: 0,
+          limit: baseSearchParams.limit,
+          nodes: () => strategy.loadMany(req, hits.map(getSQLIdFromHit)),
+        },
+      };
+    },
+  };
+};
+
+export const getSearchResultFields = () => {
+  return {
+    accounts: buildSearchResultsType(ElasticSearchIndexName.COLLECTIVES, 'Accounts', GraphQLAccountCollection),
+    comments: buildSearchResultsType(ElasticSearchIndexName.COMMENTS, 'Comments', CommentCollection),
+    expenses: buildSearchResultsType(ElasticSearchIndexName.EXPENSES, 'Expenses', GraphQLExpenseCollection),
+    hostApplications: buildSearchResultsType(
+      ElasticSearchIndexName.HOST_APPLICATIONS,
+      'HostApplications',
+      GraphQLHostApplicationCollection,
+    ),
+    orders: buildSearchResultsType(ElasticSearchIndexName.ORDERS, 'Orders', GraphQLOrderCollection),
+    tiers: buildSearchResultsType(ElasticSearchIndexName.TIERS, 'Tiers', GraphQLTierCollection),
+    transactions: buildSearchResultsType(
+      ElasticSearchIndexName.TRANSACTIONS,
+      'Transactions',
+      GraphQLTransactionCollection,
+    ),
+    updates: buildSearchResultsType(ElasticSearchIndexName.UPDATES, 'Updates', GraphQLUpdateCollection),
   };
 };
diff --git a/server/lib/elastic-search/search.ts b/server/lib/elastic-search/search.ts
index 6bf5762f249..424d194db54 100644
--- a/server/lib/elastic-search/search.ts
+++ b/server/lib/elastic-search/search.ts
@@ -3,12 +3,14 @@
  */
 
 import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types';
+import { isEmpty, isNil } from 'lodash';
 
 import { Collective, User } from '../../models';
+import { reportErrorToSentry } from '../sentry';
 
 import { ElasticSearchModelsAdapters } from './adapters';
 import { getElasticSearchClient } from './client';
-import { ElasticSearchIndexName } from './constants';
+import { ElasticSearchIndexName, ElasticSearchIndexParams } from './constants';
 
 /**
  * Enforce some conditions to match only entities that are related to this account or host.
@@ -35,9 +37,35 @@ const getAccountFilterConditions = (account: Collective, host: Collective) => {
   }
 };
 
+const getIndexConditions = (
+  index: ElasticSearchIndexName,
+  params: ElasticSearchIndexParams[ElasticSearchIndexName],
+) => {
+  if (!params) {
+    return [];
+  }
+
+  switch (index) {
+    case ElasticSearchIndexName.COLLECTIVES:
+      params = params as ElasticSearchIndexParams[ElasticSearchIndexName.COLLECTIVES];
+      return [
+        ...(params.type ? [{ term: { type: params.type } }] : []),
+        ...(!isNil(params.isHost) ? [{ term: { isHostAccount: params.isHost } }] : []),
+        ...(!isNil(params.tags) && !isEmpty(params.tags) ? [{ terms: { tags: params.tags } }] : []),
+      ];
+    default:
+      return [];
+  }
+};
+
+export type ElasticSearchIndexRequest<T extends ElasticSearchIndexName = ElasticSearchIndexName> = {
+  index: T;
+  indexParams?: ElasticSearchIndexParams[T];
+};
+
 const buildQuery = (
   searchTerm: string,
-  indexes: ElasticSearchIndexName[],
+  indexes: ElasticSearchIndexRequest[],
   remoteUser: User | null,
   account: Collective,
   host: Collective,
@@ -58,7 +86,7 @@ const buildQuery = (
       // Filter to match on CollectiveId/ParentCollectiveId/HostCollectiveId
       ...(accountConditions.length && { filter: accountConditions }),
       // We now build the should array dynamically
-      should: indexes.flatMap(index => {
+      should: indexes.flatMap(({ index, indexParams }) => {
         const adapter = ElasticSearchModelsAdapters[index];
 
         // Avoid searching on private indexes if the user is not an admin of anything
@@ -83,7 +111,11 @@ const buildQuery = (
           // Public fields
           {
             bool: {
-              filter: [{ term: { _index: index } }, ...(permissions.default === 'PUBLIC' ? [] : [permissions.default])],
+              filter: [
+                { term: { _index: index } },
+                ...(permissions.default === 'PUBLIC' ? [] : [permissions.default]),
+                ...getIndexConditions(index, indexParams),
+              ],
               minimum_should_match: 1,
               should: [
                 {
@@ -118,58 +150,73 @@ const buildQuery = (
 };
 
 export const elasticSearchGlobalSearch = async (
-  requestedIndexes: ElasticSearchIndexName[],
+  requestedIndexes: ElasticSearchIndexRequest[],
   searchTerm: string,
-  limit: number,
-  remoteUser: User | null,
-  account: Collective,
-  host: Collective,
+  {
+    account,
+    host,
+    timeoutInSeconds = 30,
+    limit = 50,
+    user,
+  }: {
+    account?: Collective;
+    host?: Collective;
+    timeoutInSeconds?: number;
+    limit?: number;
+    user?: User;
+  } = {},
 ) => {
   const client = getElasticSearchClient({ throwIfUnavailable: true });
-  const { query, fields, indexes } = buildQuery(searchTerm, requestedIndexes, remoteUser, account, host);
+  const { query, fields, indexes } = buildQuery(searchTerm, requestedIndexes, user, account, host);
 
   // Due to permissions, we may end up searching on no index at all (e.g. trying to search for comments while unauthenticated)
   if (indexes.size === 0) {
     return null;
   }
 
-  return client.search({
-    /* eslint-disable camelcase */
-    index: Array.from(indexes).join(','),
-    body: {
-      size: 0, // We don't need hits at the top level
-      query,
-      // Aggregate results by index, keeping only `limit` top hits per index
-      aggs: {
-        by_index: {
-          terms: {
-            field: '_index',
-            size: indexes.size, // Make sure we get all indexes
-          },
-          aggs: {
-            top_hits_by_index: {
-              top_hits: {
-                size: limit,
-                _source: {
-                  // We only need to retrieve the IDs, the rest will be fetched by the loaders
-                  includes: ['id', 'uuid'],
-                },
-                highlight: {
-                  pre_tags: ['<em>'],
-                  post_tags: ['</em>'],
-                  fragment_size: 150,
-                  number_of_fragments: 3,
-                  fields: Array.from(fields).reduce((acc, field) => {
-                    acc[field] = {};
-                    return acc;
-                  }, {}),
+  try {
+    return await client.search({
+      /* eslint-disable camelcase */
+      timeout: `${timeoutInSeconds}s`,
+      index: Array.from(indexes).join(','),
+      body: {
+        size: 0, // We don't need hits at the top level
+        query,
+        // Aggregate results by index, keeping only `limit` top hits per index
+        aggs: {
+          by_index: {
+            terms: {
+              field: '_index',
+              size: indexes.size, // Make sure we get all indexes
+            },
+            aggs: {
+              top_hits_by_index: {
+                top_hits: {
+                  size: limit,
+                  _source: {
+                    // We only need to retrieve the IDs, the rest will be fetched by the loaders
+                    includes: ['id', 'uuid'],
+                  },
+                  highlight: {
+                    pre_tags: ['<em>'],
+                    post_tags: ['</em>'],
+                    fragment_size: 150,
+                    number_of_fragments: 3,
+                    fields: Array.from(fields).reduce((acc, field) => {
+                      acc[field] = {};
+                      return acc;
+                    }, {}),
+                  },
                 },
               },
             },
           },
         },
       },
-    },
-    /* eslint-enable camelcase */
-  });
+      /* eslint-enable camelcase */
+    });
+  } catch (e) {
+    reportErrorToSentry(e, { user, extra: { requestedIndexes, searchTerm, limit, account, host } });
+    throw new Error('The search query failed, please try again later');
+  }
 };
diff --git a/server/lib/sql-search.ts b/server/lib/sql-search.ts
index 1a707bb427c..dc02c2155f2 100644
--- a/server/lib/sql-search.ts
+++ b/server/lib/sql-search.ts
@@ -5,7 +5,6 @@
 import config from 'config';
 import slugify from 'limax';
 import { get, isEmpty, toString, words } from 'lodash';
-import { Model, ModelStatic, Order } from 'sequelize';
 import isEmail from 'validator/lib/isEmail';
 
 import { RateLimitExceeded } from '../graphql/errors';
@@ -15,12 +14,11 @@ import {
   getAmountRangeQuery,
   makeConsolidatedBalanceSubquery,
 } from '../graphql/v2/input/AmountRangeInput';
-import models, { Op, sequelize, User } from '../models';
+import models, { Op, sequelize } from '../models';
 
 import { floatAmountToCents } from './math';
 import RateLimit, { ONE_HOUR_IN_SECONDS } from './rate-limit';
 import { removeDiacritics } from './string-utils';
-import { runPromiseOrTimeout } from './utils';
 
 // Returned when there's no result for a search
 const EMPTY_SEARCH_RESULT = [[], 0];
@@ -593,227 +591,3 @@ export const getExpenseTagFrequencies = async args => {
     },
   );
 };
-
-const getSQLSearchConditionsForModel = (
-  model: ModelStatic<Model>,
-  searchTerm: string,
-  remoteUser: User,
-  host?: InstanceType<typeof models.Collective>,
-  account?: InstanceType<typeof models.Collective>,
-) => {
-  const adminOfAccountIds = remoteUser?.getAdministratedCollectiveIds?.() || [];
-  if (model instanceof models.Collective) {
-    return {
-      where: {
-        ...(host && { HostCollectiveId: host.id }),
-        ...(account && { [Op.or]: [{ id: account.id }, { ParentCollectiveId: account.id }] }),
-        [Op.or]: buildSearchConditions(searchTerm, {
-          idFields: ['id'],
-          textFields: ['name', 'description', 'longDescription', 'website'],
-          slugFields: ['slug'],
-          stringArrayFields: ['tags'],
-        }),
-      },
-    };
-  } else if (model instanceof models.Comment) {
-    return {
-      where: {
-        [Op.or]: buildSearchConditions(searchTerm, {
-          idFields: ['id'],
-          textFields: ['html'],
-        }),
-      },
-      include: [
-        {
-          association: 'collective',
-          attributes: [],
-          required: true,
-          where: {
-            // Can only search comments of collectives the user is admin of
-            ...(host && { HostCollectiveId: host.id }),
-            ...(account && { [Op.or]: [{ id: account.id }, { ParentCollectiveId: account.id }] }),
-            [Op.or]: [
-              { id: adminOfAccountIds },
-              { ParentCollectiveId: adminOfAccountIds },
-              { HostCollectiveId: adminOfAccountIds, isActive: true },
-            ],
-          },
-        },
-      ],
-    };
-  } else if (model instanceof models.Expense) {
-    return {
-      include: [
-        { association: 'User', attributes: [], include: [{ association: 'collective', attributes: [] }] },
-        { association: 'fromCollective', attributes: [] },
-        {
-          association: 'collective',
-          attributes: [],
-          required: true,
-          where: {
-            ...(host && { HostCollectiveId: host.id }),
-            ...(account && { [Op.or]: [{ id: account.id }, { ParentCollectiveId: account.id }] }),
-          },
-        },
-      ],
-      where: {
-        [Op.or]: buildSearchConditions(searchTerm, {
-          idFields: ['id'],
-          slugFields: ['$fromCollective.slug$', '$collective.slug$', '$User.collective.slug$'],
-          textFields: ['$fromCollective.name$', '$collective.name$', '$User.collective.name$', 'description'],
-          amountFields: ['amount'],
-          stringArrayFields: ['tags'],
-          stringArrayTransformFn: (str: string) => str.toLowerCase(), // expense tags are stored lowercase
-        }),
-      },
-    };
-  } else if (model instanceof models.HostApplication) {
-    return {
-      include: [{ association: 'collective', attributes: [], required: true }],
-      where: {
-        ...(host && { HostCollectiveId: host.id }),
-        ...(account && { [Op.or]: [{ id: account.id }, { ParentCollectiveId: account.id }] }),
-        [Op.and]: [
-          {
-            [Op.or]: [{ HostCollectiveId: adminOfAccountIds }, { CollectiveId: adminOfAccountIds }],
-          },
-          {
-            [Op.or]: buildSearchConditions(searchTerm, {
-              slugFields: ['$collective.slug$'],
-              textFields: ['message', '$collective.name$'],
-              idFields: ['id'],
-            }),
-          },
-        ],
-      },
-    };
-  } else if (model instanceof models.Order) {
-    return {
-      include: [
-        { model: models.Collective, as: 'fromCollective', attributes: [], required: true },
-        {
-          model: models.Collective,
-          as: 'collective',
-          attributes: [],
-          required: true,
-          where: {
-            ...(host && { HostCollectiveId: host.id }),
-            ...(account && { [Op.or]: [{ id: account.id }, { ParentCollectiveId: account.id }] }),
-          },
-        },
-      ],
-      where: {
-        [Op.or]: buildSearchConditions(searchTerm, {
-          textFields: ['description', '$fromCollective.name$', '$collective.name$'],
-          idFields: ['id'],
-        }),
-      },
-    };
-  } else if (model instanceof models.Tier) {
-    return {
-      include: [
-        {
-          model: models.Collective,
-          attributes: [],
-          required: true,
-          where: {
-            ...(host && { HostCollectiveId: host.id }),
-            ...(account && { [Op.or]: [{ id: account.id }, { ParentCollectiveId: account.id }] }),
-          },
-        },
-      ],
-      where: {
-        [Op.or]: buildSearchConditions(searchTerm, {
-          textFields: ['name', 'description'],
-          idFields: ['id'],
-          slugFields: ['slug'],
-        }),
-      },
-    };
-  } else if (model instanceof models.Transaction) {
-    return {
-      include: [
-        { model: models.Collective, as: 'fromCollective', attributes: [], required: true },
-        {
-          model: models.Collective,
-          as: 'collective',
-          attributes: [],
-          required: true,
-          where: {
-            ...(account && { [Op.or]: [{ id: account.id }, { ParentCollectiveId: account.id }] }),
-          },
-        },
-      ],
-      where: {
-        ...(host && { HostCollectiveId: host.id }),
-        [Op.or]: buildSearchConditions(searchTerm, {
-          idFields: ['id', 'ExpenseId', 'OrderId'],
-          slugFields: ['$fromCollective.slug$', '$collective.slug$'],
-          textFields: ['$fromCollective.name$', '$collective.name$', 'description'],
-          amountFields: ['amount'],
-        }),
-      },
-    };
-  } else if (model instanceof models.Update) {
-    return {
-      include: [
-        {
-          model: models.Collective,
-          as: 'collective',
-          attributes: [],
-          required: true,
-          where: {
-            ...(host && { HostCollectiveId: host.id }),
-            ...(account && { [Op.or]: [{ id: account.id }, { ParentCollectiveId: account.id }] }),
-          },
-        },
-      ],
-      where: {
-        [Op.and]: [
-          {
-            [Op.or]: buildSearchConditions(searchTerm, {
-              idFields: ['id'],
-              textFields: ['html', 'title'],
-            }),
-          },
-          {
-            [Op.or]: [{ isPrivate: false }, { CollectiveId: adminOfAccountIds }],
-          },
-        ],
-      },
-    };
-  } else {
-    throw new Error(`Unsupported SQL search for model: ${model.name}`);
-  }
-};
-
-export const getSQLSearchResolver = (
-  model: ModelStatic<Model>,
-  {
-    limit,
-    host,
-    account,
-    searchTerm,
-    timeout,
-    remoteUser,
-  }: {
-    limit: number;
-    host?: InstanceType<typeof models.Collective>;
-    account?: InstanceType<typeof models.Collective>;
-    searchTerm: string;
-    timeout: number;
-    remoteUser: User | null;
-  },
-) => {
-  const timeoutMessage = 'Field resolution timed out';
-  const query = getSQLSearchConditionsForModel(model, searchTerm, remoteUser, host, account);
-  const order = [['id', 'ASC']] as Order;
-  return {
-    collection: {
-      nodes: () => runPromiseOrTimeout(model.findAll({ ...query, limit, order }), timeout, timeoutMessage),
-      totalCount: () => runPromiseOrTimeout(model.count(query), timeout, timeoutMessage),
-      offset: 0,
-      limit: limit,
-    },
-  };
-};
diff --git a/server/lib/utils.js b/server/lib/utils.js
index d7298c22cf1..2f5b12bc1b4 100644
--- a/server/lib/utils.js
+++ b/server/lib/utils.js
@@ -603,16 +603,3 @@ export const omitDeep = (obj, keys) =>
     (acc, next) => ({ ...acc, [next]: isObject(obj[next]) ? omitDeep(obj[next], keys) : obj[next] }),
     {},
   );
-
-/**
- *
- * @param {Promise} promise
- * @param {number} timeout
- * @returns
- */
-export const runPromiseOrTimeout = async (promise, timeout, errorMessage = 'Promise timed out') => {
-  return Promise.race([
-    promise,
-    new Promise((_, reject) => setTimeout(() => reject(new Error(errorMessage)), timeout)),
-  ]);
-};

From 393017df770b7dfa00d6fc69dcaf7835c2b38e0b Mon Sep 17 00:00:00 2001
From: Henrique <hdiniz@users.noreply.github.com>
Date: Tue, 3 Dec 2024 07:12:23 -0300
Subject: [PATCH 103/129] Coalesce missing data->'policies' and fix wrong
 policies array type (#10516)

---
 ...08-migrate-expense-policies-to-policies.js | 25 ++++++++++++++-----
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/migrations/20241103183508-migrate-expense-policies-to-policies.js b/migrations/20241103183508-migrate-expense-policies-to-policies.js
index ab3ea3d4603..16b14ba53be 100644
--- a/migrations/20241103183508-migrate-expense-policies-to-policies.js
+++ b/migrations/20241103183508-migrate-expense-policies-to-policies.js
@@ -3,15 +3,28 @@
 /** @type {import('sequelize-cli').Migration} */
 module.exports = {
   async up(queryInterface) {
+    await queryInterface.sequelize.query(`
+      UPDATE "Collectives" SET
+        data = jsonb_set(
+          data,
+          '{policies}',
+          '{}'
+        )
+      WHERE jsonb_typeof(data -> 'policies') = 'array'
+    `);
+
     await queryInterface.sequelize.query(`
       UPDATE "Collectives" SET
       data = jsonb_set(
-        data,
-        '{policies,EXPENSE_POLICIES}',
-        jsonb_build_object(
-          'invoicePolicy', "expensePolicy",
-          'receiptPolicy', "expensePolicy",
-          'titlePolicy', ''
+        COALESCE(data, '{"policies": {}}'),
+        '{policies}',
+        COALESCE(data#>'{policies}', '{}') ||
+        jsonb_build_object('EXPENSE_POLICIES',
+          jsonb_build_object(
+            'invoicePolicy', COALESCE("expensePolicy", ''),
+            'receiptPolicy', COALESCE("expensePolicy", ''),
+            'titlePolicy', ''
+          )
         )
       )
       WHERE TRIM("expensePolicy") <> '' AND "expensePolicy" IS NOT NULL;

From f8c21c97de45c1697bd619ab7731e8f14542f18c Mon Sep 17 00:00:00 2001
From: Henrique <hdiniz@users.noreply.github.com>
Date: Tue, 3 Dec 2024 07:12:41 -0300
Subject: [PATCH 104/129] Ignore NEW status when validating single ticket order
 (#10499)

---
 server/graphql/v1/mutations/orders.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/graphql/v1/mutations/orders.js b/server/graphql/v1/mutations/orders.js
index f8c980fb749..9e53ab7aeaf 100644
--- a/server/graphql/v1/mutations/orders.js
+++ b/server/graphql/v1/mutations/orders.js
@@ -319,7 +319,7 @@ export async function createOrder(order, req) {
             where: {
               TierId: tier.id,
               FromCollectiveId: order.fromCollective.id,
-              status: { [Op.not]: [status.ERROR, status.EXPIRED] },
+              status: { [Op.not]: [status.ERROR, status.EXPIRED, status.NEW] },
             },
           });
           if (existingTicket) {

From 251b809872b7def29a6ecb9368d471625f758521 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 3 Dec 2024 11:21:28 +0100
Subject: [PATCH 105/129] chore(deps): update dependency prettier to v3.4.1
 (#10515)

* chore(deps): update dependency prettier to v3.4.1

* chore: Run prettier

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Benjamin Piouffle <benjamin@opencollective.com>
---
 package-lock.json                       |   8 +-
 package.json                            |   2 +-
 server/models/Activity.ts               |  24 ++--
 server/models/Application.ts            |  32 +++---
 server/models/Collective.ts             | 146 ++++++++++++------------
 server/models/Comment.ts                |  34 +++---
 server/models/ConnectedAccount.ts       |  30 ++---
 server/models/Conversation.ts           |  30 ++---
 server/models/CurrencyExchangeRate.ts   |  14 +--
 server/models/EmojiReaction.ts          |  16 +--
 server/models/Expense.ts                |  92 +++++++--------
 server/models/ExpenseAttachedFile.ts    |  10 +-
 server/models/ExpenseItem.ts            |  26 ++---
 server/models/HostApplication.ts        |  28 ++---
 server/models/LegalDocument.ts          |  32 +++---
 server/models/MigrationLog.ts           |  12 +-
 server/models/Notification.ts           |  22 ++--
 server/models/OAuthAuthorizationCode.ts |  26 ++---
 server/models/PayoutMethod.ts           |  20 ++--
 server/models/PaypalPlan.ts             |  16 +--
 server/models/PaypalProduct.ts          |  14 +--
 server/models/PersonalToken.ts          |  30 ++---
 server/models/RecurringExpense.ts       |  18 +--
 server/models/RequiredLegalDocument.ts  |  12 +-
 server/models/SocialLink.ts             |  14 +--
 server/models/SuspendedAsset.ts         |  14 +--
 server/models/Tier.ts                   |  54 ++++-----
 server/models/TransactionSettlement.ts  |  18 +--
 server/models/TransactionsImport.ts     |  40 +++----
 server/models/TransactionsImportRow.ts  |  36 +++---
 server/models/Update.ts                 |  58 +++++-----
 server/models/User.ts                   |  38 +++---
 server/models/UserToken.ts              |  34 +++---
 server/models/VirtualCard.ts            |  46 ++++----
 34 files changed, 523 insertions(+), 523 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 6f7f0f0e1e9..ed0f766eba3 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -164,7 +164,7 @@
         "npm-run-all2": "^6.0.0",
         "nyc": "^17.0.0",
         "opentelemetry-instrumentation-sequelize": "^0.41.0",
-        "prettier": "3.3.3",
+        "prettier": "3.4.1",
         "sinon": "^18.0.0",
         "sinon-chai": "^3.7.0",
         "supertest": "^7.0.0",
@@ -23363,9 +23363,9 @@
       }
     },
     "node_modules/prettier": {
-      "version": "3.3.3",
-      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.3.3.tgz",
-      "integrity": "sha512-i2tDNA0O5IrMO757lfrdQZCc2jPNDVntV0m/+4whiDfWaTKfMNgR7Qz0NAeGz/nRqF4m5/6CLzbP4/liHt12Ew==",
+      "version": "3.4.1",
+      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.4.1.tgz",
+      "integrity": "sha512-G+YdqtITVZmOJje6QkXQWzl3fSfMxFwm1tjTyo9exhkmWSqC4Yhd1+lug++IlR2mvRVAxEDDWYkQdeSztajqgg==",
       "dev": true,
       "license": "MIT",
       "bin": {
diff --git a/package.json b/package.json
index 2d6050c49bf..0d31f7cb0eb 100644
--- a/package.json
+++ b/package.json
@@ -185,7 +185,7 @@
     "npm-run-all2": "^6.0.0",
     "nyc": "^17.0.0",
     "opentelemetry-instrumentation-sequelize": "^0.41.0",
-    "prettier": "3.3.3",
+    "prettier": "3.4.1",
     "sinon": "^18.0.0",
     "sinon-chai": "^3.7.0",
     "supertest": "^7.0.0",
diff --git a/server/models/Activity.ts b/server/models/Activity.ts
index 41578632385..5354d3458c0 100644
--- a/server/models/Activity.ts
+++ b/server/models/Activity.ts
@@ -7,18 +7,18 @@ import sequelize, { DataTypes, Model } from '../lib/sequelize';
 import Expense from './Expense';
 
 class Activity extends Model<InferAttributes<Activity>, InferCreationAttributes<Activity>> {
-  public declare readonly id: CreationOptional<number>;
-  public declare type: ActivityTypes;
-  public declare data: CreationOptional<Record<string, any> & { notify?: boolean }>;
-  public declare CollectiveId: CreationOptional<number>;
-  public declare FromCollectiveId: CreationOptional<number>;
-  public declare HostCollectiveId: CreationOptional<number>;
-  public declare UserId: CreationOptional<number>;
-  public declare UserTokenId: CreationOptional<number>;
-  public declare TransactionId: CreationOptional<number>;
-  public declare ExpenseId: ForeignKey<Expense['id']>;
-  public declare OrderId: CreationOptional<number>;
-  public declare createdAt: CreationOptional<Date>;
+  declare public readonly id: CreationOptional<number>;
+  declare public type: ActivityTypes;
+  declare public data: CreationOptional<Record<string, any> & { notify?: boolean }>;
+  declare public CollectiveId: CreationOptional<number>;
+  declare public FromCollectiveId: CreationOptional<number>;
+  declare public HostCollectiveId: CreationOptional<number>;
+  declare public UserId: CreationOptional<number>;
+  declare public UserTokenId: CreationOptional<number>;
+  declare public TransactionId: CreationOptional<number>;
+  declare public ExpenseId: ForeignKey<Expense['id']>;
+  declare public OrderId: CreationOptional<number>;
+  declare public createdAt: CreationOptional<Date>;
 }
 
 Activity.init(
diff --git a/server/models/Application.ts b/server/models/Application.ts
index d9ab1a9191a..d60f2452b43 100644
--- a/server/models/Application.ts
+++ b/server/models/Application.ts
@@ -11,22 +11,22 @@ import User from './User';
 export type ApplicationType = 'apiKey' | 'oAuth';
 
 class Application extends Model<InferAttributes<Application>, InferCreationAttributes<Application>> {
-  public declare readonly id: CreationOptional<number>;
-  public declare CollectiveId: number;
-  public declare CreatedByUserId: ForeignKey<User['id']>;
-  public declare type: ApplicationType;
-  public declare apiKey: string;
-  public declare clientId: string;
-  public declare clientSecret: string;
-  public declare callbackUrl: string;
-  public declare name: string;
-  public declare description: string;
-  public declare disabled: boolean;
-  public declare preAuthorize2FA: CreationOptional<boolean>;
-  public declare createdAt: CreationOptional<Date>;
-  public declare updatedAt: CreationOptional<Date>;
-  public declare deletedAt: CreationOptional<Date>;
-  public declare data: JSON;
+  declare public readonly id: CreationOptional<number>;
+  declare public CollectiveId: number;
+  declare public CreatedByUserId: ForeignKey<User['id']>;
+  declare public type: ApplicationType;
+  declare public apiKey: string;
+  declare public clientId: string;
+  declare public clientSecret: string;
+  declare public callbackUrl: string;
+  declare public name: string;
+  declare public description: string;
+  declare public disabled: boolean;
+  declare public preAuthorize2FA: CreationOptional<boolean>;
+  declare public createdAt: CreationOptional<Date>;
+  declare public updatedAt: CreationOptional<Date>;
+  declare public deletedAt: CreationOptional<Date>;
+  declare public data: JSON;
 
   get info(): NonAttribute<Partial<Application>> {
     return {
diff --git a/server/models/Collective.ts b/server/models/Collective.ts
index 4f955d9d331..75317be4a04 100644
--- a/server/models/Collective.ts
+++ b/server/models/Collective.ts
@@ -275,80 +275,80 @@ class Collective extends Model<
   >,
   InferCreationAttributes<Collective>
 > {
-  public declare id: number;
-  public declare type: CollectiveType;
-  public declare slug: string;
-  public declare name: string;
-  public declare legalName: string;
-  public declare company: string;
-
-  public declare CreatedByUserId: number;
-  public declare LastEditedByUserId: number;
-  public declare ParentCollectiveId: number;
-  public declare HostCollectiveId: number;
-
-  public declare hostFeePercent: number;
-  public declare platformFeePercent: number;
-  public declare description: string;
-  public declare longDescription: string;
+  declare public id: number;
+  declare public type: CollectiveType;
+  declare public slug: string;
+  declare public name: string;
+  declare public legalName: string;
+  declare public company: string;
+
+  declare public CreatedByUserId: number;
+  declare public LastEditedByUserId: number;
+  declare public ParentCollectiveId: number;
+  declare public HostCollectiveId: number;
+
+  declare public hostFeePercent: number;
+  declare public platformFeePercent: number;
+  declare public description: string;
+  declare public longDescription: string;
   /** @deprecated Use policies @see {@link Policies.EXPENSE_POLICIES}*/
-  public declare expensePolicy: string;
-  public declare contributionPolicy: string;
-  public declare currency: SupportedCurrency;
-  public declare image: string;
-  public declare backgroundImage: string;
-  public declare countryISO: string;
-  public declare settings: Settings;
-  public declare data: Data;
-  public declare startsAt: Date;
-  public declare endsAt: Date;
-  public declare timezone: string;
-  public declare isActive: boolean;
-  public declare isIncognito: boolean;
-  public declare approvedAt: Date;
-  public declare twitterHandle: string;
-  public declare githubHandle: string;
-  public declare repositoryUrl: string;
-  public declare website: string;
-  public declare publicUrl: string;
-  public declare tags: Array<string>;
-  public declare monthlySpending: number;
-  public declare deactivatedAt: Date;
-  public declare isHostAccount: boolean;
-  public declare plan: string;
-
-  public declare createdAt: CreationOptional<Date>;
-  public declare updatedAt: CreationOptional<Date>;
-  public declare deletedAt?: CreationOptional<Date>;
-
-  public declare host?: NonAttribute<Collective>;
-
-  public declare tiers?: NonAttribute<Array<Tier>>;
-  public declare getTiers: HasManyGetAssociationsMixin<Tier>;
-
-  public declare members?: NonAttribute<Array<MemberModelInterface>>;
-  public declare getMembers: HasManyGetAssociationsMixin<MemberModelInterface>;
-  public declare adminMembers?: NonAttribute<Array<MemberModelInterface>>;
-  public declare getAdminMembers: HasManyGetAssociationsMixin<MemberModelInterface>;
-
-  public declare legalDocuments?: NonAttribute<LegalDocument[]>;
-  public declare RequiredLegalDocuments?: NonAttribute<RequiredLegalDocument[]>;
-  public declare getLegalDocuments: HasManyGetAssociationsMixin<LegalDocument>;
-  public declare getRequiredLegalDocuments: HasManyGetAssociationsMixin<RequiredLegalDocument>;
-  public declare createRequiredLegalDocument: HasManyCreateAssociationMixin<RequiredLegalDocument>;
-  public declare countRequiredLegalDocuments: HasManyCountAssociationsMixin;
-
-  public declare accountingCategories?: NonAttribute<Array<AccountingCategory>>;
-  public declare getAccountingCategories: HasManyGetAssociationsMixin<AccountingCategory>;
-
-  public declare getConnectedAccounts: HasManyGetAssociationsMixin<ConnectedAccount>;
-  public declare getPayoutMethods: HasManyGetAssociationsMixin<PayoutMethod>;
-
-  public declare getLocation: HasOneGetAssociationMixin<Location>;
-  public declare location?: LocationType;
-
-  public declare parent?: NonAttribute<Collective>;
-  public declare children?: NonAttribute<Collective[]>;
+  declare public expensePolicy: string;
+  declare public contributionPolicy: string;
+  declare public currency: SupportedCurrency;
+  declare public image: string;
+  declare public backgroundImage: string;
+  declare public countryISO: string;
+  declare public settings: Settings;
+  declare public data: Data;
+  declare public startsAt: Date;
+  declare public endsAt: Date;
+  declare public timezone: string;
+  declare public isActive: boolean;
+  declare public isIncognito: boolean;
+  declare public approvedAt: Date;
+  declare public twitterHandle: string;
+  declare public githubHandle: string;
+  declare public repositoryUrl: string;
+  declare public website: string;
+  declare public publicUrl: string;
+  declare public tags: Array<string>;
+  declare public monthlySpending: number;
+  declare public deactivatedAt: Date;
+  declare public isHostAccount: boolean;
+  declare public plan: string;
+
+  declare public createdAt: CreationOptional<Date>;
+  declare public updatedAt: CreationOptional<Date>;
+  declare public deletedAt?: CreationOptional<Date>;
+
+  declare public host?: NonAttribute<Collective>;
+
+  declare public tiers?: NonAttribute<Array<Tier>>;
+  declare public getTiers: HasManyGetAssociationsMixin<Tier>;
+
+  declare public members?: NonAttribute<Array<MemberModelInterface>>;
+  declare public getMembers: HasManyGetAssociationsMixin<MemberModelInterface>;
+  declare public adminMembers?: NonAttribute<Array<MemberModelInterface>>;
+  declare public getAdminMembers: HasManyGetAssociationsMixin<MemberModelInterface>;
+
+  declare public legalDocuments?: NonAttribute<LegalDocument[]>;
+  declare public RequiredLegalDocuments?: NonAttribute<RequiredLegalDocument[]>;
+  declare public getLegalDocuments: HasManyGetAssociationsMixin<LegalDocument>;
+  declare public getRequiredLegalDocuments: HasManyGetAssociationsMixin<RequiredLegalDocument>;
+  declare public createRequiredLegalDocument: HasManyCreateAssociationMixin<RequiredLegalDocument>;
+  declare public countRequiredLegalDocuments: HasManyCountAssociationsMixin;
+
+  declare public accountingCategories?: NonAttribute<Array<AccountingCategory>>;
+  declare public getAccountingCategories: HasManyGetAssociationsMixin<AccountingCategory>;
+
+  declare public getConnectedAccounts: HasManyGetAssociationsMixin<ConnectedAccount>;
+  declare public getPayoutMethods: HasManyGetAssociationsMixin<PayoutMethod>;
+
+  declare public getLocation: HasOneGetAssociationMixin<Location>;
+  declare public location?: LocationType;
+
+  declare public parent?: NonAttribute<Collective>;
+  declare public children?: NonAttribute<Collective[]>;
 
   static async createOrganization(collectiveData, adminUser, creator) {
     const CreatedByUserId = creator?.id || adminUser.id;
diff --git a/server/models/Comment.ts b/server/models/Comment.ts
index 85b16ca5ad8..f55633122ed 100644
--- a/server/models/Comment.ts
+++ b/server/models/Comment.ts
@@ -24,23 +24,23 @@ export enum CommentType {
 }
 
 class Comment extends Model<InferAttributes<Comment>, InferCreationAttributes<Comment>> {
-  public declare readonly id: CreationOptional<number>;
-  public declare CollectiveId: number;
-  public declare FromCollectiveId: number;
-  public declare CreatedByUserId: ForeignKey<User['id']>;
-  public declare ExpenseId: ForeignKey<Expense['id']>;
-  public declare HostApplicationId: ForeignKey<HostApplication['id']>;
-  public declare OrderId: number;
-  public declare UpdateId: number;
-  public declare ConversationId: number;
-  public declare html: string;
-  public declare type: CommentType;
-  public declare createdAt: CreationOptional<Date>;
-  public declare updatedAt: CreationOptional<Date>;
-  public declare deletedAt: CreationOptional<Date>;
-
-  public declare fromCollective?: NonAttribute<Collective>;
-  public declare collective?: NonAttribute<Collective>;
+  declare public readonly id: CreationOptional<number>;
+  declare public CollectiveId: number;
+  declare public FromCollectiveId: number;
+  declare public CreatedByUserId: ForeignKey<User['id']>;
+  declare public ExpenseId: ForeignKey<Expense['id']>;
+  declare public HostApplicationId: ForeignKey<HostApplication['id']>;
+  declare public OrderId: number;
+  declare public UpdateId: number;
+  declare public ConversationId: number;
+  declare public html: string;
+  declare public type: CommentType;
+  declare public createdAt: CreationOptional<Date>;
+  declare public updatedAt: CreationOptional<Date>;
+  declare public deletedAt: CreationOptional<Date>;
+
+  declare public fromCollective?: NonAttribute<Collective>;
+  declare public collective?: NonAttribute<Collective>;
 
   // Returns the User model of the User that created this Update
   getUser = function () {
diff --git a/server/models/ConnectedAccount.ts b/server/models/ConnectedAccount.ts
index dfcdae197fb..24c98effc16 100644
--- a/server/models/ConnectedAccount.ts
+++ b/server/models/ConnectedAccount.ts
@@ -18,23 +18,23 @@ class ConnectedAccount extends Model<
   InferAttributes<ConnectedAccount, { omit: 'info' | 'activity' | 'paypalConfig' }>,
   InferCreationAttributes<ConnectedAccount>
 > {
-  public declare readonly id: CreationOptional<number>;
-  public declare service: string;
-  public declare username: string;
-  public declare clientId: string;
-  public declare token: string;
-  public declare refreshToken: string;
-  public declare hash: string;
-  public declare data: CreationOptional<Record<string, any>>;
-  public declare settings: CreationOptional<Record<string, any>>;
+  declare public readonly id: CreationOptional<number>;
+  declare public service: string;
+  declare public username: string;
+  declare public clientId: string;
+  declare public token: string;
+  declare public refreshToken: string;
+  declare public hash: string;
+  declare public data: CreationOptional<Record<string, any>>;
+  declare public settings: CreationOptional<Record<string, any>>;
 
-  public declare CollectiveId: CreationOptional<number>;
-  public declare CreatedByUserId: CreationOptional<number>;
-  public declare createdAt: CreationOptional<Date>;
-  public declare updatedAt: CreationOptional<Date>;
+  declare public CollectiveId: CreationOptional<number>;
+  declare public CreatedByUserId: CreationOptional<number>;
+  declare public createdAt: CreationOptional<Date>;
+  declare public updatedAt: CreationOptional<Date>;
 
-  public declare collective?: NonAttribute<Collective>;
-  public declare getCollective: BelongsToGetAssociationMixin<Collective>;
+  declare public collective?: NonAttribute<Collective>;
+  declare public getCollective: BelongsToGetAssociationMixin<Collective>;
 
   get info() {
     return {
diff --git a/server/models/Conversation.ts b/server/models/Conversation.ts
index 0aaab5ad0a4..3e6f15ab118 100644
--- a/server/models/Conversation.ts
+++ b/server/models/Conversation.ts
@@ -14,21 +14,21 @@ import ConversationFollower from './ConversationFollower';
 import User from './User';
 
 class Conversation extends Model<InferAttributes<Conversation>, InferCreationAttributes<Conversation>> {
-  public declare readonly id: CreationOptional<number>;
-  public declare title: string;
-  public declare slug: string;
-  public declare summary: string;
-  public declare tags: string[];
-  public declare CollectiveId: number;
-  public declare FromCollectiveId: number;
-  public declare CreatedByUserId: ForeignKey<User['id']>;
-  public declare RootCommentId: ForeignKey<Comment['id']>;
-  public declare createdAt: CreationOptional<Date>;
-  public declare updatedAt: CreationOptional<Date>;
-  public declare deletedAt: CreationOptional<Date>;
-
-  public declare collective?: Collective;
-  public declare fromCollective?: Collective;
+  declare public readonly id: CreationOptional<number>;
+  declare public title: string;
+  declare public slug: string;
+  declare public summary: string;
+  declare public tags: string[];
+  declare public CollectiveId: number;
+  declare public FromCollectiveId: number;
+  declare public CreatedByUserId: ForeignKey<User['id']>;
+  declare public RootCommentId: ForeignKey<Comment['id']>;
+  declare public createdAt: CreationOptional<Date>;
+  declare public updatedAt: CreationOptional<Date>;
+  declare public deletedAt: CreationOptional<Date>;
+
+  declare public collective?: Collective;
+  declare public fromCollective?: Collective;
 
   // ---- Static methods ----
 
diff --git a/server/models/CurrencyExchangeRate.ts b/server/models/CurrencyExchangeRate.ts
index b6bda7365b7..6830b3de60a 100644
--- a/server/models/CurrencyExchangeRate.ts
+++ b/server/models/CurrencyExchangeRate.ts
@@ -16,13 +16,13 @@ class CurrencyExchangeRate extends Model<
   InferAttributes<CurrencyExchangeRate>,
   InferCreationAttributes<CurrencyExchangeRate>
 > {
-  public declare readonly id: CreationOptional<number>;
-  public declare rate: number;
-  public declare from: string;
-  public declare to: string;
-  public declare createdAt: Date;
-  public declare updatedAt: Date;
-  public declare deletedAt: Date;
+  declare public readonly id: CreationOptional<number>;
+  declare public rate: number;
+  declare public from: string;
+  declare public to: string;
+  declare public createdAt: Date;
+  declare public updatedAt: Date;
+  declare public deletedAt: Date;
 
   static getMany(
     fromCurrency: string,
diff --git a/server/models/EmojiReaction.ts b/server/models/EmojiReaction.ts
index 17da44bf86c..a30bda2d722 100644
--- a/server/models/EmojiReaction.ts
+++ b/server/models/EmojiReaction.ts
@@ -6,14 +6,14 @@ import sequelize, { DataTypes, Model } from '../lib/sequelize';
 import User from './User';
 
 class EmojiReaction extends Model<InferAttributes<EmojiReaction>, InferCreationAttributes<EmojiReaction>> {
-  public declare readonly id: CreationOptional<number>;
-  public declare UserId: ForeignKey<User['id']>;
-  public declare FromCollectiveId: number;
-  public declare CommentId: number;
-  public declare UpdateId: number;
-  public declare emoji: ReactionEmoji;
-  public declare createdAt: Date;
-  public declare updatedAt: Date;
+  declare public readonly id: CreationOptional<number>;
+  declare public UserId: ForeignKey<User['id']>;
+  declare public FromCollectiveId: number;
+  declare public CommentId: number;
+  declare public UpdateId: number;
+  declare public emoji: ReactionEmoji;
+  declare public createdAt: Date;
+  declare public updatedAt: Date;
 
   static async addReactionOnComment(user, commentId: number, emoji: ReactionEmoji) {
     try {
diff --git a/server/models/Expense.ts b/server/models/Expense.ts
index b822f934c68..729870e6436 100644
--- a/server/models/Expense.ts
+++ b/server/models/Expense.ts
@@ -82,20 +82,20 @@ export enum ExpenseLockableFields {
 }
 
 class Expense extends Model<InferAttributes<Expense>, InferCreationAttributes<Expense>> {
-  public declare readonly id: CreationOptional<number>;
-  public declare UserId: ForeignKey<User['id']>;
-  public declare lastEditedById: ForeignKey<User['id']>;
-  public declare HostCollectiveId: number;
-  public declare FromCollectiveId: number;
-  public declare CollectiveId: number;
-  public declare PayoutMethodId: ForeignKey<PayoutMethod['id']>;
-  public declare PaymentMethodId: number;
-  public declare VirtualCardId: ForeignKey<VirtualCard['id']>;
-  public declare RecurringExpenseId: ForeignKey<RecurringExpense['id']>;
-  public declare AccountingCategoryId: ForeignKey<AccountingCategory['id']>;
-
-  public declare payeeLocation: Location;
-  public declare data: Record<string, unknown> & {
+  declare public readonly id: CreationOptional<number>;
+  declare public UserId: ForeignKey<User['id']>;
+  declare public lastEditedById: ForeignKey<User['id']>;
+  declare public HostCollectiveId: number;
+  declare public FromCollectiveId: number;
+  declare public CollectiveId: number;
+  declare public PayoutMethodId: ForeignKey<PayoutMethod['id']>;
+  declare public PaymentMethodId: number;
+  declare public VirtualCardId: ForeignKey<VirtualCard['id']>;
+  declare public RecurringExpenseId: ForeignKey<RecurringExpense['id']>;
+  declare public AccountingCategoryId: ForeignKey<AccountingCategory['id']>;
+
+  declare public payeeLocation: Location;
+  declare public data: Record<string, unknown> & {
     batchGroup?: BatchGroup;
     quote?: ExpenseDataQuoteV2 | ExpenseDataQuoteV3;
     paymentOption?: QuoteV2PaymentOption | QuoteV3PaymentOption;
@@ -112,38 +112,38 @@ class Expense extends Model<InferAttributes<Expense>, InferCreationAttributes<Ex
     lockedFields?: ExpenseLockableFields[];
   };
 
-  public declare currency: SupportedCurrency;
-  public declare amount: number;
-  public declare description: string;
-  public declare longDescription: CreationOptional<string>;
-  public declare privateMessage: CreationOptional<string>;
-  public declare invoiceInfo: CreationOptional<string>;
-  public declare legacyPayoutMethod: 'paypal' | 'manual' | 'donation' | 'other';
-
-  public declare status: keyof typeof ExpenseStatus;
-  public declare onHold: boolean;
-  public declare type: ExpenseType;
-  public declare feesPayer: 'COLLECTIVE' | 'PAYEE';
-  public declare tags: string[];
-
-  public declare incurredAt: CreationOptional<Date>;
-  public declare createdAt: CreationOptional<Date>;
-  public declare updatedAt: CreationOptional<Date>;
-  public declare deletedAt: CreationOptional<Date>;
-
-  public declare activities?: Activity[];
-  public declare Transactions?: Transaction[];
-  public declare collective?: Collective;
-  public declare fromCollective?: Collective;
-  public declare host?: Collective;
-  public declare User?: User;
-  public declare PayoutMethod?: PayoutMethod;
-  public declare PaymentMethod?: PaymentMethod;
-  public declare virtualCard?: VirtualCard;
-  public declare items?: ExpenseItem[];
-  public declare attachedFiles?: ExpenseAttachedFile[];
-  public declare accountingCategory?: AccountingCategory;
-  public declare reference: string;
+  declare public currency: SupportedCurrency;
+  declare public amount: number;
+  declare public description: string;
+  declare public longDescription: CreationOptional<string>;
+  declare public privateMessage: CreationOptional<string>;
+  declare public invoiceInfo: CreationOptional<string>;
+  declare public legacyPayoutMethod: 'paypal' | 'manual' | 'donation' | 'other';
+
+  declare public status: keyof typeof ExpenseStatus;
+  declare public onHold: boolean;
+  declare public type: ExpenseType;
+  declare public feesPayer: 'COLLECTIVE' | 'PAYEE';
+  declare public tags: string[];
+
+  declare public incurredAt: CreationOptional<Date>;
+  declare public createdAt: CreationOptional<Date>;
+  declare public updatedAt: CreationOptional<Date>;
+  declare public deletedAt: CreationOptional<Date>;
+
+  declare public activities?: Activity[];
+  declare public Transactions?: Transaction[];
+  declare public collective?: Collective;
+  declare public fromCollective?: Collective;
+  declare public host?: Collective;
+  declare public User?: User;
+  declare public PayoutMethod?: PayoutMethod;
+  declare public PaymentMethod?: PaymentMethod;
+  declare public virtualCard?: VirtualCard;
+  declare public items?: ExpenseItem[];
+  declare public attachedFiles?: ExpenseAttachedFile[];
+  declare public accountingCategory?: AccountingCategory;
+  declare public reference: string;
 
   // Association getters
   declare getActivities: HasManyGetAssociationsMixin<Activity>;
diff --git a/server/models/ExpenseAttachedFile.ts b/server/models/ExpenseAttachedFile.ts
index ba79f027f06..2c8845db562 100644
--- a/server/models/ExpenseAttachedFile.ts
+++ b/server/models/ExpenseAttachedFile.ts
@@ -15,11 +15,11 @@ import User from './User';
  * Sequelize model to represent an ExpenseAttachedFile, linked to the `ExpenseAttachedFiles` table.
  */
 class ExpenseAttachedFile extends Model {
-  public declare readonly id: number;
-  public declare ExpenseId: ForeignKey<Expense['id']>;
-  public declare CreatedByUserId: ForeignKey<User['id']>;
-  public declare url: string;
-  public declare createdAt: Date;
+  declare public readonly id: number;
+  declare public ExpenseId: ForeignKey<Expense['id']>;
+  declare public CreatedByUserId: ForeignKey<User['id']>;
+  declare public url: string;
+  declare public createdAt: Date;
 
   /**
    * Create an attachment from user-submitted data.
diff --git a/server/models/ExpenseItem.ts b/server/models/ExpenseItem.ts
index 55d32b4d57b..087502f6334 100644
--- a/server/models/ExpenseItem.ts
+++ b/server/models/ExpenseItem.ts
@@ -22,19 +22,19 @@ type ExpenseItemsDiff = [Record<string, unknown>[], ExpenseItem[], Record<string
  * Sequelize model to represent an ExpenseItem, linked to the `ExpenseItems` table.
  */
 class ExpenseItem extends Model<InferAttributes<ExpenseItem>, InferCreationAttributes<ExpenseItem>> {
-  public declare readonly id: CreationOptional<number>;
-  public declare ExpenseId: ForeignKey<Expense['id']>;
-  public declare CreatedByUserId: ForeignKey<User['id']>;
-  public declare amount: number;
-  public declare currency: SupportedCurrency;
-  public declare expenseCurrencyFxRate: number;
-  public declare expenseCurrencyFxRateSource: FX_RATE_SOURCE | `${FX_RATE_SOURCE}`;
-  public declare url: string;
-  public declare createdAt: CreationOptional<Date>;
-  public declare updatedAt: CreationOptional<Date>;
-  public declare deletedAt: CreationOptional<Date>;
-  public declare incurredAt: Date;
-  public declare description: CreationOptional<string>;
+  declare public readonly id: CreationOptional<number>;
+  declare public ExpenseId: ForeignKey<Expense['id']>;
+  declare public CreatedByUserId: ForeignKey<User['id']>;
+  declare public amount: number;
+  declare public currency: SupportedCurrency;
+  declare public expenseCurrencyFxRate: number;
+  declare public expenseCurrencyFxRateSource: FX_RATE_SOURCE | `${FX_RATE_SOURCE}`;
+  declare public url: string;
+  declare public createdAt: CreationOptional<Date>;
+  declare public updatedAt: CreationOptional<Date>;
+  declare public deletedAt: CreationOptional<Date>;
+  declare public incurredAt: Date;
+  declare public description: CreationOptional<string>;
 
   public static editableFields = [
     'amount',
diff --git a/server/models/HostApplication.ts b/server/models/HostApplication.ts
index f8b18e2497f..3cea341386f 100644
--- a/server/models/HostApplication.ts
+++ b/server/models/HostApplication.ts
@@ -21,22 +21,22 @@ export enum HostApplicationStatus {
 }
 
 class HostApplication extends Model<InferAttributes<HostApplication>, InferCreationAttributes<HostApplication>> {
-  public declare readonly id: CreationOptional<number>;
-  public declare CollectiveId: number;
-  public declare HostCollectiveId: number;
-  public declare CreatedByUserId: ForeignKey<User['id']>;
-  public declare status: HostApplicationStatus;
-  public declare customData: Record<string, unknown> | null;
-  public declare message: string;
-  public declare createdAt: CreationOptional<Date>;
-  public declare updatedAt: CreationOptional<Date>;
-  public declare deletedAt: CreationOptional<Date>;
+  declare public readonly id: CreationOptional<number>;
+  declare public CollectiveId: number;
+  declare public HostCollectiveId: number;
+  declare public CreatedByUserId: ForeignKey<User['id']>;
+  declare public status: HostApplicationStatus;
+  declare public customData: Record<string, unknown> | null;
+  declare public message: string;
+  declare public createdAt: CreationOptional<Date>;
+  declare public updatedAt: CreationOptional<Date>;
+  declare public deletedAt: CreationOptional<Date>;
 
-  public declare collective?: NonAttribute<Collective>;
-  public declare getCollective: BelongsToGetAssociationMixin<Collective>;
+  declare public collective?: NonAttribute<Collective>;
+  declare public getCollective: BelongsToGetAssociationMixin<Collective>;
 
-  public declare host?: NonAttribute<Collective>;
-  public declare getHost: BelongsToGetAssociationMixin<Collective>;
+  declare public host?: NonAttribute<Collective>;
+  declare public getHost: BelongsToGetAssociationMixin<Collective>;
 
   // ---- Static ----
 
diff --git a/server/models/LegalDocument.ts b/server/models/LegalDocument.ts
index 97851c05ec5..ebde860765b 100644
--- a/server/models/LegalDocument.ts
+++ b/server/models/LegalDocument.ts
@@ -50,22 +50,22 @@ const ENCRYPTION_KEY = get(config, 'taxForms.encryptionKey');
 export type LegalDocumentAttributes = InferAttributes<LegalDocument>;
 
 class LegalDocument extends Model<LegalDocumentAttributes, InferCreationAttributes<LegalDocument>> {
-  public declare id: number;
-  public declare year: number;
-  public declare documentType: string;
-  public declare documentLink: string;
-  public declare requestStatus: LEGAL_DOCUMENT_REQUEST_STATUS | `${LEGAL_DOCUMENT_REQUEST_STATUS}`;
-  public declare service: LEGAL_DOCUMENT_SERVICE | `${LEGAL_DOCUMENT_SERVICE}`;
-
-  public declare CollectiveId: number;
-  public declare collective?: Collective;
-  public declare getCollective: BelongsToGetAssociationMixin<Collective>;
-
-  public declare createdAt: Date;
-  public declare updatedAt: Date;
-  public declare deletedAt?: Date;
-
-  public declare data: any;
+  declare public id: number;
+  declare public year: number;
+  declare public documentType: string;
+  declare public documentLink: string;
+  declare public requestStatus: LEGAL_DOCUMENT_REQUEST_STATUS | `${LEGAL_DOCUMENT_REQUEST_STATUS}`;
+  declare public service: LEGAL_DOCUMENT_SERVICE | `${LEGAL_DOCUMENT_SERVICE}`;
+
+  declare public CollectiveId: number;
+  declare public collective?: Collective;
+  declare public getCollective: BelongsToGetAssociationMixin<Collective>;
+
+  declare public createdAt: Date;
+  declare public updatedAt: Date;
+  declare public deletedAt?: Date;
+
+  declare public data: any;
 
   static findByTypeYearCollective = ({ documentType, year, collective }) => {
     return LegalDocument.findOne({
diff --git a/server/models/MigrationLog.ts b/server/models/MigrationLog.ts
index 712e317d73f..305a3b9e36a 100644
--- a/server/models/MigrationLog.ts
+++ b/server/models/MigrationLog.ts
@@ -26,12 +26,12 @@ export type MigrationLogDataForMergeAccounts = {
 type MigrationLogData = MigrationLogDataForMergeAccounts | Record<string, unknown>;
 
 class MigrationLog extends Model<InferAttributes<MigrationLog>, InferCreationAttributes<MigrationLog>> {
-  public declare id: CreationOptional<number>;
-  public declare type: MigrationLogType;
-  public declare createdAt: CreationOptional<Date>;
-  public declare description: string;
-  public declare data: MigrationLogData;
-  public declare CreatedByUserId: ForeignKey<User['id']>;
+  declare public id: CreationOptional<number>;
+  declare public type: MigrationLogType;
+  declare public createdAt: CreationOptional<Date>;
+  declare public description: string;
+  declare public data: MigrationLogData;
+  declare public CreatedByUserId: ForeignKey<User['id']>;
 
   static async getDataForMergeAccounts(
     fromAccountId: number,
diff --git a/server/models/Notification.ts b/server/models/Notification.ts
index 3fc8ac6bba4..b3eb8ce2019 100644
--- a/server/models/Notification.ts
+++ b/server/models/Notification.ts
@@ -24,17 +24,17 @@ const DEFAULT_ACTIVE_STATE_BY_CHANNEL = {
 };
 
 class Notification extends Model<InferAttributes<Notification>, InferCreationAttributes<Notification>> {
-  public declare readonly id: CreationOptional<number>;
-  public declare channel: channels;
-  public declare type: ActivityTypes | ActivityClasses | string;
-  public declare active: boolean;
-  public declare createdAt: CreationOptional<Date>;
-  public declare CollectiveId: CreationOptional<number>;
-  public declare UserId: CreationOptional<number>;
-  public declare webhookUrl: CreationOptional<string>;
-  public declare User?: User;
-  public declare Collective?: Collective;
-  public declare lastSuccessAt: CreationOptional<Date>;
+  declare public readonly id: CreationOptional<number>;
+  declare public channel: channels;
+  declare public type: ActivityTypes | ActivityClasses | string;
+  declare public active: boolean;
+  declare public createdAt: CreationOptional<Date>;
+  declare public CollectiveId: CreationOptional<number>;
+  declare public UserId: CreationOptional<number>;
+  declare public webhookUrl: CreationOptional<string>;
+  declare public User?: User;
+  declare public Collective?: Collective;
+  declare public lastSuccessAt: CreationOptional<Date>;
 
   getUser() {
     return User.findByPk(this.UserId);
diff --git a/server/models/OAuthAuthorizationCode.ts b/server/models/OAuthAuthorizationCode.ts
index 3c9e05ea7f8..f40d2878d65 100644
--- a/server/models/OAuthAuthorizationCode.ts
+++ b/server/models/OAuthAuthorizationCode.ts
@@ -10,20 +10,20 @@ class OAuthAuthorizationCode extends Model<
   InferAttributes<OAuthAuthorizationCode>,
   InferCreationAttributes<OAuthAuthorizationCode>
 > {
-  public declare readonly id: CreationOptional<number>;
-  public declare code: string;
-  public declare redirectUri: string;
-  public declare expiresAt: Date;
-  public declare data: Record<string, unknown>;
-  public declare createdAt: CreationOptional<Date>;
-  public declare updatedAt: CreationOptional<Date>;
-  public declare deletedAt: CreationOptional<Date>;
-  public declare ApplicationId: number;
-  public declare UserId: ForeignKey<User['id']>;
-  public declare scope: string[];
+  declare public readonly id: CreationOptional<number>;
+  declare public code: string;
+  declare public redirectUri: string;
+  declare public expiresAt: Date;
+  declare public data: Record<string, unknown>;
+  declare public createdAt: CreationOptional<Date>;
+  declare public updatedAt: CreationOptional<Date>;
+  declare public deletedAt: CreationOptional<Date>;
+  declare public ApplicationId: number;
+  declare public UserId: ForeignKey<User['id']>;
+  declare public scope: string[];
 
-  public declare application?: NonAttribute<Application>;
-  public declare user?: NonAttribute<User>;
+  declare public application?: NonAttribute<Application>;
+  declare public user?: NonAttribute<User>;
 }
 
 OAuthAuthorizationCode.init(
diff --git a/server/models/PayoutMethod.ts b/server/models/PayoutMethod.ts
index c0bc6058f08..09028a1f727 100644
--- a/server/models/PayoutMethod.ts
+++ b/server/models/PayoutMethod.ts
@@ -76,17 +76,17 @@ type PayoutMethodDataType =
  * Sequelize model to represent an PayoutMethod, linked to the `PayoutMethods` table.
  */
 class PayoutMethod extends Model<InferAttributes<PayoutMethod>, InferCreationAttributes<PayoutMethod>> {
-  public declare readonly id: CreationOptional<number>;
-  public declare type: PayoutMethodTypes;
-  public declare createdAt: CreationOptional<Date>;
-  public declare updatedAt: CreationOptional<Date>;
-  public declare deletedAt: CreationOptional<Date>;
-  public declare name: string;
-  public declare isSaved: boolean;
-  public declare CollectiveId: number;
-  public declare CreatedByUserId: ForeignKey<User['id']>;
+  declare public readonly id: CreationOptional<number>;
+  declare public type: PayoutMethodTypes;
+  declare public createdAt: CreationOptional<Date>;
+  declare public updatedAt: CreationOptional<Date>;
+  declare public deletedAt: CreationOptional<Date>;
+  declare public name: string;
+  declare public isSaved: boolean;
+  declare public CollectiveId: number;
+  declare public CreatedByUserId: ForeignKey<User['id']>;
 
-  public declare Collective?: Collective;
+  declare public Collective?: Collective;
 
   private static editableFields = ['data', 'name', 'isSaved'];
 
diff --git a/server/models/PaypalPlan.ts b/server/models/PaypalPlan.ts
index f6f5f1dabae..821b6fd2112 100644
--- a/server/models/PaypalPlan.ts
+++ b/server/models/PaypalPlan.ts
@@ -23,14 +23,14 @@ interface PaypalPlanCreateWithProductAttributes extends PaypalPlanCommonCreateAt
 type PaypalPlanCreateAttributes = PaypalPlanCreateWithProductIdAttributes | PaypalPlanCreateWithProductAttributes;
 
 class PaypalPlan extends Model<InferAttributes<PaypalPlan>, PaypalPlanCreateAttributes> {
-  public declare id: string;
-  public declare ProductId: string;
-  public declare currency: SupportedCurrency;
-  public declare interval: string;
-  public declare amount: number;
-  public declare createdAt: Date;
-  public declare updatedAt: Date;
-  public declare deletedAt: Date;
+  declare public id: string;
+  declare public ProductId: string;
+  declare public currency: SupportedCurrency;
+  declare public interval: string;
+  declare public amount: number;
+  declare public createdAt: Date;
+  declare public updatedAt: Date;
+  declare public deletedAt: Date;
 }
 
 PaypalPlan.init(
diff --git a/server/models/PaypalProduct.ts b/server/models/PaypalProduct.ts
index 1b5754afbff..f80b54bff26 100644
--- a/server/models/PaypalProduct.ts
+++ b/server/models/PaypalProduct.ts
@@ -10,13 +10,13 @@ export interface PaypalProductCreateAttributes {
 }
 
 class PaypalProduct extends Model<InferAttributes<PaypalProduct>, PaypalProductCreateAttributes> {
-  public declare id: string;
-  public declare CollectiveId: number;
-  public declare HostCollectiveId: number;
-  public declare TierId: number;
-  public declare createdAt: Date;
-  public declare updatedAt: Date;
-  public declare deletedAt: Date;
+  declare public id: string;
+  declare public CollectiveId: number;
+  declare public HostCollectiveId: number;
+  declare public TierId: number;
+  declare public createdAt: Date;
+  declare public updatedAt: Date;
+  declare public deletedAt: Date;
 }
 
 PaypalProduct.init(
diff --git a/server/models/PersonalToken.ts b/server/models/PersonalToken.ts
index 1ce0b775599..7af9578c1a8 100644
--- a/server/models/PersonalToken.ts
+++ b/server/models/PersonalToken.ts
@@ -9,22 +9,22 @@ import Application from './Application';
 import User from './User';
 
 class PersonalToken extends Model<InferAttributes<PersonalToken>, InferCreationAttributes<PersonalToken>> {
-  public declare readonly id: CreationOptional<number>;
-  public declare token: string;
-  public declare expiresAt: Date;
-  public declare createdAt: CreationOptional<Date>;
-  public declare updatedAt: CreationOptional<Date>;
-  public declare deletedAt: CreationOptional<Date>;
-  public declare lastUsedAt: CreationOptional<Date>;
-  public declare data: Record<string, unknown>;
-  public declare CollectiveId: number;
-  public declare UserId: ForeignKey<User['id']>;
-  public declare scope: oAuthScopes[];
-  public declare name: string;
-  public declare preAuthorize2FA: CreationOptional<boolean>;
+  declare public readonly id: CreationOptional<number>;
+  declare public token: string;
+  declare public expiresAt: Date;
+  declare public createdAt: CreationOptional<Date>;
+  declare public updatedAt: CreationOptional<Date>;
+  declare public deletedAt: CreationOptional<Date>;
+  declare public lastUsedAt: CreationOptional<Date>;
+  declare public data: Record<string, unknown>;
+  declare public CollectiveId: number;
+  declare public UserId: ForeignKey<User['id']>;
+  declare public scope: oAuthScopes[];
+  declare public name: string;
+  declare public preAuthorize2FA: CreationOptional<boolean>;
 
-  public declare application?: NonAttribute<typeof Application>;
-  public declare user?: NonAttribute<typeof User>;
+  declare public application?: NonAttribute<typeof Application>;
+  declare public user?: NonAttribute<typeof User>;
 
   public static generateToken(): string {
     return randomBytes(20).toString('hex');
diff --git a/server/models/RecurringExpense.ts b/server/models/RecurringExpense.ts
index cd4bb238b35..5c47dde275c 100644
--- a/server/models/RecurringExpense.ts
+++ b/server/models/RecurringExpense.ts
@@ -38,15 +38,15 @@ type RecurringExpenseCreateAttributes =
   | Pick<RecurringExpenseAttributes, 'endsAt' | 'lastDraftedAt'>;
 
 class RecurringExpense extends Model<RecurringExpenseAttributes, RecurringExpenseCreateAttributes> {
-  public declare id: number;
-  public declare interval: string;
-  public declare CollectiveId: number;
-  public declare FromCollectiveId: number;
-  public declare lastDraftedAt: Date;
-  public declare endsAt: Date;
-  public declare createdAt: Date;
-  public declare updatedAt: Date;
-  public declare deletedAt: Date;
+  declare public id: number;
+  declare public interval: string;
+  declare public CollectiveId: number;
+  declare public FromCollectiveId: number;
+  declare public lastDraftedAt: Date;
+  declare public endsAt: Date;
+  declare public createdAt: Date;
+  declare public updatedAt: Date;
+  declare public deletedAt: Date;
 
   public static RecurringExpenseIntervals = RecurringExpenseIntervals;
 
diff --git a/server/models/RequiredLegalDocument.ts b/server/models/RequiredLegalDocument.ts
index 73d1d4c7081..6c6e6e84133 100644
--- a/server/models/RequiredLegalDocument.ts
+++ b/server/models/RequiredLegalDocument.ts
@@ -8,13 +8,13 @@ class RequiredLegalDocument extends Model<
   InferAttributes<RequiredLegalDocument>,
   InferAttributes<RequiredLegalDocument>
 > {
-  public declare readonly id: CreationOptional<number>;
-  public declare documentType: LEGAL_DOCUMENT_TYPE;
-  public declare HostCollectiveId: number;
+  declare public readonly id: CreationOptional<number>;
+  declare public documentType: LEGAL_DOCUMENT_TYPE;
+  declare public HostCollectiveId: number;
 
-  public declare createdAt: CreationOptional<Date>;
-  public declare updatedAt: CreationOptional<Date>;
-  public declare deletedAt: CreationOptional<Date>;
+  declare public createdAt: CreationOptional<Date>;
+  declare public updatedAt: CreationOptional<Date>;
+  declare public deletedAt: CreationOptional<Date>;
 }
 
 RequiredLegalDocument.init(
diff --git a/server/models/SocialLink.ts b/server/models/SocialLink.ts
index 0442e294f94..bd43eb4bc9f 100644
--- a/server/models/SocialLink.ts
+++ b/server/models/SocialLink.ts
@@ -31,14 +31,14 @@ export enum SocialLinkType {
 }
 
 class SocialLink extends Model<InferAttributes<SocialLink>, InferCreationAttributes<SocialLink>> {
-  public declare CollectiveId: number;
-  public declare type: SocialLinkType;
-  public declare url: string;
-  public declare order: number;
-  public declare createdAt: CreationOptional<Date>;
-  public declare updatedAt: CreationOptional<Date>;
+  declare public CollectiveId: number;
+  declare public type: SocialLinkType;
+  declare public url: string;
+  declare public order: number;
+  declare public createdAt: CreationOptional<Date>;
+  declare public updatedAt: CreationOptional<Date>;
 
-  public declare collective?: NonAttribute<Collective>;
+  declare public collective?: NonAttribute<Collective>;
 }
 
 SocialLink.init(
diff --git a/server/models/SuspendedAsset.ts b/server/models/SuspendedAsset.ts
index d727682a364..d8a6f581133 100644
--- a/server/models/SuspendedAsset.ts
+++ b/server/models/SuspendedAsset.ts
@@ -17,13 +17,13 @@ export enum AssetType {
  * Sequelize model to represent an SuspendedAsset, linked to the `SuspendedAssets` table.
  */
 class SuspendedAsset extends Model<InferAttributes<SuspendedAsset>, InferCreationAttributes<SuspendedAsset>> {
-  public declare readonly id: CreationOptional<number>;
-  public declare type: AssetType;
-  public declare reason: string;
-  public declare fingerprint: string;
-  public declare createdAt: Date;
-  public declare updatedAt: Date;
-  public declare deletedAt: Date;
+  declare public readonly id: CreationOptional<number>;
+  declare public type: AssetType;
+  declare public reason: string;
+  declare public fingerprint: string;
+  declare public createdAt: Date;
+  declare public updatedAt: Date;
+  declare public deletedAt: Date;
 
   static async assertAssetIsNotSuspended({
     type,
diff --git a/server/models/Tier.ts b/server/models/Tier.ts
index f7d4ef365a4..2bc882f8494 100644
--- a/server/models/Tier.ts
+++ b/server/models/Tier.ts
@@ -33,33 +33,33 @@ const longDescriptionSanitizerOpts = buildSanitizerOptions({
 export type TierType = 'TIER' | 'MEMBERSHIP' | 'DONATION' | 'TICKET' | 'PRODUCT' | 'SERVICE';
 
 class Tier extends Model<InferAttributes<Tier>, InferCreationAttributes<Tier>> {
-  public declare readonly id: CreationOptional<number>;
-  public declare CollectiveId: number;
-  public declare slug: string;
-  public declare name: string;
-  public declare type: TierType;
-  public declare description: string;
-  public declare longDescription: string;
-  public declare useStandalonePage: boolean;
-  public declare videoUrl: string;
-  public declare button: string;
-  public declare amount: number;
-  public declare presets: number[];
-  public declare amountType: 'FIXED' | 'FLEXIBLE';
-  public declare minimumAmount: number;
-  public declare currency: SupportedCurrency;
-  public declare interval: 'month' | 'year' | 'flexible';
-  public declare maxQuantity: number;
-  public declare goal: number;
-  public declare customFields: Record<string, unknown>;
-  public declare data: Record<string, unknown>;
-  public declare startsAt: CreationOptional<Date>;
-  public declare endsAt: CreationOptional<Date>;
-  public declare createdAt: CreationOptional<Date>;
-  public declare updatedAt: CreationOptional<Date>;
-  public declare deletedAt: CreationOptional<Date>;
-
-  public declare Collective?: Collective;
+  declare public readonly id: CreationOptional<number>;
+  declare public CollectiveId: number;
+  declare public slug: string;
+  declare public name: string;
+  declare public type: TierType;
+  declare public description: string;
+  declare public longDescription: string;
+  declare public useStandalonePage: boolean;
+  declare public videoUrl: string;
+  declare public button: string;
+  declare public amount: number;
+  declare public presets: number[];
+  declare public amountType: 'FIXED' | 'FLEXIBLE';
+  declare public minimumAmount: number;
+  declare public currency: SupportedCurrency;
+  declare public interval: 'month' | 'year' | 'flexible';
+  declare public maxQuantity: number;
+  declare public goal: number;
+  declare public customFields: Record<string, unknown>;
+  declare public data: Record<string, unknown>;
+  declare public startsAt: CreationOptional<Date>;
+  declare public endsAt: CreationOptional<Date>;
+  declare public createdAt: CreationOptional<Date>;
+  declare public updatedAt: CreationOptional<Date>;
+  declare public deletedAt: CreationOptional<Date>;
+
+  declare public Collective?: Collective;
 
   /**
    * Instance Methods
diff --git a/server/models/TransactionSettlement.ts b/server/models/TransactionSettlement.ts
index 18d21046bc0..c83559ad447 100644
--- a/server/models/TransactionSettlement.ts
+++ b/server/models/TransactionSettlement.ts
@@ -26,15 +26,15 @@ class TransactionSettlement extends Model<
   InferAttributes<TransactionSettlement>,
   InferCreationAttributes<TransactionSettlement>
 > {
-  public declare TransactionGroup: string;
-  public declare kind: TransactionKind | `${TransactionKind}`;
-  public declare status: TransactionSettlementStatus;
-  public declare ExpenseId: ForeignKey<Expense['id']>;
-  public declare createdAt: CreationOptional<Date>;
-  public declare updatedAt: CreationOptional<Date>;
-  public declare deletedAt: CreationOptional<Date>;
-
-  public declare getExpense: BelongsToGetAssociationMixin<Expense>;
+  declare public TransactionGroup: string;
+  declare public kind: TransactionKind | `${TransactionKind}`;
+  declare public status: TransactionSettlementStatus;
+  declare public ExpenseId: ForeignKey<Expense['id']>;
+  declare public createdAt: CreationOptional<Date>;
+  declare public updatedAt: CreationOptional<Date>;
+  declare public deletedAt: CreationOptional<Date>;
+
+  declare public getExpense: BelongsToGetAssociationMixin<Expense>;
 
   // ---- Static methods ----
 
diff --git a/server/models/TransactionsImport.ts b/server/models/TransactionsImport.ts
index 3deea36fbec..8bb57f02af5 100644
--- a/server/models/TransactionsImport.ts
+++ b/server/models/TransactionsImport.ts
@@ -60,26 +60,26 @@ export class TransactionsImportLockedError extends Error {
 }
 
 class TransactionsImport extends Model<InferAttributes<TransactionsImport>, CreationAttributes> {
-  public declare id: number;
-  public declare CollectiveId: ForeignKey<Collective['id']>;
-  public declare UploadedFileId: ForeignKey<UploadedFile['id']>;
-  public declare ConnectedAccountId: ForeignKey<ConnectedAccount['id']>;
-  public declare source: string;
-  public declare name: string;
-  public declare type: (typeof TransactionsImportTypes)[number];
-  public declare settings: TransactionsImportSettings | null;
-  public declare data: TransactionsImportData | null;
-  public declare createdAt: Date;
-  public declare updatedAt: Date;
-  public declare deletedAt: Date;
-  public declare lastSyncAt: Date;
-
-  public declare collective?: Collective;
-  public declare getCollective: BelongsToGetAssociationMixin<Collective>;
-  public declare importRows?: TransactionsImportRow[];
-  public declare getImportRows: HasManyGetAssociationsMixin<TransactionsImportRow>;
-  public declare createImportRow: HasManyCreateAssociationMixin<TransactionsImportRow>;
-  public declare getConnectedAccount: BelongsToGetAssociationMixin<ConnectedAccount>;
+  declare public id: number;
+  declare public CollectiveId: ForeignKey<Collective['id']>;
+  declare public UploadedFileId: ForeignKey<UploadedFile['id']>;
+  declare public ConnectedAccountId: ForeignKey<ConnectedAccount['id']>;
+  declare public source: string;
+  declare public name: string;
+  declare public type: (typeof TransactionsImportTypes)[number];
+  declare public settings: TransactionsImportSettings | null;
+  declare public data: TransactionsImportData | null;
+  declare public createdAt: Date;
+  declare public updatedAt: Date;
+  declare public deletedAt: Date;
+  declare public lastSyncAt: Date;
+
+  declare public collective?: Collective;
+  declare public getCollective: BelongsToGetAssociationMixin<Collective>;
+  declare public importRows?: TransactionsImportRow[];
+  declare public getImportRows: HasManyGetAssociationsMixin<TransactionsImportRow>;
+  declare public createImportRow: HasManyCreateAssociationMixin<TransactionsImportRow>;
+  declare public getConnectedAccount: BelongsToGetAssociationMixin<ConnectedAccount>;
 
   static async createWithActivity(
     remoteUser: User,
diff --git a/server/models/TransactionsImportRow.ts b/server/models/TransactionsImportRow.ts
index 5362db9b342..1f0bed8d9c1 100644
--- a/server/models/TransactionsImportRow.ts
+++ b/server/models/TransactionsImportRow.ts
@@ -19,25 +19,25 @@ class TransactionsImportRow extends Model<
   InferAttributes<TransactionsImportRow>,
   InferCreationAttributes<TransactionsImportRow>
 > {
-  public declare id: CreationOptional<number>;
-  public declare CollectiveId: ForeignKey<Collective['id']>;
-  public declare TransactionsImportId: ForeignKey<TransactionsImport['id']>;
-  public declare ExpenseId: ForeignKey<Expense['id']>;
-  public declare OrderId: ForeignKey<Order['id']>;
-  public declare sourceId: string;
-  public declare isDismissed: boolean;
-  public declare description: string;
-  public declare date: Date;
-  public declare amount: number;
-  public declare isUnique: boolean;
-  public declare currency: SupportedCurrency;
-  public declare rawValue: Record<string, string>;
-  public declare createdAt: Date;
-  public declare updatedAt: Date;
-  public declare deletedAt: Date | null;
+  declare public id: CreationOptional<number>;
+  declare public CollectiveId: ForeignKey<Collective['id']>;
+  declare public TransactionsImportId: ForeignKey<TransactionsImport['id']>;
+  declare public ExpenseId: ForeignKey<Expense['id']>;
+  declare public OrderId: ForeignKey<Order['id']>;
+  declare public sourceId: string;
+  declare public isDismissed: boolean;
+  declare public description: string;
+  declare public date: Date;
+  declare public amount: number;
+  declare public isUnique: boolean;
+  declare public currency: SupportedCurrency;
+  declare public rawValue: Record<string, string>;
+  declare public createdAt: Date;
+  declare public updatedAt: Date;
+  declare public deletedAt: Date | null;
 
-  public declare import?: TransactionsImport;
-  public declare getImport: BelongsToGetAssociationMixin<TransactionsImport>;
+  declare public import?: TransactionsImport;
+  declare public getImport: BelongsToGetAssociationMixin<TransactionsImport>;
 
   public isProcessed(): boolean {
     return Boolean(this.OrderId || this.ExpenseId || this.isDismissed);
diff --git a/server/models/Update.ts b/server/models/Update.ts
index cddf0f91901..cc4e326d23e 100644
--- a/server/models/Update.ts
+++ b/server/models/Update.ts
@@ -62,35 +62,35 @@ const PRIVATE_UPDATE_TARGET_ROLES = [
 const PUBLIC_UPDATE_TARGET_ROLES = [...PRIVATE_UPDATE_TARGET_ROLES, MemberRoles.FOLLOWER];
 
 class Update extends Model<InferAttributes<Update>, InferCreationAttributes<Update>> {
-  public declare id: CreationOptional<number>;
-  public declare slug: string;
-  public declare CollectiveId: number;
-  public declare TierId: number;
-  public declare FromCollectiveId: number;
-  public declare CreatedByUserId: number;
-  public declare LastEditedByUserId: number;
-  public declare title: string;
-  public declare html: string;
-  public declare summary: string;
-  public declare image: string;
-  public declare isPrivate: boolean;
-  public declare isChangelog: boolean;
-  public declare notificationAudience: (typeof UPDATE_NOTIFICATION_AUDIENCE)[keyof typeof UPDATE_NOTIFICATION_AUDIENCE];
-  public declare tags: string[];
-
-  public declare publishedAt: Date;
-  public declare makePublicOn: Date;
-  public declare createdAt: Date;
-  public declare updatedAt: Date;
-  public declare deletedAt: Date;
-
-  public declare collective?: Collective;
-  public declare fromCollective?: Collective;
-
-  public declare getCollective: BelongsToGetAssociationMixin<Collective>;
-  public declare getFromCollective: BelongsToGetAssociationMixin<Collective>;
-  public declare getCreatedByUser: BelongsToGetAssociationMixin<User>;
-  public declare getLastEditedByUser: BelongsToGetAssociationMixin<User>;
+  declare public id: CreationOptional<number>;
+  declare public slug: string;
+  declare public CollectiveId: number;
+  declare public TierId: number;
+  declare public FromCollectiveId: number;
+  declare public CreatedByUserId: number;
+  declare public LastEditedByUserId: number;
+  declare public title: string;
+  declare public html: string;
+  declare public summary: string;
+  declare public image: string;
+  declare public isPrivate: boolean;
+  declare public isChangelog: boolean;
+  declare public notificationAudience: (typeof UPDATE_NOTIFICATION_AUDIENCE)[keyof typeof UPDATE_NOTIFICATION_AUDIENCE];
+  declare public tags: string[];
+
+  declare public publishedAt: Date;
+  declare public makePublicOn: Date;
+  declare public createdAt: Date;
+  declare public updatedAt: Date;
+  declare public deletedAt: Date;
+
+  declare public collective?: Collective;
+  declare public fromCollective?: Collective;
+
+  declare public getCollective: BelongsToGetAssociationMixin<Collective>;
+  declare public getFromCollective: BelongsToGetAssociationMixin<Collective>;
+  declare public getCreatedByUser: BelongsToGetAssociationMixin<User>;
+  declare public getLastEditedByUser: BelongsToGetAssociationMixin<User>;
 
   /**
    * Instance Methods
diff --git a/server/models/User.ts b/server/models/User.ts
index b94027e5dcb..d43880f797d 100644
--- a/server/models/User.ts
+++ b/server/models/User.ts
@@ -36,37 +36,37 @@ type UserData = {
 };
 
 class User extends Model<InferAttributes<User>, InferCreationAttributes<User>> {
-  public declare readonly id: CreationOptional<number>;
-  public declare email: string;
-  public declare emailWaitingForValidation: CreationOptional<string>;
-  public declare emailConfirmationToken: CreationOptional<string>;
+  declare public readonly id: CreationOptional<number>;
+  declare public email: string;
+  declare public emailWaitingForValidation: CreationOptional<string>;
+  declare public emailConfirmationToken: CreationOptional<string>;
   /**
    * @deprecated use `UserTwoFactorAuthMethod`
    */
-  public declare twoFactorAuthToken: CreationOptional<string>;
+  declare public twoFactorAuthToken: CreationOptional<string>;
   /**
    * @deprecated use `UserTwoFactorAuthMethod`
    */
-  public declare yubikeyDeviceId: CreationOptional<string>;
-  public declare twoFactorAuthRecoveryCodes: CreationOptional<string[]>;
-  public declare CollectiveId: number;
-  public declare newsletterOptIn: boolean;
-  public declare data: CreationOptional<Record<string, unknown> & UserData>;
-  public declare createdAt: CreationOptional<Date>;
-  public declare changelogViewDate: CreationOptional<Date>;
-  public declare updatedAt: CreationOptional<Date>;
-  public declare deletedAt: CreationOptional<Date>;
-  public declare confirmedAt: CreationOptional<Date>;
-  public declare lastLoginAt: CreationOptional<Date>;
-  public declare passwordHash: CreationOptional<string>;
-  public declare passwordUpdatedAt: CreationOptional<Date>;
+  declare public yubikeyDeviceId: CreationOptional<string>;
+  declare public twoFactorAuthRecoveryCodes: CreationOptional<string[]>;
+  declare public CollectiveId: number;
+  declare public newsletterOptIn: boolean;
+  declare public data: CreationOptional<Record<string, unknown> & UserData>;
+  declare public createdAt: CreationOptional<Date>;
+  declare public changelogViewDate: CreationOptional<Date>;
+  declare public updatedAt: CreationOptional<Date>;
+  declare public deletedAt: CreationOptional<Date>;
+  declare public confirmedAt: CreationOptional<Date>;
+  declare public lastLoginAt: CreationOptional<Date>;
+  declare public passwordHash: CreationOptional<string>;
+  declare public passwordUpdatedAt: CreationOptional<Date>;
 
   // TODO: We should ideally rely on this.changed(...)
   public _emailChanged?: NonAttribute<boolean>;
   public _emailWaitingForValidationChanged?: NonAttribute<boolean>;
 
   // Associations
-  public declare collective?: Collective;
+  declare public collective?: Collective;
 
   // Non-model attributes
   public rolesByCollectiveId?: NonAttribute<Record<string, MemberRoles[]>>;
diff --git a/server/models/UserToken.ts b/server/models/UserToken.ts
index 5769968bb23..bd4de7e951a 100644
--- a/server/models/UserToken.ts
+++ b/server/models/UserToken.ts
@@ -11,24 +11,24 @@ export enum TokenType {
 }
 
 class UserToken extends Model<InferAttributes<UserToken>, InferCreationAttributes<UserToken>> {
-  public declare id: CreationOptional<number>;
-  public declare type: 'OAUTH';
-  public declare accessToken: string;
-  public declare accessTokenExpiresAt: Date;
-  public declare refreshToken: string;
-  public declare refreshTokenExpiresAt?: Date;
-  public declare ApplicationId: number;
-  public declare UserId: ForeignKey<User['id']>;
-  public declare data: Record<string, unknown>;
-  public declare scope: string[];
-  public declare preAuthorize2FA: boolean;
-  public declare createdAt: CreationOptional<Date>;
-  public declare updatedAt: CreationOptional<Date>;
-  public declare deletedAt: CreationOptional<Date>;
-  public declare lastUsedAt: CreationOptional<Date>;
+  declare public id: CreationOptional<number>;
+  declare public type: 'OAUTH';
+  declare public accessToken: string;
+  declare public accessTokenExpiresAt: Date;
+  declare public refreshToken: string;
+  declare public refreshTokenExpiresAt?: Date;
+  declare public ApplicationId: number;
+  declare public UserId: ForeignKey<User['id']>;
+  declare public data: Record<string, unknown>;
+  declare public scope: string[];
+  declare public preAuthorize2FA: boolean;
+  declare public createdAt: CreationOptional<Date>;
+  declare public updatedAt: CreationOptional<Date>;
+  declare public deletedAt: CreationOptional<Date>;
+  declare public lastUsedAt: CreationOptional<Date>;
 
-  public declare user?: NonAttribute<User>;
-  public declare client?: NonAttribute<OAuth2Server.Client>;
+  declare public user?: NonAttribute<User>;
+  declare public client?: NonAttribute<OAuth2Server.Client>;
 
   hasScope(scope): boolean {
     return Boolean(this.scope && this.scope.includes(scope));
diff --git a/server/models/VirtualCard.ts b/server/models/VirtualCard.ts
index 1c4a058ae37..677df2744e5 100644
--- a/server/models/VirtualCard.ts
+++ b/server/models/VirtualCard.ts
@@ -26,32 +26,32 @@ export enum VirtualCardStatus {
 }
 
 class VirtualCard extends Model<InferAttributes<VirtualCard, { omit: 'info' }>, InferCreationAttributes<VirtualCard>> {
-  public declare id: CreationOptional<string>;
-  public declare CollectiveId: number;
-  public declare HostCollectiveId: number;
-  public declare UserId: ForeignKey<User['id']>;
-  public declare VirtualCardRequestId: ForeignKey<VirtualCardRequest['id']>;
-  public declare name: string;
-  public declare last4: string;
-  public declare data: Record<string, any>;
-  public declare privateData: string | Record<string, any>;
-  public declare provider: VirtualCardProviders;
-  public declare spendingLimitAmount: number;
-  public declare spendingLimitInterval: string;
-  public declare currency: SupportedCurrency;
-  public declare createdAt: CreationOptional<Date>;
-  public declare updatedAt: CreationOptional<Date>;
-  public declare deletedAt: CreationOptional<Date>;
-  public declare resumedAt: CreationOptional<Date>;
+  declare public id: CreationOptional<string>;
+  declare public CollectiveId: number;
+  declare public HostCollectiveId: number;
+  declare public UserId: ForeignKey<User['id']>;
+  declare public VirtualCardRequestId: ForeignKey<VirtualCardRequest['id']>;
+  declare public name: string;
+  declare public last4: string;
+  declare public data: Record<string, any>;
+  declare public privateData: string | Record<string, any>;
+  declare public provider: VirtualCardProviders;
+  declare public spendingLimitAmount: number;
+  declare public spendingLimitInterval: string;
+  declare public currency: SupportedCurrency;
+  declare public createdAt: CreationOptional<Date>;
+  declare public updatedAt: CreationOptional<Date>;
+  declare public deletedAt: CreationOptional<Date>;
+  declare public resumedAt: CreationOptional<Date>;
 
   // Associations
-  public declare collective?: NonAttribute<any>;
-  public declare host?: NonAttribute<Collective>;
-  public declare getHost: BelongsToGetAssociationMixin<Collective>;
-  public declare user?: NonAttribute<any>;
+  declare public collective?: NonAttribute<any>;
+  declare public host?: NonAttribute<Collective>;
+  declare public getHost: BelongsToGetAssociationMixin<Collective>;
+  declare public user?: NonAttribute<any>;
 
-  public declare virtualCardRequest?: NonAttribute<VirtualCardRequest>;
-  public declare getVirtualCardRequest?: BelongsToGetAssociationMixin<VirtualCardRequest>;
+  declare public virtualCardRequest?: NonAttribute<VirtualCardRequest>;
+  declare public getVirtualCardRequest?: BelongsToGetAssociationMixin<VirtualCardRequest>;
 
   async getExpensesMissingDetails(): Promise<Array<any>> {
     return Expense.findPendingCardCharges({

From 8094b90d29c9f38c9b2fd35aa8669459ce77c826 Mon Sep 17 00:00:00 2001
From: Leo Kewitz <leo@opencollective.com>
Date: Wed, 4 Dec 2024 05:21:20 -0300
Subject: [PATCH 106/129] perf: add order.createdAt index (#10508)

---
 .../20241129153622-index-order-created-at.js     | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 migrations/20241129153622-index-order-created-at.js

diff --git a/migrations/20241129153622-index-order-created-at.js b/migrations/20241129153622-index-order-created-at.js
new file mode 100644
index 00000000000..39d968c1507
--- /dev/null
+++ b/migrations/20241129153622-index-order-created-at.js
@@ -0,0 +1,16 @@
+'use strict';
+
+/** @type {import('sequelize-cli').Migration} */
+module.exports = {
+  async up(queryInterface) {
+    await queryInterface.sequelize.query(`
+      CREATE INDEX CONCURRENTLY IF NOT EXISTS orders_created_at ON "Orders" ("createdAt" DESC) WHERE ("deletedAt" IS NULL);
+    `);
+  },
+
+  async down(queryInterface) {
+    await queryInterface.sequelize.query(`
+      DROP INDEX IF EXISTS "orders_created_at";
+    `);
+  },
+};

From b4a975d0bd8dc0362a14ef0ff84b0aa242934d97 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Wed, 4 Dec 2024 11:02:50 +0100
Subject: [PATCH 107/129] fix: correct error message formatting in
 checkActiveApprovedAtInconsistency (#10520)

---
 checks/model/collectives.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/checks/model/collectives.js b/checks/model/collectives.js
index 2fa32fdb20b..3678d588d7c 100644
--- a/checks/model/collectives.js
+++ b/checks/model/collectives.js
@@ -44,7 +44,7 @@ async function checkActiveApprovedAtInconsistency() {
 
   if (results.activeUnapproved > 0 || results.inactiveApproved > 0) {
     throw new Error(
-      `${message} (${results[0].activeUnapproved} activeUnapproved, ${results[0].inactiveApproved} inactiveApproved)`,
+      `${message} (${results.activeUnapproved} activeUnapproved, ${results.inactiveApproved} inactiveApproved)`,
     );
   }
 }

From 817d177ad290da5172877ee8a0bca48be53ee41b Mon Sep 17 00:00:00 2001
From: Leo Kewitz <leo@opencollective.com>
Date: Thu, 5 Dec 2024 05:01:05 -0300
Subject: [PATCH 108/129] Contributions: Use last charged date for recurring
 contributions (#10504)

* feat: add Subscription.lastChargedAt field

Also make sure we populate/update this field whenever an order is processed.

* feat: add LAST_CHARGED_AT sorting and filtering

* fix: chargedDate filtering

Co-authored-by: Gustav Larsson <gustav.larsson@gmail.com>

* fix: missing lastChargedAt on new orders

Co-authored-by: Gustav Larsson <gustav.larsson@gmail.com>

---------

Co-authored-by: Gustav Larsson <gustav.larsson@gmail.com>
---
 cron/daily/51-synchronize-paypal-ledger.ts    |  4 ++
 ...122904-add-subscription-last-charged-at.js | 60 +++++++++++++++++++
 server/graphql/v2/enum/DateTimeField.js       |  4 ++
 server/graphql/v2/enum/OrderByFieldType.ts    |  2 +
 server/graphql/v2/object/Order.js             |  7 +++
 .../query/collection/OrdersCollectionQuery.ts | 37 +++++++++++-
 server/lib/payments.ts                        |  5 +-
 server/models/Subscription.ts                 |  3 +
 .../opencollective/collective.js              |  8 ++-
 .../opencollective/giftcard.js                |  4 ++
 .../opencollective/prepaid.js                 |  9 ++-
 server/paymentProviders/paypal/webhook.ts     |  1 +
 server/paymentProviders/stripe/creditcard.ts  |  9 ++-
 server/paymentProviders/stripe/webhook.ts     |  5 +-
 14 files changed, 147 insertions(+), 11 deletions(-)
 create mode 100644 migrations/20241128122904-add-subscription-last-charged-at.js

diff --git a/cron/daily/51-synchronize-paypal-ledger.ts b/cron/daily/51-synchronize-paypal-ledger.ts
index 7c40bb8e843..50e8ba81600 100644
--- a/cron/daily/51-synchronize-paypal-ledger.ts
+++ b/cron/daily/51-synchronize-paypal-ledger.ts
@@ -189,6 +189,10 @@ const handleSubscriptionTransaction = async (
       createdAt: captureDate,
     });
 
+    if (subscription) {
+      await subscription.update({ lastChargedAt: captureDate });
+    }
+
     // If the capture is less than 48 hours old, send the thank you email
     if (moment().diff(captureDate, 'hours') < 48) {
       await sendThankYouEmail(order, dbTransaction, isFirstCharge);
diff --git a/migrations/20241128122904-add-subscription-last-charged-at.js b/migrations/20241128122904-add-subscription-last-charged-at.js
new file mode 100644
index 00000000000..04cd0b31a11
--- /dev/null
+++ b/migrations/20241128122904-add-subscription-last-charged-at.js
@@ -0,0 +1,60 @@
+'use strict';
+
+/** @type {import('sequelize-cli').Migration} */
+module.exports = {
+  async up(queryInterface, Sequelize) {
+    console.log('\t - Adding lastChargedAt column to Subscriptions and SubscriptionHistories');
+    await queryInterface.addColumn('Subscriptions', 'lastChargedAt', {
+      type: Sequelize.DATE,
+      allowNull: true,
+    });
+
+    await queryInterface.addColumn('SubscriptionHistories', 'lastChargedAt', {
+      type: Sequelize.DATE,
+      allowNull: true,
+    });
+
+    console.log('\t - Adding index on lastChargedAt column');
+    await queryInterface.addIndex('Subscriptions', {
+      name: 'Subscriptions_lastChargedAt',
+      where: {
+        deletedAt: { [Sequelize.Op.ne]: null },
+      },
+      fields: [
+        {
+          name: 'lastChargedAt',
+          order: 'DESC',
+        },
+      ],
+    });
+
+    const started = Date.now();
+    console.log('\t - Updating lastChargedAt for Subscriptions');
+    await queryInterface.sequelize.query(`
+      WITH
+      updated_subcriptions AS (
+        SELECT o.id AS "orderId", o."createdAt", s.id AS "subscriptionId", MAX(t."createdAt") AS "lastChargedAt"
+        FROM
+          "Orders" o
+          INNER JOIN "Subscriptions" s ON o."SubscriptionId" = s.id AND s."deletedAt" IS NULL
+          INNER JOIN "Transactions" t ON t."OrderId" = o.id AND t.kind = 'CONTRIBUTION' AND t.type = 'CREDIT' AND t."deletedAt" IS NULL
+        WHERE o."deletedAt" IS NULL
+          AND o."SubscriptionId" IS NOT NULL
+          AND (o.status = 'ACTIVE' OR o."createdAt" > NOW() - INTERVAL '1 year')
+        GROUP BY o.id, o."createdAt", s.id
+        )
+      UPDATE "Subscriptions" s
+      SET
+        "lastChargedAt" = updated_subcriptions."lastChargedAt"
+      FROM updated_subcriptions
+      WHERE s.id = updated_subcriptions."subscriptionId" AND updated_subcriptions."lastChargedAt" - updated_subcriptions."createdAt" > INTERVAL '10 seconds';
+    `);
+    console.log(`\t - Updated lastChargedAt for Subscriptions in ${Date.now() - started}ms`);
+  },
+
+  async down(queryInterface) {
+    await queryInterface.removeIndex('Subscriptions', 'Subscriptions_lastChargedAt');
+    await queryInterface.removeColumn('Subscriptions', 'lastChargedAt');
+    await queryInterface.removeColumn('SubscriptionHistories', 'lastChargedAt');
+  },
+};
diff --git a/server/graphql/v2/enum/DateTimeField.js b/server/graphql/v2/enum/DateTimeField.js
index 31293d9f81f..ee00d2ab610 100644
--- a/server/graphql/v2/enum/DateTimeField.js
+++ b/server/graphql/v2/enum/DateTimeField.js
@@ -12,5 +12,9 @@ export const GraphQLDateTimeField = new GraphQLEnumType({
       value: 'clearedAt',
       description: 'Transactions only: The date when a transaction was cleared by the payment processor',
     },
+    LAST_CHARGED_AT: {
+      value: 'lastChargedAt',
+      description: 'Orders only: The date when an order was last charged, defaults to createdAt if never charged',
+    },
   },
 });
diff --git a/server/graphql/v2/enum/OrderByFieldType.ts b/server/graphql/v2/enum/OrderByFieldType.ts
index e239a0a5b27..029f9600639 100644
--- a/server/graphql/v2/enum/OrderByFieldType.ts
+++ b/server/graphql/v2/enum/OrderByFieldType.ts
@@ -4,6 +4,7 @@ export enum ORDER_BY_PSEUDO_FIELDS {
   ACTIVITY = 'ACTIVITY',
   BALANCE = 'BALANCE',
   CREATED_AT = 'CREATED_AT',
+  LAST_CHARGED_AT = 'LAST_CHARGED_AT',
   HOST_RANK = 'HOST_RANK',
   RANK = 'RANK',
   HOSTED_COLLECTIVES_COUNT = 'HOSTED_COLLECTIVES_COUNT',
@@ -16,6 +17,7 @@ export const GraphQLOrderByFieldType = new GraphQLEnumType({
   description: 'Possible fields you can use to order by',
   values: {
     CREATED_AT: {},
+    LAST_CHARGED_AT: {},
     ACTIVITY: { description: 'The financial activity of the collective (number of transactions)' },
     HOST_RANK: {},
     HOSTED_COLLECTIVES_COUNT: {},
diff --git a/server/graphql/v2/object/Order.js b/server/graphql/v2/object/Order.js
index fc404006dd6..0145c59c842 100644
--- a/server/graphql/v2/object/Order.js
+++ b/server/graphql/v2/object/Order.js
@@ -147,6 +147,13 @@ export const GraphQLOrder = new GraphQLObjectType({
           return subscription?.nextChargeDate;
         },
       },
+      lastChargedAt: {
+        type: GraphQLDateTime,
+        async resolve(order, _, req) {
+          const subscription = order.SubscriptionId && (await req.loaders.Subscription.byId.load(order.SubscriptionId));
+          return subscription?.lastChargedAt;
+        },
+      },
       tier: {
         type: GraphQLTier,
         resolve(order, args, req) {
diff --git a/server/graphql/v2/query/collection/OrdersCollectionQuery.ts b/server/graphql/v2/query/collection/OrdersCollectionQuery.ts
index 1146778caf0..f280d4e5ba4 100644
--- a/server/graphql/v2/query/collection/OrdersCollectionQuery.ts
+++ b/server/graphql/v2/query/collection/OrdersCollectionQuery.ts
@@ -5,7 +5,7 @@ import { Includeable, Order } from 'sequelize';
 
 import OrderStatuses from '../../../../constants/order-status';
 import { buildSearchConditions } from '../../../../lib/sql-search';
-import models, { Op } from '../../../../models';
+import models, { Op, sequelize } from '../../../../models';
 import { checkScope } from '../../../common/scope-check';
 import { NotFound, Unauthorized } from '../../../errors';
 import { GraphQLOrderCollection } from '../../collection/OrderCollection';
@@ -130,6 +130,14 @@ export const OrdersCollectionArgs = {
     type: GraphQLDateTime,
     description: 'Only return pending orders that were expected before this date',
   },
+  chargedDateFrom: {
+    type: GraphQLDateTime,
+    description: 'Return orders that were charged after this date',
+  },
+  chargedDateTo: {
+    type: GraphQLDateTime,
+    description: 'Return orders that were charged before this date',
+  },
   searchTerm: {
     type: GraphQLString,
     description: 'The term to search',
@@ -169,6 +177,7 @@ export const OrdersCollectionResolver = async (args, req: express.Request) => {
   const include: Includeable[] = [
     { association: 'fromCollective', required: true, attributes: [] },
     { association: 'collective', required: true, attributes: [] },
+    { model: models.Subscription, required: false, attributes: [] },
   ];
 
   // Check Pagination arguments
@@ -314,12 +323,26 @@ export const OrdersCollectionResolver = async (args, req: express.Request) => {
   if (args.expectedDateFrom) {
     where['data.expectedAt'] = { [Op.gte]: args.expectedDateFrom };
   }
-
   if (args.expectedDateTo) {
     where['data.expectedAt'] = where['data.expectedAt'] || {};
     where['data.expectedAt'][Op.lte] = args.expectedDateTo;
   }
 
+  if (args.chargedDateFrom) {
+    where[Op.and].push(
+      sequelize.where(sequelize.literal(`COALESCE("Subscription"."lastChargedAt", "Order"."createdAt")`), {
+        [Op.gte]: args.chargedDateFrom,
+      }),
+    );
+  }
+  if (args.chargedDateTo) {
+    where[Op.and].push(
+      sequelize.where(sequelize.literal(`COALESCE("Subscription"."lastChargedAt", "Order"."createdAt")`), {
+        [Op.lte]: args.chargedDateTo,
+      }),
+    );
+  }
+
   if (args.status && args.status.length > 0) {
     where['status'] = { [Op.in]: args.status };
     if (args.status.includes(OrderStatuses.PAUSED) && args.pausedBy) {
@@ -374,7 +397,15 @@ export const OrdersCollectionResolver = async (args, req: express.Request) => {
     where['status'] = { ...where['status'], [Op.ne]: OrderStatuses.PENDING };
   }
 
-  const order: Order = [[args.orderBy.field, args.orderBy.direction]];
+  let order: Order;
+  if (args.orderBy.field === 'lastChargedAt') {
+    include.push({ model: models.Subscription, required: false });
+    order = [
+      [sequelize.literal(`COALESCE("Subscription"."lastChargedAt", "Order"."createdAt")`), args.orderBy.direction],
+    ];
+  } else {
+    order = [[args.orderBy.field, args.orderBy.direction]];
+  }
   const { offset, limit } = args;
   return {
     nodes: () => models.Order.findAll({ include, where, order, offset, limit }),
diff --git a/server/lib/payments.ts b/server/lib/payments.ts
index 65b28fa7225..17535cd3e39 100644
--- a/server/lib/payments.ts
+++ b/server/lib/payments.ts
@@ -777,11 +777,12 @@ export const sendEmailNotifications = (order: Order, transaction?: Transaction |
   }
 };
 
-export const createSubscription = async (order: Order): Promise<void> => {
+export const createSubscription = async (order: Order, data?: { lastChargedAt?: Date }): Promise<void> => {
   const subscription = await Subscription.create({
     amount: order.totalAmount,
     interval: order.interval,
     currency: order.currency,
+    lastChargedAt: data?.lastChargedAt,
   });
   // The order instance doesn't have the Subscription field
   // here because it was just created and no models were
@@ -863,7 +864,7 @@ export const executeOrder = async (
     // safe to create subscription after this.
 
     // The order will be updated to ACTIVE
-    order.interval && (await createSubscription(order));
+    order.interval && (await createSubscription(order, { lastChargedAt: order.processedAt }));
 
     // Register user as collective backer (don't do for internal transfers)
     // Or in the case of tickets register the user as an ATTENDEE
diff --git a/server/models/Subscription.ts b/server/models/Subscription.ts
index f055d64d2fa..8224220536b 100644
--- a/server/models/Subscription.ts
+++ b/server/models/Subscription.ts
@@ -24,6 +24,7 @@ class Subscription extends Model<InferAttributes<Subscription>, InferCreationAtt
   declare paypalSubscriptionId: string;
   declare isManagedExternally: boolean;
   declare activatedAt: Date;
+  declare lastChargedAt: Date;
   declare deactivatedAt: Date;
   declare createdAt: Date;
   declare updatedAt: Date;
@@ -84,6 +85,8 @@ Subscription.init(
 
     activatedAt: DataTypes.DATE,
 
+    lastChargedAt: DataTypes.DATE,
+
     deactivatedAt: DataTypes.DATE,
 
     createdAt: DataTypes.DATE,
diff --git a/server/paymentProviders/opencollective/collective.js b/server/paymentProviders/opencollective/collective.js
index be9cdbd078e..ce1835275e1 100644
--- a/server/paymentProviders/opencollective/collective.js
+++ b/server/paymentProviders/opencollective/collective.js
@@ -87,6 +87,7 @@ paymentMethodProvider.processOrder = async order => {
     hostFeeInHostCurrency,
     taxAmount: order.taxAmount,
     description: order.description,
+    clearedAt: new Date(),
     data: {
       hasPlatformTip: !!platformTip,
       isSharedRevenue,
@@ -97,7 +98,12 @@ paymentMethodProvider.processOrder = async order => {
     },
   };
 
-  return models.Transaction.createFromContributionPayload(transactionPayload);
+  const transaction = models.Transaction.createFromContributionPayload(transactionPayload);
+  if (order.SubscriptionId) {
+    const subscription = await models.Subscription.findByPk(order.SubscriptionId);
+    await subscription.update({ lastChargedAt: transaction.clearedAt });
+  }
+  return transaction;
 };
 
 /**
diff --git a/server/paymentProviders/opencollective/giftcard.js b/server/paymentProviders/opencollective/giftcard.js
index f624933c416..03283c3c85c 100644
--- a/server/paymentProviders/opencollective/giftcard.js
+++ b/server/paymentProviders/opencollective/giftcard.js
@@ -117,6 +117,10 @@ async function processOrder(order) {
     order.paymentMethod = sourcePaymentMethod;
     // gets the Credit transaction generated
     creditTransaction = await sourcePaymentMethodProvider.processOrder(order);
+    if (order.SubscriptionId) {
+      const subscription = await models.Subscription.findByPk(order.SubscriptionId);
+      await subscription.update({ lastChargedAt: creditTransaction.clearedAt });
+    }
   } finally {
     // undo modification of original order after processing the source payment method order
     await order.update({ PaymentMethodId: paymentMethod.id });
diff --git a/server/paymentProviders/opencollective/prepaid.js b/server/paymentProviders/opencollective/prepaid.js
index f1d830d3f65..053fe6adc0f 100644
--- a/server/paymentProviders/opencollective/prepaid.js
+++ b/server/paymentProviders/opencollective/prepaid.js
@@ -107,7 +107,7 @@ async function processOrder(order) {
   const hostFeeInHostCurrency = Math.round(hostFee * hostCurrencyFxRate);
 
   // Use the above payment method to donate to Collective
-  const transactions = await models.Transaction.createFromContributionPayload({
+  const transaction = await models.Transaction.createFromContributionPayload({
     CreatedByUserId: user.id,
     FromCollectiveId: order.FromCollectiveId,
     CollectiveId: order.CollectiveId,
@@ -123,6 +123,7 @@ async function processOrder(order) {
     paymentProcessorFeeInHostCurrency: 0,
     taxAmount: order.taxAmount,
     description: order.description,
+    clearedAt: new Date(),
     data: {
       hasPlatformTip: platformTip ? true : false,
       isSharedRevenue,
@@ -136,8 +137,12 @@ async function processOrder(order) {
 
   // Mark paymentMethod as confirmed
   order.paymentMethod.update({ confirmedAt: new Date() });
+  if (order.SubscriptionId) {
+    const subscription = await models.Subscription.findByPk(order.SubscriptionId);
+    await subscription.update({ lastChargedAt: transaction.clearedAt });
+  }
 
-  return transactions;
+  return transaction;
 }
 
 async function refundTransaction(transaction, user) {
diff --git a/server/paymentProviders/paypal/webhook.ts b/server/paymentProviders/paypal/webhook.ts
index 4e0766d9fa7..553f695897b 100644
--- a/server/paymentProviders/paypal/webhook.ts
+++ b/server/paymentProviders/paypal/webhook.ts
@@ -141,6 +141,7 @@ async function handleSaleCompleted(req: Request): Promise<void> {
       nextPeriodStart: nextChargeDate,
       isActive: true,
       activatedAt: order.Subscription.activatedAt || new Date(),
+      lastChargedAt: transaction.clearedAt || transaction.createdAt,
     });
   });
 
diff --git a/server/paymentProviders/stripe/creditcard.ts b/server/paymentProviders/stripe/creditcard.ts
index 7b601fa2f4c..e225eb09d0d 100644
--- a/server/paymentProviders/stripe/creditcard.ts
+++ b/server/paymentProviders/stripe/creditcard.ts
@@ -6,7 +6,7 @@ import logger from '../../lib/logger';
 import { getApplicationFee } from '../../lib/payments';
 import { reportErrorToSentry, reportMessageToSentry } from '../../lib/sentry';
 import stripe, { convertToStripeAmount } from '../../lib/stripe';
-import { Collective } from '../../models';
+import models, { Collective } from '../../models';
 import Order from '../../models/Order';
 import PaymentMethod from '../../models/PaymentMethod';
 import User from '../../models/User';
@@ -117,7 +117,12 @@ const createChargeAndTransactions = async (
   });
 
   const charge = paymentIntent.latest_charge || (paymentIntent as any).charges.data[0];
-  return createChargeTransactions(charge as Stripe.Charge, { order });
+  const transaction = await createChargeTransactions(charge as Stripe.Charge, { order });
+  if (order.SubscriptionId) {
+    const subscription = await models.Subscription.findByPk(order.SubscriptionId);
+    await subscription.update({ lastChargedAt: transaction.clearedAt });
+  }
+  return transaction;
 };
 
 export const setupCreditCard = async (
diff --git a/server/paymentProviders/stripe/webhook.ts b/server/paymentProviders/stripe/webhook.ts
index abb4d2e1617..bfb46164d94 100644
--- a/server/paymentProviders/stripe/webhook.ts
+++ b/server/paymentProviders/stripe/webhook.ts
@@ -212,7 +212,10 @@ export const paymentIntentSucceeded = async (event: Stripe.Event) => {
   // after successful first payment of a recurring subscription where the payment confirmation is async
   // and the subscription is managed by us.
   if (order.interval && !order.SubscriptionId) {
-    sideEffects.push(createSubscription(order));
+    sideEffects.push(createSubscription(order, { lastChargedAt: transaction.clearedAt || transaction.createdAt }));
+  } else if (order.SubscriptionId) {
+    const subscription = await models.Subscription.findByPk(order.SubscriptionId);
+    sideEffects.push(subscription.update({ lastChargedAt: transaction.clearedAt }));
   }
 
   sendEmailNotifications(order, transaction);

From 7e056b90e69c307005b8877da1f4e988c2d7a7e6 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Thu, 5 Dec 2024 10:25:35 +0100
Subject: [PATCH 109/129] feat(RootActions): anonymize account (#10518)

---
 server/graphql/v2/mutation/RootMutations.ts | 56 ++++++++++++++++++++-
 server/models/Collective.ts                 |  3 ++
 2 files changed, 58 insertions(+), 1 deletion(-)

diff --git a/server/graphql/v2/mutation/RootMutations.ts b/server/graphql/v2/mutation/RootMutations.ts
index 653f564b7b2..44d6396456e 100644
--- a/server/graphql/v2/mutation/RootMutations.ts
+++ b/server/graphql/v2/mutation/RootMutations.ts
@@ -1,6 +1,7 @@
 import express from 'express';
 import { GraphQLBoolean, GraphQLList, GraphQLNonNull, GraphQLObjectType, GraphQLString } from 'graphql';
-import { cloneDeep, isNil, omit, uniqBy } from 'lodash';
+import { cloneDeep, isNil, omit, pick, uniqBy } from 'lodash';
+import { v4 as uuid } from 'uuid';
 
 import { CollectiveType } from '../../../constants/collectives';
 import roles from '../../../constants/roles';
@@ -313,4 +314,57 @@ export default {
       return moveExpenses(req, expenses, destinationAccount);
     },
   },
+  rootAnonymizeAccount: {
+    type: new GraphQLNonNull(GraphQLAccount),
+    description: '[Root only] Anonymizes an account',
+    args: {
+      account: {
+        type: new GraphQLNonNull(GraphQLAccountReferenceInput),
+        description: 'Account to anonymize',
+      },
+    },
+    async resolve(_: void, args, req: express.Request): Promise<Collective> {
+      checkRemoteUserCanRoot(req);
+
+      // Always enforce 2FA for root actions
+      await twoFactorAuthLib.validateRequest(req, { requireTwoFactorAuthEnabled: true });
+
+      const stripFields = [
+        'slug',
+        'name',
+        'legalName',
+        'company',
+        'description',
+        'longDescription',
+        'twitterHandle',
+        'image',
+        'backgroundImage',
+        'website',
+        'tags',
+      ];
+      const account = await fetchAccountWithReference(args.account, { throwIfMissing: true });
+      return sequelize.transaction(async transaction => {
+        // Fetch the social links to make a backup, then destroy them
+        const socialLinks = await account.getSocialLinks({ transaction });
+        if (socialLinks.length) {
+          await models.SocialLink.destroy({ where: { CollectiveId: account.id }, transaction });
+        }
+
+        // Anonymize the account
+        return account.update(
+          {
+            ...stripFields.reduce((acc, field) => ({ ...acc, [field]: null }), {}),
+            slug: `account-${uuid().substr(0, 8)}`,
+            name: 'Anonymous',
+            data: {
+              ...account.data,
+              preAnonymizedValues: pick(account.dataValues, stripFields),
+              preAnonymizedSocialLinks: socialLinks.map(sl => sl.dataValues),
+            },
+          },
+          { transaction },
+        );
+      });
+    },
+  },
 };
diff --git a/server/models/Collective.ts b/server/models/Collective.ts
index 75317be4a04..1ae09bb23ae 100644
--- a/server/models/Collective.ts
+++ b/server/models/Collective.ts
@@ -331,6 +331,9 @@ class Collective extends Model<
   declare public adminMembers?: NonAttribute<Array<MemberModelInterface>>;
   declare public getAdminMembers: HasManyGetAssociationsMixin<MemberModelInterface>;
 
+  declare public socialLinks?: NonAttribute<Array<SocialLink>>;
+  declare public getSocialLinks: HasManyGetAssociationsMixin<SocialLink>;
+
   declare public legalDocuments?: NonAttribute<LegalDocument[]>;
   declare public RequiredLegalDocuments?: NonAttribute<RequiredLegalDocument[]>;
   declare public getLegalDocuments: HasManyGetAssociationsMixin<LegalDocument>;

From 606a64806a777051252a6318bc125aa94fe5a6cc Mon Sep 17 00:00:00 2001
From: Gustav Larsson <gustav.larsson@gmail.com>
Date: Thu, 5 Dec 2024 12:00:13 +0100
Subject: [PATCH 110/129] Feat: `activeContributors` resolver to get
 contributors for goals (#10517)

Co-authored-by: Benjamin Piouffle <benjamin@opencollective.com>
---
 server/graphql/schemaV2.graphql               | 164 ++++++++++++++++--
 .../v2/interface/AccountWithContributions.ts  |  94 +++++++++-
 2 files changed, 247 insertions(+), 11 deletions(-)

diff --git a/server/graphql/schemaV2.graphql b/server/graphql/schemaV2.graphql
index 474634fe9ae..438c019f091 100644
--- a/server/graphql/schemaV2.graphql
+++ b/server/graphql/schemaV2.graphql
@@ -3529,6 +3529,24 @@ type Host implements Account & AccountWithContributions {
     roles: [MemberRole]
   ): ContributorCollection!
 
+  """
+  [!] Warning: this query is currently in beta and the API might change
+  """
+  activeContributors(
+    """
+    The number of results to fetch (default 10, max 1000)
+    """
+    limit: Int! = 10
+
+    """
+    The offset to use to fetch
+    """
+    offset: Int! = 0
+    dateFrom: DateTime
+    dateTo: DateTime
+    includeActiveRecurringContributions: Boolean
+  ): AccountCollection!
+
   """
   How much platform fees are charged for this account
   """
@@ -4050,6 +4068,24 @@ interface AccountWithContributions {
     roles: [MemberRole]
   ): ContributorCollection!
 
+  """
+  [!] Warning: this query is currently in beta and the API might change
+  """
+  activeContributors(
+    """
+    The number of results to fetch (default 10, max 1000)
+    """
+    limit: Int! = 10
+
+    """
+    The offset to use to fetch
+    """
+    offset: Int! = 0
+    dateFrom: DateTime
+    dateTo: DateTime
+    includeActiveRecurringContributions: Boolean
+  ): AccountCollection!
+
   """
   How much platform fees are charged for this account
   """
@@ -4171,6 +4207,16 @@ type Contributor {
   publicMessage: String
 }
 
+"""
+A collection of "Accounts"
+"""
+type AccountCollection implements Collection {
+  offset: Int
+  limit: Int
+  totalCount: Int
+  nodes: [Account]
+}
+
 """
 A legal document (e.g. W9, W8BEN, W8BEN-E)
 """
@@ -4697,16 +4743,6 @@ type CommentCollection implements Collection {
   nodes: [Comment]
 }
 
-"""
-A collection of "Accounts"
-"""
-type AccountCollection implements Collection {
-  offset: Int
-  limit: Int
-  totalCount: Int
-  nodes: [Account]
-}
-
 type ConversationStats {
   id: String!
 
@@ -9546,6 +9582,24 @@ type Collective implements Account & AccountWithHost & AccountWithContributions
     roles: [MemberRole]
   ): ContributorCollection!
 
+  """
+  [!] Warning: this query is currently in beta and the API might change
+  """
+  activeContributors(
+    """
+    The number of results to fetch (default 10, max 1000)
+    """
+    limit: Int! = 10
+
+    """
+    The offset to use to fetch
+    """
+    offset: Int! = 0
+    dateFrom: DateTime
+    dateTo: DateTime
+    includeActiveRecurringContributions: Boolean
+  ): AccountCollection!
+
   """
   Returns true if a custom contribution to Open Collective can be submitted for contributions made to this account
   """
@@ -10934,6 +10988,24 @@ type Event implements Account & AccountWithHost & AccountWithContributions & Acc
     roles: [MemberRole]
   ): ContributorCollection!
 
+  """
+  [!] Warning: this query is currently in beta and the API might change
+  """
+  activeContributors(
+    """
+    The number of results to fetch (default 10, max 1000)
+    """
+    limit: Int! = 10
+
+    """
+    The offset to use to fetch
+    """
+    offset: Int! = 0
+    dateFrom: DateTime
+    dateTo: DateTime
+    includeActiveRecurringContributions: Boolean
+  ): AccountCollection!
+
   """
   Returns true if a custom contribution to Open Collective can be submitted for contributions made to this account
   """
@@ -13037,6 +13109,24 @@ type Organization implements Account & AccountWithContributions {
     roles: [MemberRole]
   ): ContributorCollection!
 
+  """
+  [!] Warning: this query is currently in beta and the API might change
+  """
+  activeContributors(
+    """
+    The number of results to fetch (default 10, max 1000)
+    """
+    limit: Int! = 10
+
+    """
+    The offset to use to fetch
+    """
+    offset: Int! = 0
+    dateFrom: DateTime
+    dateTo: DateTime
+    includeActiveRecurringContributions: Boolean
+  ): AccountCollection!
+
   """
   How much platform fees are charged for this account
   """
@@ -13991,6 +14081,24 @@ type Vendor implements Account & AccountWithContributions {
     roles: [MemberRole]
   ): ContributorCollection!
 
+  """
+  [!] Warning: this query is currently in beta and the API might change
+  """
+  activeContributors(
+    """
+    The number of results to fetch (default 10, max 1000)
+    """
+    limit: Int! = 10
+
+    """
+    The offset to use to fetch
+    """
+    offset: Int! = 0
+    dateFrom: DateTime
+    dateTo: DateTime
+    includeActiveRecurringContributions: Boolean
+  ): AccountCollection!
+
   """
   How much platform fees are charged for this account
   """
@@ -17638,6 +17746,24 @@ type Fund implements Account & AccountWithHost & AccountWithContributions {
     roles: [MemberRole]
   ): ContributorCollection!
 
+  """
+  [!] Warning: this query is currently in beta and the API might change
+  """
+  activeContributors(
+    """
+    The number of results to fetch (default 10, max 1000)
+    """
+    limit: Int! = 10
+
+    """
+    The offset to use to fetch
+    """
+    offset: Int! = 0
+    dateFrom: DateTime
+    dateTo: DateTime
+    includeActiveRecurringContributions: Boolean
+  ): AccountCollection!
+
   """
   Returns true if a custom contribution to Open Collective can be submitted for contributions made to this account
   """
@@ -18624,6 +18750,24 @@ type Project implements Account & AccountWithHost & AccountWithContributions & A
     roles: [MemberRole]
   ): ContributorCollection!
 
+  """
+  [!] Warning: this query is currently in beta and the API might change
+  """
+  activeContributors(
+    """
+    The number of results to fetch (default 10, max 1000)
+    """
+    limit: Int! = 10
+
+    """
+    The offset to use to fetch
+    """
+    offset: Int! = 0
+    dateFrom: DateTime
+    dateTo: DateTime
+    includeActiveRecurringContributions: Boolean
+  ): AccountCollection!
+
   """
   Returns true if a custom contribution to Open Collective can be submitted for contributions made to this account
   """
diff --git a/server/graphql/v2/interface/AccountWithContributions.ts b/server/graphql/v2/interface/AccountWithContributions.ts
index 5350c846cd9..fafd1a09d02 100644
--- a/server/graphql/v2/interface/AccountWithContributions.ts
+++ b/server/graphql/v2/interface/AccountWithContributions.ts
@@ -9,13 +9,15 @@ import {
   GraphQLNonNull,
   GraphQLString,
 } from 'graphql';
+import { GraphQLDateTime } from 'graphql-scalars';
 import { isNil, omit } from 'lodash';
 import { OrderItem } from 'sequelize';
 
 import PlatformConstants from '../../../constants/platform';
 import { filterContributors } from '../../../lib/contributors';
-import models, { Collective } from '../../../models';
+import models, { Collective, sequelize } from '../../../models';
 import { checkReceiveFinancialContributions } from '../../common/features';
+import { GraphQLAccountCollection } from '../collection/AccountCollection';
 import { GraphQLContributorCollection } from '../collection/ContributorCollection';
 import { GraphQLTierCollection } from '../collection/TierCollection';
 import { GraphQLAccountType, GraphQLMemberRole } from '../enum';
@@ -93,6 +95,96 @@ export const AccountWithContributionsFields = {
       };
     },
   },
+  activeContributors: {
+    type: new GraphQLNonNull(GraphQLAccountCollection),
+    description: '[!] Warning: this query is currently in beta and the API might change',
+    args: {
+      ...CollectionArgs,
+      dateFrom: { type: GraphQLDateTime },
+      dateTo: { type: GraphQLDateTime },
+      includeActiveRecurringContributions: { type: GraphQLBoolean },
+    },
+    async resolve(account, args) {
+      const collectiveIdsResult = await sequelize.query(
+        `WITH "CollectiveDonations" AS (
+            SELECT 
+              "Orders"."FromCollectiveId",
+              SUM("Transactions"."amountInHostCurrency") AS total_donated
+            FROM "Orders"
+            INNER JOIN "Transactions" ON "Transactions"."OrderId" = "Orders".id
+            WHERE "Orders"."CollectiveId" = :accountId
+             ${
+               args.includeActiveRecurringContributions
+                 ? `
+              AND (
+                ("Orders".status = 'ACTIVE' AND "Orders".interval IN ('month', 'year'))
+                OR ("Orders".status = 'PAID' AND "Orders"."createdAt" >= :dateFrom)
+              )`
+                 : ''
+             }
+         
+              AND "Transactions".type = 'CREDIT'
+              AND "Transactions"."CollectiveId" = :accountId
+              AND "Transactions"."FromCollectiveId" = "Orders"."FromCollectiveId"
+              AND "Transactions"."isRefund" = FALSE
+              AND "Transactions"."RefundTransactionId" IS NULL
+              AND "Transactions"."deletedAt" IS NULL
+              AND "Orders"."deletedAt" IS NULL
+              ${!args.includeActiveRecurringContributions && args.dateTo ? `AND "Transactions"."createdAt" <= :dateTo` : ''}
+              ${!args.includeActiveRecurringContributions && args.dateFrom ? `AND "Transactions"."createdAt" >= :dateFrom` : ''}
+            GROUP BY "Orders"."FromCollectiveId"
+          )
+          SELECT DISTINCT "Collectives".id, "Collectives".slug, "CollectiveDonations".total_donated
+          FROM "Collectives"
+          INNER JOIN "Members" m ON m."MemberCollectiveId" = "Collectives".id
+          INNER JOIN "CollectiveDonations" ON "Collectives".id = "CollectiveDonations"."FromCollectiveId"
+          WHERE m."CollectiveId" = :accountId 
+          AND m."MemberCollectiveId" != :accountId
+          AND m."deletedAt" IS NULL
+          AND m."role" = 'BACKER'
+          AND "Collectives"."deletedAt" IS NULL 
+          AND "CollectiveDonations".total_donated > 0
+          ORDER BY "CollectiveDonations".total_donated DESC;
+          `,
+        {
+          replacements: {
+            accountId: account.id,
+            dateFrom: args.dateFrom,
+            dateTo: args.dateTo,
+          },
+          type: sequelize.QueryTypes.SELECT,
+        },
+      );
+
+      const collectiveIds = collectiveIdsResult.map(result => result.id);
+
+      const collectives = await models.Collective.findAll({
+        where: {
+          id: collectiveIds,
+        },
+        order: collectiveIds.length
+          ? [
+              // To maintain the order of total donations
+              sequelize.literal(`
+          CASE id
+            ${collectiveIds.map((id, index) => `WHEN ${id} THEN ${index}`).join(' ')}
+            ELSE ${collectiveIds.length}
+          END
+        `),
+            ]
+          : undefined,
+        offset: args.offset,
+        limit: args.limit,
+      });
+
+      return {
+        totalCount: collectives.length,
+        nodes: collectives,
+        limit: args.limit,
+        offset: args.offset,
+      };
+    },
+  },
   platformFeePercent: {
     type: new GraphQLNonNull(GraphQLFloat),
     description: 'How much platform fees are charged for this account',

From 0532ec6220594a033b1f674a3518d84b85c17ea8 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Thu, 5 Dec 2024 13:45:09 +0100
Subject: [PATCH 111/129] fix(routes): increase maxCost limit for
 ExpenseFormSchema mutation (#10523)

---
 server/routes.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/routes.js b/server/routes.js
index 41a04673169..422383683e5 100644
--- a/server/routes.js
+++ b/server/routes.js
@@ -208,7 +208,7 @@ export default async app => {
       onReject: [logGraphQLComplexityRejection],
       ignoreIntrospection: true,
       propagateOnRejection: false,
-      maxCost: 25000, // Currently identified max: around 25000 on the "ExpenseFormSchema" mutation
+      maxCost: 100_000, // Currently identified max: around 64169 on the "ExpenseFormSchema" mutation
     },
     // Tokens are the number of fields in a query
     maxTokens: {

From 7e99cc8d4103b3a96d361eace4d553471d05814b Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Thu, 5 Dec 2024 14:05:27 +0100
Subject: [PATCH 112/129] fix(Search): minor enhancements & fixes (#10519)

---
 scripts/search.ts                             | 18 ++++
 .../ElasticSearchCollectivesAdapter.ts        | 17 ++--
 .../adapters/ElasticSearchCommentsAdapter.ts  | 32 +++++--
 .../adapters/ElasticSearchExpensesAdapter.ts  | 17 +++-
 .../ElasticSearchHostApplicationsAdapter.ts   | 17 +++-
 .../adapters/ElasticSearchModelAdapter.ts     | 12 +--
 .../adapters/ElasticSearchOrdersAdapter.ts    | 17 +++-
 .../adapters/ElasticSearchTiersAdapter.ts     | 17 +++-
 .../ElasticSearchTransactionsAdapter.ts       | 17 +++-
 .../adapters/ElasticSearchUpdatesAdapter.ts   | 17 +++-
 server/lib/elastic-search/sync.ts             | 87 ++++++++++++++++++-
 server/models/Comment.ts                      |  2 +
 server/models/index.ts                        |  2 +
 13 files changed, 228 insertions(+), 44 deletions(-)

diff --git a/scripts/search.ts b/scripts/search.ts
index ff316a479a2..ae8a0719676 100644
--- a/scripts/search.ts
+++ b/scripts/search.ts
@@ -10,6 +10,7 @@ import {
   createElasticSearchIndex,
   deleteElasticSearchIndex,
   getAvailableElasticSearchIndexes,
+  restoreUndeletedEntries,
   syncElasticSearchIndex,
 } from '../server/lib/elastic-search/sync';
 import logger from '../server/lib/logger';
@@ -107,6 +108,23 @@ program
     }
   });
 
+// Restore undeleted entries
+program
+  .command('restore')
+  .description('Restore undeleted entries')
+  .argument('[indexes...]', 'Only sync specific indexes')
+  .action(async indexesInput => {
+    checkElasticSearchAvailable();
+
+    const indexes = parseIndexesFromInput(indexesInput);
+    for (const indexName of indexes) {
+      logger.info(`Restoring undeleted entries for index ${indexName}`);
+      await restoreUndeletedEntries(indexName as ElasticSearchIndexName, { log: true });
+    }
+
+    logger.info('Restore completed!');
+  });
+
 // Sync command
 program
   .command('sync')
diff --git a/server/lib/elastic-search/adapters/ElasticSearchCollectivesAdapter.ts b/server/lib/elastic-search/adapters/ElasticSearchCollectivesAdapter.ts
index 6848670f82b..ae4e2f4ce98 100644
--- a/server/lib/elastic-search/adapters/ElasticSearchCollectivesAdapter.ts
+++ b/server/lib/elastic-search/adapters/ElasticSearchCollectivesAdapter.ts
@@ -31,19 +31,24 @@ export class ElasticSearchCollectivesAdapter implements ElasticSearchModelAdapte
   } as const;
 
   public async findEntriesToIndex(
-    offset: number,
-    limit: number,
-    options: { fromDate: Date; firstReturnedId: number },
+    options: {
+      offset?: number;
+      limit?: number;
+      fromDate?: Date;
+      maxId?: number;
+      ids?: number[];
+    } = {},
   ): Promise<Array<InstanceType<typeof models.Collective>>> {
     return models.Collective.findAll({
       attributes: Object.keys(this.mappings.properties),
       order: [['id', 'DESC']],
-      limit,
-      offset,
+      limit: options.limit,
+      offset: options.offset,
       raw: true,
       where: {
         ...(options.fromDate ? { updatedAt: options.fromDate } : null),
-        ...(options.firstReturnedId ? { id: { [Op.lte]: options.firstReturnedId } } : null),
+        ...(options.maxId ? { id: { [Op.lte]: options.maxId } } : null),
+        ...(options.ids?.length ? { id: { [Op.in]: options.ids } } : null),
       },
     });
   }
diff --git a/server/lib/elastic-search/adapters/ElasticSearchCommentsAdapter.ts b/server/lib/elastic-search/adapters/ElasticSearchCommentsAdapter.ts
index e064fe99cfa..7848270d7d0 100644
--- a/server/lib/elastic-search/adapters/ElasticSearchCommentsAdapter.ts
+++ b/server/lib/elastic-search/adapters/ElasticSearchCommentsAdapter.ts
@@ -29,15 +29,24 @@ export class ElasticSearchCommentsAdapter implements ElasticSearchModelAdapter {
     },
   } as const;
 
-  public findEntriesToIndex(offset: number, limit: number, options: { fromDate: Date; firstReturnedId: number }) {
+  public findEntriesToIndex(
+    options: {
+      offset?: number;
+      limit?: number;
+      fromDate?: Date;
+      maxId?: number;
+      ids?: number[];
+    } = {},
+  ) {
     return models.Comment.findAll({
       attributes: omit(Object.keys(this.mappings.properties), ['HostCollectiveId', 'ParentCollectiveId']),
       order: [['id', 'DESC']],
-      offset,
-      limit,
+      limit: options.limit,
+      offset: options.offset,
       where: {
         ...(options.fromDate ? { updatedAt: options.fromDate } : null),
-        ...(options.firstReturnedId ? { id: { [Op.lte]: options.firstReturnedId } } : null),
+        ...(options.maxId ? { id: { [Op.lte]: options.maxId } } : null),
+        ...(options.ids?.length ? { id: { [Op.in]: options.ids } } : null),
       },
       include: [
         {
@@ -45,6 +54,16 @@ export class ElasticSearchCommentsAdapter implements ElasticSearchModelAdapter {
           required: true,
           attributes: ['HostCollectiveId', 'ParentCollectiveId'],
         },
+        {
+          association: 'expense',
+          required: false,
+          attributes: ['HostCollectiveId'],
+        },
+        {
+          association: 'hostApplication',
+          required: false,
+          attributes: ['HostCollectiveId'],
+        },
       ],
     });
   }
@@ -61,8 +80,11 @@ export class ElasticSearchCommentsAdapter implements ElasticSearchModelAdapter {
       CollectiveId: instance.CollectiveId,
       FromCollectiveId: instance.FromCollectiveId,
       CreatedByUserId: instance.CreatedByUserId,
-      HostCollectiveId: instance.collective.HostCollectiveId,
       ParentCollectiveId: instance.collective.ParentCollectiveId,
+      HostCollectiveId:
+        instance.expense?.HostCollectiveId ??
+        instance.hostApplication?.HostCollectiveId ??
+        instance.collective.HostCollectiveId,
     };
   }
 
diff --git a/server/lib/elastic-search/adapters/ElasticSearchExpensesAdapter.ts b/server/lib/elastic-search/adapters/ElasticSearchExpensesAdapter.ts
index 3bdf253e391..5f041e7a013 100644
--- a/server/lib/elastic-search/adapters/ElasticSearchExpensesAdapter.ts
+++ b/server/lib/elastic-search/adapters/ElasticSearchExpensesAdapter.ts
@@ -33,15 +33,24 @@ export class ElasticSearchExpensesAdapter implements ElasticSearchModelAdapter {
     },
   } as const;
 
-  public findEntriesToIndex(offset: number, limit: number, options: { fromDate: Date; firstReturnedId: number }) {
+  public findEntriesToIndex(
+    options: {
+      offset?: number;
+      limit?: number;
+      fromDate?: Date;
+      maxId?: number;
+      ids?: number[];
+    } = {},
+  ) {
     return models.Expense.findAll({
       attributes: omit(Object.keys(this.mappings.properties), ['ParentCollectiveId']),
       order: [['id', 'DESC']],
-      offset,
-      limit,
+      limit: options.limit,
+      offset: options.offset,
       where: {
         ...(options.fromDate ? { updatedAt: options.fromDate } : null),
-        ...(options.firstReturnedId ? { id: { [Op.lte]: options.firstReturnedId } } : null),
+        ...(options.maxId ? { id: { [Op.lte]: options.maxId } } : null),
+        ...(options.ids?.length ? { id: { [Op.in]: options.ids } } : null),
       },
       include: [
         {
diff --git a/server/lib/elastic-search/adapters/ElasticSearchHostApplicationsAdapter.ts b/server/lib/elastic-search/adapters/ElasticSearchHostApplicationsAdapter.ts
index 3a4cce91471..a6430de094d 100644
--- a/server/lib/elastic-search/adapters/ElasticSearchHostApplicationsAdapter.ts
+++ b/server/lib/elastic-search/adapters/ElasticSearchHostApplicationsAdapter.ts
@@ -24,15 +24,24 @@ export class ElasticSearchHostApplicationsAdapter implements ElasticSearchModelA
     },
   } as const;
 
-  public findEntriesToIndex(offset: number, limit: number, options: { fromDate: Date; firstReturnedId: number }) {
+  public findEntriesToIndex(
+    options: {
+      offset?: number;
+      limit?: number;
+      fromDate?: Date;
+      maxId?: number;
+      ids?: number[];
+    } = {},
+  ) {
     return models.HostApplication.findAll({
       attributes: omit(Object.keys(this.mappings.properties), ['ParentCollectiveId']),
       order: [['id', 'DESC']],
-      offset,
-      limit,
+      limit: options.limit,
+      offset: options.offset,
       where: {
         ...(options.fromDate ? { updatedAt: options.fromDate } : null),
-        ...(options.firstReturnedId ? { id: { [Op.lte]: options.firstReturnedId } } : null),
+        ...(options.maxId ? { id: { [Op.lte]: options.maxId } } : null),
+        ...(options.ids?.length ? { id: { [Op.in]: options.ids } } : null),
       },
       include: [
         {
diff --git a/server/lib/elastic-search/adapters/ElasticSearchModelAdapter.ts b/server/lib/elastic-search/adapters/ElasticSearchModelAdapter.ts
index 60505cc8195..8f27874de5d 100644
--- a/server/lib/elastic-search/adapters/ElasticSearchModelAdapter.ts
+++ b/server/lib/elastic-search/adapters/ElasticSearchModelAdapter.ts
@@ -19,11 +19,13 @@ export interface ElasticSearchModelAdapter {
   readonly settings?: IndicesIndexSettings;
 
   /** Returns the attributes that `mapModelInstanceToDocument` needs to build the document */
-  findEntriesToIndex(
-    offset: number,
-    limit: number,
-    options: { fromDate: Date; firstReturnedId: number },
-  ): Promise<Array<InstanceType<ModelType>>>;
+  findEntriesToIndex(options?: {
+    offset?: number;
+    limit?: number;
+    fromDate?: Date;
+    maxId?: number;
+    ids?: number[];
+  }): Promise<Array<InstanceType<ModelType>>>;
 
   /** Maps a model instance to an ElasticSearch document */
   mapModelInstanceToDocument(
diff --git a/server/lib/elastic-search/adapters/ElasticSearchOrdersAdapter.ts b/server/lib/elastic-search/adapters/ElasticSearchOrdersAdapter.ts
index dfd6cd90105..3c5399c1a8e 100644
--- a/server/lib/elastic-search/adapters/ElasticSearchOrdersAdapter.ts
+++ b/server/lib/elastic-search/adapters/ElasticSearchOrdersAdapter.ts
@@ -24,15 +24,24 @@ export class ElasticSearchOrdersAdapter implements ElasticSearchModelAdapter {
     },
   } as const;
 
-  public findEntriesToIndex(offset: number, limit: number, options: { fromDate: Date; firstReturnedId: number }) {
+  public findEntriesToIndex(
+    options: {
+      offset?: number;
+      limit?: number;
+      fromDate?: Date;
+      maxId?: number;
+      ids?: number[];
+    } = {},
+  ) {
     return models.Order.findAll({
       attributes: omit(Object.keys(this.mappings.properties), ['HostCollectiveId', 'ParentCollectiveId']),
       order: [['id', 'DESC']],
-      offset,
-      limit,
+      limit: options.limit,
+      offset: options.offset,
       where: {
         ...(options.fromDate ? { updatedAt: options.fromDate } : null),
-        ...(options.firstReturnedId ? { id: { [Op.lte]: options.firstReturnedId } } : null),
+        ...(options.maxId ? { id: { [Op.lte]: options.maxId } } : null),
+        ...(options.ids?.length ? { id: { [Op.in]: options.ids } } : null),
       },
       include: [
         {
diff --git a/server/lib/elastic-search/adapters/ElasticSearchTiersAdapter.ts b/server/lib/elastic-search/adapters/ElasticSearchTiersAdapter.ts
index aa3fb605e6e..d96509c5b26 100644
--- a/server/lib/elastic-search/adapters/ElasticSearchTiersAdapter.ts
+++ b/server/lib/elastic-search/adapters/ElasticSearchTiersAdapter.ts
@@ -28,15 +28,24 @@ export class ElasticSearchTiersAdapter implements ElasticSearchModelAdapter {
     },
   } as const;
 
-  public findEntriesToIndex(offset: number, limit: number, options: { fromDate: Date; firstReturnedId: number }) {
+  public findEntriesToIndex(
+    options: {
+      offset?: number;
+      limit?: number;
+      fromDate?: Date;
+      maxId?: number;
+      ids?: number[];
+    } = {},
+  ) {
     return models.Tier.findAll({
       attributes: omit(Object.keys(this.mappings.properties), ['HostCollectiveId', 'ParentCollectiveId']),
       order: [['id', 'DESC']],
-      offset,
-      limit,
+      limit: options.limit,
+      offset: options.offset,
       where: {
         ...(options.fromDate ? { updatedAt: options.fromDate } : null),
-        ...(options.firstReturnedId ? { id: { [Op.lte]: options.firstReturnedId } } : null),
+        ...(options.maxId ? { id: { [Op.lte]: options.maxId } } : null),
+        ...(options.ids?.length ? { id: { [Op.in]: options.ids } } : null),
       },
       include: [
         {
diff --git a/server/lib/elastic-search/adapters/ElasticSearchTransactionsAdapter.ts b/server/lib/elastic-search/adapters/ElasticSearchTransactionsAdapter.ts
index d411eea5c93..1c8fef34f5f 100644
--- a/server/lib/elastic-search/adapters/ElasticSearchTransactionsAdapter.ts
+++ b/server/lib/elastic-search/adapters/ElasticSearchTransactionsAdapter.ts
@@ -28,15 +28,24 @@ export class ElasticSearchTransactionsAdapter implements ElasticSearchModelAdapt
     },
   } as const;
 
-  public findEntriesToIndex(offset: number, limit: number, options: { fromDate: Date; firstReturnedId: number }) {
+  public findEntriesToIndex(
+    options: {
+      offset?: number;
+      limit?: number;
+      fromDate?: Date;
+      maxId?: number;
+      ids?: number[];
+    } = {},
+  ) {
     return models.Transaction.findAll({
       attributes: omit(Object.keys(this.mappings.properties), ['merchantId']),
       order: [['id', 'DESC']],
-      offset,
-      limit,
+      limit: options.limit,
+      offset: options.offset,
       where: {
         ...(options.fromDate ? { updatedAt: options.fromDate } : null),
-        ...(options.firstReturnedId ? { id: { [Op.lte]: options.firstReturnedId } } : null),
+        ...(options.maxId ? { id: { [Op.lte]: options.maxId } } : null),
+        ...(options.ids?.length ? { id: { [Op.in]: options.ids } } : null),
       },
     });
   }
diff --git a/server/lib/elastic-search/adapters/ElasticSearchUpdatesAdapter.ts b/server/lib/elastic-search/adapters/ElasticSearchUpdatesAdapter.ts
index 8222f101314..3d56ef81b57 100644
--- a/server/lib/elastic-search/adapters/ElasticSearchUpdatesAdapter.ts
+++ b/server/lib/elastic-search/adapters/ElasticSearchUpdatesAdapter.ts
@@ -29,15 +29,24 @@ export class ElasticSearchUpdatesAdapter implements ElasticSearchModelAdapter {
     },
   } as const;
 
-  public findEntriesToIndex(offset: number, limit: number, options: { fromDate: Date; firstReturnedId: number }) {
+  public findEntriesToIndex(
+    options: {
+      offset?: number;
+      limit?: number;
+      fromDate?: Date;
+      maxId?: number;
+      ids?: number[];
+    } = {},
+  ) {
     return models.Update.findAll({
       attributes: omit(Object.keys(this.mappings.properties), ['HostCollectiveId', 'ParentCollectiveId']),
       order: [['id', 'DESC']],
-      offset,
-      limit,
+      limit: options.limit,
+      offset: options.offset,
       where: {
         ...(options.fromDate ? { updatedAt: options.fromDate } : null),
-        ...(options.firstReturnedId ? { id: { [Op.lte]: options.firstReturnedId } } : null),
+        ...(options.maxId ? { id: { [Op.lte]: options.maxId } } : null),
+        ...(options.ids?.length ? { id: { [Op.in]: options.ids } } : null),
       },
       include: [
         {
diff --git a/server/lib/elastic-search/sync.ts b/server/lib/elastic-search/sync.ts
index c668ea348df..7cd5f07ef32 100644
--- a/server/lib/elastic-search/sync.ts
+++ b/server/lib/elastic-search/sync.ts
@@ -2,6 +2,8 @@
  * Functions to sync data between the database and elastic search
  */
 
+import { chunk } from 'lodash';
+
 import { Op } from '../../models';
 import logger from '../logger';
 
@@ -35,6 +37,7 @@ async function removeDeletedEntries(indexName: ElasticSearchIndexName, fromDate:
       raw: true,
       limit: pageSize,
       offset,
+      paranoid: false,
     });
 
     if (deletedEntries.length === 0) {
@@ -48,6 +51,81 @@ async function removeDeletedEntries(indexName: ElasticSearchIndexName, fromDate:
   } while (deletedEntries.length === pageSize);
 }
 
+export async function restoreUndeletedEntries(indexName: ElasticSearchIndexName, { log = false } = {}) {
+  const client = getElasticSearchClient({ throwIfUnavailable: true });
+  const adapter = ElasticSearchModelsAdapters[indexName];
+
+  if (log) {
+    logger.info(`Fetching IDs of all undeleted entries in index ${indexName}...`);
+  }
+
+  /* eslint-disable camelcase */
+  let scrollSearch = await client.search({
+    index: indexName,
+    body: { _source: false },
+    filter_path: ['hits.hits._id', '_scroll_id'],
+    size: 10_000, // Max value allowed by ES
+    scroll: '1m', // Keep the search context alive for 1 minute
+  });
+
+  let allIds = scrollSearch.hits.hits.map(hit => hit._id);
+  const scrollId = scrollSearch._scroll_id;
+
+  // Continue scrolling through results
+  while (scrollSearch.hits.hits.length > 0) {
+    scrollSearch = await client.scroll({ scroll_id: scrollId, scroll: '1m' });
+    allIds = allIds.concat(scrollSearch.hits.hits.map(hit => hit._id));
+    logger.info(`Fetched ${allIds.length} IDs...`);
+  }
+
+  // Clear the scroll when done
+  await client.clearScroll({ scroll_id: scrollId });
+  /* eslint-enable camelcase */
+
+  // Search for entries that are not marked as deleted in the database
+  const undeletedEntries = (await adapter.model.findAll({
+    attributes: ['id'],
+    where: { id: { [Op.not]: allIds } },
+    raw: true,
+  })) as unknown as Array<{ id: number }>;
+
+  if (!undeletedEntries.length) {
+    if (log) {
+      logger.info('No undeleted entries found');
+    }
+    return;
+  } else if (log) {
+    logger.info(`Restoring ${undeletedEntries.length} undeleted entries...`);
+  }
+
+  // Restore undeleted entries
+  const undeletedIds = undeletedEntries.map(entry => entry.id);
+  const limit = 5_000;
+  let modelEntries = [];
+  let maxId = undefined;
+  let offset = 0;
+
+  for (const ids of chunk(undeletedIds, limit)) {
+    modelEntries = await adapter.findEntriesToIndex({ offset, limit, ids });
+    if (modelEntries.length === 0) {
+      return;
+    } else if (!maxId) {
+      maxId = modelEntries[0].id;
+    }
+
+    // Send data to ElasticSearch
+    await client.bulk({
+      index: indexName,
+      body: modelEntries.flatMap(entry => [{ index: { _id: entry.id } }, adapter.mapModelInstanceToDocument(entry)]),
+    });
+
+    offset += limit;
+    if (log) {
+      logger.info(`... ${offset} entries synced`);
+    }
+  }
+}
+
 export async function syncElasticSearchIndex(
   indexName: ElasticSearchIndexName,
   options: { fromDate?: Date; log?: boolean } = {},
@@ -61,6 +139,7 @@ export async function syncElasticSearchIndex(
   // If there's a fromDate, it means we are doing a simple sync (not a full resync) and therefore need to look at deleted entries
   if (fromDate) {
     await removeDeletedEntries(indexName, fromDate);
+    await restoreUndeletedEntries(indexName);
   }
 
   // Sync new/edited entries
@@ -68,14 +147,14 @@ export async function syncElasticSearchIndex(
   const adapter = ElasticSearchModelsAdapters[indexName];
   const limit = 5000;
   let modelEntries = [];
-  let firstReturnedId = undefined;
+  let maxId = undefined;
   let offset = 0;
   do {
-    modelEntries = await adapter.findEntriesToIndex(offset, limit, { fromDate, firstReturnedId });
+    modelEntries = await adapter.findEntriesToIndex({ offset, limit, fromDate, maxId });
     if (modelEntries.length === 0) {
       return;
-    } else if (!firstReturnedId) {
-      firstReturnedId = modelEntries[0].id;
+    } else if (!maxId) {
+      maxId = modelEntries[0].id;
     }
 
     // Send data to ElasticSearch
diff --git a/server/models/Comment.ts b/server/models/Comment.ts
index f55633122ed..9a528690700 100644
--- a/server/models/Comment.ts
+++ b/server/models/Comment.ts
@@ -41,6 +41,8 @@ class Comment extends Model<InferAttributes<Comment>, InferCreationAttributes<Co
 
   declare public fromCollective?: NonAttribute<Collective>;
   declare public collective?: NonAttribute<Collective>;
+  declare public expense?: NonAttribute<Expense>;
+  declare public hostApplication?: NonAttribute<HostApplication>;
 
   // Returns the User model of the User that created this Update
   getUser = function () {
diff --git a/server/models/index.ts b/server/models/index.ts
index dac528ce15d..8e2846ccb78 100644
--- a/server/models/index.ts
+++ b/server/models/index.ts
@@ -165,6 +165,8 @@ Comment.belongsTo(Collective, { foreignKey: 'FromCollectiveId', as: 'fromCollect
 Comment.belongsTo(Expense, { foreignKey: 'ExpenseId', as: 'expense' });
 Comment.belongsTo(HostApplication, { foreignKey: 'HostApplicationId', as: 'hostApplication' });
 Comment.belongsTo(Update, { foreignKey: 'UpdateId', as: 'update' });
+Comment.belongsTo(Order, { foreignKey: 'OrderId', as: 'order' });
+Comment.belongsTo(Conversation, { foreignKey: 'ConversationId', as: 'conversation' });
 Comment.belongsTo(User, { foreignKey: 'CreatedByUserId', as: 'user' });
 
 // ConnectedAccount

From 822433863368be1e0240beaf694432360b472a6d Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Thu, 5 Dec 2024 16:27:26 +0100
Subject: [PATCH 113/129] fix(Collectives): misc fixes on archive (#10525)

---
 server/graphql/v1/mutations/collectives.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/graphql/v1/mutations/collectives.js b/server/graphql/v1/mutations/collectives.js
index 325e0f132ea..d1034512b27 100644
--- a/server/graphql/v1/mutations/collectives.js
+++ b/server/graphql/v1/mutations/collectives.js
@@ -630,11 +630,11 @@ export async function unarchiveCollective(_, args, req) {
 
   if (collective.type === CollectiveType.EVENT || collective.type === CollectiveType.PROJECT) {
     const parentCollective = await req.loaders.Collective.byId.load(collective.ParentCollectiveId);
-    const updatedCollective = collective.update({
+    const updatedCollective = await collective.update({
       deactivatedAt: null,
       isActive: parentCollective.isActive,
       HostCollectiveId: parentCollective.HostCollectiveId,
-      approvedAt: collective.approvedAt || Date.now(),
+      approvedAt: collective.approvedAt,
     });
 
     // purge cache for parent to make sure the card gets updated on the collective page

From 09f33e00a155aa28ee0ff782df2889b983a3ac74 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Thu, 5 Dec 2024 16:27:34 +0100
Subject: [PATCH 114/129] feat(Search): add max score to resolvers (#10524)

---
 server/graphql/schemaV2.graphql               | 155 +++++++++++++++++-
 server/lib/elastic-search/graphql-search.ts   |  10 +-
 .../graphql/v2/query/SearchQuery.test.ts      |  32 +++-
 3 files changed, 187 insertions(+), 10 deletions(-)

diff --git a/server/graphql/schemaV2.graphql b/server/graphql/schemaV2.graphql
index 438c019f091..36ab86998df 100644
--- a/server/graphql/schemaV2.graphql
+++ b/server/graphql/schemaV2.graphql
@@ -593,6 +593,16 @@ interface Account {
     """
     expectedDateTo: DateTime
 
+    """
+    Return orders that were charged after this date
+    """
+    chargedDateFrom: DateTime
+
+    """
+    Return orders that were charged before this date
+    """
+    chargedDateTo: DateTime
+
     """
     The term to search
     """
@@ -1823,6 +1833,11 @@ enum DateTimeField {
   Transactions only: The date when a transaction was cleared by the payment processor
   """
   EFFECTIVE_DATE
+
+  """
+  Orders only: The date when an order was last charged, defaults to createdAt if never charged
+  """
+  LAST_CHARGED_AT
 }
 
 """
@@ -1952,6 +1967,7 @@ type Order {
   status: OrderStatus
   frequency: ContributionFrequency
   nextChargeDate: DateTime
+  lastChargedAt: DateTime
   tier: Tier
   fromAccount: Account
   toAccount: Account
@@ -3087,6 +3103,16 @@ type Host implements Account & AccountWithContributions {
     """
     expectedDateTo: DateTime
 
+    """
+    Return orders that were charged after this date
+    """
+    chargedDateFrom: DateTime
+
+    """
+    Return orders that were charged before this date
+    """
+    chargedDateTo: DateTime
+
     """
     The term to search
     """
@@ -4360,6 +4386,7 @@ Possible fields you can use to order by
 """
 enum OrderByFieldType {
   CREATED_AT
+  LAST_CHARGED_AT
 
   """
   The financial activity of the collective (number of transactions)
@@ -4936,6 +4963,16 @@ type PaymentMethod {
     """
     expectedDateTo: DateTime
 
+    """
+    Return orders that were charged after this date
+    """
+    chargedDateFrom: DateTime
+
+    """
+    Return orders that were charged before this date
+    """
+    chargedDateTo: DateTime
+
     """
     The term to search
     """
@@ -8217,6 +8254,16 @@ type Bot implements Account {
     """
     expectedDateTo: DateTime
 
+    """
+    Return orders that were charged after this date
+    """
+    chargedDateFrom: DateTime
+
+    """
+    Return orders that were charged before this date
+    """
+    chargedDateTo: DateTime
+
     """
     The term to search
     """
@@ -9074,6 +9121,16 @@ type Collective implements Account & AccountWithHost & AccountWithContributions
     """
     expectedDateTo: DateTime
 
+    """
+    Return orders that were charged after this date
+    """
+    chargedDateFrom: DateTime
+
+    """
+    Return orders that were charged before this date
+    """
+    chargedDateTo: DateTime
+
     """
     The term to search
     """
@@ -10480,6 +10537,16 @@ type Event implements Account & AccountWithHost & AccountWithContributions & Acc
     """
     expectedDateTo: DateTime
 
+    """
+    Return orders that were charged after this date
+    """
+    chargedDateFrom: DateTime
+
+    """
+    Return orders that were charged before this date
+    """
+    chargedDateTo: DateTime
+
     """
     The term to search
     """
@@ -11606,6 +11673,16 @@ type Individual implements Account {
     """
     expectedDateTo: DateTime
 
+    """
+    Return orders that were charged after this date
+    """
+    chargedDateFrom: DateTime
+
+    """
+    Return orders that were charged before this date
+    """
+    chargedDateTo: DateTime
+
     """
     The term to search
     """
@@ -12669,6 +12746,16 @@ type Organization implements Account & AccountWithContributions {
     """
     expectedDateTo: DateTime
 
+    """
+    Return orders that were charged after this date
+    """
+    chargedDateFrom: DateTime
+
+    """
+    Return orders that were charged before this date
+    """
+    chargedDateTo: DateTime
+
     """
     The term to search
     """
@@ -13639,6 +13726,16 @@ type Vendor implements Account & AccountWithContributions {
     """
     expectedDateTo: DateTime
 
+    """
+    Return orders that were charged after this date
+    """
+    chargedDateFrom: DateTime
+
+    """
+    Return orders that were charged before this date
+    """
+    chargedDateTo: DateTime
+
     """
     The term to search
     """
@@ -14852,6 +14949,16 @@ type Query {
     """
     expectedDateTo: DateTime
 
+    """
+    Return orders that were charged after this date
+    """
+    chargedDateFrom: DateTime
+
+    """
+    Return orders that were charged before this date
+    """
+    chargedDateTo: DateTime
+
     """
     The term to search
     """
@@ -17238,6 +17345,16 @@ type Fund implements Account & AccountWithHost & AccountWithContributions {
     """
     expectedDateTo: DateTime
 
+    """
+    Return orders that were charged after this date
+    """
+    chargedDateFrom: DateTime
+
+    """
+    Return orders that were charged before this date
+    """
+    chargedDateTo: DateTime
+
     """
     The term to search
     """
@@ -18242,6 +18359,16 @@ type Project implements Account & AccountWithHost & AccountWithContributions & A
     """
     expectedDateTo: DateTime
 
+    """
+    Return orders that were charged after this date
+    """
+    chargedDateFrom: DateTime
+
+    """
+    Return orders that were charged before this date
+    """
+    chargedDateTo: DateTime
+
     """
     The term to search
     """
@@ -18860,41 +18987,49 @@ type SearchResults {
 type SearchResultsAccounts {
   collection: AccountCollection!
   highlights: JSONObject
+  maxScore: Float!
 }
 
 type SearchResultsComments {
   collection: CommentCollection!
   highlights: JSONObject
+  maxScore: Float!
 }
 
 type SearchResultsExpenses {
   collection: ExpenseCollection!
   highlights: JSONObject
+  maxScore: Float!
 }
 
 type SearchResultsHostApplications {
   collection: HostApplicationCollection!
   highlights: JSONObject
+  maxScore: Float!
 }
 
 type SearchResultsOrders {
   collection: OrderCollection!
   highlights: JSONObject
+  maxScore: Float!
 }
 
 type SearchResultsTiers {
   collection: TierCollection!
   highlights: JSONObject
+  maxScore: Float!
 }
 
 type SearchResultsTransactions {
   collection: TransactionCollection!
   highlights: JSONObject
+  maxScore: Float!
 }
 
 type SearchResultsUpdates {
   collection: UpdateCollection!
   highlights: JSONObject
+  maxScore: Float!
 }
 
 input TierReferenceInput {
@@ -18978,11 +19113,6 @@ type Mutation {
     """
     user: IndividualCreateInput
 
-    """
-    Whether to trigger the automated approval for Open Source collectives with GitHub.
-    """
-    automateApprovalWithGithub: Boolean = false @deprecated(reason: "2022-10-12: This is now automated")
-
     """
     A message to attach for the host to review the application
     """
@@ -19007,6 +19137,11 @@ type Mutation {
     List of members to invite on Collective creation.
     """
     inviteMembers: [InviteMemberInput]
+
+    """
+    Marks the collective as approved directly. Only available in test/CI environments.
+    """
+    skipApprovalTestOnly: Boolean = false
   ): Collective
 
   """
@@ -20441,6 +20576,16 @@ type Mutation {
     destinationAccount: AccountReferenceInput!
   ): [Expense]!
 
+  """
+  [Root only] Anonymizes an account
+  """
+  rootAnonymizeAccount(
+    """
+    Account to anonymize
+    """
+    account: AccountReferenceInput!
+  ): Account!
+
   """
   Refunds a transaction. Scope: "transactions".
   """
diff --git a/server/lib/elastic-search/graphql-search.ts b/server/lib/elastic-search/graphql-search.ts
index 4c6ca517364..3c29ac59e6e 100644
--- a/server/lib/elastic-search/graphql-search.ts
+++ b/server/lib/elastic-search/graphql-search.ts
@@ -6,6 +6,7 @@ import DataLoader from 'dataloader';
 import {
   GraphQLBoolean,
   GraphQLFieldConfigArgumentMap,
+  GraphQLFloat,
   GraphQLList,
   GraphQLNonNull,
   GraphQLObjectType,
@@ -128,6 +129,7 @@ const buildSearchResultsType = (index: ElasticSearchIndexName, name: string, col
       fields: {
         collection: { type: new GraphQLNonNull(collectionType) },
         highlights: { type: GraphQLJSONObject },
+        maxScore: { type: new GraphQLNonNull(GraphQLFloat) },
       },
     }),
     resolve: async (baseSearchParams: GraphQLSearchParams, args, req) => {
@@ -136,10 +138,15 @@ const buildSearchResultsType = (index: ElasticSearchIndexName, name: string, col
       const results = (await req.loaders.search.load(fullSearchParams)) as SearchResultBucket;
 
       if (!results || results['doc_count'] === 0) {
-        return { collection: { totalCount: 0, offset: 0, limit: baseSearchParams.limit, nodes: () => [] } };
+        return {
+          maxScore: 0,
+          collection: { totalCount: 0, offset: 0, limit: baseSearchParams.limit, nodes: () => [] },
+          highlights: {},
+        };
       }
 
       const hits = results['top_hits_by_index']['hits']['hits'];
+      const maxScore = results['top_hits_by_index']['hits']['max_score'] ?? 0;
       const getSQLIdFromHit = hit => hit['_source']['id'];
       const hitsGroupedBySQLId = groupBy(hits, getSQLIdFromHit);
       const hitsGroupedByGraphQLKey = mapKeys(hitsGroupedBySQLId, result =>
@@ -148,6 +155,7 @@ const buildSearchResultsType = (index: ElasticSearchIndexName, name: string, col
       const highlights = mapValues(hitsGroupedByGraphQLKey, hits => hits[0]['highlight']);
 
       return {
+        maxScore,
         highlights,
         collection: {
           totalCount: results['doc_count'],
diff --git a/test/server/graphql/v2/query/SearchQuery.test.ts b/test/server/graphql/v2/query/SearchQuery.test.ts
index bef0f5bb674..d3fcf12f91e 100644
--- a/test/server/graphql/v2/query/SearchQuery.test.ts
+++ b/test/server/graphql/v2/query/SearchQuery.test.ts
@@ -7,6 +7,7 @@ import sinon from 'sinon';
 
 import PlatformConstants from '../../../../../server/constants/platform';
 import { TransactionKind } from '../../../../../server/constants/transaction-kind';
+import { idEncode, IDENTIFIER_TYPES } from '../../../../../server/graphql/v2/identifiers';
 import * as ElasticSearchClientSingletonLib from '../../../../../server/lib/elastic-search/client';
 import { ElasticSearchIndexName } from '../../../../../server/lib/elastic-search/constants';
 import {
@@ -15,7 +16,7 @@ import {
   syncElasticSearchIndex,
   waitForAllIndexesRefresh,
 } from '../../../../../server/lib/elastic-search/sync';
-import { User } from '../../../../../server/models';
+import { Collective, User } from '../../../../../server/models';
 import { CommentType } from '../../../../../server/models/Comment';
 import {
   fakeActiveHost,
@@ -50,6 +51,7 @@ describe('server/graphql/v2/query/SearchQuery', () => {
         results {
           accounts @include(if: $includeAccounts) {
             highlights
+            maxScore
             collection {
               totalCount
               nodes {
@@ -61,6 +63,7 @@ describe('server/graphql/v2/query/SearchQuery', () => {
           }
           comments @include(if: $includeComments) {
             highlights
+            maxScore
             collection {
               totalCount
               nodes {
@@ -70,6 +73,7 @@ describe('server/graphql/v2/query/SearchQuery', () => {
           }
           expenses @include(if: $includeExpenses) {
             highlights
+            maxScore
             collection {
               totalCount
               nodes {
@@ -79,6 +83,7 @@ describe('server/graphql/v2/query/SearchQuery', () => {
           }
           hostApplications @include(if: $includeHostApplications) {
             highlights
+            maxScore
             collection {
               totalCount
               nodes {
@@ -88,6 +93,7 @@ describe('server/graphql/v2/query/SearchQuery', () => {
           }
           orders @include(if: $includeOrders) {
             highlights
+            maxScore
             collection {
               totalCount
               nodes {
@@ -97,6 +103,7 @@ describe('server/graphql/v2/query/SearchQuery', () => {
           }
           tiers @include(if: $includeTiers) {
             highlights
+            maxScore
             collection {
               totalCount
               nodes {
@@ -106,6 +113,7 @@ describe('server/graphql/v2/query/SearchQuery', () => {
           }
           transactions @include(if: $includeTransactions) {
             highlights
+            maxScore
             collection {
               totalCount
               nodes {
@@ -115,6 +123,7 @@ describe('server/graphql/v2/query/SearchQuery', () => {
           }
           updates @include(if: $includeUpdates) {
             highlights
+            maxScore
             collection {
               totalCount
               nodes {
@@ -160,6 +169,9 @@ describe('server/graphql/v2/query/SearchQuery', () => {
 
   let sandbox: sinon.SinonSandbox,
     elasticSearchClient: Client,
+    host: Collective,
+    collective: Collective,
+    project: Collective,
     testUsers: {
       hostAdmin: User;
       collectiveAdmin: User;
@@ -185,20 +197,20 @@ describe('server/graphql/v2/query/SearchQuery', () => {
     const platform = await fakeOrganization({ name: 'Open Collective', id: PlatformConstants.PlatformCollectiveId });
     await platform.addUserWithRole(testUsers.rootUser, 'ADMIN');
 
-    const host = await fakeActiveHost({
+    host = await fakeActiveHost({
       name: 'Incredible Host',
       slug: 'incredible-host',
       admin: testUsers.hostAdmin,
     });
 
-    const collective = await fakeCollective({
+    collective = await fakeCollective({
       name: 'Incredible Collective with AUniqueCollectiveName',
       HostCollectiveId: host.id,
       slug: 'incredible',
       admin: testUsers.collectiveAdmin,
     });
 
-    const project = await fakeProject({
+    project = await fakeProject({
       name: 'Incredible Project',
       legalName: 'SecretProjectLegalName',
       slug: 'incredible-project',
@@ -326,6 +338,18 @@ describe('server/graphql/v2/query/SearchQuery', () => {
     const results = queryResult.data.search.results;
     expect(results.accounts.collection.totalCount).to.eq(3); // Collective + host + project
     expect(results.accounts.collection.nodes).to.have.length(3);
+    expect(results.accounts.maxScore).to.be.gt(0);
+    expect(results.accounts.highlights).to.deep.eq({
+      [idEncode(host.id, IDENTIFIER_TYPES.ACCOUNT)]: {
+        name: ['<em>Incredible</em> Host'],
+      },
+      [idEncode(collective.id, IDENTIFIER_TYPES.ACCOUNT)]: {
+        name: ['<em>Incredible</em> Collective with AUniqueCollectiveName'],
+      },
+      [idEncode(project.id, IDENTIFIER_TYPES.ACCOUNT)]: {
+        name: ['<em>Incredible</em> Project'],
+      },
+    });
 
     expect(results.comments).to.be.undefined;
 

From 143f870fc0db8a1164b24f9a784d264a57481ec2 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Fri, 6 Dec 2024 11:36:12 +0100
Subject: [PATCH 115/129] enhancement(Search): add more fields (#10360)

---
 .../adapters/ElasticSearchExpensesAdapter.ts   |  9 ++++++++-
 .../adapters/ElasticSearchOrdersAdapter.ts     | 18 ++++++++++++++++--
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/server/lib/elastic-search/adapters/ElasticSearchExpensesAdapter.ts b/server/lib/elastic-search/adapters/ElasticSearchExpensesAdapter.ts
index 5f041e7a013..da46b533ebf 100644
--- a/server/lib/elastic-search/adapters/ElasticSearchExpensesAdapter.ts
+++ b/server/lib/elastic-search/adapters/ElasticSearchExpensesAdapter.ts
@@ -30,6 +30,7 @@ export class ElasticSearchExpensesAdapter implements ElasticSearchModelAdapter {
       HostCollectiveId: { type: 'keyword' },
       // Special fields
       ParentCollectiveId: { type: 'keyword' },
+      items: { type: 'text' },
     },
   } as const;
 
@@ -43,7 +44,7 @@ export class ElasticSearchExpensesAdapter implements ElasticSearchModelAdapter {
     } = {},
   ) {
     return models.Expense.findAll({
-      attributes: omit(Object.keys(this.mappings.properties), ['ParentCollectiveId']),
+      attributes: omit(Object.keys(this.mappings.properties), ['ParentCollectiveId', 'items']),
       order: [['id', 'DESC']],
       limit: options.limit,
       offset: options.offset,
@@ -58,6 +59,11 @@ export class ElasticSearchExpensesAdapter implements ElasticSearchModelAdapter {
           required: true,
           attributes: ['HostCollectiveId', 'ParentCollectiveId'],
         },
+        {
+          association: 'items',
+          required: false,
+          attributes: ['description'],
+        },
       ],
     });
   }
@@ -82,6 +88,7 @@ export class ElasticSearchExpensesAdapter implements ElasticSearchModelAdapter {
       FromCollectiveId: instance.FromCollectiveId,
       UserId: instance.UserId,
       HostCollectiveId: instance.HostCollectiveId || instance.collective.HostCollectiveId,
+      items: instance.items.map(item => item.description).join(' '),
     };
   }
 
diff --git a/server/lib/elastic-search/adapters/ElasticSearchOrdersAdapter.ts b/server/lib/elastic-search/adapters/ElasticSearchOrdersAdapter.ts
index 3c5399c1a8e..8eb250bf547 100644
--- a/server/lib/elastic-search/adapters/ElasticSearchOrdersAdapter.ts
+++ b/server/lib/elastic-search/adapters/ElasticSearchOrdersAdapter.ts
@@ -21,6 +21,7 @@ export class ElasticSearchOrdersAdapter implements ElasticSearchModelAdapter {
       // Special fields
       HostCollectiveId: { type: 'keyword' },
       ParentCollectiveId: { type: 'keyword' },
+      paypalSubscriptionId: { type: 'keyword' },
     },
   } as const;
 
@@ -49,6 +50,11 @@ export class ElasticSearchOrdersAdapter implements ElasticSearchModelAdapter {
           required: true,
           attributes: ['HostCollectiveId', 'ParentCollectiveId'],
         },
+        {
+          model: models.Subscription,
+          required: false,
+          attributes: ['paypalSubscriptionId'],
+        },
       ],
     });
   }
@@ -65,12 +71,20 @@ export class ElasticSearchOrdersAdapter implements ElasticSearchModelAdapter {
       FromCollectiveId: instance.FromCollectiveId,
       HostCollectiveId: instance.collective.HostCollectiveId,
       ParentCollectiveId: instance.collective.ParentCollectiveId,
+      paypalSubscriptionId: instance.Subscription?.paypalSubscriptionId,
     };
   }
 
-  public getIndexPermissions(/* _adminOfAccountIds: number[]*/) {
+  public getIndexPermissions(adminOfAccountIds: number[]) {
     /* eslint-disable camelcase */
-    return { default: 'PUBLIC' as const };
+    return {
+      default: 'PUBLIC' as const,
+      fields: {
+        paypalSubscriptionId: {
+          terms: { HostCollectiveId: adminOfAccountIds },
+        },
+      },
+    };
     /* eslint-enable camelcase */
   }
 }

From 7eff39d90d429a0121e79e6b43a1e7985e79803c Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 6 Dec 2024 11:36:30 +0100
Subject: [PATCH 116/129] chore(deps): update dependency prettier to v3.4.2
 (#10526)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index ed0f766eba3..2357f263056 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -164,7 +164,7 @@
         "npm-run-all2": "^6.0.0",
         "nyc": "^17.0.0",
         "opentelemetry-instrumentation-sequelize": "^0.41.0",
-        "prettier": "3.4.1",
+        "prettier": "3.4.2",
         "sinon": "^18.0.0",
         "sinon-chai": "^3.7.0",
         "supertest": "^7.0.0",
@@ -23363,9 +23363,9 @@
       }
     },
     "node_modules/prettier": {
-      "version": "3.4.1",
-      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.4.1.tgz",
-      "integrity": "sha512-G+YdqtITVZmOJje6QkXQWzl3fSfMxFwm1tjTyo9exhkmWSqC4Yhd1+lug++IlR2mvRVAxEDDWYkQdeSztajqgg==",
+      "version": "3.4.2",
+      "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.4.2.tgz",
+      "integrity": "sha512-e9MewbtFo+Fevyuxn/4rrcDAaq0IYxPGLvObpQjiZBMAzB9IGmzlnG9RZy3FFas+eBMu2vA0CszMeduow5dIuQ==",
       "dev": true,
       "license": "MIT",
       "bin": {
diff --git a/package.json b/package.json
index 0d31f7cb0eb..8cb3f3b75b4 100644
--- a/package.json
+++ b/package.json
@@ -185,7 +185,7 @@
     "npm-run-all2": "^6.0.0",
     "nyc": "^17.0.0",
     "opentelemetry-instrumentation-sequelize": "^0.41.0",
-    "prettier": "3.4.1",
+    "prettier": "3.4.2",
     "sinon": "^18.0.0",
     "sinon-chai": "^3.7.0",
     "supertest": "^7.0.0",

From bd386e3ea0cc2020967c4a975b805e0c50ddc4ed Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 6 Dec 2024 14:38:13 +0100
Subject: [PATCH 117/129] fix(deps): update dependency dataloader to v2.2.3
 (#10527)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 9 +++++----
 package.json      | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 2357f263056..f235a4cee8d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -49,7 +49,7 @@
         "crypto-js": "4.2.0",
         "crypto-random-string": "3.3.1",
         "csv-parse": "5.5.6",
-        "dataloader": "2.2.2",
+        "dataloader": "2.2.3",
         "dataloader-sequelize": "2.3.3",
         "debug": "4.3.7",
         "deepmerge": "4.3.1",
@@ -14844,9 +14844,10 @@
       }
     },
     "node_modules/dataloader": {
-      "version": "2.2.2",
-      "resolved": "https://registry.npmjs.org/dataloader/-/dataloader-2.2.2.tgz",
-      "integrity": "sha512-8YnDaaf7N3k/q5HnTJVuzSyLETjoZjVmHc4AeKAzOvKHEFQKcn64OKBfzHYtE9zGjctNM7V9I0MfnUVLpi7M5g=="
+      "version": "2.2.3",
+      "resolved": "https://registry.npmjs.org/dataloader/-/dataloader-2.2.3.tgz",
+      "integrity": "sha512-y2krtASINtPFS1rSDjacrFgn1dcUuoREVabwlOGOe4SdxenREqwjwjElAdwvbGM7kgZz9a3KVicWR7vcz8rnzA==",
+      "license": "MIT"
     },
     "node_modules/dataloader-sequelize": {
       "version": "2.3.3",
diff --git a/package.json b/package.json
index 8cb3f3b75b4..b1e34366079 100644
--- a/package.json
+++ b/package.json
@@ -70,7 +70,7 @@
     "crypto-js": "4.2.0",
     "crypto-random-string": "3.3.1",
     "csv-parse": "5.5.6",
-    "dataloader": "2.2.2",
+    "dataloader": "2.2.3",
     "dataloader-sequelize": "2.3.3",
     "debug": "4.3.7",
     "deepmerge": "4.3.1",

From 70f654f2242e021517cd41b73cfcffbdbf42c945 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Hodierne?= <francois@hodierne.net>
Date: Mon, 9 Dec 2024 13:28:12 +0100
Subject: [PATCH 118/129] add hasDebt parameter on Transactions resolver
 (#10530)

ability to answer the question "I want to have all platform tips that were directly collected"
---
 .../collection/TransactionsCollectionQuery.ts | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/server/graphql/v2/query/collection/TransactionsCollectionQuery.ts b/server/graphql/v2/query/collection/TransactionsCollectionQuery.ts
index 9dcbd39d66e..679add0d466 100644
--- a/server/graphql/v2/query/collection/TransactionsCollectionQuery.ts
+++ b/server/graphql/v2/query/collection/TransactionsCollectionQuery.ts
@@ -6,6 +6,7 @@ import { cloneDeep, flatten, intersection, isEmpty, isNil, pick, uniq } from 'lo
 import type { Order as SequelizeOrder } from 'sequelize';
 
 import { CollectiveType } from '../../../../constants/collectives';
+import { TransactionKind } from '../../../../constants/transaction-kind';
 import cache, { memoize } from '../../../../lib/cache';
 import { buildSearchConditions } from '../../../../lib/sql-search';
 import { parseToBoolean } from '../../../../lib/utils';
@@ -45,6 +46,8 @@ const LEDGER_ORDERED_TRANSACTIONS_FIELDS = {
   ),
 };
 
+const { PLATFORM_TIP, HOST_FEE_SHARE } = TransactionKind;
+
 export const getTransactionKindPriorityCase = tableName => `
   CASE
     WHEN "${tableName}"."kind" IN ('CONTRIBUTION', 'EXPENSE', 'ADDED_FUNDS', 'BALANCE_TRANSFER', 'PREPAID_PAYMENT_METHOD') THEN 1
@@ -127,6 +130,10 @@ export const TransactionsCollectionArgs = {
     type: GraphQLString,
     description: 'The term to search',
   },
+  hasDebt: {
+    type: GraphQLBoolean,
+    description: 'If true, return transactions with debt attached, if false transactions without debt attached.',
+  },
   hasExpense: {
     type: GraphQLBoolean,
     description: 'Only return transactions with an Expense attached',
@@ -497,6 +504,25 @@ export const TransactionsCollectionResolver = async (
     where.push({ isRefund: args.isRefund });
   }
 
+  if (args.hasDebt !== undefined) {
+    const hasDebtSubquery = `SELECT id FROM "Transactions" as "DebtTransaction"
+      WHERE "DebtTransaction"."TransactionGroup" = "Transaction"."TransactionGroup"
+      AND ("DebtTransaction".kind)::text = CONCAT(("Transaction"."kind")::text, '_DEBT')
+      AND "DebtTransaction"."type" != "Transaction"."type"
+      AND "DebtTransaction"."deletedAt" IS NULL`;
+    if (args.hasDebt === true) {
+      where.push({ kind: [PLATFORM_TIP, HOST_FEE_SHARE] }); // Need to be this kind to have debt
+      where.push(sequelize.literal(`EXISTS (${hasDebtSubquery})`));
+    } else if (args.hasDebt === false) {
+      where.push(
+        sequelize.or(
+          { kind: { [Op.not]: [PLATFORM_TIP, HOST_FEE_SHARE] } }, // No Debt if not this kind
+          sequelize.literal(`NOT EXISTS (${hasDebtSubquery})`),
+        ),
+      );
+    }
+  }
+
   /* 
     Ordering of transactions by
     - createdAt (rounded by a 10s interval): to treat very close timestamps as the same to defer ordering to transaction group, kind and type

From ee1bd6ef369be8b528fe6601bc1ddb3e1f362431 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Mon, 9 Dec 2024 14:07:39 +0100
Subject: [PATCH 119/129] pdeps: Upgrade minimum postgres to 14 (#10528)

---
 .github/workflows/ci.yml                 |   8 ++++----
 .github/workflows/e2e.yml                |   2 +-
 README.md                                |   2 +-
 docs/postgres.md                         |   6 +++---
 scripts/db_migrate_opencollective_dvl.sh |   5 ++++-
 scripts/sanitize-db.ts                   |  20 +++++++++++++++++---
 test/dbdumps/opencollective_dvl.pgsql    | Bin 2575872 -> 2931712 bytes
 7 files changed, 30 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fd87f94c0b0..cd12b1df881 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -209,7 +209,7 @@ jobs:
           - 6379:6379
         options: --entrypoint redis-server
       postgres:
-        image: postgres:13.15
+        image: postgres:14.15
         env:
           POSTGRES_USER: postgres
           POSTGRES_DB: postgres
@@ -261,7 +261,7 @@ jobs:
           - 6379:6379
         options: --entrypoint redis-server
       postgres:
-        image: postgres:13.15
+        image: postgres:14.15
         env:
           POSTGRES_USER: postgres
           POSTGRES_DB: postgres
@@ -324,7 +324,7 @@ jobs:
           - 6379:6379
         options: --entrypoint redis-server
       postgres:
-        image: postgres:13.15
+        image: postgres:14.15
         env:
           POSTGRES_USER: postgres
           POSTGRES_DB: postgres
@@ -366,7 +366,7 @@ jobs:
           - 6379:6379
         options: --entrypoint redis-server
       postgres:
-        image: postgres:13.15
+        image: postgres:14.15
         env:
           POSTGRES_USER: postgres
           POSTGRES_DB: postgres
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index 1d5531124c7..9f0d99562e7 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -48,7 +48,7 @@ jobs:
           - 6379:6379
         options: --entrypoint redis-server
       postgres:
-        image: postgres:13.15
+        image: postgres:14.15
         env:
           POSTGRES_USER: postgres
           POSTGRES_DB: postgres
diff --git a/README.md b/README.md
index 419452c0da5..410c79582fd 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ If you see a step below that could be improved (or is outdated), please update t
 
 2. Make sure you have a PostgreSQL database available
 
-- Check the version: 11.0, 10.3, 9.6.8, 9.5.12, 9.4.17, 9.3.22 or newer
+- Check the version: 14.x or newer
 - More info in our [PostgreSQL Database](docs/postgres.md) documentation
 
 3. For [node-gyp](https://github.com/nodejs/node-gyp), make sure you have Python 2 available and configured as the active version.
diff --git a/docs/postgres.md b/docs/postgres.md
index fbef6f9b819..6261daaada9 100644
--- a/docs/postgres.md
+++ b/docs/postgres.md
@@ -1,8 +1,8 @@
 # PostgreSQL Database
 
-You need to have PostgreSQL > 13.x.
+You need to have PostgreSQL > 14.x.
 
-In production, we're currently running 13.7.
+In production, we're currently running 16.4.
 
 ## Installation
 
@@ -57,7 +57,7 @@ If you don't want to run a local instance of PostgreSQL in your computer, you ca
 Create and run the container:
 
 ```
-docker run -p 5432:5432 -e POSTGRES_HOST_AUTH_METHOD=trust -d --name opencollective-postgres --shm-size=1g --memory=4g --cpus=2  postgres:13.7
+docker run -p 5432:5432 -e POSTGRES_HOST_AUTH_METHOD=trust -d --name opencollective-postgres --shm-size=1g --memory=4g --cpus=2  postgres:14
 ```
 
 Set the necessary environment variables:
diff --git a/scripts/db_migrate_opencollective_dvl.sh b/scripts/db_migrate_opencollective_dvl.sh
index 2a1b92fba5e..c0ee11549b6 100755
--- a/scripts/db_migrate_opencollective_dvl.sh
+++ b/scripts/db_migrate_opencollective_dvl.sh
@@ -8,6 +8,9 @@ DUMPFILE="test/dbdumps/$PG_DATABASE.pgsql"
 echo "Migrating $PG_DATABASE"
 DEBUG=psql PG_DATABASE=$PG_DATABASE npm run db:migrate
 PG_DATABASE=$PG_DATABASE npm run db:sanitize
-pg_dump -O -F t $PG_DATABASE > $DUMPFILE
+pg_dump -O -F t $PG_DATABASE >$DUMPFILE
+# Uncomment the line below to use a specific version of pg_dump (using docker)
+# (sudo docker run --rm --network host postgres:14.5 pg_dump -O -F t -h localhost -p 5432 -U opencollective $PG_DATABASE) >$DUMPFILE
+
 echo "$DUMPFILE migrated. Please commit it and push it."
 echo ""
diff --git a/scripts/sanitize-db.ts b/scripts/sanitize-db.ts
index d3e518c39e5..d2f44bcbe6f 100644
--- a/scripts/sanitize-db.ts
+++ b/scripts/sanitize-db.ts
@@ -45,9 +45,14 @@ export const testStripeAccounts = {
     },
     CollectiveId: 9802,
   },
-};
+} as const;
+
+const createConnectedAccount = async (hostname: keyof typeof testStripeAccounts) => {
+  const host = await models.Collective.findByPk(testStripeAccounts[hostname].CollectiveId);
+  if (!host) {
+    return;
+  }
 
-const createConnectedAccount = hostname => {
   return models.ConnectedAccount.create(testStripeAccounts[hostname]).catch(e => {
     // will fail if the host is not present
     console.log(`[warning] Unable to create a connected account for ${hostname}`);
@@ -58,7 +63,16 @@ const createConnectedAccount = hostname => {
 };
 
 const replaceHostStripeTokens = () => {
-  return models.ConnectedAccount.destroy({ where: { service: 'stripe' }, force: true })
+  return models.ConnectedAccount.destroy({
+    where: sequelize.literal(
+      `service = 'stripe'
+      AND (
+        data->>'publishableKey' IS NULL
+        OR data->>'publishableKey' NOT ILIKE 'pk_test_%'
+      )`,
+    ),
+    force: true,
+  })
     .then(() => createConnectedAccount('opensource'))
     .then(() => createConnectedAccount('opensourceDvl'))
     .then(() => createConnectedAccount('other'))
diff --git a/test/dbdumps/opencollective_dvl.pgsql b/test/dbdumps/opencollective_dvl.pgsql
index 9340dd79d3e9ff12b7c7a45659ed47417a23b6ad..6343acb2bdf007412b5f3697eb6896995c3613a5 100644
GIT binary patch
delta 377652
zcmeFad3;sH**Jb@vhVx8oh;`jfe`M#fGi;d2!tdg0Yrruk}E{Ak(;2n1?*yND*{s)
zwTMvbt}Ldn*Ij69-34rGwQkT_>#o@Lb*uP$X6BrG&$;&|()NA7fBZf#pVlPj%$a%S
znP;AP_Sv%gCbZ@A`_T3+MP{?fVYZtjv(0I-+Z|S`$t0OfW}6M3ndlBFqGueTRFv;B
zz`t7dpG5YbIQE|e_MgkhR9v~hDOJt)tnKX@kj&Ov=QMNe(7K*=(DzhxwV@bVnQgW9
zKoj_5n#JG5Qf;^kLz~i6a^eq}<PaXgW#ZSF5m(}J@#}9Rc9vA6vH{t@Ncg|m;;<NE
zm0uiYi;H|W@)TJo<xYneZl~L3D2JDxfzkfXy6*15(SecPfpzs=Bc64G!@VAFXV=hB
zAN=eXB=d4=Iwo&YCe^h|4b97!N>%X^{Ht8l(%w;76ZpMherJ74Q&U5IN8^fy_R9F`
znehe}*-@BZJbA~YF0TQf7fDVPWY1t=+udf4uZh9l&^yq>=ijlawZXvfX4piw#}{UV
z8Hk>jBu^n<6c<KwfUFFlaP3H;v;@aSFenlM3a8!eHe^G`bX%^RO%6o8jOTL@a~X&>
zi`$T|Vzz#;zuz-3Lf(lfBKxJH81?V!*pjmPmZeJ@n*C^MZEIXn*U`|~+|tn?5Hy{^
z<NxH1*mhi}9mZ-%4<6=|m@KrC&DQ^wIX36p2ddN!bbi7ToDi6-!(=m*z(C|wbP4H;
zOChgBzloDI@69GYUwEHA{%On{gjaDW8~J(x4Ng;`Y`A#HGvM_!j(GaLogVQ={pj$p
zXP|rYf{WXL^x6kUhr2yN%l9LgP`Tq<zY3wjmez)5QW}$0)>_x3(&Ea-_6GI$<?Rh^
z0@3r>{I8oU$4K8c3aN`;fYbQoV;ChkEDq8d_a)BMJhEEGd*kOJoTI^!&1EQHI7~|{
zAnzr7iSsq@><&XAyrZX)Tu2rar4Vb<=eS7Iz~L}R?Bi26W|BQmCX&JAx3Hvn?=%@o
z#rslneM$<tj!^(vnp#AE9w9d+E8DQKc|~1Q<9t$+dL?>`prRZ`%5I0-E+B)>bG)A6
zO}!!bU$1nRGEaFQg6a8fEv@rf&hA{$(zdi+MK42tV9yIgn;4=2vXp4i6-Q?|pNc@I
z%QXIcY8S#r%`>-)EKQ$^9_C;yzCDv(7A0>^Rc5ucWqw0b=YqzwNomH#xH^Cpr`cjC
zV`xp=BA1Q7nekhMYXY4*ZMN~_SvG{HYrcSm$YWo;5i94Bi*r-RvYfYY87JmEhAXqf
z%^Ps$)9M-a4i0qnk^Q9w*p0}J_<~sVneR}FoQufeoT4<PRmb24ApK5n_aK=Yy%1Y8
zqr&R4?M3&+$tB|#=O!a;=Wo*(eL0;jLlwN`L(+Y3;T(kmQpm}?zu-I$TnPit<hBHW
zYajK(R_pQf)Oo$05yIHQH4J^pK`($iM6zu_&x(}`rZ%>!YuB)}uCb}JZvOnXhIapg
ziih)C;9WC$IHxqYGsZVunu)nAh9Ur+q`px^stQv`cEKxnCV$V@+UatU<ibz!Y|SIL
zZM>wY5}{L!KI7Q5oK}aSh?Ev(#CRL~hX#lFWU$9Tb`)1eD^Fk+5%ujW$dUBy$kwL1
zMlw`TPEX$_$NRrwpw;nlSf@^x$zsT6oznB|ax~deoPu_e?Zu}P<~O#tE(adGprL_&
znIz|vZ6)3D3Z-?_olQO|xd_h>!0WP_$oHkM@Ivh)*ZAI2AhyMtXHFB@S^g$o#8<0~
zP0MC;^Ht~Tx}tY@WVEZVzH7Lr&9iaT<0Z3-a>*A7Mda0rgc$K?gmfn5k*ktYi(y;M
zZ){$uE>&B@VmMVB=8Fwx;~Px-*&9hq@lq`;w(;#12$i@ItPTGsgay0ZFDy7+PWSjh
z`A&qVBC@Y7n@JLGyUA_Hg!W;MQLiBiUUbyWYf=u}?~}Tp=cWX;B!`~MA*pAl(7jj4
zQ|PgLxq!4@m>PQl2pa=EeVcdAE~k&)0vs^)lM7Om!@=9JdC21}lStjRY&z!xISQY<
znjXAQ&aDdSTSzSI=r0qiRknW6JJK@HN6gk-vSn7vSnq&$WO%fDq<3(@D~)(A9#Pu)
zrJOQpXmo8~Z+C6k#Il8^@%)Abb<3MNgrpNB-OQK~(pAC4;#C>>;U#h~vgnp5R8Lx`
zL{&S1KkyYYn;nJ-z%zTmf4W@AzlMe>e5E)iu$!EmrH8>0sp~6%<H6irkRJM$)E(?2
z?_Qc8?$ySPjVW%oW;~gTo!RVA3)55AA(=dKSwULJD_WW@m!t$qo8*%zOE7TxSyRh7
zXK=Yp<l@Q_bQw9)n@bK>ZlMRSms4o!#d0CNJX7u>MZbt4IZJZLoA*g{&<4zUylRll
ztj$%vc8u3mXQO0`23%t*-F`R9C6`ZmJlU#wE_1Y{G6J_cErxhDopr+=lJapjdYla(
z!~XR2d+3gOxq|LqEKen;@2w!Fsu;RG6J^l>n_Nl{UoICWEFbC{>;jg%ptp~j$7N@d
zN+JV;7gbf0t_y5IPtx|fQwIh|Jc1s%1S*k@YqO*HkmRw|&A5Vt$4&wO&tynb!1It(
zyG!V@1XLKOfHyEgkGIGd(h~`&K>7ZoHBBjQ?OZDb4%8Wu&K@J(o9J)9WlxFn<%wsO
zCcCxRdybr(oueSvMb=F%MLXCICvQwk8s9&)35oSN*e`d|HMw#h9Wu)?wDqVQo2~4!
zp<z$m=*W85rk8ju3+l+erDws%t=Q=xU)z*LciZVb+fW{P{-ty>aH^0d=F1@Noaz_9
zr1Z}r(;P{-iqjpvcN;9`!Rd!clCwep=62GJgD8{iHKm}>#}AsO2cWWzr&>P8<izY;
zw$M(u$-$L0#&7BIROF;TEs>MxiDJ2peDZby|BHNNpG(hgK`}9aa)Y5dl}h_jF8%Sf
zD2ZIyQ$Q|r?4Y$zp+xe}MY&uhaGP9)3}{IYy(njpR%a^88SiplilWRGlc}1b`{hdV
z&D@bl_UHH&?qw0=SWOJwCCmHZmuR}cD8E8V7RQiV8*+s*QVpb#OUEkZSlXF~;>r6*
z7m*pwg2dex6ZvMggqGYQ%|Xf184w!T?n<X0FO=hG$)j>2{rm#pzK_h!4F?^$!cEEJ
zVrNO?OXqnJeY--way))k9`e06P5v_`KUj1@gw<>%2^WdAbGzN-gW&@7A~|Tv9hbb*
z&I~B}$2R#5-)rqMMimO7gfNWFjXh;j?*M3}o?&wLrVY3@z~~%y7eA8f2mAUwz}h!?
zT84W(!|fwoBV_2EBD^t<T>DNrd2LyIt^Wm_CUx!c(#pn;MN)qkQ(J|`DzSg<4NOCo
z2FaoKvc~um_)ib$C7p0~40Kmj_74t>tgoCggC8K$U~O6Vum@iE)Qyx?v%dIyF%|Xm
zs$o#Ad#dVN>Y5tb>l>=NHm%c)sI;oDYj5Dnvig-IDdVqP)X*$dRSnj9VOFEwYB9Dn
zOR8*WYins!V5ycmSUYo2AELL0ruGKO6!Hqhi0T@t$^>144Zt(p+YNu(tKrX{K{yG=
zJQD2M?p`mPm~3igp5fuaVWy-hN306!zdJ$k{e<&Nt!rK-Rn@h%)vY?Ws<IWNx|4IV
z5|#M_+?93Y!x?#F%7fL_{|hJx#(;OUyW8XSYH?7eV1b`#RZ}<-lmR-|dWKsr;6&#o
z(z^w5;@2{1koMgx+iJUOdwXCFfq(+E3xr->U9DLrKuuc%TYI|kkX&HXQJXYds^aI0
zG)<~BOPf7i!$1mbpA2v6>H}odHP4r-y7`xM%6@suSnybY!ZW38El@3O^BdZvd9XD9
z+SeRWKww?n-QhP~f0u68^>@{V*-XP-0~@NUrIr-{!$tlL=hg2x_;f;IWxG%RUfWw)
z*I0LV!vu8BJ_|zu3IV7cYg_2M?(S|6r61*M?`S^<YhX-AI>1x{Q!NA3HS1q%h(%h^
z*0K~hn&#2U#^(7gD+QjaTI<?68ao<Wn%Ua1sptq#QkPX`?>OS&RB5jdtUUata7O@x
zuT+26#Z~ZoErTn7vubHUV^aq#PnANxtO@VX3j}Xwl&R$<=A{ZZ`ImbegYK-s-C6(b
z?ig^E;O@+paQ%s8920zC^7*O&YN#UYjJ1?;hCPl2h$-x>&%8_jytPn<ow=6$#)iE>
zo@cVyzzzlb3p;gfpWoW0icjcrO!OIc?*CGs{^<wcgvqmg#J3dCFZ{l+tz~&D+d7=$
z+1@D>5(jW?c+JI$<`!vwT}K^QwjJcd56hU`5ygQdr<OI&vDmrRW&t&tX>TDv)%Ss)
zD4^X<<3djn(*qnfJGc7=_HRemI={%XDOwSE5*CT4ioB!l-M+q&u65p8_>bV3UCIM~
zeu+oT%bS|SQ34_t>{e2@D`SHn9aSnD08>dvV>3ugqXPpT??{z~p?J&K0A9Y;{Ua%y
zPST!~{CC#1`j26p9)H1@pC_KEN1&#2I(SGfo)wrq3|7|bZ5-$xTsP1=GFT=xwo70_
zmpa;(Hz>zoRS<A=M-q0n`6aU8*Kn|PN#(O=OO=;;hr0UPJk0D=1E#xS&*h4|buP#o
zikzeo66p4Wa_*RP)+~^!YAs<J06Pc9sF@4{J|IF$XK4;~3kaT@y}Cnvg6VL0r!jcf
z_x5<`wwsOBbk2S`YpiPGr2$T-EPed)W;hl6+@0A?^d#bcqM;H0v$93dKCl>KH;9c>
zHTFMFD*AIi2#+C<(E5AjH2UHT#=OD_sR<T<Y@Lx&q!10GeFe*!-v5u}!fuf;Bv&&T
z$<;_2oC4yhc{$FUrjin{0aXZ*EL`{q<*PP@uO{HGb-+{?mrlS-13Z=<`2uBtUaHzJ
z+*TVYXe`CeQRI**hwhn&lF2*0650OaNOGdGh^C$+Cy?#qg}yyz`M)FRT%#OKv(A^L
z81MXE@6hN7>6)L%H1~MMa@stbdOa7>eX?8@4T3jw2JBlZ@sFa*y8A#TCr8Z1^w@K9
zBza=#x>T1{YmRYpp3aOHZkNqMj}=EqWOH)?UX`e@@B;eIJ+d{9>k3S0qK<oI2kta8
z6=D|qdFQ=yJ^RVjgNPCMC3e3oli#*JN$dB^X_4$h+OuCSV{N{_U#@ED0%=XRS(z}_
z+atCWlfXu_?1=O4vL?{@ydxbTd3(FK`Ly1z@{+fjSCSbmQijkr7}td!m=#u<wJTZ9
z$1`ToPrzEstn4wkx|*zNvC`=W<Ybc8l1t{kpNdB4mILxM`0?-oxf+d-WA879KNcSZ
zm`7^q@j7EBz4oA7m>MKzR1tSeX{Kh>iHBXHGEJBoKa80@f$es_(-}L~%^6s5rNv~i
zO*5I{f8gn#!T&eaWCBi1PMLG#K}Q4T$vz|xwn&u%2><x-r(bL3PH^T*fKUB+hy}!C
zMh88Nu`vCWt8Bqw0!}%od{jmSBZDJdea+z1@w8L|9;c9pT1uvBP@yiszX?esKvGR!
zZZT5%fSmiEFBIUYMg!e{im2){L6le>AdzGhrxVcR*aS#tw82(ci|@LA79!COZncrd
z0e;pfo@<Q)!)S@|Gu5eGrdTILPr5f;po(HTTNOF>PG&+ElQQAo;+96b<B&0z%x^8o
z3)!zKynM@(@3(^X&#8tD-0N-gTmYt~APGp2_yh>3*N`3KXo8FBdjLcLXc_@Hh=-8d
zmyt1u0pL<?&`;oa;icUGhYtTfs2|I>{5|vA8cgz@%vfH|y@GCV(x=jmYj6gc@oFj>
zWF~H!Qi#$?a(fLOYL{cc;ZREUE-og|oM#$;wmk}wv8rhD#DnRxmAH;Yz1|Vwiy8sX
zRhi#1TdBr+1i6Nk&*+Ixh$8`yMkFIFY952Xj&*=Fe-n;MGBeLE_W;2!<cBL2ldIiE
z4z4IB13S`*sk@jAt%;%sJUEUVUVfD3??8!oim;Tg+>VOKvEv1#`04_3aCzRYZaJMy
zUwIBa@i>^Tcdb$^%611`b`HuMe`@6m2)z_IFYRt}`kW$el>ftLg*(rAoqo+apDH^4
z<W3Yx=k5So{Onr_Naxmqo#*7zZA)Q<OV3?NW_Bi$#5KwQ4m0`s+#)nh#cB+hao*no
zjstS_>TDI84h1dV&VLPy8-D<J%U+VJ!(tTq`RdgwCS7g?lP)(YIA6h}!#O^6O)8?t
zcEZGJ#KcN=f-8X;`hVQHjqX{2V(2ILqbPE6ZLS~{hy+NZ=24tU&OJXBD1?#9<Hab0
z(DVP|pVTIDzPF5~Hppwp;M!qg_9&=u+UcpCsCc}%I|(H_kw(qqgOjB_FO&ZDi6m#8
z`hj!2)$=4muLah{WhUF!myyMN>Ejo!i$KX*-(0Qe=GygtCe8gxB&|>B#$_Gf)9b~g
zaX@|G9yj%sATnzp5l?3y<<e(<g0jfi#Ra75<pOfJ|8ny1#zeAWNSQW7UuBUuHs+=U
zdwko$SC%(^&p@>Bx)5n^g^+tr3~oXv0${tH<h6|g>^q0j5gphCI5(;AM$tR2Lxtq@
z#$VAZ9)lMaE+UOF5y@$B7;-^x7OYjHa?I=M>l#pER#r4NtP~+%34ql4wg!l&lGsDP
zZ+D{4xmQ3a$(#>smEbX^1#4wj5FxaxGB=lN)Ii>Pz%wFFjIf7==sxU+JzUQ8^uQ6X
zbdV9|xS@wka5^8G6J5tZ)153}e_#<;EGFlS=FVeqTpZIGTo|>R4W$80Q|SwoU(2^m
z0KKmyO^ROjO`((dSrofN_lTESyeB|oz&XO&k<ONi0^yff+q(`-+SSrj$*-)B@b?Lt
z_vGvrlTF`+Uq})dZ1Z$`z&X?tv=m%jx9K}S^Dpy~bm9SsW97+uD99TvQla8u2|p8P
zkf?1y{?Jls6r`o^DhMo)LTJ~OD1+`iC}&HP&OqBV$EpMQ+awyc7-j3pr!7@<Zb?L1
zjRX&bkkZt!po2*&%~BKWu(rA;$!`{7mTXW($PSS3r?jL+@;}aMDbCUef$)BEEn#{Q
z6NT76)*b&BAOPNZ4pSev&chT4{tHtf*e^_p;18G@5y{31C=yx0ibRzPU$zE5_G}^m
zTNDwDx0y(zfY0@2oym2I6ees6okGC#NK27+7$Lj?fd7taVGBsi3@n`vG?{Wyo+4I2
ztO3KTZb<<|MfMbGpC4oYCYXM`qg-#~`F}$IFq_)&1n_T8$8=^`=bDP222%wHlTcr)
zssMy6<-ew~h;0lDyz|4NF$o6rKLA^{;&x<U1X&AaF%|%fT!BJ(wuK{bsB3tnsuE14
z-2wmjNN>OAlEDE_Rps)Idc|^D!$#BYj_T-YX}VNpCL2G<J|Eng|6Zq@S50E7fbFFW
zk{c`ZY{hOO7{uT_V-~roHO?$nKy2>G6e>TthuAqv{3;cjXQ)y|-TURjIU%^MmPRCS
z&Q(F6fv1{9$2%rF!`T5_Kt5ZRPFo96?O1r_YZ9F&tg;r|-mknV%9qt_=HG?<v`q9u
zc^=#`{7tGhbLrb<GCAqByHGaQFjimmezF|}<Y6-x4C(e=TqeDPbY2Du#id*pg%2Sf
zk*3KghiurK3UNaatVK`AD4RaMLf*vVZ0PYMWaH8}8M?qiuD@gi0-qI2pvz>okS&*$
zjyGMJfvD+vCT)t*)=?yp4Tm5;=Ca%93%>*<$v4L3W%$HKuDQGv0_d2y4`ap9Ew6%B
z`1{M-#CSVymovs^T@i;s@Q)^MHWs8<s{=Y<XJ;qbVa}vmz9*-|mMI~Q^ng{C0wFw=
zW@cx4dq66hBtD)8L}r$KTdcaLj2u~7=!Y|!435p>icqB448c49+*%$D@*c#(($?!?
z%BOdylb9`EldrZWVylqIjaz?5&-yilJY8~?f&q(#ZaWWF>#QqNaJI0aGCYvESI3dt
z@5}SeUM)u<S`vYxe5=;Tvm(g7?J?1VAi(zZFgs~+Xl&tTvVBG-IlQ<qX4rFq2XX;u
zT>(V&9qSN~^Pb;3I-A8p7C0fKn1?<(h2ht!{&ZQ$<5!onKrENZYT}9l-Le)W<o+EQ
zpdJ^J4L``E(pm`cYW=|o{pJQ(ZJSu_88`UV<Gu9KCt$Vnu2tr0wUBqOF2V_7np?W%
zPie;*c_umdr+9K~bPD;y6?Ss|h1dG-_sCAHnW*0goKaTS&7CHJ#F`0ad-Li-3IoKE
zUtcnd&9n-Fqs2^J!fojE|I`M3)^MpkpGoa@tId!CETciBRdfV=f@l}n_D;o^{)OHx
z$n=N*$mye1hm>HgAYp$@=NeM=0@XpK00&M11_m52?GpT=mjpr_hx*r=ql$Uem?1@L
z>ZbGVl?&+RZ;Z*Ys$4^_fJf&rrVH+k00f$jn5}r0R`Y|N{imO%9UBm0gNFw}$$(HW
z#RW-^-YXX->zgrWQ+^m{lQKN>G!@lqq0xtZoi$skYXWIoiHoXiZ>?JjJS8hes+`|e
zx1fXlo*-2&Z-xMw#s!THEM_WUwPJ+?rzM@eU(T-fJ81%w=4glT96hw$L$gYyjv!BA
zw?FDmPdY)*HC{ulQq6Q~TKbioImShgppP_Q{BP4uqIT(-i=~)u{Kl9)Pf&>}3~3u_
z$x2;o#h<`M3$^Y4lf_&)*<uFPSC7zY@WQJhlWg%|34$UR%*@jkuYBLp#k_5eboCSz
zSNbgmU8|KyJEk(Pmdj)_Q|U%Hx)1z1opfINt}gJ}E>4&Ww?9gTNQL0sHmk_0>*|%W
z$NP80BhvY4B6f(DH|+ca{o!ul&(~h3@MoKS{HG)y(WkxucJ37H{Et5cV;tD+=qv;R
zlC(35CilrTWbSqKr0Ir4^50bb);Yfax|ulHZPSPw9|eR1yOs3cz|EfH^RJIZwErd;
z!zISxM$d!0c>r<&sr~}&WH)?=o_+>eOy>-lXLvYVHbV|DWX6b=var#<%^D{fk59dp
z$ES{kZ=vVV69?N(AY|)AY|c<w7lLJivp~Zhqro%+n~cP?RA7kqKutNBq8U@Y0%|w&
z)Rjd5W2RdV$b}hv*9Nr!4ZN7Qcm!NW;aY%dULDDpJ30P-MOJ7Rpb2s3UqWD5uDoYw
zSDC|wQ!wXX{w&sE*+|#Lli1t*{c&4@7HpE*k_WbgNV@lc9GR?r1F*o9OVgS8Dd;&&
zv?$DTnBEj)7&wDF_;;pRpahq&xlV3d6b?ZDO8d1K{}aZ~{T?dyDYLYT-x=ep4~|C$
zKFE}l%utOG{ItxEU&jNGnfAh$Rd7$POu}~!XG5?ML|UuIzE<7jEm_<T>3TPZ6t_nE
z?GB12N^ibbE+;>mkr_ElQU)6nPOt7-2DNg!NpLn+u7IHCKu|O@s)PrNheTh{)#nXB
z3tw_V>h-d{p%{2Qd<6d7qX<^auTvy2B?55Sih$@k?D4MWr+++cx>q(@Cb5xuEWBGS
zqIlrb)@qc|>al2^E5{Ffz~hBs<0>o}HY`le!&OG+{0lr*<DV3-aXdYFuUt*8oRPjp
zD|YBydXt3mo)LEexd9gDSS!lxQHT%z)*Gc+i-3oc{dHyp_y22ptC0kK!GilkU&5}1
zN#q;+i;Iyb76W<@I^5mta8J-2JLL7HEo1(OMAc`j{`?l-YZ&eRjLZu`-_;m`9)yHQ
zsyY$aCCG!j74w1JP6lo)M>Cm9?vsY(oIu(SPe#gQj@xK@??ySEq%Mh$QBs)6oYbN+
ze>$_8Km$UwHjx=L@wusmY5r!+(#f_JsoOn}ZxcorutNw%&FvIFZ6@;B9tAjunQprY
z6^x(W9fN4o9uN@RskHTWkQ}D&d4`<+SrV?~0z)#>;A|!<FB{P`NH$K*K|f~(jfkef
zZgQfxlBG+Q(%BVqMKqVEhsnPB;#85*I6Ca<kuHQ><h68bg={1XUoV0j%8H<5vvBEW
zR_>z1h7y)_hGE=2w1MnRNWex870-&Znal=ORssO&B8OipK|dsEHx;5mdh>uhL|(h7
zfP;wom!`P2mYW$uR07LQB<pzJ^eL#3?n^}Z@E1*k$*`wsrWWkBk-PS(=(3KN-u!(W
z0XjVS@)q@>gGjd&bMp{W<fWgzNxrxx5ziC@4D12*ow+NScU$^do^U?je9Jl4y@wLf
z-<UvG!DUg0%fM2(mU>ufMo7YHHjvK}jo-F)Ln=AAH;dDbujXR87?DM{ttUJ0P{c>@
z;BH-qGRFUO+s_by>mV=OrGV?Qj32tA7SZIru-a!aAam);n?VT9ziS-X$(Q%2?QG=p
zyUNh5Y?aA@dy?rrm&wojA+XWQo|IFV`<M*fQ%<)3cMO#xP-IHG2>NC^CKKn#%^M2g
z;}zuL1By`$LIrZDc`wQ*bMH+>UyLuicU53Rtfo~@$r-diS}rE`0~e>bOj@t;=K<;0
z?V{87qKfg;2dWVLhRtM_K(}cxDhJ!xlVsKdiR6p>1vbnk6Ip#<IVv6BdS62XWU)n)
zyUl5I@Au@rdE%f9X9vk$RY@do6y1Imm^}{O--y2Sk8cK>ptKJh!2>&L$-xJ5gyrU0
z->}ZhJ)46>Iv+SruNg+M(XhG(!&jP4+~emxXa{NnL*H|c3baEG?f7F4mmvE1&tOt>
z#PY=a43_7I{SGSqP|l)BKY|##XB_kBQ`I<$R2)|3Xm*YN_oEW)%}(AsqV#65k@~~s
z=q$E~<70;-5X%cCrl*QY)v6pab~uIHdt?y?;(;XUsces1U^gWLm};Q_Q5GQBna*P*
zl5}mT`3G_t;{sqFx-gY|b8k5eRY<qbl~Wn1)RM>p8Ckk7c(DPHRp_!u<QhL=t%>UE
z@{TOu)h<^h1*c@nWWny7L~SSJ_~Ug{dJjjYnN4=B;i-sEDU(gf47E_QG*hDH1SFwr
zS&p&49s=E%fQCrRiTuEmZxYbb6qf@9jJ<OOYt#dfcCJj$+oS2}@kAu)Q9}-GZNx4+
zS@&xm#skakgxHLYCvfKYlwZzZE9N4<`Hiw-R@3;7U(Y}~D|4M7qz|8XnO^Y<D45SZ
zrK~v^06+Q7R5X{HmY<&q`JbjCSt5N;_6G0?tGzA4WigZK&kFma*=pxy4|uT#n)-$u
zJ)ZP56oaUJHWANDrF(x4+<(b4f2JQ_q$ZaF*#LcTmDy}{l2y;XjUgrj9#wIYfdUAu
zkWl+zcW+l;Q}4ir5bo8@08G|2D3hvaT?U#$Kk>*>5Z9W`Y?je08|Jk)c92suvbYJF
ze!L0_8~`;%4YI6BVs6g^b7q)xBU?Qlg}m!O1@C#hFg`FSDg9^;J3NT>n1Vi=iI!Xp
zTKLRYQ&1<%45bHVqeQypuX3EPX_p)k;pb~n_3OKa*9C%QPYi0>lJ|}_l6@}<1_x!B
z3`Ml`Vpxmke~#jK_>=T>Aw6&-*loCh_nxN<_+MoE=X2<mTTv3O=U8_@5Y!X&lW91S
z{NyDSLN_`5Vj0?^0+%u#|Jz#w{Bq5B{O@7qRPGxDB|Se1pnxeQlctvzk>_5{<>qv=
zgYLT(&iv<J0z>%VQD8Ik8GW4~U;mM3D!a@M3#t8M!Fcp5F;F7p<wV>d2%lbc8yMCb
z|M&~?_=!YZ$SI(P?=X{{n|AfJJ3^@70zn13${&nv*n;YGP!=W?2|>JGns$j?m2d%A
zr#-_%!(g|i`<ms;Ic@s`c(6fc(m|4LaB^hzT<%E#zF^ayAq5<2Zjd&EIKyfr={_9c
z1qik?<`4`OOJ66?`U-+ZI<=-T#icdUEa1B}Eu?F5evix|(1Q9Ur>2KI0)|08UX+Bv
zPvhTs4jZX@wG16%q(G!MlgS<T<@mndCwn9KAuGMv3cK7!4xLmOiPKC@oG9S*mwHnn
zHQfU--u)-i1r0Wz*hmhZOvDTM%GUDmJK$peRy+pp#9t%n(RV;BedmEi^q!O8WwE@i
z(52H#UOkzQURQvL^ew+#?g-H3>hZ&W?!g$G9<}c%GzFnu%iabd^OHM(;1-E&b#ldD
z57G@0K=7}Ar0gEI$&gLcKEQe7Ss#Caa-n_+7h3g!={AlQ6C*t*nB-ViyT)>*lwk=W
zzXI+QgMj)(r7R0QxefI8gL~ytO=SdTX;Ra<g>2x3l26R#lTWtHNfu>6w*0u1etn;u
zpq6jp6iYfU+)n@aEYzL&d0l2)89T<>HxEFD>$S360x3w{EDgJxOUIfqcvS_KN}tVQ
z{S%{j#TZ7u%*&GMv}*(M9emz4K5vJe8}Gu*yKV5IkhwqXpL@J0N#li9eE#X7J&@y@
z3+S6GAVv~=V=U-1nxUZEL(+a%8rRG64ElS$UPv^kBHQMaG0sirO_#abFdcbF-9uI6
z!pB_5O7=o<A@e21l?``Yw4$qT)I*2*<vlUI-sJ<m8%Jr{19B-j{Ff+*xm4$`0Z--E
z*v_ZTZI(`ll~-2_1)5EW?Ol?3u#g=6G*QzLFFZl+Iam<%{JMQ;VXD<^(j4)PeD6|_
zA|taW7^ADFf_xvGulh0AE~d{~Dz)RnxxXmYsuN+Yd@99)a?QLdS?DmF1^tAvAU23f
ztc?9&gO!}@%VUofLOHdD4WX5M7V{}&u>x-)T{9MhR&zB+)3qOVwOkRv9bq*&N!}@i
zm$<Do?M{E?i%-b56-juBKvnvkN^I@3(;2uovr-@~Gt}&2zP{x{pac-}mHDWJaf)5@
zQ5wD44bmQqRi<xTEN9c!hvgX}bouaoCF589{Q%;1C#F6s|3;LV;M^U)Oyvb8uKrAL
zAdAUHPJLd)*xUFYK8r%QNq_^U??TSas=xRp*Q+d0OM~fE928H;#&9ceMUPMW@<#y%
zW+NrHMbQmDxpjQ@KQBdG^s$)j<A=Y_LwG44ihO+fH@K9q=M=V{7N^YsL5DDqzsgGJ
zaKC0pV6<pL_HC{rLrbIRcdn6*kr(v#d3Mguooa^Mj%r0IVb9v3AW0BIDr3((HV@HL
z72t<%y)cCdO4*`P203zj9@(;gieLV_gcRQ4AMue(TCv1IP8T3sczFs1o>`ZclGpFh
z)rsL1cTV)>t01Rd)|}$fo~O+W7rENfGK7`Zf!JK-6PmJ0F4et1HDxh|%361QQ_l2v
zkW4`uW_SZD2H8s_^7S_#k~i;6#4WrU%oNpGGR|xe(Aq7q>?PA*EkGZ!<?~5L<S7wM
zvq>E4@_H`<X>n1PcReYsDTz}bEGPS3t4`WHy0&+NXY+hWi{k7oADCAhef$AAhn=Am
z`blO~MqdEINvyfWK}|6rBC;rUc8oss1QcSq`3Wdf!elwRCmLOjTNUxh9)mtszH-s2
zv8V)%bGExZ31ZMeorw1J$D*48M8>sUW1_Oylc+rq`@s04zaM%q9@WRYtRlw1Wusrm
zBXP`HtTsB3h;n>$5>P(E%Qy-P=|zd?NnFkso)=)Uf(pP&Wigz0Tr{`<@}>rdmwKT7
zO%I8?dkP;Z&i{fOHC09Rv$u5XHBcqy*zL?x6+>f>$yp@j6Zs4bIqr&qu6_?MYZVAL
zfjT=9@3uz?y<&By_}D4_u@#^c(H)m*=V0YUq{7X?UqmV+%v*6BymM(mlI|th_DFMz
z+pIYZ+W0=tVHKowEftv9K>#JB^u5s2KLk72n~5kYR>doM)X|dS)}AsTva4d9#p<A|
zlVGjB$0(Uie$>Bp1LnaPU(&Pkuh4%;;)nkN`gjtGCgmT^Vu}#GGgT#Xo6YxBD&!&J
zb}pI8<VSyX(666|GH6#LG>@Lx4_Zn!hnk;VHoKEcT_JVhM(71epw-1^Ab(jnZWxFj
z8XX=Q^pcJ9fIH1ejt^9oqSL<zrvN13C9zs^sY)$5unq8PGG%1ne`S&vDsrR63z{|#
zEbpqvrqh=*fzi(ZaN(CEy5$(Cy`U+oR;d_PbxY!9uju{fgMW3;Ps;-_Ok7P2TklFW
zI0}J`O+y*juTbPewu@5l41Up2OO+Nqc7C*nq9<^)>v5zx-1!T2RHj_GwFwv<oF@6{
z9@4w!bl3IH&-V>Q5&k9N1_`%=-j<HU0dKK6=&^KEitb_z%LntW$4skC4;f=*=h{r{
z9i?57s6@>h&1It{(M?%sUaHHcHL~tbqIG7J&C3GVq1+{NH-|(V(NkHVrp}U4QAmxs
z<7c5vdgAx86dIM)OS`Nnk3z|(kUD;pe|FG`noHawNXY^wAfElDs}Pqfpc5?HZt?vk
z3l$)`A{WN2Xv1l=)r?}Y*g0u++WDaqC}nn}9K!hGvQcs5Iw-zIyWW;<qBI#j@+w5}
zjAf&I<xLS<o9<RZ62SH;pa3#^02T59SVn`(Vz+X6sg6}N?(U+e>Y(OV>LHX&6JD36
z(HZT=ENYqxf9|RRX$y*)(fHRPbKF#pmeA8qDDpN##>sT48O8HB1&dvH_Iar<dZQ6#
z`+T`j0~*=s#?K)r|Bt@}IgHItnY!KgWgf5~<lxE3*e&qF@`wO32Lv%f%2}pwbpa3v
zJ(!7OleJv(EFBh|zC(q;N8%h}re-_+<{4$CN`Fuhi{&L{`I3vl3>T*?kl9I_zlQZ>
zb5Nji`?^Zd0z@DEE{@aLRp)9)beMdvN~jWLE4a02VXM>5#9=l7?l$K7TFTHg6lW6<
zTCDV@rxggrzz&P=KsmIa=cU3_wffgW-N05~ij3+}wlV{YcAGZq2DZVJx7-9M{Hc+l
zaPJ*B23eV<CtovPhu!yaC8|Q$YNBa3pbXru8_nTc0?t>It$?jd)b7x=bozEoK~_Ip
zRxMo1buC@K&!(a&C`a)WS*%*g?kA$D;`tE;>A*E|^Atc<`(aeX{3Iu*AP4(d_qtq!
z4YTOhY?Q<PK9z%dN<aq?)UJT6bHA(<y$hOvT(!(yzXX!#n+7DIuB1)7lB=|UJ59dF
zYk^>Oi*v57h1nNr0;-5pV6fTf*ekkKc3OOE%#3c7y=l|(@=h&uPOBlGdn|mvvuN;Y
z)8e&DH@M9=!-i^6j$H|R)>)wD>zdkqyX`31zh5kN`oP0_I32#%9jFYF{|X~wQcPMX
zyLCM|eHIs+v9b^BX1b*w3m(I(euKuu<!r6_oPuv4hnCc!BArp2*3CxdfF=C#g{X+`
zsX@6RjWRh4Dsd^hT?qlT=&a^FI$W~d50>vNx~dx3>_H>+y#FN5pxgc;chH$L&=0be
zzU<m_#3T9;%nd?nc@bo&HJnZ3YfzTYI1?DRx)1Hzby=q!++{N4am%c4+gZqr;zY2x
z#bKiRqp)B-%wgaH{grzZ+eg=WyN7#+=)Nf^-<LNVAwSn}Sm-q$DeI&d6J5OMjoz3@
z;heDQ?S=H@Oqlo<IPHS$fb___at{5o4dsP?&{^VA$P{9>_@>fX90#?8;IjCZ&OuX=
zib#hRkt4d6R^Q!oQ4ESzIGBSKj4aX|3@)4RFLl5mQgk+wJ)#fAh~eNi)DTO<2%CB~
z`YuiT6RHxn3NiD&?}8othhO3Z)vm#&jSUMq@6edQSnD-uVA|mG1#5)(NsGV2#T-P%
z9^{(9h{6qA{Fr{%0+ZTu8f#56bZZVW(W}4IKjbU0nTZw56sNTy?aM~1Gr&}&03)Oc
z_?ym|tx%3QJ6v|(%zCsC(a+w~9kDKlZ{K`Wj_{8K@)Y&k$>~g}-?UT)f|_bVMXKif
zp$w2PO3|v%LhKnUMXFLyp;=Ff5{+$v{9!>KT2?+L1{LbIE1+)E9Y&Di*!HJK|B6!R
zH6MUVds7XJ3YswgGmQ>af{c;05M|-5I@)ph>J}m>VY;bVk(77=a;w$Fg*=_UL}$5R
zW=z1NCGTn!Bl`89Wd}WQFN#W5btR!%iLG!}9st60-hd{`zQ_|i2MopHbWwJ(PILR7
z4pg`A+C@yV``sZ0RH4H-z|;)#XsC#*l5SmoM5U^C_;)Ss&C=*LI^xx+3ygX@OO%KU
zD2b)Os%1?Xsr2|_lu^J0%n3?Y(>>>*in<2?$oiJnRsIy=5D6MC!2pLElu3c8*&a`g
z#B^<llvWE@)1k%2T>8D$D1U|$Bc_zCu8~;c9<*cucTkIZb6E|Tz5`{b;f=qbG&T34
zg*mGH%x>+lna%cEu<se}OW`wNI{+eJO!PO6s5a(N0W~c>4(i?PkLB)Y=nZoFXmYs`
zQVCj(Y4p`iXaU`F2*sxG?o4JE?=DFoMyV+rD0%Fmb2p(1=RG0lU?MoX!$L*ENbg7=
zn?Fpp7lPg(76JaC2bZE^dZ5^tnyj_ZHTKZ0tI?Dwu8`8wHnbo|ElDiqXmWF)exaMA
zi$WO~6aC(gVUvIKi9DWL!=fF!V3?pf!W?T*7FeC4#l(AiK=j7WGbr|}smn_Tn!s#y
z2R+<^@>x~g1iIuhl<Rx83Bfjl?!8d5r+a;ecLjJ828TuOYd-b&ZsWZ_sDTw6`gD5>
zY}95S^mzlK?ajzcjenP~qH}wZD@V0Xixsel1$|g_APNciYfjL6+fWI{h`!K<j+H=!
z91F<gYw8&WhX(x00=85YX76USG{>xna7yn^4&LLU_Y^*P5X#w0sHebJ7rjoOZv&C!
zxo_m_&S(gFbf=$wtY+T-5iRuoG6=p)mjnOJR(7BO$ZF*u{7Q>2r<1gL3h28l(2Lm$
z4^<iq+&rOe?6UgaUkM^B)F+5hh}bG7`J@&IwI~5yz6w3ZDhl`;3*vfI+oz~=@efwT
zLTzRd&7KYPsYx!Q*Pe@xvivZ$wN1?GXrNQbpyF9kHvB0laOZ*(7qX#fQM_@4{w~GX
zLWfR6(9L73(IG&2naG7=%NfFFHd9lbF*jC8gX*SRFGLIJ=^OkDU=wqHUOTecM&Dk8
zOt7#A&V_|#>1g!BB;#-$Fe{}#4Gg95B{k?*+_l1B2>U`@!Xh}5MYl*cu}H_Y5Lhj=
z_<U4@pA~bbDQU)b+L{RSj_X2C{u@)yQI#)27&fswzt@gwbCUhnW&2jIMItm`T^qYt
zn?GpV+U@kZZe)qP8}<RH*T$d3)<`0vk0Uro)yl+Zb}_>g!6bv?^62*U$XI`4Fo$HJ
zar|BZ<&+TTLsw4^a7QmYG@x$K@Maj5UqHaZ^{CVgHkrSlhf?X!qm4DR_&hWxM^)fB
zAdsQQH_t2DsW_~p^yVDjhdp3y$ky$ByC98Mb*){#X%`@<Apho_e*6erzNT#^LfL-D
z0@l=K4#7s>&^7}z`1jT$a|{);rzc;78MG7_S0@7*acAr(FOEz%u7pUxfuksv9=i}l
zCfH043!llGqBpLRvWhk$OwIR1FN)+bX8ys&8lKb)4gqHLiwltj{f>_HgE?l)pX3Bz
z(+0EyWrg2I8yBNSVtP<z+zzp*Pm3<u$>)TM<pvfp#?#?xX$O*gSM;MKL~j{DD<|mn
z$k}Ldwj%B;v?&(p{s62_m)q%sI`r=&Ry{rerf(6`|8t;?3v8UeA8$m!>mdxyKX0*w
zf6=xxyXa%X=-q6^N+Jezh(&x`+t6a8fA9i=zC%A61~%~6n>db68A0=D%XDKIKZ@uV
zqbL!;af-E#76i_v%CJFc3@2uNpcOqbh_YjpW1pU!ZOo=~7o#}ZdLfFAg7TP9l%j4F
zO)2887B7#5hvf-(Wap?Vte|z1K+#{tj5vh^g1G2cBj_7F+MNRJ?`ko?W3>wDo!uaY
z^lU<pLA;fUS*M_=_jS#kwCy5v6a8p2UnHlXkQjlLY@iS~xDJBit~i+#d4jipAOy-=
zw(BlqZo=qrAIzHvRWa$OfL;@4jG=QQ*ngN%;L@Iw5GKR7#|K*IMC6nkT}WFm0ok5M
zOzpK8s}WQS;hT-eOVMS~#tgBz5a*;4yVJq@`$*THn-*UJI(dr^`m;{h%lWqjdJ)26
zq=rl&1TZuViAo))bneCwoamyE{E{OVX;|dZ;6RO}i#w_@)(S4DYTgQE2x>j0os7fg
z`|?usB!UPVb%kAmApWLp=Ct}wU5<XvLt^~x1g`%f+6hAQhs4kmW9VbpAud4+4+T1N
zLe)t6_bteThcQK4z*;ePD~iB$S*kI+Rw)eW;UZd~DkM8yHOc?*7cU4ISTpeQt4n4P
zOI9F|&CU4}2HtRlqhIgZf(oKVC=N~gM$RwSOWiQK2r5yv6(&ux-B~?dNYZdC6ua&Z
zjwgR4jS%GP2lcTu6nN>PTz?FNSQd-GW03$@F%?V}F~heGdYeH#s0I+RKpN%5EDJSo
z2$8ozB;ANVIIkAJiph!J{UI}a33@!-sKm}=t~G%7;4+jI>yMBr?Lkvxl?WLRlW`X0
z`eRg-$%*y<EU^A8;KKLNcaRS;@(_Ib3-OwX*)B~G1YNcYmHUo-5B2i4f>p-}Jmqk<
z5*o)q_nn7I+ja-<A?=E)h*A_v7NO7#S|}qje-wlAJ47z9=fH&MDcM*~KWPHzk;%v|
zz^OJSD;!8G)xo~z9OIvw2}2wJZMh0m88{Tve1(gRR%D0%Rd+x0|Ff~xzeV&1OMQli
zx+nlfK8-XPtYC@&?-soNw01Cyi_W|n)kb~-D4^S#j7OkkBqvL-b10pLJ4I;!9PIB_
z=w=BTeihaWPcI)t#=6ZRxDNHyt0)&PbiW45OfQO7OQm6mJh<{grqpVsF|$dK2ow`M
z4kid;7lPA-U6RE<7n`AtZoLXjl}{}-e)XTAw)4XPY6Tlf6T@;gGNC7#vysU68Nypy
zjk(iR$FQ;?g+H0uI@tY0Omt<Jj|6lI`cbRVf;3t`y)_j~4!1@drz*m%?u>&wPnjhH
z3&?~m4}7A_e~e6#i4XzKV0eWsdZ@KX>~WB!NBaZ3liqO+7iQezlv*B$BnVNedOZ{_
zlPjS&QDh9~=G@l_#+x~Jqj@QAZJ5^z9@@d~i%O>t-Hpzoo!KZOrbcqW#i?$ZdJkGc
z&Nn6Dm7<yE7A8K}k{gjxaai8G+*qLWuf0*}Yz{KJ#^^z~!YC215+R%Hf}uP4#X|TT
z(E`dh{)(4s#OI0!YRSb%S$Rc#o_Gl53J(R!6ynwVDbx`xqA3KO3yw(+ao_qRyhgmb
zc6}-RlAt?Tfk52Jp7GLuK347zpRcyz_4qEv5JbVgzwQ&9guD1VR+8nvSUDEFR{RY`
zQ=aC<QgFBU*toTr4qcCK=k-Hyk7xzOHlE-`Hn2yux^R0YJ^eFq_5#MPhD7j0e1Ujz
z!_ESF#qIE-@~3DA&-=#fL?4jhy%xD?$~~xwEV&^GuNRNir0hpUB6hC`8iG8lY&K6Q
z3Ud?sG0(Vy><PF<mrWp&r7qFqKS31~??%RKzaH1w+tcawY%Hs+kt}9D^%Py6I3x$L
zE+F^lS1ip4_p!fun$J}F>NaGgOHRnyxCSz%??g>0I+uOF_!J@_kFp#ZJiz~kBo<}5
z13TdJ$84ZmZQqAld18yWfof2U0l6v<(5I_$A|4Vm)H{u~?m-fpsxe4%KefV`BdE}&
z^;c{Zqks5B5nF}Zc=`h#_9rP6Gt`|$zjzt&cj6YPc5`?&$gqokjuvaO7rearNgi2`
zM_7l`=p(m6V$;`uOvIx~>=uN!Kg`40H}MhEL!!4wXz87(A;>jz>Lzp!57fShcXOQH
zdlImHvDhjQ-JB$r_Q17(v+Z}F^Lel{-pq%XEXY)Fgx<aIS+I{nMO0l-Wa%Zm)9kQe
zpCh8b{u`A36n_jrzY2QM8l^84pg~aQQ}{CRJJ9X(_;UU`ggj<wX7tqs#v-<6E%*xd
zIyX@(5QrfevE^wWd$pu1C|7q&;27suFXJuBx<E`_Hrr=s(T6_(_t=|jjY(|C`dzVr
z=&igl4{uARKiUH=8DC=_g+Y8Jhd3=Hc#9_e49T3?hV?wC=ml=8joA7QU()CCcX_WI
z%b_QM2FuJzpt=qikzk0n+3-9T(Kc4Q%a{8kc*jIx2onz+Vzywn6LK~A9c{-k)cD=_
zPEHIft7{lchl1-D(oOs2(qc&F))Xv}lz(aoc6#^_6f6-Dg@Je4VhW;`g1&{n_`uqc
z;a*<Ou)9{3zoluAwZ3+=XPsw6iPEd)k2XP)B8af+GbP8pMyf2UG>R+0AnCetlSOU7
zQ`AL2E5xVl+9{ISnwg*is#cbU0_!*4E6ebM)s3ey`{nYnK%IyG85qNY$P)B7S^W?z
zwbz+dn|yypGGzC6*V4K|oRP$;A^MZx$z83+;;PV8e|~$j7>A(u3S&j(wr+l%!<aVJ
zUA*`oUWAD!$O?ExvV3h`YsX)N|H&wRcNM+!pnR^RT$wgu<ve;4RwhsvFJ}xyBdv-A
z<%TqWE`*YKLrTE{w%8LCZ_s`M1&hKIm8@@R?r3YAx13!Q1+xfTVoJZfPfli4{9_a0
z-np~k23oj9TU*pVRjP!`g5es}1<RY~x9eVINtN^Jn(CVC8#+7M>YCdZz@^*TPwC~!
za-Qy{fO=LtG0c5-q6S6yX;i|!za8xQ>CO(g#aPpS%mSq^ZCM4iF2x!2)j7XmUWcwj
zlhUEpPofOzlK>aC;=kI9?O*6cf1$!G1rGa}_8{)64Ze^dre5jC@vryO*}kZ*O-Bha
z>b#t1+8dc$lC4|*l?psAT@Soshui-Ms&xdI>;wc~rC(kGMLws8qbuHZfIQf}h>V@G
z{py2D5Z*-pw_i2)SNz|8W!qi(H~Fsrzy123?pNcP?N^$0NM1u<I0(rjcOH^!mMT?T
z!Ntlhg$>keV|Ds;LQ)y88Wbdy=-CDrDCk{>Ks=sTh|}RzX2pld+z%^IHTmO**NiD4
zK@;3)5nMzyq{zu6)m4~uYPCZG4-dtepyAXr?$P8H0mx=95myR{*uk?r0w_|->DRCK
zbZ;0Mgq+}jocx^#<zk}v@{m@VTXmHigD42uS>&yEvgm!+!!<rHLgB$gb=$D3hRC6J
zvZPwZWc}PWz|mPlwNbUMlo=OvnTIKG4UwP7c76y|vKlMn=-mB~FUf{A!GZ_o2DT)B
z+rWL6BWt0!k{EhqEx*|ko~-TSw+g6_gR2?wZu+2|@W%LWMB>l|E_4&0|Er?s2Bs5C
zq5y=IJy{hhJ!y-<;l?K>VTT}r-)&e`MYnzl;h_v^S<=W_fgN7hUAu~HFjG-!stTse
zmJF(5ve_%E$F7=XxX=xvG|@lwOZKexX4!PESBb7d+5s#<Ws7F1w<@NEkRM6As=n0<
zA-HU(s6YJ$je@qO`aaB06eve=T{2zvD9Yw(&}<LZLeF8Wi(V<{A#FJh=0+C69g=U+
z^(#~m@^I@o%G>ocil$G6`(*2H!X#jnzJ(TJFhkC|0E?0rR*MaSsOuKuJYVGj@TVth
zO^rVm6Def--3rmY%!c7lwE*yWip9Yr0QB4gYR1Kmm(^?GDcWo-hT?drL}Xl)K8$nK
z8|3NU`_Uo{*{fe{@&n>96w^aZxQKps5)vLD$s&mkJqbSO51)c?!_hxMkRm+WNNOF4
zH1|^I3ZQaXEiT_ZhfpE+na9vWf5b)HH)n<PbR)}-km=zK#z<c=pbGKJZP0tv{3gm#
zT3H~ez3W1VdfxmC^iO_`3r&lQQ2Msoe0%>3HKHV~A?EMe&mD#avVDCn{ife&@~!cK
z>n2X&>EH!v%85{L46&CcwOx*H>Vpt<19r#{^VRnd<}cCI@8A;O?GHhK2D?-ReWe-4
zW`XY^L4rO$WGwLIJc4S(^(W}Gwvo+{MZ120GbwbEM{jx*olMeN?B3#S1=eg1-<^*k
zClWXEB#LDgD1oT5T2>o7m!^7+P?h;GWIl)@*D0cz=)rFC?KpyFAzt%2UE6`(0+@%S
z3fU+93Kc<s1}mAIDO&J2ajV_N<2&i#D8vE4Y_jO}zeazC#EX<4Vo?djYIhhaf!IWz
z%=Arg3cw0x(GAZ66&&lp)pXi#&|zNVvs?=m<eaQ}3Q|8r(M|AKv3)22hUAeapJr3$
z#k8&!uXqrH&1~gmpZ!K$i5YkIJ_O-o=TP%QxClyCoq7!w37hX`V+l4aP@kVzig{hC
zmZ!m7tA^nK;08mr7(pP_VKY=g9z`Wz8XwF8>UXeGR3=>`2T;M#lRyQJJqJ`E>OeVl
zEnEf{Pk5l`XH@3Vk1sLC`W!DHw^C`zt!?Wx8El%iLzfvNIj(*09ECteQJU#2@qs`P
z<Xu>fBbWX@pxL@EZ2;hxF9Cq}zsLaOm5}D?`f&J8{T9iHUi=a)dV}s2#3lcp;s1j_
zz^lu|t8&I!7_%({jA`>92E3B`C*ArESf(%kJt~d?^VA?*l}OXxLxn-sYuFfc>Eoza
z|JeLAIB@+P&3zXw(H9Q7LJJ0zoM$wrHWvk!0$@D*E}9qUi-8dM%lsb7j~*G^;2Ef<
zHxFZJGAM3*54Gx{SR|kjqyo7RRTL62Dt*tr1Qe(%H?&wZ6uSrtnp*%|RxBu+?tKgA
z`WC;8pa2J}7SyC`2+PJAF57C9d@sBLNi8gPC58^YhNAFR(ULpjA=%JS2rV^XDN^8f
zn)V39YLC(#B}iMmhoX0JZk)fu5MA~R?9+9xL)KgBUB=i5=1e}s5-awWpd?MrAA0C_
zC{z3Q*89+c5(t48LGu2enq#$DhbD)?B#QY|UkOXkxx*EwfIA#~Ln#zQ-@6$Qll&S)
z(cJV`fa&R1(aoZ&k44v!3yAtbsGG$0rh}gU9b+S%^*n?E!Ea!=dL4O0DV}BGBe7T9
zCf_HoGi0+OJe$RvYDUXY9p6yFP^gb$k#v94uHQpw&e0>GnI?eCyaX>?6xajaYp>Ts
zkMzUj+`mM{LH>=c8*o<8qkZ?Ih5C9o9XgOLzLqy3&Wl%<S*d$t^WAd-QfNd4m|MiF
z8EiIAr^8@_*=Q_=+7JvW{Buqy6xd8?a!1;HoI_jwq)*`hiYcHyI3lz;qmf<z(5Hd`
zoiqg12H7h>Hgk~S3aXm$Acul07UH*s3Z!b{iyunG9m5s@8_v;Y%rN{j$dnd<`vp*#
z!$r@#MHOctwV;^p`v)%afjE<Zcx8@rbZB?^YX6KDBiyNZYBQO9^evE8@OQ;inR7_k
z>k>>#=dY18f6>%OfT9jR6i89o;x!iO-98-6v!4$%IkpSu>k?Q>Ut<)c%}<%C1I^+)
z`WJAH@EQ<Zx;Hjo>R-`pgu8W59lri|Am0gl#8b}SAPUA%LI>YLdA=9lg_8nbEne2L
zd0OFuawaV6l2k<IiC5A+r2Ah)rCd}F%3Rs@6u7=RGa~|7{`BL^jS_wGFl=dklFPK0
zaelh4S3VToavz{U4a)#%42BKb34k)4MVEbma&I@ij}Y$HPT35b>;n*b@SyIg&G(}Z
zAwm@I6i+#!+Mui?Bh*lDl~)RRrX|#ZK)N{Plv?|7z@?><sy0K0(JI}pX~a2&E_wYT
z-2@rsCKp8%`Cj@6<s!UMHy4*L=@UkuUhPwh$=7g-(Q<FHzkq@b9N_yuMSlXn{k|HU
z!x^W|0x7(ILvv6`s7XS@>6dGJvHGU`gC+PWM}osiXWa~`UHfaW$Vaw8YUUN6p;PgJ
zF6p^%DJ{73&H+i>>|CRd5y)^^^%cZUSA2>7l%=Ggnzd5$I~-V6j?E2uzb<I&PgRAK
z=~+j0BU{b%<J0Kx+*^pg(M;27xh@(18G<JgE>}L7$M-R0y~_YdYu9F$7NbyhCzMox
zWJZtfX=4u$`e|&Q-*7g+LC^3hJvjro=L&?A3%wJ3QwF*=JtQ0RXvO`;{LFCu(ia{x
z=19zc<iDvt%;<EP73V>{_2&6BtqiVfVb==Hq@{lYPwqn{a&oLX{&o9s3q5NEjw@C&
zsi3G2Kf!hRuq}K&xv=K~$)34>)f7%1{ocu~GOUmvt@{VcG+zx3lq(oH0;IADn)4Vh
zHs|yAfsyUtea4gwe^=t&{D$^=x+53o#V8ec>G7}NxOwF^lpN=8N{@Vr=I1z+1YL(#
z1-^-cuK0jO@d##~%Ak*897CV}9BAp8N}ND<WBfcz5HCIsx#I!ag!q?dBk`YvKlxnV
zmtccdCx{)U7z||qqj7@o>nNO#@Oc`#x5Dud12uv0YW|SNWHF0i5#UBCnbg_6z6%QQ
z^$o70r=p<j-_K}rG|r0)JbmFtqiH$!#VG~G`Q_-<{(HL0bnikvpAd!$;lg4FcAbg;
zhAFEcg%dG2Rx{lGXuN_RYJd#+?{S#<?VBzuT>Qyl)>L2W^jbUDLnL4@jq^xGardUO
z@R~!;1GPuQXN=7KNq4#yWzzEY#^!|*_@bfu!}R-&aY_8Hd9M}xO;9p{o}7w{3e~^B
zImg_s)!M@6^rQ>tXP4=ERmY|KK1OxL{zOhiR@EMuyZFTIY_r=fRzo#RysMjs1whDb
zCnS4#)`?4gJG=eYXt2NwmL5o-Ps0WD{TVoE;TeCUMMRJ_3C4l2H(VOW`eyrg7Svb8
zIhAJ$P2C|hCq7V~gDzRG=Y4M4AB#^XX*bL5oCPuhhuk?g5cps$F3j!p_Vy3;d4kva
z3A#HLSH~!C>9XBM8*MGev1_XI20iWK2n#w~f&h`K+T#5IWY&&=Wl_0qzE&}(s>{rf
z06K93E~UkBILSXW%(O05VOt6hfSau@yH+<}2&~@~2WeUsdif6J1rPQ&K~8!xUuJL^
z^o~HrC!L!CMwp>Ih*>lhL1ODYu{e>oRX}$1>fOeCdMpp8Q(6RlEJ*~$vCj$hB(zAp
ziz89#TbvhA1xnL*R!(??zQ_<-NatnXjA+q<A=StR%%{h<;*6I6SyZ|ODz)P=Ocn-X
zQgg81&F98Tx0pbt)!~hzLXcCA73k0wS*W6I=ngOf-B1K4AV=G8Z-+mR7U9_}Pc;eM
zqv;sJ^4THlM;h;VA}Umn2IHjr>49Sn#!IKQCLBx6pZ{;6PB&_JD%?M)5F1ZNwn0%%
zRvyehHxL9MTZ9fx#aU>GufHhCOPhBatLdBnL~&&*w-0}RCv1r-zK#*BAE^@0k2eMO
zK>tQ%bZ!E+*`QuZ(C9;5n?3Z<bexH9;loGr2S;FM(_>TNgiN*K=qUEgLyN7rTKTob
z3Z<>ZxZ;DZDqNo)7+57Cy2PshAjC(w7HB*kzYUx4*mw0WEcDk2_$8h7`WnuQIkACS
z#cww5QZteTv85H^lKj0eBb~4j)Tp%x7igk%&4sv(7N3T5zoi_G=Q@VG>{xxjj~8L6
zaHQ52^8eIqggqQKZZdG1ZCnuu@UTwBg#_oj>Pn*wRCJXP0Uz9BOh^yYhCxc-OvUk`
zUJja81tk&Z(v8Vj3il~Myc8l1wUY2pIfxQt=1{(tZz&CkJV%Mu0;4HKz)wG~0ZE3z
z74LsBLhE*exXs{+YGGxfX&r$*D^&seTUm&+GsE`wXc2A!P1-_d6a4~PeNQCfTwFT2
z&lGHl!c%!0hkh1^9;&@au*jP6G=~JQX9nA-H$>nb2w*!S%m?&%D$JQ(Z%k)?fijUz
zAUCunt*gOxDRA|rX8n%@n7r9yHk9bV({RGq({Os6Us7N%poU#4EVIg<O6U}j&*KAg
zqsMOtt2*P1SiuF|K*1WvWKw>pIG}7!Rp@xOPN*orub~S*s9%J}x(%WkjPdL^|CjXG
z9%Bi;Y@adK51(M4X(1;MS1ZVt*689e*WZaN(b#c)7DH+YM@XzX3_WGTb!j1Vz}KBt
zq6jfp#xOvIv-?ab7)sHE)Ac^!i%`mG#A;EH($5PPbat}J3v5Iv`$ZR|K#j&*=!Gd@
zFws8$Q3`glnMOv7<a&ByuQ9vE&v2RdRJ`CxzTiXFp+TKqPDZ#f<5F>ZksoTo5OtdB
zha7tD!LS2+OXo|f_QaSuI~3@b*&u;jl7i!7#m4OIp?gwr1wR_n{E+hf3GmUOI&4hp
z9@KWj&jhm{68b`XgwVeEiDb6845fT%CHbq9%dTKQz-47ug;I{L6_gF<JmQ8?;0e}p
zd=_ZTu--XIx>od&BD{=FD?xEkdu?~3GCHdv>vlMu+;!8frk;t>q2dHAAm|r#6|7vI
zt~dWXrZ#RL#RchFl|icFpMk<Cp&AZLcKEL;6OTDiI`818d{MaK<A8K6W(p1mo5&*f
zbdJI=Eay9T%U$!Wh+`H2&oHZ&>hC0=3s5?WGfVXIQd&cLmog^PiX}Swca&XmCLjhT
zoTWyUXx*Y;@QJgUd2X}C&CM;)D+@)S*A@dEN<|>oT~v(IVswu?i$FF$rwjPgA09BK
z&`&-Cr!PNOO&s}AnjT&#!gJz*S90?L*p}AZpg$n&^x9PXmaxVAlS8A(3=ZF(Gz^u0
zE-Oc|S;}E-(N>T9i?+4XCuQL6h`v^VVvCg4VASWMnzdiO&A;Nl7#lcEnVp;-y2WVo
z)ns9)xX!*W_J0@V`z(G!P3PPP?ww%!SE;Gc*{K$C2qBCM>DD})lb~rq(QU@^IR6KH
zRUy<KOf^~Qq5X+fWVbQuO0*?$Sd_U4ZyXe20zqe{3ziLd$h*P?oXXpYx>`{0msR^x
z$LJmL^m{w0$%PBhMI6egPWFsSIY4H-x`g*uFiahI5Kf1iW`P{<tH9Zb+Ry3Cc-(|7
zZc$~A^07n}9uPbw%~){pWI*(IJOZbss@*7W6uz?OF=I>wTtOL-Jm8dOm`Mq0Pnp;O
z@{cyN;Cenj7kup?b~BYC=&KRUL7fyG4hnu=>!BFD14>4&D8xCTFsmo`tRP5k&_ZG{
zxF&+6qBF><0N4oTEPJ_76FN3K$TPxxPnX?l%n0BRpigJgZ+a~B%?{`$j?aIgKj53Q
zCBQV_5t^SG;pj#_Uw$sz!6U$|N5Po)cEb4d%}9`hew2rklG&e%B*$LpfL1}R=AdSU
z?}~vHg!XI>1}`D*a0+Er`4*UOKnCJ@Gd#(W8E{JJ`?nh7lJ)QDmfMX}nB<$xDu{@-
zock^{fs3-H0Lo|veeh2iFW{G^s#Orx$|isdgCU1Q=47nH3W5s@%LzaR%GTiMNT*0X
z4I|cWW}7oFxl`AUUi%nW3V!(wtnRK^pqtflTq&UGTY@w@kAtS;Ah{eQUOmkWR!UYk
zT!2Im$HOAAP0BGtcisd_0BngINH#OZ(ckQc7@-no*k)*;%M$Ry(9ZLC=MHhWShZ{i
zR$^1{@W^Oa9~jq$d%{eY^P;>YT{Ax0L~Y6_-7yQ7bB@H}2x=aF%K02B!3-_It8h^-
zcyD{Bf>rijj&FM00+CHH?+QBme&Y%ZK{kvLiCJ&6;?{{*yMT`)4l@Y5NzTP7h_0D}
z^d(RWc`JVJj~&V_l=~L|%%;rP&(?bg(4^=m^d$IX&~G_xIbq&2yF5daHBqb3(B~gB
z=H_ah2fDYdR-7N?G;ju{IpHvV^s48jdVQdd=!^ISg=rPS^-LiX6y6TqLhEPy2A^#O
zpY0@#!%n@C`%NaAdSf_$$^5|7&uq*y!$Yx_9L&DfJgB`MN)9F3Ru+0|J{U)|(n|$@
zFHU@LkFnE@o+^N#Eik}Abs2tX@owIRTL2tTc4r#2;o48XxRcnA+^-8j5@Uutw3VJL
zz*#9_8dS$9HyP8q?O+vP);w&e;~2^e+v)SSgRK<QSauj{0k70f%;x*L5T_|IUEBE^
zQFsZ2lUx9|Z;);)1{TYt&x}p*K&Qv5Z$Su6f*7x@<DfVLlTKk~=n@eB*#^aGBPM=A
zp(P>6=_0*q__*A=#ljAmcdK9A6&QR>(4qfEnKhRO!!beY;lVx+y=RBfN&l3G?FEyy
zV#-Jf2q|1j4gA!csna-+ZgFIo4Q4HnqG$aH6c+S(cTNcUne?GfsGKI8hFbJHa{<c@
z9Lr|^<j%MsHs#8|R418wEuT8San1^=3A>U~9gc1_;@rFoCYlwL!39hH13TcbdThVZ
zhz%7S+8E_?sIrU~<pf~RpxesFRJNC$`+?}8JB`)8b;aQ5qc@k~xGV)^ZQ)>>_A`gU
z4uH`^61H;!_MI-l5R1vaEmFT#e`<!Fq3y%TO-poc83gTJQwl?8E6SU$NV0){!s|Mk
zAy$>i6Wm%rr`RBX)-(mq?rr-af4koXwwNIh+v%67@Qj_^>>xWSgWKUv8*a<7DEq^r
zH6+3<XK<;)9DaI(DUR8?c<*p_b5_hwCT4W$gp>jPBg7JSjNxJHeq&}<*e_^T1ul}9
z;x54@-K<Zkd^QBaU#fK6$or+wJ!Z_yoA@=@qzi%$FDswg1cNeeT^X3LSc$;jniatu
z0X)LRY_;)Q990Aidp36V4h0M8Y@6}<#(*Zs8c?Ym=jVo*A-rxJqDLPyW~XUqCLVtc
zhjm~^^lKw7RXe=y5T0xFFV-ZmM{w8`z23=7$SSbYmus*Td4mdSQm0p`%FNGCSQ0r=
z>$RtMKWMDdKRNEgQ|R**;3e2Q4Y!m8aHqnf!C@qagUOe0kpa}I_7f33Q35WaugdTn
z+5Y)xzKimI=XSx}7)&k|@YCiLSnmN9e43ojMDcQ*of1gG;O=r^Cy{2rYYuCADsBu<
z=+S&EMNo755-V^%3JX*WZ|Gq=!U+VyP7DR9z22o=10c=T!x1~&yLOb}GMG9ZgXX$(
zOcV@*1pY7|mod^Q4ftX*!!=?AR9YME&E<;k^xW0e;Qy~=0RYMq9!F6y3E0&99GW}%
zqQ-JOtP^+;F*^PZTOkM%eCCrO;>g5^2=jF?CbD|HVOnuiOb`2N5?pNi5)~9q2KpHw
zBThp-Q2Bh7jNc1OJn`CgX1d9UKUS^VI<|X1w@(R;%wpocR>2SHiAr!>Fp&u4HS-jl
z5dqwnJ*=dU%236@R*q*<rkO@-+cWuxNBSgb4=f)ago_pI_EHvQrE+tjfC7`(RBH<+
z<!AZ$g`E3`YtL-7ES#xAM0JE=fSS%Z8_dzNLG4RDGvonH5I_tPUg2Z_Gke)wI%@@v
zE%FC83GSo|aC(5F!NQL?i-RBcA-#&iWB$WVOqaS`xT5CF+JbVc;v+#D<<eSESs=9b
zS$smqGwY7IrRw?AbSwHGp9&9AG&|smkuWPdIvVOM>*p((sar|bPKB73&jg8q8$AYr
z$)*RxI66wrX<%4js7}^W*c?voGZ|_f5RS}32H@L(g#!poiI(Xc7-ctf2h-R|4jFx;
z5+|kUTQb=8-U+6Mu>%n5?RQsa^>{|Qdi%UJO6z9cEvK$hEp>%&rl&IsoFShss=}$s
z`mwnowi1GsxyT;+Q*(sP)oyr;?|PVsl6z6FeFIn5RN*f~=EVa3LWrM`d%{y`>ZU+W
zfiwlj`>!goYcEF~<DYPIs|BnX%;+|x<Xd#|%my#rIvdWw$LHYOSoIBkbq>x8q(O{5
zV$6ycX%Ju<6!x}2Ti0CNl&qHTgzgQ7r#Y>O0~4YxS5JlO<0p>{y^=#I%Hctx5j#1(
zJolip53V<+sYO^S?1YE9^HJM^`J1$92WC+9=xH#BC1_hc2Ik-twb&+u)X=6ywZr##
z4TfA;7X5G6zHs^qYQc*&p?rS{Z#<3j32^%}$C+2n6zGH-@;u<UVzEtHo=L0BxN7FN
zHUnbzhs5c!4Mynnvv9WVu3okc!PUmNU+K4Y%qg`vaJ_|~Shd(DN6s^R9TjqO@jXh5
zegTF(9?b(j>@<454Pu?Deqr1|n@o5lClITvA@s93c9d@1hUw5Z-S-RQbRS?~7DCTz
zMuF@m9?|>Je;EsXw_30p6$iQ$5bCbRc#eN7Y`IW*oTVFSELXroH1=FkZIcC}+IY!g
zT|DCCU$K}|y7301JB4?m4?*S5ww&V0dtjlc4MoZo3V|tUu=G5i3YW+oaM2*!0!o*3
zdoif1+|#xtPvAU-USA9zHs)sAWdbeD?_i@SA2#z>E}TSn6@&YY9q-v;$9q9D9waI<
zOOa;0EZX`N%FFu@p6d2onXb)o0;ZKKZZJ+=1O;aXdbpD2funGEq^i<0G}ygf5h|f}
zeQ&?#lEDE_Rps)IdjHe1fJ_brUZzV`X0q{v?5Kczjzn;BjBeD^U!ld5qVlL_Y7mak
zQV+Bplq;ilc8!1@wr;eqE97w5M_ZXr3`kB&4{c44*l`uZc}l8g1{$d6(b5^<WrGz+
z3HLd(alk#<Dm^Pd>D}W>jIr1%PBV9ou`MRiIZ#TT<(i=5d~Qb0Y8+0!CzZJ|ox-ns
z_w;&)Mn^;h*VAk=#fd^GS6+NF9arRsk-Nm}|Bt)xj*qf<{`c;Ap1WK^OMxVm5Fik0
za{Vp==`GX%q1ONbLJN@4#ej$vDN@D)h!h2+tDFK-6h-Mpn$kqEBgKyuk>7iF@3}me
z++q1f{`h@fe&BeXXJ=<;XJ%(-W@oebraIDZRpbD($bUO6)<MQ@CB0jCFMO8xg`4{d
z4bk^++Tig<dF!%~u<PPjOg+FzU=%R-_Mpr$dAJptXQX|?#}mQF<Nq3?s#CDwml7|V
z@upeA(_3CUrb6%ibK`03|FFcfp+)*R+P#>t0oDjUK#gFZ<TJ+I1WxF;8b!v*{G`o%
z$w2)J^pyLhVB+VU>p(5JuCgpbnjoC9;Ss146-Z~Hz8jW_a;iAr10L60;l7zuXO!0O
z@XnxDW#PPC!N{n<cf6j@7O{*^s46FIbVFaQdJB5&V>f)f2;4GJ@#TF+6s0L`ddI&j
z*8{Z+ch&K>u6%4IT`+AW&{+V7U&BShO&#8*Zv20sv^Kt7qq=5vjX9Nl>Wias=eDkG
z^&<3C>8fFz(;78~tV3I&F(>pds+kHK$?JT?kBAKLxlm+2J}D?#p&qY@$9)rgek4?3
z3kZSfvU{)5XZSEgln+P5S#p8DoM$7FCA3Qs58-x>e`vuM^qCc^SM}zHaBhm_^`4>b
zQ0`eh%^>Q%P)^etWfv?>50zoJ*5e}ygF8j-jx6QjE-T7#0p{W?9|S+G;j~-$Id}g-
zz)K*~b?0%Ez3I9)nL=Xex-35;!J97$|5y}B&AjWh%rkviHrBn#c#dPxfNz*kIDolZ
z{V{+x(`?fMgiP0R%$Qcxd`BF`NrYOx3`JU~LuLq<OdJM*WR@<xvt|C#dt>?u$5bp)
z7GXB}W9kjk;Xn&c262_Xg`-x&?}fiIH}J1Twz2w~r5n?;zvJ+dSb_YSGX;HbJU``l
zw&F`EoRk`!;#G%Qc+9NPy0Z&Q+9^JQiuY>5q%E;vc`7SL<ns~;H#t?Y>1zaeg*|9_
z8XSS0EgNqoBu23FW$d`nxS@sd<K}%JW%|sQUS%rwXDAQQ*MTf^Zd_d86!E^Wd6qf#
zUB!!w+81_DWw+k?7dyI_xzR7~tiuT`7Pt0e0-PPeeM&sZ7*1Zkktk{44@Hs>)`}A9
z!CkhQV-k#@GdNNaO}(i-+7ivHc%L2Egt`#eWWlhaePSy%4t3`Ht6@$t*P`bDLh~e>
z*Gg5y`+GEHa#TTkgWYnAzG7+bv1+7XvZNXW#eo0cfCU*txmmxR&T2lkW^8P3D4_cP
zW^DbruS!VV9+ohaQ2Q^(1(JB1K^`j>9-yOOfG{+CHTZo;(QwkN>*(yU<FkB<8D!|l
z$?#9QhAcO&?7I!ntFZm)b4kmg4tgd<|C{#Y=#kU@T<@gqsrs9NcSifPpj>pRzWyl6
zy6pW82jCv#v*1n6wetPu_%Y%D9QO8z>$1pN+z3pL->%93n-O+>6~6=8IL;MGx69y<
znFf8ilKx*`u<JAYPj5fYk>DAIEYXT(82UBI?T_jVh4oVgPY`Qb^h2$Kp{sW+Ein{S
zyVrOl<7)yY<6&<KVo^9;;rJsugd^%zCvMMY4fNSM{ZRhUyT$R|EV_wZ>iBp={g3)#
znkKl}?)gUgU-eJ%XS|dJYM*g4lO?<M&zqRje+Z7u<c#xXMbX|+?4Yu5>%z+g`C#7C
z8s!3BQNL*^3Nq}l>!X9U>=>rU&EVQx|2&RXCSN{mP99xly)vf*Go-K^V^O~GS;#jp
z8VWp8ghhfjr5|qTVyg$(tEt^|7QNI(Jds5V<Fs3x0N?m~GP%b*iTjMo2S;D5Ca7V;
z-I@h|Q+Q{6q<%c7L{C8p7dMW)px9AdoCF*?8bRQHK!rlhI0X^|P=I~c1<=z*7ovgR
zLFj;A`BQ=JHpS`Cz)0VF><jqVc`}V1XCqk>r(fopmjy&hDLd^`{f)v?AN+fM@`v4W
zY4nbd3LR4tX_`^NA>aTIjx2eT0}B4u>@wo{0ECdbEuPJd^=^@O6fi}x3jbP2FHZWg
zs_oRjslJ@2VN-ZcdA?G<H($js%WG3<e98aEN*G$5unXDUDx$UrvNz)K4{;ftW-IJ1
z>K5O>bBm0wojdUJ@}0Z3YatHK@5XIiUM-8l(VbhM-fy!O@!isFExP+Wroljp;)GpV
zv}@5UBYx1pL9EDM<(l}RmiddX6Yne1mzPv^bXHyy>h}mN&1W}Pk51)9{n)cn>?XIg
z(XH7I-g~*8x9qa7wYs$_1f*O(2co|1a8F<iF@9&LuM<|6&s(rhEy`TrLMT!UuPPg(
zDCO6#MaztMR?jak9`%u1bZ*ivzGl3a5XiEqSrgZ4)XeK|Sunq2OeCnl{^=VFp40SA
z)vH9+3iM{jrs|afzFBbWyV^Bzu6J<G_<<v{;&F4!plnvlyf6?P07eIGHdn7I<3|!5
zZ-SiCxtpt3tj=l~2BWta7wGZqwMzN%Xy|(ouO5V9aElfr<Ww!78Z*+wwvm7B-CW}a
zoA`!|e1&RG@(PCx>fo%AS=f29@6x*9)N1t-bvYvys=XMftSIYe!Hm>M0}7p^177N!
z)d-JnR|MT!@p){at|^Y{7n;idA7`?4am^&FX<xoPpHi)#fR$|JY~k|}uo|Id^8-*`
zl~K(Ezz`}|;B4|!KYv&I2$|zE*`aH@cB!ds|2H&0YaG`Lerze~c8afx$k4q+<1ZVk
zL-VPhs6fh$wwSBOEI8K4P?~kdosL4;(cYH&#`!p3%I$)``}f~2PaE7bqk3rA-&Gzc
z4AABm#E&nnE!*klTc;+z;tkDwwHu0*?VQ(7pG<Y$(*Mn}o%lSOZk(;rfALv;C~Z6x
zpk2V)ouXZTBxl5bt5@QE)qT|(rRo*XSRo&H;8kr!AKX!&z-xR`{XK|ur+<(9kIm62
zxOJ=r+)n)2o?3}LIX<hJ>leg3z4cJ7>XB@}HF`q<>=ZMi4|N3Wj0Y3Tq7W5en^81T
zz~;|xJeW9&-f53G$?i?MMB>jjkI**>wekg;)hQOcrZokC-F94@UR4w(o!dg6r>m@<
zN>A}M(ikTj3t9ptr;5_*rTTgrY+4+w@rVYIQ_GNcADEVAZAFIlTHwfu5NJsq;mO;3
z5y@2@P%DWKmp{^V!5$^9ZX#~)ZK-d`A9eER)8f_iHjtE=Hn?j<+s9hbhcK^FY@SA~
z^h<RM#v~i#ykFy-CAX>lHv8)eFmu~cT&RkeiKXw=2%|#>^)a44X)GLlY!bqJ?b7uj
zWt@JQ%dcsgJIprh*;pZ1TE7ohzJ1sM%`3Ilr|US0BAj3%j)2RHh?z29ft}Oy9bG9=
zAQp8OSfT;13d<aaYJphYc8JFnR6_IKYo)CayIm^^E5`Z0VYOntpQAZS`+!|4dyo9W
z#VrVE(H=mI5z;GAaXTKU69|<?S8*1Fv*<79eSK;0!TX1~6f`a`spx7@sr;qBcL2H5
zrl*$|Xz&of4e8>n0!(3waN_jW?4fB(FNE%LCi<aNuArIUx5v-aC~xxB(xE0pk-MOU
zmDv@?d*@x!Cwl3}@DB#7(++(zFqsms7AwHcgwxh#(dOVpi$U?tiw&E)DnSNCyAL8?
z__wk?+A-4lO8)Mh2n{f|Y+^fFQ%;K0V5h0BF#ivI`vPRl0vUg%-K3EehuQ7f)K0$+
zg>0YH8)Kje18~M>EtlgcXA-M297pv!!jH0PAh`T;2mL5rv^`K~TeO{7+@2Zf`sqR-
zLV=YK2s6!pMjxerL;ESJH@)0Lk1IrvP1l!{@TpL6Z;EgDwul`nWJfA!z>ymD1XC`#
z3%z-{kG`I#LT}`b(!9!2NF^?Gfk(E@51d<MOaL5;N*zTAi!=Iw8KC-&UeNQ6kJWgL
z=KYGHql*%BY`-poj`r0L4lSUX!14p_NN|&S|Ka-CV$fl}MF+*uxT9;o_?8#7azJHQ
zXXTWmY3ez|2}ZU8adSrMyNJf|4k%`!!_-V&t()XSEhO+`4F(C7O+Tp-=}8`~AL<3-
zBfIKc@H-U$kslCN+LKjx_FT`=kK~(9V+>BRa~{DGr&&J^XxcfU2@^%Tjbrt*w9}wA
z1{pMs-!EvK;zqsin!Irs+w6Id|5Iiw952g1uCKKC(;A5~dqY(YAe`B_w_c`3QHj+S
zeEWPjwLgOk<<dv#6MSDpQkjGLM)B(LdsGb*$Xm2Urw(iSw}UI=c>e|K6B9_*Z=vO>
z$17k3)?3jv$~R8GHR@nNKW-<l<H$>A-@Q<yr04lucIcTercP7}7b}H&{8@V%;D`Xi
z7dofK=1Cr}->L&0bcRsx;C$x5QEh*41SFGXJaX9DO$0ku5_C{y&~HADY1^R+S0i8T
zZ8|g=LeKef^kn_xs2aXkXQ*uPY7HNIYKeQ?519J_mkKP7ZcN4Gv1OK^K`PNakFK=`
z&m_L!mWuX@mB02np#_I?ZjgM`{iegy5ZYk!>dBv`AFPX4Z91HH=L7X;xRU~ipdnOE
ze7^oo9WERcWQSm=#L+P6$J&medT=`->v-b~9M0z*Ls39R*bEj(IgZ(LDL<v{(C+q>
zn#pvoFrC!0d2085@_0zw&|&lZ{^;Kn<kMPok?>zhls3QoO^p(i|E+4jPLEEkNYiKQ
zLp|}2gYK{pRB8!Q_$5T2(c<EST6;qOoH___v(U3%4dvJHtQHsK2_<k`JRP6XPZJyz
zq3RT;SFt&*3zD5>xoyNXBdfVmQH<cJ*+_)j^EGC=)oguz(SKwSrG}c8%PUI)0$(kh
zFuPc}P-^%?jk>}(D>+BsT}TcuHW2Ma!r@oH@I5W=FyU<U+AdU1t#AXU(E0i>?0c|o
z{LLCR_G||2pQm5uomlnu5S17Gsvqq0gX>1JCx?6aS#@;R=Ia~k=*1kpDcWnV`3u4Y
zEdZ$dhQ6ZnW$E%w_;c9OOgo0?D|s$2&=2%ZR8c}{74bzsn5<a3TFAaE-Cc|<H@@@X
ztL&IPDBpo+rRmt78kw|uv3@021`%EtC`3~Tk=ec=eUz98E^jWg&GQuL-(}3kSthW!
zUDlxD0(T|RY|>ZrY<OP(7$nu(RMUw@Qoj*R#q|-Wyu>Wo7UDMR+<5gz{~|ln$+Wiv
z1p31(SY+1WDD{n%`naOk)=s8QO%r3n3vX*DQ<awbn4+I&6U@nE+SQ%|O(^=oWD4(~
zZxyfB2~<bq^4l<eCPu^=8E-^B^4{Au5(Nt~?a5H~0A=A*Hil^oo&^IQ(g=bJ2h>;+
zIDP*I5=@yY@VvB|mG?kVi;y4|;OE-@q5F6~wC+!D|DK_*qT5K7&D9}5<vzQzK!#JC
zNZ74G7uSF*fBqKMO~q6A#cXyTwdu!i!MAh1tC2(J+ail;9isUB)16Q18^`<L7U&wy
zq<<k$6f6b}dwz}nMP0lT71=qHsR`nKWWA~#77p>Uy~d)X#9DOsCQySu7gUXZjY;C3
zlUV6gJ%u8y9IPL>FSRJ(Cd}pQ^|?SnU1C*x%dgE>+BVRs=^OR)g{X!>P}EN7<|agc
zzSg1(HOkK%&y^CZd)jZtn#XskF)Ee(m4!#!6uOk9V9-W6v9>VaQ@85->mpSIRn`HB
z1((+r%%Ix^9crWAAL5$PBklCHJT>0XkMJUk$@U`abwzwHdgR*M1-<DM?do<!N)9xW
zgD!<6x(NTAN{a_UgW{jzl>9cVJUlB)7rN+E7u;B8sO$wBSV>&->jbui=p_Fwbxnp-
zX<E@$&8F3PKWJe<k0#ScA3?!S->w=IaK?bR*h-X)DHx^J!l@v3cRW~a2a~gT@xKe>
z<u9<M;Hw230+sabH1}cP)pW9s(#Nr<>^2O3O9r0C(v4sBjS5T&bqjRe4`25K4t6ib
z;;_VU4?1|J=wR*IJ;Du5V>kHA%`eqBUn0@FTri#|bEIUTG38(=j0sDuNf$~aPNqM1
z>9<6CZ7F}&y6FcJUOxuXQ(_M+ssiLucaYmbx5UR>O5HGC|J=*=cwVd5YkncwmdlnO
z;y?N|bbG#dPrtH2<v=B=cFTf2mo>`H4eOO9cvG2hobfqu5n{c$42=0EiIr&6L7jmb
ze4xLvAbyJ>LS3%lj^n*MT?+=>5|9M8xF~1ze*Igx#su)JD5w*_M*K~SrOoCU@R9z8
zF5EjFxC8}~W-86@{$-9IE*@@Z<ocScMoJz=L1UQ3kLws__m+V3qQ|-{B<z6KhG}N_
z)es$z7k>p^=XMXkRKxzO7HCcSH*4J7Zv;Ri#Xo~`WTlSije$V3<t`G-9j66b%s4%*
zjs^3&X~}K3c@`bkFV;cj@()y{<ZsA-swFtg<Fw<jbhtwXTqGt)olrlEbgO75$Peo{
znLhhiU&T}Ar2bi5Q3sWum-}^Xm(bXkKGvV{vM{_UUSz$?gI~kjehuB8Ur*~d>LPtA
zMO{7}7CIJ=!X^dm0ex*|*T%$C{yEj<Vm_xIqzX>q1;(M3_&cIkZaTQ3zgbo^CB-Gy
z*!C%sM7*MhwT~0o_qTRye^*N@X!2xQ#+<feDnnuOjSpOb!$3800~ouEMzFcxmh#U6
zAUKAWf@OpQ8JwWHytx^D_oCiL{F%A8eh_ygemD<Yh3BQ|+6DB=U*6~sbKu_nJs@<l
z5M8(1v*aRpDH3h`nF7V|OE32lo0opETCCg)6yy>cey0tMy$f#;Mt!dfbsD$V=kfu_
zAM4}7Adl?g9oC%KojU&a+u+->G++(1z1!&{9#@zY_OdRNvx2zk2dgYIQi5PdN6SjJ
z>B_}>B9?x$MmJi11%}r1m-LnY0<(F4=+iil6nN|0!ds`)5*YsWoXh&Xsu-xYfRClM
z{tL_`yHrYu9$fAz#4hWhxX<Bc+I&U7Kv-I#>SoLv+Mx5#dI`ZfIR$H1Gsem6@*WQ^
z?>SX?g?4Dy_$bk*_mUn#!-9)>a<!NA@VSN0t&;YTTcIm@nzYxC;~rw|H-+!x!ACet
zbWz_pqCg;ol(}6Cj{mCBb*T02@qDR&*|#Ht(HcO6ek~9ocM9CFiQ?9si!~C%JlGEp
zV5^1E<YjPJ3p`^;79$r#gA0fib)gH1iSUzrtM4EttYDdjIPhg!(M)cN)#fSvz5ck4
znPV*P#2AAEU_y-iT!0Cpk+}E<DJu=pRYpNE@xOEN&6Y*TITs7lpZ>Sj_^y=ECPrr7
z(&Iw)g>2a=^m(9*Z|*GCr~3kPYL27T&l;~ThQLd0xNw(JgMU1P-2T3(7Odl<i224*
zI*sM!=H+%~DYC4MChXM(e#KxTD%!3WVq=Jfao+L`%Wt(qVMr!&B3~C3Khyrju!_zk
z-!AK}^ILtiv*H_KCG8N4w5KgIVU7LJN*`trtU)v8=wlZ=byK|)X!#s{l5S!V@aok5
z1@tO&^{wMwFw@w=rji9W3~9EERRmc?Y7`E`rUWKSfNPIBg~DLw_Pmc-)f8&q=)E@^
z;Zv~=EdSig4&E1qZa~6!W&JIFb{!Iz#;O9(<~$`CMFJZAT|AM2jq(qpvj(xW8R4-I
zlXituwFt`Pyc1Ta6>Xl0dUyViX!;zSE_!i1&M^Em6YKKyEcmUqbq_qmU~uE->YH=V
zH6>Nn8DcSDuikTNm3K9*P@)70%g8RmO$e3-c;*-PV=+SA>A)k8R7b821pbXcVX`ip
z11vPB0l|4=g>n_&I1wcDt_a%g<Xc)jkEnHZehU`0tqncj?gtjhSC<FX-1G}+zpZT!
z^SYL3KIaA&Ugo%`Wkwcluamfx{<xuEC_MP;YU@=a$n((1$#y@8ZiHvpwOkbUqv{Zx
zeOup-D%VRKOS``ks;e&hXK5-$`cyu_l~tEIHbLCd^i#V#v>jkCmn=Fc`IC1WPrLh}
zKcJjUcvg-El$1u%ZI&YeEm@a6>l&}7umm<gcZwdkIhX?P&`UqTJ5<Em?KkRov`E1)
z_99j4*CI%H@T^LJZG#`Uy#?T~-m|y`C*qH5U`ld_Djy#H8Oa=Ak@Un`eQ#RUTOA{R
z!QEi0Ckq1>i?CfAY2H=PjT;-n2dums&(ps#S33(5VJ7$lsLdT#txDXjZSF)_JAviz
z)<mz*9aG&|N6RCn5Lf};t(o6A_xM3@KhQ`(SpO#i+kCe$@s9q5zao}Fh`gAt6t~B0
zl4k2*M{&%t9a60$%316+-r1)qX1JDr4VC8W;#F6c`mMjqBBTI3+PFO*l#mwd=yJFe
zQkwTrz(cHRuh^-J4&bs_R!Ul~3lXGOt*lTjKt#DGm61m2B2-6)4+$5$@l$}~sQ|cs
zmzQDGD4i_a)5gyR(A))jJKJPbGI$@b8|l>Fcv+Decht8D>Cz&DS9_=V9U&P{XBB+U
zuBY?+{(KjtKCx7m7&S}5pDaHWOkIi@j*~b#j_c|?sS(l;U6|@(K@)CSQrHV#gIrJs
z?vV?T(h}98RIjmeVGY}=i}LOkn9&c@-G)3Hc7q*dHv?ZK&xQ*cA=YMI*9tbNDs?qV
zsGK0Nok6g{KxU=gx+0Z7V`5HAel($dR^G6j!G*556AwjN1vBak-C*at?5>nQ6zX)d
zMpv;(n)ewrTG4y&0-kN)$rmc?r3Cbrl@!BZ_BaTEupEX#7n{Ky#f1Y&Wv#trC}2YE
zVi+gdbDPDEeKfOKx`_g=%}~G9o4p?B2E4*H%RR5bD`d6cTY~^iMJ~fDYPjG~nAp62
zvewHYUUcmbJovZK%}hx2x=icuVM_3x=<<(Mmw|2s-ShT7{xNeQgdt7er%9NlMSraE
zBFrlh*|E=IXMz6~ee(p9u{5n9$oh^J6fhTpg|PGkQP=k|<EcXW*6-%Q%7P&T!YDG5
z`u7oD^D-7s79b3Qa2b`G`g<urn}0z1SDO|3PRz5R8y1+(KGc6&q0fl-MKM&<!VmjW
zT5*7iVWB#@**vk15QizTQnpUb1Mv6!l@=|9MnU=bWPal!O{s{WFSpFu_R9m>woz4*
z>XmR?g;`xjKoIH+zQYogB$lg^hC~W)hM}tK^x>M$>`2qI@y;TOGKL5tA~k~3G&#J;
z7h=}~5*7#)c0Dvo^MLJph`YUjeMx%wx~_5nIN0Ab<H$Dj=5?yf?6PTXw-{Eflm8D{
z)L3i^&Vt}TTO=Nd%lIx;mX>v~c|Fv2+)1I)ys^PSh^q(-QmBiZhoI|m61z4hyt0%W
zQRHpa1zVOiOJ~{4ObpSjFlh?)UoKexPH!E<g8sS7o4$>cYTz6p>obf$>4J*kxxBL$
zxEV+7OgqN1LHj`cbaw8qppOicN9R4bSP$lq%%KI~QNC7a{X#>C3kKe8$4yLe(!Qp+
z-6jxTQNbEIQ1+0W^znwXeMs3EQq{{8JT5@413Sa$CA4<z(ZTv~LY+jT50-7^Ek3N-
zW6=+BQdLy9VEx4e{zTBc6zUIa`t^j@WCoPoVsRv)vIxzOm-^7)s#1+em(}5Lf`sOH
zv)N)th$SAGf$`E{kFJ_@S07?GTilu!wWau2r`;NFu@`FRw0PSs(CO~Fow$VAjVt^{
zj>I-NdqS3ar=4l4T2ZFuxSUb#vxko3Ckd;j#<P<j(@Yc|Yl`k-F}vMnlhxFxgWrEC
zZnFa(QI{*_pF<|g+u<>i+vTJxB_qnZ85nf&j}fHfKN@4Y*li|AjUR46RYlKj`R8y^
zLjFf%l!S59%^xG88~9*Z|2ZuBV}hYly4wUi3K7ta%U$@$ZT|x5l6*sq?8fGqZe9<M
z>cipK|2Z6!)ogLqGpE$E*yF9%RJ$wH>`1cN?RCs%liOu;m~2k-qP-E3Vu~F9yaSr^
zq@f~a+Dc<<MwAm^oc{vM^6lX<dbf+lK3c78YM%~#ysm!%XZ}1vHyH386Uw<5<NXWC
zp!5Ub<$!}A6Y{Kl!2XRelsOGx4u_ZK79X&be<KpHuNW$VF>q(Bic`wJkN_^A0D~H$
zJ~01=`JdYAo&740Mnrk%E#=?vdy{v?yg?$t@0^cP{sq6&{5Qk7+?X|R{ta8J_+SC_
z@=?maVe9aNoIberO_h$6f5X+EnL=XH-L~LLI_2LmdD<yMMY4rO#4rVDWg?gIZ`gal
zH-<RcrjLkhqJnY#i!m}y<)rzyjFB>1kT}6;r(GJ1Rn(lKSrY@TqOQWLsMUP$7Pg`-
z?3xy}r7AI2OVMT5fo0pfT-T9mOSE~GN%7Q6l9uVj&%?>mMeolI7AZo{pVF!cQb#Id
zm)5g?%AR-Zk{z~z*{Zb-oKjo`m)-0Lu-3cOPT5*dJyN7Ar0*c%lJ8XM9nyD`VrX_l
zX}9<_tdX=u{Oa38`at|@+*G`crAp1D>ol$b+Pd1~E&p}BqjZ4Y{S(g|jipAE{!X=U
z8r~Q-`G>O=Cv9#l&11besB^q2iUxd8%}6mHREwj=9i)kL!XZafXluzzwNK(%)7H{R
z()U$jDX*PmqtH`$wxOLgnpRxLcPAN?YaOIG8ny@ED|D3J665%+zEqB)&q@`jeQrYB
z;s)@0S~ueYx5Xor8q~N;gn>#fPl%xs`qCj(%`FY$Zw(ex+niyUq(7rnqb4sW#L*77
z^oRhMTpy$HlrmJHh|ln%V|{4?qeLuC>mt4G!LN!sdiOgy+LPZ$dR@oK;K|LB;5_7C
z9U3P6CNTKCKkjX;w?v7iM&&{j>fossOLzK9x#Df9p;8s9)D?I)>S$6Z{dlz)at~!>
z$yH+L&``-t9o7JQ&+LS7+WwSMf-d)vWGX#OdWlvH!YA!Bq?*(#0~DE>fnkBnG4#v;
z;J$ZOXtZdnUx1Ns7=SLHJr275ks&o8^YLmG=#}+y8Ct#uQ#7Ni^pF_$YvZL0Vp73z
z`{=~ihT23ErS0O`s7cb>;#bqjY|3AeV?62kQW!?fxT(}kDS~EJlPi#}28dQ`rj$j`
zZUWKvO_ic(>0YG*z1|WpKAS3yqZMX3hMJ6!ob+<%gbMUnZ^?_yo)OaXRJ97;UdaXv
zeBK)^)~=WNbl0Lz!=;mCRWS4!Go%z+J_AnrJu{>kY;ZB2c8^NyW%0A@lhSRO<K?M4
zM|wubInDF*La9S3F{}!&VhbEz*HE6)PFJf$DX#)4PQRG7n6i_lf$b~<`nIl>hKm=G
zui?epH!#wqAt51j-WU==hbKuP<akX28!_6yy;iD7-OqyrdF|2m;#vVTnl`P*B)`xe
zFOmk}#mUvuWWfS48>Kx$$VR*&?G)7gVwbc_JWF~PzfK$gWYc?6C;D?4<YB;j(s<GK
z=Z#W%s`?TzJ@^V<#BP%E1c0zD5ES!TOfsiy<9MYuP1_<p$C_E`=Oqd*AbGo5HA-Fz
zLeAQZ0dhfZ_NG*yvbF=%qi+K7N4`V9ojlTD8hQ@Tc6g)_?7JAc^&X%cOu#s5?}NPZ
zwp;f}b;&$AB$^IPlEUcwebS>s7BVhK8^k9QKa}oJ_m$8N?N?R{rHLO&bH$53M<hGF
z@E&Gi@e#;6_$rznJdGjzx*z>cI*n(%kNwB+-E)`lo$ffEai&{!SW2c%S25Jnht+XB
zeO$6FdLbcV(dC2^RQ?uJ#pZT$E&Bbq^rXOP+jZ%L&{)mCk}_!4Tj*xlSJGHokpsS)
z^dsbM_4jzT@kfAM5e_1C{T{qH>jylW^F6c+N5}p@X*2cv3D3U$AKLO~6MupREdM8-
z?fePfo%lgYr_-fDshZcNF`~;}-$?anXB9Ag)*dkZ3*Sg@QqvT0)v6mHVF7Es^ORx|
z^1eAmGSas<q}K%Yt$tPovYaeWr9pp~BI!w44ij1t%ApeNmF2mjx7)F@lU`d>ErM#6
zmrDqhJgU6>iV(mpe?Zvkz5#U8?}*urCY@e((^U_iHPXvooRcfaji|*=OkMq*n7a38
zD=D<Dg8YQ&<0+Rsi0Ut|77=1jN=b3UN~P;A`6V{07+PzS?R0=C_s?xI6uDW>p{oN!
zaXjX;Y9SP5k;gG0F|^kyH=sv<#CMWQ2BRg&8MN$Y{PR$PoGaFe!%4vG{2zE0mW)sM
zlC#b&52g5}cow@8`mtJyoGJSKYM|VNvKE`7bTF59Dp8a=NFFE%ZR{i4sLm@GjkymL
z3ty%t^pQ7-w+nm9sWfRbAb#8vJ->SyEFoo~=duU!tVtFS=F{~-4>^Ty9RfEh>^nZ#
z&co!1bnFPeJ30)5<=^eizzlqR8PD!ysLuxVlGCWpRXp3;3-GWC#?Xn8vV*2C!LyR1
zKqJnI-{r|GDS8X~SU4Wf_-Z-lA-NsRejVRkeh5_H&u%>|H>HR7;8|)uBQj&-vg0ty
z>eunC!#H^)MJ&Rz3$tY_eY+OiU|v_P1eJXTFF1ftpOpL3*?su9;ZyQp@oZl{rZxM^
zYRJ!-E{D>Sy@epvroq$YjpCE?Poj@jU!z%<Cq*A{(#^-ShkwPhSLOp34*uF>vWps5
zN+>UQzR@|rYw|e8w)GOQvOEi{{-_Np$$nPF)U*&BT&fYCEnA3@Kk_=(n#A>TJFL4*
zJ><LyfJ<KjVb;GWKP5UD{~Vspe@>1QGy3&&@)GgFvlK7(zXpu{x0G=-04!dIN%`Uy
zSfK7Yut0-#c+N4M@-i^!UK0I&|FTN)DKCMAmpk$7jhEz692ZL1Di5RYw^j=`SW=Q4
z*mmxntvpB{Zk68@2(H|Q*}VNOD1CIBDtA#Hd8=ss*_(j)7PEpXY(sy1NH@0Q+0gIs
zto9D{!k;zz0PMV_LTIF%gj2qvkMkd3z>FTW;SISVHFhPy4`KGcOng&b%3j7&<QCaX
z{ZbPmD0Pd9K>ijcvW$NE-5CF>IT+IOyOl6X+l{H_FIs$z7w&zS^y&K`=~#K4<oQ^B
zQCMKdKLXF28Gn~KAdeNZcl{iw+oBJGdu3{eDpdIs%q<tGfuG28xRpf5e+HDs8_}%f
zFCZ!xsU=@PaNl68ZMq6Jfi)FFul*n=ibbTr*tz<H{FZ2u{W;i#b^!_pf97*}jR5~r
z2^cX|7llXBkrIlx^YD_&8oKp6fS&se^5WivnMmGL%_MYJ=I`=s(KbO=7E{S>0J=w3
zKy_x+9jU6+5%wMJE`x_>H{rE4Tp1yVaH5KmN9kLuRit)Rl_3Jm@ybdcI`l@h2*sWR
z@1~fk?099iSQb_{Q1;Ok7Z#Go9#rO1zhz*&u!f3P_jGEgtQVk{)lpoe>_B&))=|7x
z?_!IRM!ny~v#S<mDqZPoh^781ikl|Ak7r9$lw8&}hNfASj#T{uo}I8NIik05jg?8H
z+{CjRjWG~zML$+saZr;GtUs^-Q|Oo4%F_ZsKbvBuJ=GZN*My<G%%%*crtN|A)C{FL
zjd&G<vn5%a2vssxzn!5hBx`HDek4t?le__)>`X%^Xc9}wZ2@cM!tij~@wU2PEN!bi
z#ahJD!j6iK<{d_h!yPe9Zt%zU!jO8%=)HR{3~68!K>ohDQg`tv*c1iqz*UE%g|bK(
zNCyWhCj^QA%vQEDySWuTbpn7Z=PB93jIN#w^oD<oXZ>^0*_BQJ9NiCHT)hUKIDbv$
zi4Xb#J(%y&^v)RY)9RaeyX2<&HhC=Oh%ND+c26l?b$sNWhh{6)b;1&#KTAm_&kFSN
z!7TL5;VhpCB0RYcEPi&TGE#hJegfFcNHbNU{j)LG%b!rT3N&v`P%JcLJwC2AQT;gQ
zNu@FE*b5v+G{xTOjVBeao&M<(<)9e$Gpm$6;@6m0l>>BZp0Y)kMB(+YqVAlpV3}vz
zg!h&zX4<v9npgcAmMLF|-N3m880nan*n51ovRXNcSg4Gr&Z{v)A1zkulJP4Hhi|pG
zQBj?gSpwdwg)k`p_}%aAp9_^a;_c%rF_NV#6>nQ^y_{I7c(*M33GDY7sc(;61Ql97
zr>quj*Dg|O(Vs4(ft+nj+C2|8Dh?{YSeeh3{oeG`;Lu28lG$x##zy745?djF_U>oU
zb>qYY1GQ>mil(7^a7#PyA$1PKj$3H52V~;EKG>nWD}Jross4K89SACaJ8+lc-QPCf
zt(+FmoO|$$Z=)K&4T`=cC6u7G5;8iuB{%bJK;iV>u@Pt---t1CO;vM~vVgsarQA30
zVooM@4{71h%mpSMC-BE_D6do14N5yY+5>Wsw?P>r;ORCh^(enjf{AwYNeCC4js_c*
zf#PkSEnq25Go>%ya{GJP7UgAu>BwWil)rUdf>tl+l5hR49)p_1h?<K}-aigQso;}u
zjw^QrVeMyO@pV3n5#^p$U?(%Kx^xQc9bF=!6or;ZC@E-=a9Y_UI7mLJG@u4nFnWuV
zDnBpz0K@0FY;K#N(3DoD5(3>%KTsYMKrg=!IXW~xA&hp8PbfnXA3&q<tyTOfj3X=+
z@VcI2s*GWvI|q0d>fxE|95{nN>+v2K<x+Y=CC<5?<?ksabYct#_9^A*$IOHZ(acd)
z&um5YjChMH)$T~O+mlkvPRiVajVk!XN#^(2l)>rXao<wjkl2>77EL{`B+=-j)eN-e
zXf+f+I1h!v*{=Hq%)pk$s!;F0pu8%Oxq1%B@Bv4)Pbi>l2tED@2;JfnWt$k>(-%R?
z{7#s3Ze;<5kA(5Kd_VRgA9Tly)BB}aY(YySa}V(MuTj-XNaiFvy}Vw=<p`JHk?@NB
z%-ixIF$LR4s=~CYr(f@VMkyim+M}5DmZOv@)bu2lk4Y<Fu>6*do;c5bvqFBFGrcGE
zH$@5+OGkyDu_Rn_Vd~DDNhs%e<Y#4xUPwkSgPc`fL<$fraK&4ksWwZh#R?JS`+>a%
zd8CS9OQXD27+ZhTF(k9?cLdEjT`kOGscSF_X9{(#Xy{GyYExOd{aJ#^v#p}xXN4_&
zE1B;of=Yi-&E$EapCL^zH0`wkhF2)(YC@dn`AkD+iSH;pLnj#CG_sk)PUc}lEBavx
z=vH%SLJX}*l}gZa4;wbnk#&X`Iv67Fp#|qdBk00;bT-E%KUNyZ&L0flMN+K1g|<Fz
zi1lRU8*WNWR$@H4GYuCMrE3?&YiK^aDxTaY4R*cKv;`h`wmfZEE{i5P^9(}_qRFkr
zhUX>mg=n(z1w+L!?SpHp4Ig@8h%dfgXJ}>=c6*80*ps*pU~<~cmh%L})>{qFD@v=T
z3<>mE-lM!_7%GX5pW0y<U=Tk;-Zi`*;yH1^U^94oJDv-SYaTazD%jc+|A(QD&Xaz}
zfMpGTx+wRCvak|rGTG}{tcd)?TM+hfraCN1b~sXPT;-Z>Dz>nC1>rcF-yI9*jWLpf
z6&3ri!8es<bonwo0cCC}i6k|ar-7m~8p~huZJVdnCx)*}mLE8N@X)M01QVxLoq)3+
zD8Yx{RVP@gPNTYC8(yUAw+$hlkH0qTkBCM&-|XCsapQB5q|3sn-UuYUc-zp4e@DOF
zHYC!MnY<%iIT%Ut1Lbv$&tg2bQ-(2e`KjI#ct!i8wbKk$=)H4>u8dvk(z!K;KdABv
z1MZD}N=c;{Oa%RT$52KsY{_zna=jQ#qu%Qbw(3Ffo5n(VHWnLY5kk^sNXhv_;HVBn
zTc_J$VG*7@Q_jTES%Xau)|UT=%E4~8-PDEG*Jh8pc4-~}h&9P=LzL9UfE4XQecOb+
z28<zI@S<vWJ#RVjdSk}r49d#Q%^6p30<Ol(8D|=nmp3LiH91*)mozA66wR<pmE~?N
zIy9#l6~dw@eSln=@)}5G^MR(rl%6>`J#*y$70p6e0zKTj@fTQ@1e)T*zeLk%>W-_k
ziy29F8~0zJ2n;70@!4M@=rVQ88;0t8pe8Hi6rZlnOEKe|!+I%%w8=O9v^N!UJz$|!
zBG`PpO)bWc%NdiEIXb>ulZ<;Im*TSE=wC4AEO@Ko&8+eDCS>N-%gdakawC@q)(iWO
zj-|r=dN1r!OdYZ&#`ns~9GN+KaD1yS#f{+TDfNct20@Sxr$YY)!)~P6jp(hI<BZHn
z#Y{Lct3J8~okkDDHc|)GY-tH!@`?wg!_0Zqno70BTG_fS)=C&8wbYf{I!4~iH7X4n
zEvM5EOXYA{I~x8IY!ZAQ-5xEk5Jo|2cj+Ou>Cx`eO0nqA=^>57Q(aH#wAjPd?=4MK
zKRehPUTW@$>CjIi@idn1_7jn)XitMosWw9w8=P30J`fQXuhmm-ko2(V6=Ad1lrv5G
zUc8z?W}8%pLh|tk_s7+lFRjNbzPjI>5C13jYBBWcv(i!(R^J8Eqxk*uyK;H@V*w&3
z+z@Q~mUP|QbquxH&IiHwS*NxmY{Xp+yLU?`1dv#IZI5(B{k>o>kmH;0mrh7esogX^
zDJ>Od;?|qU#s*2)s@3<FG(!D-<(4$rgZ)?o)^FxiY#`RW;@yVQw;pAx3hCjulvTo5
z+kI8>7{%jQns-g{(m$4J{GhD#G?fffB(>2ggJB)>`NVjZ7!9`-_3`GChK~iI-tPd5
z(ESn2t>ll?ZLqVW{F)$hrC;DVKl>3J8Am><=5+~g_yrL;W`%pU4L7{Tdg4@`I@<80
z3cgYf)^)bU^qkHytoHS~aJ*rg*qR^ht<)#^^Ux?ALPLdZ+s=KI*Jxl<c>+y*8N1Jm
zP2oI!wmvMP#jAkGo%(QeagSBg2C9j<Vivq=T^ArP`oJu#Qd&lhdrW>^(0|}|>@6m3
zSNNWRF*2AlmOkCC92MT3Qzez|w1GK^tfk;u;hXylla(H{dIzXecM1$1ZZwab0$&Pq
zA(5hk)dRyngxYsS9({rTg71b~>M)C(853H7##uSxQIgYP7mk%hE#MdBFK0H9hft-x
za0y&*qIyziJ|dr>2lpf1fjwtkm8wf;%KOE%%=i^~V$XdDR6qX}5eE<_hC&{M<80yq
zoDfQWP%gz#b<xBJ;XTvGViUEtywaB5WWMd+%d^cEd$yw-_AMEQFt~Py;HBsO{<_i1
zn<Df!$%JiJsbgrd$pohuA8>dTxO6tMXKkuryT=_vu27Ke+v9k)FcgrvzkYcN=Hsi=
zc=kyOyqtWTLz~MMdi)HYEo&|h7tX%YSL7tBdPU|=1fOo1bp_+(g0#b^xM|-7(B?NI
zHl&>^DqW~q6ND9(R)jy3&&FpJmB*=RHr&}=KF7}YrEJwPc_kb158m^gj&cg~T}Dz;
zIszyS(!o#M^K|qM(0rBoKTLnB-pLBbF;|1f!OeL2YXq?oT4VIrF;;p0xKNDII6MMZ
z=i}d?;X}QdtCKOqzSDAh+W#${MW2D!6ez_|m7$mu!}p-@pWmqzo;wtH!8saBi>}Ja
z^klsd#9OXGxb|N~GY)FOp8)^<bqr_Mb>P4!M!5@jJl`Y#aT3AZ6E0IF&x0Q$>k!y+
zwLayP^r}#*BNe$fb9=+_rl=qv3&DPOaVdB)HizIu>$@S!^MaKceIUI|_B*CXC5fdm
z(UlLR6@vJ$HG}`B`VnlH4mSg}3xo<4Nt-KM#7D!A0@XiRc<hy<pake0Ll2LTyHmqo
zFzQ1iRHt<KNO_e|pHJREl<DFxXmR8Q^V2ih9r*@s?6}{mMd__(rVkoX{cjOk0+*)K
zuHW!!k65_!_+*BKAn?$Sd8L|%FsC|eKL0Cu11-7Do_#HXG|{xJt^5^Dy;Chhb|k4z
z^>gjuROe9YH^j=eokj5GH<YJ|XRBHRa<99f`mxqvq6@7dmt5hG`~&p-{cg30MUCMK
z;#?=)K_H2Hkm8RbT$!rFrmfde!~!|=I(5NApRi{jT1m=&9SHyn>&n{&wqM0Uh^FZA
zHom;-GdXe+I}ij`4fM-N_zYC%OuQ=k=^w*s1eS`WSBA^Ysk#xZZwzOX%c5#Stq6Q_
z2gJf1@NH;Y>lovnvoalcUG7AAk4Hw(x7RT%zg-8Vc<}d&qX_iw3ROdu&|PuV>KFpT
z+()?kX}D^Rw>4Fun@_{B%IW>^k8*wbr6hb?n}1X%_@^J?O5jn{<&hZQ+mQu&mam@`
zqLdfJ`)A53ODHM=BS<a>J<BP!BT=ra2_11iU~*0Q4bk7y1K1eP3Woq6Jpci|Z~&-t
zJ#!>ZuBU0Xr;^f=GAhgYr0)mmYtbLtr63+P;xJbF<^9<-u;56EPgz^$MeJHOp{#Ih
zaR*)Yry{)5LerK*9`LG+%n{~0-ZBxcx&p{ICn}qTf91;`ltGkq9Uiof*Of-<?7ey&
z@43pIRY|F-X$Y{pm@4X^dB%O;hnpxX#Sq{8UD5{C_{w6qE$wBLiJ^HLAasK&fR@Te
zCVuT9CQ?QGb4Pnj7B{huRf234;L5>Qijx<KxQ=uVtmF4~fpA8Aaa(dz^><AO`1~Q2
zrmBA+SAZw1G#;WfqFfz|R;5_I5wRUZ;1J~OxqXm~;-KCbpl{`>H&}jKO!VVjWkj?5
zV}w__!u!HwT_3HJd*Y6HxUnj{rt0y2ugUA#U?0b=;!t0gdWI<mtBYkxQrqw4=Y<;T
zk%$R-xF#lZTg?P+&XyD|z9Wf>*C@-XtF)(zwGzT<O<gr6^Fv+4Zon&PlrY^Cp_r3!
zIEVQM%}nJpJ8fY<na4k3sZ|GfV*Atv&oA$wS^`%)z#j>7D~4`V#^NRoLaxZ=I`C?G
zb!De`IO#ZlZ|VjPUR4(pbG;jwm*=)@86>r%D}x|y(qQDSa5L%yLE|zLl-4vX8K3u?
zpiE>YQ#;Cd8JhSlGc-_vCXS&AouL@G7(f0F6p{Vs*l>f*o`ka1>NvP@ChtO`4`<y=
z`S4=aC=Xc*n+~lWJDphrEUP8td93#X+;DGlhq@4j=i%VtDrU4D_SesL4F8%P9%{ZM
z#W|n^`Mk~F2!*%hkE&&9&qmoKRHS|rCWm7tok5ldcPLgp18pQi%q-iX^BD>LSLWm0
zwF0KdlKL3%Z!4JRnI(cnBm*JygP7CA1Xwi<li|+f$~Qk*Ss}=}qzica2>T?YA*P+b
z4aq=o6hLFC`U{GSMmJ0dp>+)t%F)0V*cx&Y2?OgJC1_*R%TLNr3SnD!SE}U~ic%Hu
zq6+dhhE)tzwnHEC6d2XqQ@^3bc9@bpmewO((dNlKn-0e}*PNDPa-v@cDA>xv<l~P4
z1um|gm%t_o4FAXy`LGcCkH3bL`F-StQ}G*lv9N9Gr7G3^dh((9LMozBTm^o(TXxgQ
z>s7<)#{WvmRH`KisWmuT?|~T#tol=zR+t(dFl^+Mvjj_w{1zI5GYk)MUH%pu9nNC&
zr-AN|{AP@x-P2T2kspRl&q+{9ucXkiG<0RvW9GfgJbxaP^L)L6TtB8@hs}TwdQ2O1
zdSV6`l&?fJUWb>w=o%@r_4TS4kY^K!r)n3U_OWf2-xb6SpNsbe{K8k~9&_a#V)ma+
zh5?{wiE5m^b!Ma%aOr)xdtq|>h<UR+G@HH=#MN&)eD9xaq`W8Cd00*O>G?-IcJoqA
zWrpCWhGv8XzUqpxY6bf(GvZ7<DXiorjQjI2n2FR45g3(V%y0eJCFuo0urq^|;k3{O
zu};Z?SaV63mW9wDpXk?jz|ve)2I}cf&xDXL?t5u4reRv*C<<=@IHsNQWTAj!X~|9u
zn+s*T#~^_H>mzPB^f8DNhxztn$`hi;rI`?fW-M_}h}}SR#^<j0BT8qgJ`VW)(zgI#
zZUp@F2m*9ae(h=2OjCqxOLBWN8g?j%4Z@y^@r?RhN=8_|e<5;w@dZ2!e9a$T4>Esv
z0F=<Otg;~rQ+5tj*YQrS)RT`2HM%+v!H-Ue1^IEcWjrX$LA9t2wKa91I)rVtVZv~W
z@1bAi$y8ww)`|gxFa$n8%WrtgMbtA9&2|jJVsv?;?7!QzPlEE{AMJVyAN3v#5X%Px
z1W#@(2;jt0gQsDW@yQu|3fq(0g8}aPU}$%*0CL0a#wnylaAnw_7MSG4EPQn1i!ep9
zSS)^H-d0O_L)fD^zeyI#TZ^?KerUl;#0m5DZ_*Zl-1JAWFPS_Py$v4<kZPA~#k>6|
zh6%2Zp<^r^Ds~v&CtqY;!ix4TjeJSzGz0_SDV%+(L#o~$253o-nGCdfn7Tk5st#Bj
z{V!V}PS`UWQN%IRqGd|YRzK<2Qh8QPMxC#vR7x2Ef+deg2o*Vv$mpw0E54S%kZeU5
zS3~Ja=SE<@4%dL?$eFa?<FK6jjl>+k__#7jEI5u&U^B&z0;tlX0E%ZotocNGMo9CZ
zRM|ssj{=nV`q-Rup8aL4VxjlXg(Atu;S@Xc!Q<d=;W<`!$3QRqHX7irj|Mod97d1j
z`8g1a9xP@(Z+f_aX6E1%bybjA*6mfcv_{jel~OsH{Tt-J;TVwf!b+rY@=PuBJeUpo
zu?4&iHMmQ38b1Ns#1-sSA=ZhZQWNE8Sk7%tYB~<%E;SAxy|+mk&Jq!0DCQbG0vp-0
zIoFV6%ysVKpOC$CEjJ-TL3l^a?J)fe!-{86pP7qYL-_cF6#Cy>n0cHcE2d+^IAQ`K
ztQV(yO-awSNpck(nI-~u)D&#Kc#ypBR=8EhZH39JRbQvJBIL~3JL5}?F}!Y>C~7n*
z!RW_pN4}I_6~@P?by5T!oRr|EC)P>cUB+|2V2?I)GBEhz7wmL6!EQY(ccT+oVPzF7
z3xH6Y1#m-Rh%xlbw{jQSI|Zmc)Tl%V_4p3U6laiCZ$ddAf3pyN_H7UtPMf25!RB|T
zVm-Qb7jT%YFKPx|#)(<=2beC)9s&-1e*jtej<4zg<TE#zhMss<RrUdFm3Y?ABMwmF
z{504|YaQyk_k#oO39b-wr^>VFp@-4z&#ADb7;QWm@5pgFs+f<5lXk%a!QorB0^m;e
z?8U9vQF2oz_ET7G)=x2rBHXa(Q)G$ok)Dk*WKq?!h=evPYj{VPu<-OU`^q&Bs8xOh
zX3y|>%1mLTI6495*+<lIOzDKJ3t#RIq=O=TX9^pMt)j4FW2tQ?c{d-);wP}>FZU>T
zz3vmTS2>P*LY^&Tba6f9J9^_$Kz%$3GRoCy@0&>Tyg3Wc-n^-9-EwPSBe1xJ>|H*t
z)j-x9_a`-PhwY=XAS!}Jw^OP3dOHN+ITh!v#CF~Mc!Hsfy`I$^Z*iwuY^g}jOYzye
zT-9}51yhL+W_%lHSN#*{o3Hjf?*B_0INvy}Tc3j?Z8Uqk?i}MgcD|u(B`C+HPvTko
zO2}S=#TZKy-h(B-kv(g@4~);Xk)gWMl*Vs?rfpOmh-$fiUUj69aPG>Iptrw&3JsS^
z@S<_iI`}X~IQ!{@2-%9HLfSK1X^4zY<w?QfwWdhdsP1gEs5n)^sM#TbU6U|<Y0s#Z
zN$trBQRl_*;IDobj;cG)K(4q}I=vW5gIn|M4k69>VK=tzUJn*0%br8hhkW3Ru0f?G
z><SGxSZ#2Rcvs;*I%Wv7&GFz1V1W~pOGoM5Jo%s@oxLE>5mT_{1<e26`9ScC7qI6<
za_2a@)i^AYDqhCs{L$5NBt3Xpo-Q!|suvun&n>{mEqcR{gAk7)*FuO$@<Q0<9O+$)
zkOa#0<fv890#AO6uzjUka%noX5Y3)g1;vJCCXKF~360X@JezkB;sbiU3iKryBZi(I
z1r;~tRV+dyUWJZ5ISP!%v%rQ9fNEc~)D$J*n5|Il9}iGA2pMSE1%$ozIp%Ow7nRwz
zc7flPb3)52NIUO!1v@lIos+g)!HEp6^K@gBWM3kL1&I*WRI`P}&dm;XWRk37m}7$_
zTnsq@LO*;$_Ojpl6S6mhW#%wL8a=WE$qXlk8De}P2Whxru~5pL*GpBY>Qc-(QX0I?
zv7}h3-w7PYI=fz)DyC{{4+9K|r2sUdr(uZ?P<(I0S-}dU*I@ODSO)F>%o^}Gv$8Nj
z&|!y{0q*3>&@o(nJ?m6z)5}ii7;QAD;%H=7MYz;Vw1{oegVdryXrz>6_2vjZy-ivx
zQ2Fy!`9Ye#0#LbTY_|p;G_HP54aXeBuf(EXp$$^p!bX4<_{#I>Jk0op7N+vFdnKB^
zG!IIai*1e0P>20ifl;3BEPI`9$2!CR%HdrdhBf!kRe)E2HGDVRKI@i^y*$?uOQs-C
zdg*E??JuS<b;DeQ&2M1>``?ni>So(5tbK68wx^Y!hKAFzSJZXA?Ppk$xN114hXMEJ
ztDt}ME$##6S};w5uYzyi<HD3K^zk;Z&c-!B#A`#n9Hw}WU6oobMN;$mICj*3Eq0%^
zS4-JUZ^Tf?wo+62c`ckAH`Zd+;WBWzElw?97CO+Bb?DIx41V2Mn(S6S6ythux!ecG
zP(YJ;%T=13S`LwgYYE}AXwW1o1UrDbG3pLrOpNl3SRNlaBKM$G<MFoF2AGAHkAS?K
zK@YZ;n$cGqK>VmQX_(-cH`igh9!e3efZFN;ko+1#1DwFqm%)J_wH0k{EEB6%46V8<
z&7n4L6d=##bIO;}M&b4QC;~~FUv5L2a*>#QE=J9Alw{iQ7TS!@5xzxadtH-XrW5N-
z5%kjb0<v<8^Sf(M+gv@Bdj%F}s~wo(^jBcQah}+>6Nfj>?}V`4*$I~BIp@!(NolnI
z9d!D2nlzFbhb?IRclhM+cam2bk9i38qhU9Q`sXfHBYpW0wkcc#^sNKG4SfW=b@^kZ
z4K%Ng97;>;K;bbK@qAm(P)bJ^qOszBmL*m8REjZlW$`fXI+|SpnMWMkNA_bGX|V@g
zT;8wFTlEjYfP5L5-BcMySNA|?o!bNL^-ELbIWZvJdMp#io2dC_W7b1y33wOfW|Z(Q
z;O)Gq!qZ)1@Yr#yl@`!u-@6#|1q(B8**UxKd%y-7{2p4=>8Yx@F+CB+;<A>}5|jAi
zK436+A20wzrqbP(;B!vb{AYp2jAo{a<at(cVRW1;Ll(gA#IZTD29mY&{ep?-@7u4H
zNyw4@GpRpK`~ZEA{s0ro*?s9}FvhuoRjavlgw8jY;yibnOEzyX<8wio60KmMEZJWG
znX}Xrt*}+(v-`ORlhge}K<@A%AoEjD=C@Qg`?U{Y5dQKZ=+N>bEK@v2HmaGNO=nn!
z)%j+4#+iBOG`TT7Gfft$gv@Gp(amY{RUzfm3`qGddkB3TGpLj+Yh*dZeU(S)%|if%
zuvZi<@2m7;!V^mqN8*o}^>JP+<1pSnKN3bbUy{dcfR%k~ROu+Xb~vFrJ+lE^%9+gE
zN@__9kKp5nTEYD0bJ9Nz3$VRnNF>co!>Y<P+{rZgF@|#tof#*$rH_xIMa^7jI6jW$
z&*N9#F+7WXfjv7QeM3>l@z1>nq4oJx9ovTk05R{&{-*lW_YoxIVBgA>JJ7t780?)~
z!B{S8mdEyR>~z$LC`haMV?Z>PRiMk5UFkRoUOD!0f*}eCfjE=uNOjm!9o8h2p};!m
z8GBGEp$E(GiCcUaPGaB@LycA=!ZYR+Ai-LgAlPKyd5CYB(|GpLc@Ty>@Fxzy6mB}5
z5FTQ+CpnyKWj!<i20tg~hp%Gkc+YI8KpoDY)#tBbl<Y;A!)0nRK5rOHf1>_BEAe!V
zy+8CCv>Vqt7e^`mXx!OCZ1w19<kE7|U!4PCiI|IZkW)Q-E@E9g0dzxG5TI(E0=3A8
zmCy~|NWLQMVqxP^pP(~aX$2u`b}Dl0L-^y?CU8TEPw`^GL((K+=C*8uu<2``LWQkt
z1Kr0}LD>YQKh3&;XHyc870jnKqn_au4L%tfMI$a^kxEW7ToD9~r8>#Thh(dpXXHWI
zrlau_uoz9g1QA|+2s;dJdN2JSyd_)zCwmQu%m0%Rg<&(d?UJ&9k}fN8o{pE5426*{
znnG40KV(rw(A1ZeNp)5V29Bn6?C9s#YIxh}3dZvOOju@oDzaa}AX}QNm8Ea5BqY$&
zuV8=6E!~m*6&Ta%fo<wI2?4GJw~PfLDw$sDukaIZ(G)XPDR<A0nNtn<5kCrdVE%r%
zbLV}I6|{!KRMzv;ex;9()rKEXu<Wp5hGZEwlKBfHvo6mv#CmpS8O|{!!`G8dLk%7w
z80FtZ#8Tc}Hk^jOi!F`Ult*faN6cdXM=(HSo>t)Lr!?ac2|j8DK5qxSEkz@5vdBlj
zzC(ihh8@!?nP})s@4ksyeCbOV>!T743xI{LrU7vrcJ!>?D4ZzlGzu%zxKTVygtHcG
zuZsdf!`t!&TK7#Mo~^ST2@re+o_Qa$m%ImY#^K*4;LOnbILgd*ONWZk&P^(oh@xo~
zv35OG5o(V+ZT{C2n1}X4kJ^pPs9tapaf2zUkD)DXyM}qr>SK5X$O>lfYj|6b-?3bY
z3piW+u<YRF*z9oo!nIe9BK@vv(X_{ix$3wZDI5hp67KvSu~%LoM6Y%uIWiznHKgfv
zbN6iorNqS}X$BN`5b!=H?BW^najsEHBPp_5CTb0P6R}9Qt6EHO#K!eSH{9>A>>0UC
zux?~Jbw;k>x%7-&PA4?X%C$=Qdk!On&a74TiV-|Va(Hmiy9ok|eR0iTpZEs3x;4&-
zKu_5N_RMExb1Kf2AAFrBv?DYcglsbLNa^L*VQqsIV#s+|u6)mre-|t@r|Mr$^}AIu
z)!e+UbWy5B$q^A@blV2YqtFBox(EY-YvV($?nNHXKX+PTnmEu-pJJ;MWLS()T<l-}
zltoWj-2Chv=^muNdq>*EcShmX6jQTdSy|(<bN(LRtZXCA6(-8+GjjQ02+1DsO*l>#
zg~PxKg0xKEg@aL`Yg_@RRV5o|s5%rkSXnB>_k}nmA{bB~%ls0D@H5wAnU5-Um>x4x
zc6vg%Z#F_mJw))4SOT9IszlO~tqJAXAC>$zieC=J&IiC^Y16w(IeP6PlokF!n#a4a
z_qoB=)^6C&cA^y&9)Y0gGYl0xH64cZs$Tu#ncv-@cn=4Z%aMi!9CPK_2E{WwN0JNz
zr}BFdq(tEXzDqAfhxRJ(ix=lM!G6TrE6!VZ;x{XmMTG#mSkuslZd}2tQ2i%kX#>h>
zFl(hjEyGFQ{<&ry15P9|f6(2UNEG;d0ZzFcT!<AI-sCcVM=|nhAzy%p{Z6M#ZD_!l
zkn)}yolx{t3@Vm3be6owza~wGEewCHfxi1O(nO7CBersEx)e$y6`aMpI$g>av$waj
zQjZlTC{2?MSkAE>EJMf@Fp#kfawj+~>z{|egV!J6ek~rZU2z`nA1*cd?V<L05d!t7
ziHq*Gm)8lM{6n(g2D6$B^u(Ej7|$1G!z|y@`H0PcjRc#<ke9HbMBxGd6=K#)%wf;A
z)H5q6wE~`G-(5jHBzEI8K!lzt1Y*<~Wi1bzdp@dakaZ**aH!mtWVbMvt_LS?x-)Ea
zEOVuC4Z~)!-V8c|xG<aq3T<tHLtp2PC<j!5e&;B{@EqleOQ0y#8XN|C(1YX8JlfWI
z33!luIkM{mrIf>BB`rf+>MLi32rL>QlKBku^Ggtcf;H;s2<5O)FUw0AtkgLLVYH7*
z8A^E0mNG>7avPN>10uwXZr7G8?@)3wrncO8Z2Z;WN>7+p|9csGIL0cT&$}rQ{iqf2
zhFt58<E(s|Fo|(gy$7hn<L3Ia2>cbC7vj3E<5|@1;3)^=s>yXl4Gzu#TdK)B#XxSo
z0JaZ%QHj&#QRC;8+SL6;a8rYukZ{L-DbkKZ41+R9x6Yi9)ofVi=%HC7bB1;ugX(ix
zzQYctspC;imY-^{qyCrE?c`?~Dg`^!U~{=Fb*R(x36UOD;%SbW$nny1ta6P@Q!6J>
zJsxMgS|-O^)y`)5ixz4<J6|0<o6WC9Tm_58$&Mx!u7u}sc>8))chjiz$YqUH<$S9J
z;}b_7OqqiQ<@L9?T6G=Sv{jd37W>%NlX|t~`rg_ycW|q2BYIfeZM&sUnA|mcxNUe=
z54&ru!`x%Sq#<oari~jren`fYR!usN?$oA5TF<skrc6j5X&cq5Mf(;LQwDbLl<ew0
zc3jt1BOXMhy)oklj?B&-mN{@_7R`+^mM%YZV#kcpZCkeMHYU60u-t(?dJO3`s9kzq
zXPl2|Qnh4R`XtgA8eQm=jtx63v)k;VUn7mR`~9~_)AT4~++SjOILa8B6a-6%H6tYc
zW3}$QKe0PI9A>OhE+wPs#9kB9dvqV%sm<WDPGbh<3~BEkN~RLVs!@gDIdL%AN{vbw
zDOjuTgSM(#(zqm8tB*?t>npUB@ws5F-YONW)eohN%Y(IARXSL!Pf8mnQloHVVz8zU
zg$HZ8HQcx+SgSD+!CJi%fezEl80$6&JO^Ob?A#{f1`R{0$ieNhhGq_$oG~#wFE49c
zN4CLM4`(ebW5fkS{-?<JOtEP%dP0fC8*H`|7v9q4(#Ep%c^PAL)2UTQXJrk}?VL48
zT+-kL4qY`kYh)IVgEgJ(t4qmXT9Bz_F<YQwd?&PKhZ&oZF4UO#;QwVf5V}xf<$pLH
zyW7US6H`KsHH&R1UxgZL{U3)?E9_qnWnfsb4W%j5v$lVrXX~VmPq9wU?$%|bxr=pp
zok=58tlh_V$!S_AEjuM+LSCD!ChZ5d?$kOZ(>8cg)4V~paYLK;>fX}Qqf@hqty{OT
zTAKvYv-!dGYyd8GCfS1>v16}zVN9XY*pWY<N(;qE?SV(yE#Q(;XY`=46FYVp({f7d
zT!$^qk)GEhZF1MKz1&SE4H?*aV5gyZX>IddlgF4_5AQK7dEn?FU5A_751-Ji)u<8e
z#*a+NYtOZF`+qt%3qONcR5&p<1j)XOGFH$z;N~;dY2xnKc}(s&SBEj}>sUrMZ#I5#
zFKb?l7VWZIXS8bCbxKa#RufvZnAo91yIgatv>_9_))|@HskL)Roo>!CT_+5-nMZfx
z2-5tr#<=7nN&+`T238Ub4?A5fYecz_dL_EfkFN!D!lo^R7s#AYm-qtX;I9mjBIW&T
z{v`w}mv`V+q@vb@udc2~XEW+_`4&^NCe8W(K~qaTi@BaPCEn~{Q9-jS$zkIaLhtbk
zl}xQBbCNR!1z-fM7F|0twk!%urI_|jzUaowm7z9(LbVz*Dr_>eS~X4o`=I<G*-a@H
zRC}`6oh}ZlO?uBjpz@P=+%wQC?;8xzVX`2<7FX`NIj9c3_~};dFf@G!A37`git)M4
zxY9#F>e?m$UxRW1DR$u5>M${iGjav$+R1l_L0{!_11HpNvT!KD=I$?`2p}nJaCRr0
zrW{tV$@7Di@6T`Ecc7HTY_iypW#F`65;?peGnnLbs3(ex%!v0D17`uboL0L7HCNdn
z)j7;B%<+E@nw4>c)9JLiI5h8h=V1K@o)?aFKEn;=pOa8wA2$kdjt@GOuAst*%NT{J
z8fvjK)ZB1gTR5<wGb&o-2gI!a8d#r$2|Ag73n!<^;&3K8-6<}ojf3;eWqu)r;~mIf
zV8wVp1>Zo77-H&V7MaVxMlK)Z2lFT4U^)tcb7(;))2%K&Mdw+(Vspua0M;D}TbtM*
zgUuzb_2KJBegH-3eFtbL3Jz#ymjg>PgBENuRcQAHX5qk`Hn)`n<5PN%{sYZ{1~rHP
z2jiQ{LNodIaLQ*I-)ym>Xgr4&Y%2dAG&>(5ioFZeg3Y8mh1tAZCl--^?>k0(2cWsJ
z7@3`%!vasG8zn@<R2Ct=?-c{aG{4j0aM;`&m^zb%`e#klBj|;=%=d~xa{-#e3dV47
zXo02E*P`f5`d%^pV`a77lN>1+sf~jRJf*%i_W;MBrGPQmGzOl^LQwqlzwaHupeTho
z$z^dvjWIxhr_$Hp-YD6a@&|{(Kw)siL|WYS%$9ojW=p))mTETRKQB+1Sv7gHJKkzZ
zwWG3#JIU#^T5W9C2V*(Z#;hH;&1yxpYz9nBqyYAhVcAUi7^K~7wsKfv8vi9M=zY|)
z!DR;cABQGp@h_m|2OB1{d0<_*yr_xE{0m^gU_t$JjKn1R0jc`egs1-5rk9yx?ih2-
z`CGX~uA9)*ul73T?EY@HA}xwuP+|WI+dDuX{`P%b1*g*tw_Ooep0mJew;2&G$Qx*k
z4$IBU9GX3PXi~0Cgeu!-O&XIm8kIV-^Rh-I56pC?;QEU}^#<A81M9(>&8(N=9Ad9$
zb6RbggNI}ecDe1z?I%~ansdjG$r^{hvqw+J$sUxIG<?iZFzn)0##BnP8xz7gtFk*B
zLSdj;Ee;f;?2e>^|F(PDvIPCFNHtas=PV%lcbQzc8sxt8zv)HvU#7mXY8g%cZj%eQ
zTLm0`o8qHBHLh>$ukAL)gu5F4`))U&+lYeE!id0KUe^0C-ii(U#%r~hoGu%U9cV0H
zgv*MP%uhEk_S25nYI4|Ic9hz`5A1zuoe|ki4;tgN2;dq6i`#CyF9;mn2mXEu2x#QX
zYBynla?@vr<(Lxn3JZ8~lK$|6#@^bIW7WW-aUXcx-O$)e+p*JRb68V?bX>d|mGV6x
z`K5-&Dp~|wm~*=uL7_lQSDYj-)5zFMJJ)WL&29-Y@Z#)uawC5!gPCWwyBz=hfM0H6
zjHKTi8QW>d4eJopw%><gcWdmYOqnTpABX+IX=80lXl%rZuO>!WGwm=#9S(cSeWHHL
zCdPK!&Y|FJ_k-6l_1Xp02EFD?xescsbW{IHcbKept0joRQk+6|yfe<dAh#%rHZ(QX
z(30GV`9=sauu3mx1vh^i6kL2WV-+m|P;jtB|9gf@Z)WVN?HAq|t2xM8TAZYRtC^o(
zwWYvnx*rOrN^`&QBCL;FWrNVUnCCh9L(KCB&5e~b^tMC6S%R%6#oT}8=Zq<o)WTRv
zquK3Nlhf(INzea$A?@A5I6&L6&BXS*LCnVD<g|n6ShFpFZx3GXz-DqW6MXI#O!%ah
z#%kJeJ4_B2d|3ZI!C!0Xr_Jq9X^5o%=i7twt&F)^a=Y$Nw@X|3kJfE+-jC6iXl?AL
z5ofE3xmNGP-tQs1ae$^@SO{=W-iH-)V;56p3UwGCELE`MWv;Nmd{xZywEPvw)3Xj^
zLa74hio;|N!qmmw`KZz8T<0{#YdU9+oxme6P6d|iH1^eW>cZaZzwh(~r!iC0soR80
zEB|xdVR9M!mMoZCIB){@S<F-W4RhLUb{P{&7xayQD9o>bBQECNAKqYeQbo71qDG$K
zhIgl=*#G-QqLtfkn`uFq$?gc|%qdQ$e$(yeQD8w?++KVic372DjD59~w%;d8Kb>Oi
z6<MG(E$ph?6x;nU1kPqaXP17#Sc$Bu%rVX40^BidPceb!L7XVX%;lxeL&mnX_H&Fo
zSki$bNdLvjY~QptW@=;`fvNkULVKne`)hl(nlRe|HA-=gb$^<%Z$yC}b3m|cK|N)~
zJjqYJib)>Z#!rztU>*cfq{TVxRc(x!nwSeBwTS)(VXa~w^>2)|JGC_?l+lnKrh(lO
z#D7qn<Id>{;dXrrm(|`v7$9roeptXiwKewF5*`i&I|v_;&x@JxPfb8HV0k-#odQSc
z{p$bsiJ17A?Lm8Ud!s=^1Sj*C-X|iAoQz#PkkCdPo$x9I?Y}s=@2&R6OpUT}Ld98}
z_rptFtAn3LN1hWdd%hn$mp%$72WPD@CeY~)etOPnhs4vEfyN49g+oBa%=Ve@g6&#$
z^q+C~OoRH7igU&*ry~=8ZbxI9#*T2Zgfpb!{^vfVuR8kKZpbx-V?2l}rI?A{{wRn(
zFWt{c>qIcfZ3)tUaT0w`x}TT9nPRdb?c~3wcfC%=ex(cSMHkds5GgCp(avV}>f4=+
zjWli~<oB_Xy8$J<IQtIi%=SYp%ZOXZF6@WkhrbVA$|jvL=tZ544K;G*vLUc+39^<J
z=cvEHsI~n<l_91dnA*iGS7W<CmBu}exSRPyqe5%D7%ONNQWw<P{lethG%Tdy8OC^R
z|IlnfXP}rV(Qyj;e>lTfMYCr>jw}|H|D5YLW*B>FxgIv0&2GC7?!@S>#(o;B*#+ax
zbszYBR#)R#4Zpk1CVNmJFXmak@dVb9rrnJ38s+AOa=Ra<`nYa>&K@Kt+p%m1S-*;T
z+*O7|)TJl0kXul{yD?Hre3)+LV52W)B<`+-tL=7oV?{0Tq3nWnUz|Gjk4}g+Pw!z&
z)dYiZJ(|U7foJtUx137#G<MZ?j07H=Jy_hcIEVdxPh$l-(jP`+$GNB)aigc7pVRF!
zx!w1}&)L71|M;Qd9LO3AO!#8vI?G6~{?s|fP_mAUh%SqBHn;%L=Y(^^n7beRx1qPO
zt48c_+nD>liCuXRpy3-Jz%zaPrXNR*P|V>zIK}Gr1s8U#g+z~IeT}8b+1FT3OABmU
zgVLfnh2iDC#td!0u<wHQTii^z)|f=&`>{=<kM(dkE4b<{&T*IQ@6UViec!Kfhc9Bh
zw*b61cYx7AF^eL?%cAmwRswOf;J!%U(*wYSIlqGmReUOHRC0<7M=0HnAiKI^=7wDt
zun^YCH2NXnHrWw#x(~TOV=|3hH7hU<Py}6pi+S9ZwZ?kXVxY0QhVZBk05^g)2;qxU
z4B8L!+g#!>smaFd-T!>`-!aH9CV*>u5wgD@4umFyjTzdYml+xd`9}AF*5O$YwxhF+
z<)~zqF~M)T9VT{Y=f9`=T!zBsA5eH3c5e+o6r2o&AZA}NvphGv^A|$_CJ*tGcVu5-
zGJ=^N#f$|6&q=3&fFCzN<G66#=D(kcPD9!HzW}QDrA%WP>OIt0PNRS<X4qgsoJ++_
zhfN0<PhbaxV$a49`eUg7lpyYp!|Kla5I1U+4Ma*EK<uJfb|D;Kp5mzEe?KWX+5TDy
zIRFlu^*$s|oiE(6-DD3MhyH)GeFu0H#ryvglDoaV3%P_6dJ#laxR6UOcL_F{0v37^
zP~nnXAduu@E(zVUH$*^%u^>%AK)S*q-3~ScEGW`!SP^?g{-2rI+1(4b$?@IaUwL3=
z-gn-4=bd-ndFP$kx&LDY2rt6^|K9OZTUm`VlJWV{1^>Sf4fgkdA2k1Un1OZ$Qj28G
z3B=v4(tN4)|L^wK+$psrYwv`<y*f^6Y31#c6DRF$B5f~D+>wBf4L$mg4NIgp%{^J!
zo^!wI^J!0el}cA9kiKQoYNz`9<@nythamO*a<p`D2)_Q=p!9@IfXS|)bVZG#x#dze
zDXq|B`ELc*;#>7az6u2^swujK)|%=X(${z|BxRDsN`282m2kq}td!Pk3{9+(z9#wA
z(qgq}-b4vMOEgh>CRK3FJ|gtsTefhOv`dmNW&e@=6Jb&(PnJs6n&k7z($%EX6ltMW
z^u`ovB)M>^v|1~AXR34+aZZ!gYDHV8NggtHljNK?U7D>G&!i#I#!Dc@L(`=>T6xiJ
zICx!ro3ukK8Wl#@9t!J;`fis7lbN?mFGh(hD>si!UxmvkWABhItOxl)&W*^@JEZ3{
zV%Og(wI>yKO3y~s%)#$B^?OIUfONl0+NmM`dl!7V&UZ_zw4#G|L-Zef3QM1UkF-Q9
z-*k_3CHegxX}MPP#J$qx<j}p+Cavhf`_MZSrI3U7NgK8DJMV{d-@IR1sufLmKnjv0
z4@j$`7|p_&)b>467rYH9H76fEC~enj%$@;BzcEA4ZP`N-ezZv*(7i878{42I+4hh$
zQLE5prj$hrXG)8-qJ)Pb>)#$h_bw}GkVbM!8eB}{3&S;xeGfxhEwiLW?W1%E7B)-v
z@wo^8Pwp{!Vz8o+B+SBk^zAIE0r_&4be~40cs645bGM_NMYHv4?42XEAveyER%)pK
z%|UlFACVr{ie7sJ;{q<9(u!t2D&<PJ>W{AWBB`UX0)6|aRIR~peoVTIJoT9LtX6c@
zT<H=rVXm}7D@vUQ?eNaiOXT1@=>`&c4m=DZdf~lJFq8?8>j!-4<5FL8`f)wMxlaI#
zYCk#lgkH@{pM(^1j^S;gZBI&%Y7AWW6x0a#_=(5)Qd_d~DQUU}%$*Od7r>{r@~%%y
z{b_j`dHQMn1kGC@_2T7o7Dx*;{LTxdi)p!&6fKmV)XL8+ltyvgp0G%dZ(R&M!CXxz
z9mb>5n8nh)TBXkyLo@*D=GcxUg8m;%^dtH7Gnf#sEd`wgIiQoURC-vW^UzY*8~}B6
zN|#BUIX|nH>G|xr9H`Tl>kUH3XQj*Ga%Sgn1t`B3OTvt2r3W<nX)7cjxo(AiyiTpa
zXfq}3wgpS)Ei0wL8vfdqlABJBR3fi}WD{5EwW)fQ)SK*HrSDwPb5cL5CprT#a<z1c
zmCe3h<m^BhKTxq+Kb)=Cz*vr1qnGqQYhbd!TB|eJ<nDFQAZBp(t&@nxU%`4TB+snZ
zqjui_g)ZHo*S`iECHxlZMm?inZNz|~=vp#sB*LZ>o|kUWsBU^5L-gzOdY)#z0E@>=
z!q!m`#0#UK41HdZuGK2tv<c$@ebOxiS8m1(WvY7nW=W^2%_CAba&tu5pw)J4k=m)F
zaKBdm+7__>%ND&tJoTcKLk_;EmvQx0-nNtM+^X+o;WjkHbbRwRy+B57hZ<nabv7?+
zhm<XbDUHUIAJ`#<H9jmmF^jI>sVDyPPRKrMmtFyn?1Ge1ck8h>@8(5~$$z`0M>K*n
zUy|04D_+*u{`zHZ&{D~GFU)S<D|$<_<`rlnSjO+}y&}!j=uCMPHe~&)(i*L3<ZB!?
zl`xGy^qO9yFMb`<a`5Z=uAhD#OGd{x^sF3s0~(OFM{g)M?SWB3k&Cq7D^1o~dtxud
z0L^fculMSWTlJe<W1M8mo6=(%e&4q+CJ((Oy`U9c@wRjmng6z)f!^<cO_)X}x#J!E
ztZ(`*sG__9x%pjv`LFMCQ`&?q7$DUr{q{*ZB|5lIa*MI;ax={BEgP{na=oXY%!}TW
z22jFj<nLUx+Hk)#Lu2r%{hT^}XmP*ZwoW?$i}B(CX`O}|I0)@z<FxvqUL0NDhnS|k
zuSdP;15jn!39Y@5%=$pON28PWAvg0*V(X5>jTs;6JCynnWH|UE{h*)u2-BVs%RQtQ
z%)UdS-2Sn?eDTM8xp0ztpXl{<#V6AB)Y3F0_QQI!vf?nBL^*zv<FMZ4ng1!K9?Er2
zOZ5?q-QpwC<CjJ|2lQA%aSmvVM(#d*Fg#BbQqN@cU+_#O9@Y2q-=iRnA<<csqsQ>H
zCR2;-<9c6U&v7`Cti0g~X|5*4WhXEdK0YC>sV5ha#jfPh5j;H7h;9aQ>Uu}yoHzV(
zqF)8Ms3Cq^B*%+qzB1cpX41>$+G`;EtrC2A7xg4?o91}2EXEstIa%uK!|V;e>w{&5
z!LrV6hq70H`QwiG+wH@(KfH`n<MF~QJR6tGp0lY9hHXoh+%t$LmdgU2+x8Arl={mi
zQ|YUJa`22VBi}3f1=YCeXKS?Zq;A?>*7kieJGafedAgj7H-gP@?jd*0O!U#W+BxBi
z$xkyA8-{az^n%v^E|45~NT9U51o9XXnB))X*+;-WhlVL?6LxE3Af)Xjuik0BQsX)A
zX1pPWV}V*p)=JSQ4+vINmiWsG)kNpE{RhF@R>abtba}wqVnnVF4v>j<a^)TsRiRLz
zB&17Rt+dgR%$#9u)Ey&Qmw0OJOCEW9mes9Erz6RpZEXOucyP@G>uz%OJZo1y*-i7T
zje3BrDTyG2VSUn?W9gwu;npV^T|6pghTSZ3?J{eop6>c(j4s|KFhe(+cve8XI)0y8
z!ReaPKwQCGwZYm+FJH$-M%SEW!WG9+5v$kIy9d>>#Sv>)3>ls=Ga~{o`C_XzOV8@{
z+Zd~OAJ7b49~t$M^)fx(w_mb0pekm{#Nn#IfH$p|=;^L|lhZY2<J@_q>^*BAy()bF
zo|W28e3@-R4lw9^<zPBS(|CS3eu_8aB{nbpeJ-(f(e;Vmh@^j1k_Z$3PdutmjP0Qd
zeO=FgY2iNQiLo3lPB^EqRm<#buiJO-L;l%#9u7xqZ4(P4c*y^@BoY~%loC1in{-)X
zr1USTp@n33z)uWakz|u1mn7LXC6Ftuwi42<%4Q+gj<I!$oR(|@lOmZ;TeC!Rrh%;)
zdAWgYU*uRL+k=T@Pg7eddEqw%uGnunMSg=nHupF9<g+vIbLQ;ltM+8zH`y}(f>-(1
zS*dXo`r}rvOs~uBX`7kVH7gf?@HDNL{50CuV(!JZD-v)D@-wK2pT0^X3wz=>EQU0&
zjiSGVr4VH)2IzP_eqCa1LtA(9UoZY+SsF?s^4$nqDzP=PWz{6xh%9Ji>lGQ$+}6|*
z+1SR`JDG%BwyEUmE;c85ugcaX(yogwwH|pU%QlHD^4Lz3%ngkjM^5F~yh)KwU2WGU
zl3khj?e1$Pr=>*hxXN~AJu;|=ZSuLz+}g%=4SCNkCy^grwiKO6>Sfq&&}D~Y*zzK8
z^{{=DK<b}?*Z;@A5W-n6y42=sTM-%Hvsoh6Yi+|5c)RzWYUhm9>u1}OKrS9&tBNEI
zw5>{tBoDLU$HEz7UsW`9Mjjby^VK7t-eQv@Ww+S6*CV^CY~3O|{I+Kj$S>`a)5yL8
zTVZ5rz}CQWF6TRX*?LEdyb*c$Y6C$ZG6J-_#?~$7&`dA_ykG=4bB#gcy?YD5gHvtY
zBblYPdlMtAZl!}X#c%5ok*aL#6CxK)w2iV*33QKKGTruP0_l0D%^legw*8h!+Dt}i
zzq@VtiIJA`Y%&?Msl7F_=ONpD31s0cTWVy-!?vK6+&0aoD7y7lsCULRTT}97xh<C@
zPP8?hH__ID{5IOwgnUtL>q)kkW3<_%&~VpGvt34(-z8>-NHrn*@3Q5Q&U0;#(AFOy
zPt346$ZB^>Ct0%{zjxA#*seNvc-GFdT~F432h7<|W2*KzXiKLli41?*b`#H@-fy#!
z7oWz=VNjNBzJNnpk*PG*ZkY`?(j-|TpDqBNnoYv_o0lwJh`Bp>q3vo0n0E@2S+G#4
zMRW5O2@=P*p{ZeG!EMzdTVGD+ziq&ORYe(t=r6fwF=}l55WG%bj2ibV*;eG6#kQL{
zVBKi|u3y5rNl(NBm}KP=+Zaj{J=}>NraWW2g=YsGLiScQ>s*TL`_Wn7QjXk;JgKJ6
zD5-REY&U9*S;kQslQF+gmY1RJN7g_vqhA8F!*bgQUH0zi?B~mY+#pp>Cv6Uc?_STM
z8)`Pmm+gf;I}9oAd=_?q0d9B7wj|hU+-F_^zy&L8SCK9@i~tjUrcIW~HQV%Zoi`lR
zcWlFKWEf1W_U!_LiM51gHL<>{WLuFgJGfX|kvU2#oiG9ax`PwoB2ALLxP5s0Ptfnu
zonTazb)xLeA$ROT`M#Z;fpo%z-eQ*+119v_lx!<<LQVDBt&Aa;^3vV5;l%k5BnsKK
zB0n7m0i@E&tP?03ast^Udy#dfLp~l4)`UCK<%VS63Gl-Jsh`<wiC8Gft!E%N_h;Z|
z$!DN6{WD&*6*;b?(#d~KWDLgV=sc^sdp(+1{<&!4?B^IN`xmw$<n$I>Qq2ie_#H%}
z&6wA}LpQW+$M1Qz6}j(wF$Qb`eN6#ugjlxE4+@k`n^jS{<Wr(18}2eS%cjx3Q(#*g
z>Z~6H^4mXx?MHtUBl??~8h)CWDPz0!v?6#1e?3<A<-l*-umn=e`iW0wWhPDg2_j*G
z%?9<Dnq`C9<7W<Sl|&z5A_>c&20MPXWkeb^lOL-`Dq6}-Bi@$sVJn$*tu2|{aQlUg
zB5T^q4<tl3c98E(A}<Za&v?G`F@7a@!3}aUIeMv_Pk#F3!nTpao#ZMDxjaj55&6n3
z_iaGdFK^$LOz12-BOmvY??@*1x0drF6GqDaq>ygiFd=HJoy#+9mq#y6jmhP1%%fO7
zz};@KIz;&ojmW!3fTmdnHS)7;z0S477iJqQaiy^VjY%XsCa;a>c|Zx?hJ{!j#afg_
z7SFadCnG$zYtL=<i5y$cb4y)aV^W4$?ivf-cBKL91C0Pr8Ua4PGN#ZPlZ>luJ<erx
zPj`cs(|W{`@f>xDuQ7<zF2Qp8eQ#T4%(3s#Cni&kNYDuIq7fjmukFg1ZCu+IZLmRm
zw6E<#GQY2FJPBL}LpJ6*+vpfI6pt2;YeRD6x|qYIp$sx6aQF4Lfwe;0k$N}Sx^UJ6
zL#@f68)EiDYqB9(dxNcq#JqI;VAfAQsc}90d%-kx?yUi~yqaUF)C4;XNVky~)x9@y
zH%TVV{BVNcCN&{{+yrk|{9d9`cFWBu!`Dt$a`I*jB2qT|!Xf<c*C>D?YXmyq0v9Rs
zW}BrRK7ZRk+LjJB7)zgwITyLRAIPhRf>bx0mukx{DO~|WiB-52*|!3=jis_y@>Du0
ze--w1-bxtHdaq&pzF&##A1hIVWy_BsJ93rCj`<VW9nsmg&jI@LpIDRbq$#$#?S36g
z&zH}EsFuBEHB36owrzxUYQ<`f+=|%OfENH-CE`U2GUpAb$X#n}eK;;#C*M;rlw~t}
zEh?zXW<A_m4X4YE$=bF0MKcM%H<wHN>p(4S9R*<3Op>w0k~==bP*t+Bz2JJ+Izf%C
zpY7L!FKzw2XT5;3_4AwceEpPli{sfX=qJ|7R%G;xsLN6>y(rc%wl22Y$`>ca?YwiV
z0%gnO7h7$^s1s)8>mPH+Y%g)yDehSDOHuCF9tzbQF8s;~K4zc}SGSkZQw@OU&J|DW
z85KZ1G4kWfV3gsp?4Vb8wiS8d6?B(rNRwB2O3{$1uL1=s(TW_Q0Hz#F8@j&+02}^i
zUK4<B4dK~YUk5-N{^HkpkJ1TKjyGSA(uUI`Fo50P;G^D(Jp2YoQI#M+(UdyYWau6c
zWm)PNCE*KP{OmmQnD!`RY@ye=+<f4(_HvDYyR=u3VS{{PuOP#mq@HiuhElIcKdS%i
z2fvyJbkhNzZAG>pKwUP-tq(>Ga#&>9sGf+*^?YBTGUsQRnq|(9^#hR9oS)(k1Tyn;
z-=bN~&vkvsvyjq<sKx-yyZz}yut@zHwteXL5ezZ&a@h7^<3|tx%TlK&N%m1!b2wbh
z&WEC0+)0N79`l9{E7?}$%8vzrZ66jZS!MfR`Gk+IqOV0XtLb5mFAF!zse&H;Bw9hU
z=?!QK=zdrLm`2V#jIL=4dRoc0B7;5!8%#krDJexkn;n5zRGXEE9~mJhUd2Rz<Om3J
z#XW+mI>kMTCRmoK>oYW~sjKxE?~tOdV~>G4gEHf__n1It+0Ms#7DI9z{{F*sM+RAA
z5Bm!jnj)o=Uw{WdV=}uw9K3zML<ueP*QiN8>sP%D$?0EFR~0E4{F}&9c_rcplSugr
zboZU#^m0t{dhn1b+j3?8&H>m1|1Ly$R7oi!?C}R^sv;!Ilx!;tzBtFV?Uz<zoZ9@!
z#fg<3Ye8amo*TC;(C(eIoSA`l{uE+na?Sh;L^ZiS`d5@(fBh>;uEYN3$gRkhzd?mr
zfENGolw$mE9f4~a^Zr3=j3`?lPEZuhNL>9dsAxt4KN9BSMq<~$s74n87zqz93bNIq
z-5I5jl%C;aT9NmZ6h@zJqO$)J^jUV^f81Q0vx%Bxk@cIXUo5h+FbuZJip|($1qxFE
zwlJhiN|xD-Nm02^M2;|<ak)*@WSe2!7E%aNBQZ}#PO}mDO12ewMMle-jkw4z@R-TC
zpJtg=phf~4V!H8#RhZ|H*~VMh_g?Rib;g6NQ?txQG)P7_nYvdbbG%mM10|&>eqMcW
zp(*}+k+tN}-%=v~)R+A_-Of(|wx;T@sadM(Np2kNa+SWyDeJ=v_<dR2<EG(-B?_Pw
z`N0W}n7J5`%2SH2zmSSHG+l3!#<Ns2@N-UF*XN{xzGg6vP#mV>S2X}FmRdqnnh~)y
z1d68Y;~GLTT6S+kNSkG;)u`w3klBq8JnG&E!bWi`GP4n=vD9fLr6~R2#vGtzH`A=D
z?}!`VB|^3ey3@h2s`+GkI@r;&$61y}4|+7=1X_`0N=k_y$W28Jrs)%!iiVi?v#+Uq
zHR=BaT+GZHvBHB>#ooW#LdHeYD`kY#udFYTi~6BkEY+pGTtL41$eBv|b%5XDyHIXG
zZs;J7BVT;vY(TER6lE9pL)mqg%Eb(?9=-^4Ux+C_ypueZ^z4(|fE;(r&B<6dvPn-R
zH>j71(dmVfKD|&9xK4J$DP}0Q4wM5i_6AMK=L7MUV9MB<k#by?8zf&D>(|5U<-!jg
zjK%SeLGr~U)nBt_BeHRjd_@dEW3^_=V7XH)(xk^=xkpUE%)xTcn1GLC*GMN94T;S@
zDIFqrk4Y*rBxW1w#4=RADn^aQq~Fk(H5w&(@N_a6I23N%^Fw2HwK4fRcHPEgT^QSl
zD~8FJ#ccA<VNg0|EZ`hj$(NTxnNAOv?IdA1w^l94MOTQj+lKQg)|i~Q6j}qk0G*jF
zbk(YFgieb&Y9X6@h`PU00Gp3kMf8A*5n>k1+5>>b0o>GH<d$?fmE2xvOQL?(+{Lyg
z7tn}Ptn<1|uP56>f3b?p|4$k*cZsb<tJ=~2{tp+nH%_P%Z^T(fF1?-M-4d<o$XQ%s
z{GkvV)y%V!wQeTn-f5$(#zTAVaob3WN;0iBOC4RiDgoY256RZN4!oxmY&XV(_cx{Y
zNFo}aRj<y*Z>(n<Nh+GvDc1<aV?@W?UnkM@M9x87gIbvgpAbar!h0_fF_lj(wx;ol
z^e>C87g;dFmNqYdfNmVJea#x5Y}-k|qhe?$e(v#{drg{tg(a}P{dwru!}Ty-;~kP)
zlH(ha9m!&x;~0__^|`3woz^{m6YIw}ejg}!>FvbN#nmE>>=cFFc#!9u5Au&Gkn`~e
zact?Ovz{8Bc&7jGMhJbiNw77x_~>AgIf<wj$FSbp)YgLytHnouF_zrg%+|7wsXM6I
zc?{M1W_+sEH7lIW`K)MQ@i9xv_!qwdSj#{(>U<tkIn+5mRoJf(t&8bQ7fwTuT5t|u
z{ygTypvPgR_B~&xMftKns_lFp)pic$Q>m_o_6`*dUG*(${QNZ<>h^7&4NWhAP+QNB
zdrcq%3T?yVTolOa!uYI=9EcCEC;$yUngC|k-D9H*7#s*B>QKgm<JsC&mjJUSKuzLU
zapwRpUICn*z*o?Cmc@Q0(7ZTI_v#V^nVAq;C*TSO8|XF(a$T$L-IW;VD^A8g&{u{r
z?PpPM;e3QW`JT9heF$jr2-|mW+%5>2dvE+c$giLqkFW>br>uYR_!jH#L#N{KEmH13
zkF{z1{pVpy_uQ|Tx_H){jt?l5<3YaXe2_msALQ;2o(CHX1u|JTqfXm)=6sMx%@A^q
zgYt{#gWTky^PpVy5Ini{bYtEBq%h+HPS)Ag;)hXf))VJj?a*9NZNLn^%-{^YZoy6_
zm=##c>hj<}BvAA?@UkA~^wQgjAA7E4IiK}7#7WoDc#waf$o0Oe)8oGGiTLnVQaoyM
z<8hquAxHek0R_3PW$G1`XdJH31y2bM;y?}y<aqpsBLX=d&-1eR%!=dA!F-!k$7=n=
ze3-BYNF&Ewd@DuX+h1peKj-5hcy<EzJydh~t|JZ|zHUQ&I=o^-d^()8@jP_czcD^_
z+Z88XtLH(F&WU(@%c<vs{4qt2*T?X^AdurQS#t$)JX7hH^FbcCiL+7HR9Y7&Uj5BV
zx7x)qizW!<cxKVw^Fi(yfrc^L6GyD)?g*c97v^QsO<Ns7sm~(Jb&6|(cHaVNoX-SZ
zxaEJEpv&KkZ-OSibsiIM%v)eS-o;}lMUG?fX!&-0cvIe1IE`nPeng4JJEe2p0dl;v
z^idT#j#>KC`5^ayS79TbDZS==kRAIt<+`SHah!N>D0u1dOz95q3F*eMp}tEX$Fne=
z05bNHjpCc7SMA4AbUrihsr~=c%q#gKzL~dI!HdfiyXZ>@G2WSXH${$P=6xoJ#xtY3
zeWh>^5Ap(v9Pf<!S4ECvMvXivD93@kMIgsBqtd@tD93|bsUX)iqYkJ<<5>JMzY!e7
zf&8#Qj%TI({(O+H{Z_CM$4a>Z$nnoX>vy&RWc^$4Hg|u4zo5`{ZG!&%FFpry$l3E)
z$2Ocr596FobDeTLlWA@#(BfQh=Dr2ocxT5Y2?99|g}?87kiQhj@hE)HdYp~A6n=4>
zcxM&7xR#Kc6BQZ6v)*hI$ni{!W=Vo_9J)U7e2_l?GMyOl?Ao#|@|C2hSbmb=%l+^1
zJ)bu->ZAI$&Ac%_&cng6`f(onrv8S$y$5w4(zky<c~GD<SRH6v7$^x;1`6ByL!n?n
zvA?o7SQd)m%epgsc)HV*MLpfA?UYJAgQcZ`vdU1qu5HVzN=iDn6@aTJl?Tc~fpY=j
z?&akr#Ra?>rP_3S>xhr?HO@+l$5wERE;z!)4^-n5!_3SakIz+9JjqpATreR}=_(DB
z<_9W}!(YXPF*(lj`rM4+Q8&{jve87iM(=wUS5^ip+D;7Qj|&DT#Oiof27ac`?TzmE
za0MSd7=`cpLEK}=KYo1|zfhHl-%rVMRrr|DUBzY9{*vNCS1s*kXXNI(@$o$s_^6xN
z18#HLcB12+Rb$+9GGjd6mZN=?8I%JFq@WxZLH3l(rKDXm=`~8Gu6G~2s^Tc0gL?Jv
zKAgt0aakU(H^#GZTE&U-dkJLyJ+g%yoFu<YQ%PjrWTXb%Xt$7&Q+Sz$w4N%zLQ;Q3
z+2=IH@SdF}Z{(@9n;bThKV9BNy3KT0NSoV`Vgzp948Rw+$(uOdlVSN7PffX9q(<H$
zAK_)Wcgja;%0fDAb;#s`yX5zI_K&+bij{2N271Tt=77&Q^tv5De)?YdW1gLKA4j&3
z<2!*o`hNK}4!Gz6`BUD7qzC0MdFs0d<!^cFqZzy`g}m{Q{248i$T9jCvg1kXhvi8e
z@9~G_?|7>8C%a4@o+U_C&6a=QfWkTQ&pb6|H(2vO0(P0`e2>as@l>0~L^bPNQFdys
ze3C<t{|?H>=Rq2*+HNBM!&5sRN8?QPE1!^0@l^f4?RK){N%;$&z3(aXlA-+Yl0zaB
z=F59{cGb%cJGt^{`3;`6E|A~jsgD+bKQ?Y_7RtZz)X0B9bnPOv#sHnqfT5*}<>Nei
z?-Kb>mWtf|jNBlB7e2OB0Y|Er$@qwpR*XEbT!jy)2U#qC7F}T^pIHGuS*q=;4lB8D
zCD>tAMy!(SDYb8YPHw9t!>i?1N^-#(mHdXavaFPDUng+MF`Gk<oLnzA;h@bM<(3Lk
z>*wWWJW1Yh0IA0dg1yMFO|o49t*#Hygw1k-QmZT?w`NHznY9ID#58--i}D$snz&Uy
zz*E<41C+^rbOXq~>vs7N%SIaRpv<72m9%XLrOeqWui@D*cVZ4Pz>~W$OIT{qZuxnh
zvb`kAb|W?KQV43&%X~6f$bcpe2kH8Xyq%T*+XQqIUgdNxk@c_24Oxp8^41#;dt~2h
zw0n&Fr>_g5naxmV{u}aI4!B{DyqTx0dwI$d*|}G4tknDPO#z<umPozb5)=l!%_&$m
zzoQ~IeV3z1<iNYUIf=~JCmQbgo*dyVz1s!^Ec*ouoA+}7zUVw42y{9qTKnRlsJ5>i
zl<C>`<+ZHuH+~>TSfas)9KjNK>q9x6_doLaM{4q)LvkafH0=|$^peA}i<gqq`yi|Q
zPvv9<tNe(Hb^lS3B#VwgSs_b|!E<y-j>~Vd=AXV0ow?zJypHA0o=~`Y@iTcdE2;Qg
zu-EAeK`heqOYp?NBfnBAEa(V2El<kpNa}Ft(Y}*P{rkU0eO6R@3CgeihP9MJlD-8h
z<tMV~TRH+v1<yVQlmp+%FYxSr-wSeGe}Ft0m0y2gN+ppsr?`kMk-(2CW7AKIBsueu
zLyj!?iHe2Me(q-&c$OOb3*$i|Wu4L71-~kNKlrPnt_xl0%A>z2#aI8X^zbZCpjsDH
zd+84a9{N*(yZ%xVCq-iM-%3d^3lt0fQED{)S1I0y1T`R5a)k#7bIw4eShmN1m|-mS
zUvmJ?{s%d*?1r<vhBUXtzL^$DWRVvb83}eaAuKpxwr}C%{CGW)D#?ZBjY_n0fs^DU
z0a%m=`}$szsC&Cb0J>U5s_Zh<J!2Jh*Gd8~&c;(<{tBRUmhFmp_*Awl6Q%r0u(rU?
z>srYG=qaB;_GFQo<pj#x$pYoJ`T~%fB2quAsnt$VR+K7IZPP^R6E*c%15wtmAx}v}
zZUlir-z4&ilCqL%jRl@J-Ogv@X^~jfL@6n33M8g_ZJL1uOMQ$K)L$ZxHdhiiv|tG<
zv9?s|?G}kCt$52;lHFRg_k)^xwv8zBw-u=t7l_mcYHC(H!GGWOB9(ZdpuGJ;QKPzp
z(thSec5Z#YzDOxq(osp=bTR6oBPpcSB^Z0wrG1w$bcx)5sgmg4Ng;6C2#ireXFE4s
z8#|*iQ^pA{`zD@hpCM9*GX(Uun^0?h7tm*F+Aou%NJMhm*-~L4+ufXN3#rNysf=uq
zI;o}>c|_TDeyCc04p%h`N%IQ8ZTSEk^a?e-+b7iY%3P7Uz7Qx0d0g48WMdw$YbCb_
zz-eVyp@SD)CIH9PRKKx6S#r5R8FGa{Nx4#_S{4K4y(<+d-Eoy7>;B_W+_RgV+t=T^
z0UbujLe_S-Gtb0I=Jc>Dll_{WfKt)U>!l>fRwX5os;jwVCDP>@q?jo`d5!4Y;@%=P
zs*gxD?kiIJ)YJplin5;9iPRZ26}euN-Fkyab?V1cR`OLp(bq-&MQY>#k!mzhq~29i
z_YdNnT1of80{YKjQTD<RQC2ooq%IyNQlF`*`NMhH4nBX=MhF6Lju6Oqk5s1L6{8fn
z{~;0^Zc<7n+zf1{>lfVu3M_RTDK?Rx9IYgVj8Q1n_bZ9l{R)BG^OZ!`0@P<y;Fkh1
zb}I@+nLmJb7_>!^D0{z1ls!CFr232#sd~jcC6OJ)yhaMSZ9J5X%^ddxUM7+6Xo?N|
zGt~UE)TmOCYFGv;tnBSFF?ja|MXFo5Nd2v*Ubt11l~stk9Ydn*gqnJ)Qj`s?5-Df3
zNbRl0%x3N0K2el)og`Afs;RY;McKG1qO}XAqKwJv)2Tv|bEfegS;@82Ii8gy-6m2y
z)zqZ0D9gHC)cEdpQMT+3ks5ucNHx1lqz<a7nRlb?_)}OH`rKoGi*H#P-)sMZa%GA9
zbFW=^*!z|_<VfoMcE!Uc4Ii-o#L=w}+LbNRsRvP!?SJa8gt0j?!+x02A^T|dm51!#
z^2xt$rhOMrl|PIWt1)0L)|1>>_Jaz6*><+EOd{XUwtvDMmpA5!)R{v-UipZ9J*P72
zQTsQ%p=%zqzsr#u&$aL6sbh2PY(IscXPjsMlGm6`>>u*fxW`4R+Y|QBd0B@i1zz$~
z_K&D|6m}QSw{PVrH$Tm*B@xd8`yt+V%0l}|p88`U2v7-<ql-k@8;kAVFrV@HCH4=v
z!aVqleIF&4L`E(}513*6u3oZC`YnSXS=O`M&Nj&sNqbhX_xrP;$)Lwp*xBaNLf&2}
z+S#;9h<WjIVmR(wEmEaxc#R}7Vy#`-b$Zu{)b1fk7SeP*`pmdGy<QC9I~yQ+)}fUf
z?WcI^iRVQpZ+`(Az-o-$#92!s{Wqg7E9(>iJythqi~Vb!I<*CCu(HE1+JE49d$)?t
zY~IGZkVF=5w|`He7BXvxV0`LMA*-TYqHNG^w9EA9vX?kCiOl!`-d&fM?MnE<`HKBd
z-jMB8u*PQWm#=c^TFFbV*_Frzc^%yXDJu!TVc*Yd4BR7{ynL@1_l9qxaY|+0TYMBP
zWdB=24qM)aQn237c}EP#^mjSbGIuJ5xNM)DZRW8yyvNHW(rLfYy9Niis$0mZ1A^uU
z2kpOeS-kT;nr6M-`hiGw{t><1@S*(#Z}!oTc+ZkZ=^-KDQ6GyT@qHqQwmvM%{yuE~
zk=On9Q!ex*^3f4xup@6AwL6ul)1hNxjCUWmvw%(#dFBL0mW|WQ&x9gYf6g1WkiZul
z3Lp4O(L>)?iZn=@lXe#FNg_KuiTe;l^XMNo{n~y()0`LqF|YQ5>NoZU31rE)_H@p{
z)^F|4kTKucTkzgY`_4X>Lz%uI(1p(-zqe22WlV~DzqdcD%g*=#4i=-wpo358pc_>H
zi#0u`W-Vmd>8NUmHLce{bAQHyrV*|8i~R*%cK<K-mAWiqO?I;ISNj58*^R$Np&;}m
zlMcVz7wJ$Cgwj(%5K1O%{)lP_;V7Bh^QV0&uf|lg=U;+TmPK?*VVq?@`rAH_BQyCS
z;3Shd|G<r8ond7NJw<d`gq{?+FzC-`U^F#k#Gi0K>OU+tTG{5a_9a?&Zpd*^%MpKq
z<9%HgL8;euS$Cr2HC-0*Cz&))a(tpIb6On7by)<XWYW;;&@=Ft)$xuF1(7M4d@Ds!
zL5S*e4Q1X&V0<MzKGcc`LRE+X+8qaUWr$fF(PdvtcD$|2B5bA4B5GwNPo#)uVO$Wt
zayq7y&zd-zP;<$mSvKNMbu8vom=*gW)$thV)4-9=joSP)$4Z`M<A=D`G8LHxvlM!a
z{MLq!DV#jZ4s0Y^W7+Q-Ii~8McQuZJBEV%M9nu|D427+2k#vE9wpqMumIg$;OW!nt
zTG$>pRjO0otpwpMJqp5GHgcd@6iQ)pfx-lW2!X!F<1M1H2z%K`*OpNP5CGHHC~Bq4
zN+hARW18A!i9DsxT8XEP4%tc&3e%9SWNcd<R3h~*&_N|KU!S#-oOU{7D?xaSbH(IX
z++LqcyilJ*$V!Kakd=*G)j>Z9`#UJ@GE(C&(xWGJ)aMYjQbfTw!6#uGyIriOb>QMC
z3<R-whe7%-E+$rU@ui}xEPGieMQ?z{LRAtu+({$LLQg6kE0J6px|JaQr0ZW^hCYWN
zl#LwDh$7WRV+o`(_2`I6*~rRF4c$sEbL$a4h{_>OrE6Kv*5?qcvXSSq6;gaMB5b7$
zKU2jIJ&s9SCM-K4N2yPd@tTNNhs@$un(DB)l}w(W<!DVt`y9hn1+<U@KF4jkEMi&u
zEMi$QapnoGFo!GzQ7t_RqFOTP*)<B~{jO0c2y*FbAjl<?w9BJvEV*2V!eU+;_f~?K
zmyH~~LRZ5|5dBhgi_L6AzigzzRZ%EQuZlvsvRhR4P;|DUdlWReM^tusbhca1DCj5A
z*~(r~(3GonS?nvW76S#wCDQX6T^3!vMu%)A)xDK0n`^0k^tn}0xn6xmMK(o_^%Z1U
zcJj4Kmd%)k*XeU>bUD0TdcD4l<59UOHwdCk<_-IaCRuh(bhdZ@DCmjk?9>5K(8dF!
zvg-!w8j?ugK~dSy^;yIj2S?RSAEIQL$kq?h&;33_^{~&Pa?^$hGLV?w_#k#CkuAd&
z)nWp??nb=;ztrXM9_R>t8%;+Fs%+A394UIjve%7@%6>5_3K=mzMa9_+M~qJ*ZEqGT
z&dQ#@S+~Bjke^Hj-6BvhEI6ILMK`r91Q9?xxo@<iQa9_HjEO=)Ku{)I$3#&<Xi%GO
z7V?EZss`eN`WfD|AS#O>p-i?FMA1XIP@{+7S9BIJLp`*4QB)RzLmSy%q@!mg2qEfg
zd>x%d9MMJ|92Zps5k=h^v8h<8&$I?%MNW<7z7aXT0YGfgO75TFn6ER&-Akfu^M@sZ
z8#c`4rBPXXnJz1lWo0@gkjPa*k!8d8Q7}rDx0Xj`9k)hhmqll<s)&Mq9Gwk?qM-FF
zqq5INXS-KLK@aP*FjLi{N6ZqWPK?T~iq7_$6a_sRot-pU*L^EVn-Ycm+>|J2uc=Yc
zqtV$()1sgarblI0>$54O-)%bWkjRPKq8geKj;h<}b_L4xW6kXfkmY*cq0gO&%1ymf
zkYQFi{Vvf6%dQt$(7{>W-C7$G`9hbolIizoFe^#FSKs3LsNA*pi6)pPetut+o=&<y
z3YzwSV2>d`_dpc1*Mm{eqtV$(Goqjk9@1suqdlY}r5IOcz)sB60VMoTo5(WdZ#XL|
z`&@Lk=WNjiL;iGjl!{i*iOQxv5|v#Qo$d8#6!hq$QIsb>76nb48<l-7I(zlJDCn{1
z>|~<b@>odf<59?~qO-l8h=LxC&Q5wVipjL61Tq`E)lWr@boco>Nm|J#^L2Htr1I&g
zY|4VD?271YkA+dB4lj&Cu38k8buNy|u8hw1ToMI6qGnmhc+xYDIo!swKuL$Cj^(P!
zwGaf4Wpa9{;}u;QqR4OSvXSME7jy*fd)Bc+mqj>PCh033H{(}9uqJL>;qdC92r=th
zLx_13hcaDTv<iD--*ebDvn&q%l`Pv6<Dfmvky-YM)sB!Z+i^`4^rbZd%6f@F^&&kR
zv$5zmT<3U7M_}(d$D@494f42bu->tg2c#G;!!|fRQ{z(>a^psU%%IliMV9TLafwSJ
z+n#sK<n$N^1uvj8EO^4WPum1<NXz14mjY$<aGh(84r+@ylrR*lyFWVn<Q9h#`C?H2
zi#lX>#Y=-)$S+%U$n2iiYPBIJnYrEZjGDC&-1t&LXRKRIck1f0YhO?6kRRVApsc^R
zlBKnqL^{6Y&>Bi2xHF|Sltgf6N{NlIE(Bh|Xla2aTwGetvrITAUKL><hP>xB$4MO&
z7jkf@`nuy&KD4X`ZsvTY%i^w$oqV)Mk23Ea6n(r`Uqo=V#ZC^t8C7=httd*k=VB+v
z-bU<)1$$UyAG{NV^3l7FGdd_PzUW!Oy%#(A_r0h#e%&91f-5XCIeP#RDXon^4?4ck
zXWw^xsmuQLK@<VpFOf;oM^OZD(L|}iWQe1gdpQ9%&^YRm$cm3059-Qr=p&J#pXkci
zDUXfRJB&~jV~vq|`7p*^%Rcz2V-{(71k)T)iF|Ox@jQ9tBzDZrPui2o#-ol$csBo-
zV?9r09(U{@bG~=9Ahr{Zt-S2`3CDJx+WMK}Ii9-fbKo&jw|oJOXElaBYEL2FFC7~=
z!15IU4CTOA0(tnyK-qQ@`o?NBKaA`>UyE$_ZydWhp!krzKDp#um^y~{=eGiI@H@vg
zUN&wG>PEiD9ARzT_k&=3^eM=IRqObps8;W^NF6yXy0H8w$1aX{`_Jg=6~8!Ikv;E&
zXy6wRWdv?~8e+QgSI0u$#y`IbksSQZv4xkd{N1sXBY*WN>Q?_D>h}B-vS+Nx3qj@I
zKZS@tUWDw2e~IkUzXcn&{exM`+P(T;^pe$Wea5kwm;HDKCXqoWy^DrE{LitLXBVEu
z@KC_q>SU$pssyB1{Rejdw^_Ypr9)rUOMaOHuKf~#_Y*~pr<0O75mIRpsq3uCN)P_D
zCM#NT|7WOnR7zHce1$Dpk>NK70GKT&E26*Ao;;s7)WDJa7*D;i5`zk*>rNUZCztWE
z1<A?Ec>Ydx;m-QWn|QAVrGQh`-7ZeF#yayaO|i1qQ<Hb{vL$KBit3g(5H)USD9Tzi
zN?ywGjx<VM%~N|eprK8TlNa-BWx60Wph@y8yv*G+`9t1NyJpER^0E(KL^Y{-@(Vos
zar0zldTeNcE^uMD6k;FN3UXm(*{zeG=BZPyljri(<Ts!JYuW(7IumG{{2Whpx<D}b
z$qKZV*bd{ysC0}#bjRBzFW}kv?M1h~*#c7IFBDu|-XZx-PU?b-l2`H6R~HEpZ|?}6
zS(9@vPJWxGCS4*p9eSx4<cT}cTGvhxB15)xhJ;w^XlHQB7<$o@I11-ZS^7KR8Od#$
zXZvu`A8&6){}Nx0_$9t)6TY!0)WegFY1h?vljBl~L|pFV<Vb6Ga+w^t?y}_TFPxW|
zd`+Voj{<lz++H^snVCF2LPjTFo)Nj@;pC3>BDc*+uDB$!XIt`r8TCAPLa<p%X5_u^
zlDl{#AGE7Kt##z09`*lDiu}>L{<tv_@5=f++D7)iS^sfsB=11|Y2L^TIc1eKVoyu?
zVo&6g51d1rMh>5HHmf&pm$Ogo_HWwdoElmDle1?MIhdCEKH1(X^%pXuYw}Gb|CF-<
zIodV3G5Nh~@(^-xX7T`%RX?>O$$B`sKk0JH*^i=hBoCc(_9wrd#$OCN=qIGU_{}+*
z6X^Q8voRU;yK@uI{ztRve>hk3?2CUOyZ;a8a-J>w6WM$JbS@#oa+6a?`6*`-Y4aD#
ze1AEgBN+`+ZRBrfY8&#?U(RQB*=PTDK1B(1Bm@6(F4X~&{&g<aWnYNS7M^h~)Il5k
zhq{c)YySa&&ZLvkXPs#zbk?~@%g$|=`V8yo-1k!#^Df_=kh+X>+^s%X+$p7|k=%Nz
zi)xmgtcMzC0gtgZNlhgrF?E41+bbz`C2#-Vq||j<gJi1(q?l}rtxDUZg_OFYCiw$W
zYJbwSZK{E$RkTfgIkpb;xghn`*pRmEQeTM;`J-LxG;)D0bzn^{?y#jksq59Ha#Wu`
zkyG^pG}E3spZ7V}k-Apb=ieNu&+4+zC8sXoBDkr(5QZZqbz#lMUrdP-X^|6DG_`4&
ziZ(R)f1Ju2SBB&6G<0TpgVY;2L-iY?A50CkLEYRCH8jQWH^R7U<Qq3e-`F_qX)KtW
zn0_vk9h#s_W8+|xRHnTO8`GO|DvI)DHcO4@+W5U$>eIUHlIC143i99<TqTukV#{;&
zGSU*{YjkUTt5kdx*c#eX1CY`tb#=|My={QEe71o-n>QzU8acf+xp!=>xo%tXbn^PQ
zM&Jv+OP-#PL%MHqx`?Y?{id;rjDQ^^1H0EZXk&Hv`cp{T-t`Tp!Ia+hr<2hujB0OP
z0ph>xH3Ij0v;I`#-){uoz8}Ol*-{KxOO;cmlAP2O1J-7x0(|OYquPBxNqH@{MA{ur
zc_TLD%;A)^u_3!YHKMkEhun;8IAT;WbkwM^e#eaJq#jRsJvJNP8bV$@k@9-O7;7de
zf8XAWZ2l}|b!>{&pQjkux$D13*&Vx1+b@mk{B8(&`zxb5OHLX=CVg!L>Gw^_OR;%t
z|80ta4gT8@vj4jj1B<@$dn3plKNz)h<0&IZmmiI&NvDnK96fDRXY)@+kcWRZq89kY
zNN!z!HL8>Ln^8O8{AN^V_wPn^9{<A#QvRnAq|aYQ?X>yZ2=e>iM%3Q@#|X0gUn9tE
zXN(}j{xgDPoHgKWuEiN!-R2%K0FX@yPJ>xGqn=Tnf<z<8Wl2Vmh8Cy6?D^J+Y4Wnw
zX)qUwWJImZW>lxAY{Xj&yAidY?M?$z|CYlDvNYKUGQGYLWLSz3Zy8P_h&9!S+Obq4
z8N85Y1bLu=Q9J&IMs>W6j5u&Mb{ecR-xxw(NjIwVbQ7a?s+$@?`ZqHg(~FuLLC!Qc
z;^3neMzds1OQSmXwK9VETN^<xYh%=(Ms1BCKeRQX_QnN9br!WVsxzg%k#q)LXjG?D
z2cve9E;6cf)DW_zqfwnlE;fRcTw*jnJuWq>)3TEh<aa~Jd!3DXy3%Dt?XC=?IyZGO
zs^iTxs^fGUjn7wZqdL2?j3AF^8&L~-jOz5sG2*(N*9h{j*SRaUSGCV))Xs`rBWic%
z8IAUhU5%_*=4D0@+vP^>e0I5!bY8r|`ASTmc+qS;bg}yt1k_hu=``^8ORh3%@S1K$
zkha~8#PnBpqdEtB7(v$bG=kjM%LwAX+6Z#lHAcgc*4qejvbWK2?CRru-C1M1L4H~Y
zv99RrjKo%=(6vVG^u5lA>-N_hLC#!nB<l}vFj9y${fwyH*WZZRm;pw0x(+mgG#X?C
zIb{ghGuWukk|9RCO&w|k88XZW;u>z$j&!3D<b)w)+X$mNb4MC+fbA`QIBJx0V{A3)
zbCVItb~hW5{KpXT{w+q-){ZuU+&{($lJ7TyT%K>lTjK(wIzJjh_7)mZTM{s$Hm%4A
zGHk37By*fmJ94p6ozD#+JH{K;Arp++DK9aqb8V>+<iau|$bW{ALqQ`BHk2Egi~Dai
zYA3(K2y%JI2$EiD1UX%4#M|B~Bgm3!BWlwo8ue%JBqPYBlZ~h)O)-KTHH2)LYE<Wu
zX+|6rPdDmmkK2r>wG10Ueh(W_+jqNBot1YOLGHTKh}une8P)OLZ3IcZ#|ZMRA>`G2
zjp{78&uCGtyx(Z?zWxED{&aZIsLmNf$Okiw#&q>VM%3<}X#~0HVIykUvy8Y-o^1sA
z(h#z9j!_-*h!JnWM~xu8A2XuXcCJyKKj#{a>4AAh)Se?okh>o@lG~^!j5x@C(ui8}
zQ$}^ZFobNMZ$xeG(?&fFE--@hU1$VpzsLx3#t`z+Vxu}6mKZ^1JYxh2EH&!smCKwD
zkO$sywj;-vIh!}ms^KB?L+pgD_=&mOo$alp{&Hu1GBKrn19HuB=c3r|(BI3A8aw!`
z5rb=17#W4TRvHcLs8vRg?B|TyslVEYx35+k)!Dtq2=e4wBS_^sqyAjG-nlNe+?bTx
zZg6gh4gPY2(R|sy(P?n*G5dL=7+c^4BWjm#GJ-VRY$WjS3?Z*XjHo@i#fVzPi$=oh
zv(>0h+igbe{9y=rce_!YWjmaEV~@g}JDp*2XqVIA1TcHIkw(;i$x!oNGODxtWh2Ow
zuNXlpUo~pyhS!YhbbQ?ilJJHRwNKtK8l?4mj3D>!H4^yEZyIsnd&>xt_O=mk-x@+*
zdB;eBo_g1)ovM9C?eu%k2-0!C0c73*BjJ2#2w8p5i0QlEH-g;sf%7&JYM*LwEofi+
zRD(eJ$_rBsjwbHxU<4U;krB0=jz)D-E;g$3^~FZlRd!#JYGCLdyVU6N%lJ-49Q5pL
z1Zn9qg8b$(;(A|(QJocC4C+Mg%uG#5h;3(<x>IN1uA0}Ud#}`!dQrm~m(;xCl3FAo
zC-v+nv__t;M!UpwYUFroK27S2ehc@U8lIXp@Fr{RZFn-zX+!_kLkzAw+A|NzgQ>o{
zo><j-E^6qXSZ$Zsx`j6<JJypDKCP__(zaaFk3N%|nTyMM9=y@(bp^`C`O69dE`LE~
zadk1C$PKwlipwU1GRBAO92GCp=HU0>JuZJ?p{v|KIaozs)U6yBEW~5F<f@KojjyK^
zvvS<oc(^vlkfJL~qls5~^D=WY-Hc{YiGQrCGUy6T4pjz9$)cjPM&aCScV=$3H#^&v
zAE3|fg1>@bRavDgz@H0tRZcDktA&B0;xcd@EK_OcW#+gu-MQI$#*AcZ$XU5=w>#65
z%@_$4m*U0YqT)bdSjb~C-rp?@ObTf7$Wy9td1zH?)NqXphAOpo&|z;T{&N*n1pJi&
zSEwq4XO9a5g)Tg%9H>;u)5nY5x$cJE>|DlDG5S~>DzCz`%S_Z^ym6eF>2rIs@zgQH
zP{6LDK!6G{P*zncnuQ#)+}@nL%sk$`%8KIhfU97fzhZ0vW5>IuL(b03!(eB-AchLO
z_YCP)y9)i4{(OHZprAR>ygM5s?as+114gH%hby_Bpx6Vx+-@)Dn@Y`95G*MPP{qPf
zF?ndnxj?7#VB%Frbz*S{y{Pb)g^Ji)%{u1t(5x@p>#8aTOPse5Iuxco3YL|j87fS!
zC0eyCw>v8*Gs`Ecl~)v3`wJ$!s*5WstNbOd0)Isz6uz{$5}ZKK@Yb@fvd5j3mFvl5
zJ&LNqxek`O0+%Y!S7)eQ%ksK&b3EGk6_>dx0@cNViP``%l$`9W7{h`IR*HAB88_@7
z$Wh}6vjUUW?K9SGP2`HI73yody-l-xm>P5{t9=Lst11ct<V1IjCRML&x7(MQg{c>X
z6|5-4kc6u8Lj_PHI_023YOgW;Fe-VN{%R$RIdIMyn~=+2R!EDh0~I0ubhkz&j30T2
za%FKc=k`TRGMFi?5*W_IB<8~;?1R6u(qAx+iL%UJD%2P1km-S8!5q^VrEDtI!mg?i
zS3EJCz{djMQ#F-~p}1VkSj<Ce5Iou0nXam`;-bl}P`0b8qC~)1i%}HB2rD)e25fAg
z0(w~na}ic1Q_WU6S8AgQ(QIu3akdoZ^|HxxXF;Y}u6%z9v-8!e6^5jJ?i^1}Rwne5
zzVGhxmxN)R3NbtAi{qGOg|0xUzgXWFcP_ILY8B;mcWTAdC*f6vbHkG5xN~aAPV}G7
zH>%-<I#Gpb4Qd#~eC7S3rV?V(kG`@zp=;S#don$FF4hHRJLp=5r|J2OF2gK`T?|g7
zx>!<Gs;(5M>ctwAos;V-@`oy!gu++~HTJXeDDx`&f^lWws;YGQp9R~OO_7yprQ<^w
za5`NC*IAi)FcLX1%!=rXs>%v0{KX@neHs!*2v*YL7K=tXW=xRxX9C{Lcfm53XzW5M
z+_2s`kOX@aALChGJRvYS<SMENmXgzfw8s6g9?(CSV(fkV(jdmqHLf^R8LXJh$!UXu
z$MiGt5PgoDp^AA`5umJwToa2c$B|*9(%SR}9_BzMW|gkxD)<K#u&!lg!AkJK*As<?
zu7gyAsnB55$+E(<u3^x^B7#nPMW>lwm2jt|W{*)FjskEMDOUR{l|g2G7PDH{r#gNf
zAgm1%#q?xl<@jJK^rNXvBp5el5c4MsM(Ko6x<>2fz|>H)5j|+G5~^yLr&z0mdqA<_
zj$vZ?!Z7R=#RcO8=kT|%PHVoIj=mSV>Bhpwe&>L$m_q9-{gYh&Qsyl2!O|+Zvon40
z<}!IDKinEu5r(O}#9xVjOI?+Xb%qUQgSjmDk?9qMX>G#Ap%9&eY}wF}^iqd}_Opt5
z6$RspOA0FjY_2Iwzw+}7Vi3?<YDBW3H0WI@G!b&_;}4C~k<5c0=Xi3tEv^hg*CDpj
zSaO5fVIpO#Go-4#B<QDJRZ+1zGteOYQ3b4Pd92^!2Ng6q=~#ohd)&F6Y_hm8tx-My
zSh9<D9V8ePubX?UH7o)3L*RypQj8c@f?KQLV^J?i>lhYRxJ{~!0Dd_&PTJt<wU3%@
z?jrfa%<<-;8p_-sx`0w!MlBmP`dSa*vqQMq!XENvP!WiWu7s?LUQD{W)QQW<hMbDa
zsGka7j0tp@kf^H^x<z{nJtzs3jjhy1EejGt*D_&PgfXSt3hu3`BA{6KWe|6cnDKdq
z*_p^v)0ORGOR`>clvkY-P>Fp)sM4=`%d{%YE?ivkb01i{3#uxhe+6_SQ&?OCHxi2s
zNxLDf$+bX-uIAFsiZB>D*@s*q>Z-yQpaRu6&Vs9p9R+vysW%L!s4;B>t-${<xLAD*
z6iewoHx(+$Z2TUJ4~8qNhM1$IOcl5v9j+R3MrC-k&{9{JdRn>;uq}~r`nppOQm=f}
zx6g*;x$if*DxWS5z2KJ?1p0yuSEDHViq66B$<4;x(KkbvRS*t@!mct1i~g94)-zfm
z2NH&SsmCj(zNn%hVk&s)dZ`*Z2*0YLxDwWMT%ce=4d$r}hCc|`(>@Qy_zamC3||9_
z7p%B}Z$<TMVK&xGG=N&%(y?6yR2n`3mOAQmaQoP|tPeJ6J-NbQ{nI9*HYYr=9X_no
zoRV-vC`GIl=aSS{^kI}SpBT^G$5sRa)EkXnwX-v^Il-C->%`DXg39mR)EJ2z>Xdu%
zyEa0jfJokRr8N%2{ec?+i%M-Um5x}bgXmm|@Hl{k<tPu^65bC53C!sFj5g^;mwUdn
z2A!>fYytoM9;RgKFy^?s(k)*uCIH<lh5|4&%KV!QMzGU_Z|lMj^r-u1ki~?;x`<T;
zCbnUit)iHFQPUb;N2b?9S6<9sItj9h{IOQS9C&b8ETC_66{M=@QYEM|>7~mnHo@wo
zAIpBohyS2X7{BDB!$hC40_3vZl=>?suw5&5EL2ccP#sO4Ud%)6f<aZ?@aQ;HoCDS4
zqq7!tF;skzlofrlE38Z=whmVomj)1g(Yy%!m=K&W#C2FBaHU|>Fjf7kGHI;CSA~MW
zuu^u0@!f4tY;Feyun>jLQ9B>q=wlGVoFDGXC}XS%#Fv$eAOFdNd4(re09R4yzp6j}
z3at3mblA16zRDB=Jm3kP;Or}lk1~Dv><!19zPZ>2WO}IKQH6`1M=kCelLA@UO=r8t
z!JFU)#IOo{V7d-ux_UGDtCOZQfd2T|t^_I-C{gz&bd!P6&Vfh7bWQ6nA8P6+G^G|n
zZ*y}Y;XF?cwYgkOFy>=v^q~^ovo5Hm>kHK=PaZb-DhjO$`6`hOI#cL;8ar8)avr3N
zv4r0rrn4YeP=W3!OBvNDfe0f5kCZNf!edov($yShConcxLHE^sj{-(O)JNAiS7Al4
z90Od+cGG;fK$lmhG;nr`u#&J^VMGm3Ef01t&%<psx8^)#pzKTN5?c}+tF@CwcjUfI
zt|fG)Q=b%j2KC3kSi~UOkJhn??KgATTmid?4Jv+{lR8{f2jLLWQ6p_eq%|2*fUT~&
zzEj5oE>n)eZbcweRT?P7>WOKln?*IOHfq71GO|3L$0)a|#x^ym`C`C=!w6HR?r-wK
z;0S8x%kd)Qs5)7~WEUg+Y3yRLnutc>x6Ra=Yy*ebnzDmK+@bdRW5G@yMpW4^m6rqx
z$LfY0n`taqS>o5z6fG@-Sr4I#63TJWc&$2m+_y#)giTdp{K>99X-)gk&O#LsO3LE9
zbGY6?I2<n4QOYbeW-L&nc&IwE2&!bm8CAy(mJ;JeV-ltQGKB6*CiBgaFhy!r%x!qU
znTkFM+0uA14fNEm^I1?OcuJVDx`oj-0n^$Q#_FhR!{hdNFtzEL>53kASYfQ3fO)d`
z%o!IbDG6emGl9BJSm?AE14V^}N4zVWZE$0AN2OE{441+0&aYyT4TTR{9fp!F)2>jE
z$wtSvm?9i23#JPWHjnaSapqxv=8@>AA;?NM5UM>?wlvg8hl67A13_#~;1^<}P;0Z8
z*i>oxo{7eP`<G$Vs0=Eqln@P703NfAX@zK02-0A&${}|Yz}*SCu$)y0<EMag5Hiva
znBt;p{lentfg{IFH<tf#Rry#Y$_h(V-3KMQ!viJ0f(o?}dpaKT$snh$NwbDIGCiAe
zt3I%ByrIvEkH&WR+?m2F4ER5n`jU!&#NrfUgG^mzy1eNk2)srfgbWqa`)E+bFe2+B
ziU&L>8?-Hln@=6CtDq#{ub@kZ2sChHx_M9?3Y>NbkCR0vLRAF?fe<_%eVrVv19W?)
z2qo+)$99)GDi}*`y`$6-?aT2Y9#bAHuR>5kiRJUigy5&UMjBfys4r-9LeTOWfqa-Y
zEi~Z4hJ;3$op~@&)G;XKAqnzbAgvh&g+lZ2H}4$PH#&2aT{a?6g-|---coG%&Dbbs
ziPex*C=HfXj)Riw<QRg%!D3yEnCKKplMa@uSs;Q<MlKwrFkRY9T!p~`EFjd)XU7RN
zSjTtj+H9n|Dx9-mGlPR4l|4Upoirv7C(~c(3Kl6I7Ywx87*;vB@X#VxHIBuUcrKRZ
zazxSd(S9v_dg#K;%qg{3G}a^ZO)*}IQ3XpCbW2DD7lgB?xj7mabd7-Pn;XqVn6nX!
z3!SohsL&yM;WhK0wxrH~74vLs2vKb`2c9!ref{wQ^Afn<O1)An4`bnxh<;%Ej4{)M
zj)j;y8Sn#?1GuOG#(@{ir=}Zl?V*=Bu*y`;&NWbzxqHIAafL_dpO<zHlZyu<CS&q3
zYsXKOLN1s9kJ=$0Rh#p&2ebw~+vL_%QGGEbUB%(3Sb)}X{H!Ua4CYzfhQ~)E>M#;+
z;UyHp@upUS9uo6ISfPBFTjDghT~PIvaSljz#DmBPcM6oBekETA(po}J*ap!>3kx*$
zSI?PT8t+hdXbU1dw422hIP`-fnjaJjT%l}jRH5c#*q~up4Y@7ln^GQ}!>|`(UKWS_
z>Tw1*p)rCiPd4{eg-i$VBRIY@L2yJl`C~_giV4(sgu%g{k!}m9s)%I+fma%M!bIY;
zUu7}xTB^w&C<~kY%I>$E&;I<$%H|ufVEC<AvK6b&%q({Um=n%VQ^`+(w1$Hyt{1wM
zmqiZ~IA-)t2`5ro`*d*OfAXcU7P=UxJah|taBOj@p$ZlhagRR)o5hS3Lf_P8>S)7>
zM>Gt(ah!2iVZ7MMK0Q6g{*c82G{2t)XRyCOGyqHY#DIT-E(%>-?!qFco->LDP=g-G
zVnfViji@y?AFv?U-|A4nFAWJsTW~(Xal@djfVQLV%fST`v?mKe{wOZU$PsDwaA7Pi
zs41a=Trodlm=ae(sG6>3Ma9BXW{L(I%zoN8_AmQtoyfu#3Q^508hCF_cXhfR((_py
zU}99nF^^EX@*t)u-I&o;Pf4pZ!7w!+2$k?7yJ-1vqexAixCNqB48yE>si%eh(t{$p
z>T|m-4*&S?D{F%QpN+~DhZD*^LsU>VwcL*AYvf{N^OPuS)FE@pWi+15FD>YO8F-dB
zp3C;4M_i4S7zVpvArLoTnAjx22HESc*LYIfHuHIW=e~jE6Bl`&P3V-E5QZs{hhN=e
zaNi+U%i}65%e!{z0ykhnM*euXRpWvsl^Ixk<;>W>Cr$6JxakivQ?u`a@G|q-y0f}^
zyj^qL8F>O~&&|!vQyYPgQW=~Q^k<Y!0oib^HS477(J?<cA7_hYVE25uZ4-lC2wWvg
zp1LNn&9!xOunsnTxP&CSPv#6yY(h?dlV}-)r~xE>UfjlD)|cmVtHh5FN^BN3$82t{
z$0z8?-AnybaO>#2G$3rC0v@kQwh#0y1VtNGJb^mCre%O2n#OZjXz`@Uh#!IVF6W~U
zF(eG_%~e^C*4|jk8&>tc4z=)lGd(I@g=yHGGIrh_tQh-0vfW6TlXj2Kqp4ly3`-+2
zW^`hbS@popoG7O0I8K~6F{7X)SXGFnup&^q%(LP%8CVyxL_6eAVPYGTe7k+#OhHfB
zxq>QeWAYIui$?(w_N&FhWo758vrv#nXdS!9>f(^UqB0{t@IMZx7|r@vk8?GVa5GY#
zXfY`ltijo;TnhX}f$Bg>b$}ZEIQb158GW};vwA`#lM4N%2y9UeDUOrA5qbCqY(SIf
z%0-xZpAIKlO^O4zG0#yGs@;{vIEABZ*Tr?Xj!B;fZ&#JKGU-Fml*)YUq~d9y4*FpP
zQ_is}^bTf8Mrq*xz!FAFhfaR%<#99;2qCCYm{Ab+n{C9S>7ybae>v_KR8*DKC3`BG
za4nP6jZJw?*^kA6m%lnL3s9>8$o1y2C8$vENKwtf1p<25RUC?k``VbtHbO8@_TO(w
zC;K)h$|lvFo_q_UY>v_a^_Pr=U+t&LSm#)FszV)fy<T<gBrUclHaE#I4FX0n41R-U
z*bw3tB)tq%=L~h#>8#>XvSwzF?M^H<>HT5lQCZf!zab^X`Q_MG`b*5}g)dK??<9dF
zA$nX@L9bhuRaJ&)P~IecdWET`#QpgQh){bnJ{THT<*yvCZ{w<1{$Cwxf^$mMfuo&B
zA2b>P4Ftg}^_2ey!g}Y}@lIk}lj`Toa;xer)7f3OI~eT^b}-%~<@r?OL{@!}*wQ4c
z*g0yfDu#4i5XT$Eae5*h47YRiI7g@i8G9(P!0Zgk%2ch8HbaKuCID_4W9h0esRTHm
zi!lSk*lib&H*J;?g%Pq4UJkue0ml#FjM~gmoQ`mor^fsyr#?%xnN<$#m}+ue76|3z
zz&^gE@Z#E>Vcb<!Rgc{Ev9*;+{m4S(PjJgj96A1VqSZ7}Z6#5aF4-*6+)UM2lH~79
zZ^r4tzUaC9zu3ZXbQtDb|ECyNPW=^roc9!0uqEH*T*Hxxem;;SlGGqvic_Pq!ph<*
zlf-kq+3GUE%x_U}GCnA%ZI;pPQ%2npD%`M)UPZ}oe<V81&NAG9P)AQO!Q+F0l6-oJ
zxNf#PWp=J3lw+qyxuOL{iMv{?q~M>#G}D@_v+-)oY9Q`rg#u<>3WPMZ`7CH#!zF&4
zJet%HxcI86*Bn~9e+Z4MgLIw3#tlhL*ws=}Ym*{&L!H&Z8`CVQnMrzBMK%7YCrH*c
zPm)a%#V1}GlVYqaLvd{y-!bAywxABF)~Ufbxl@Ip(hrC5`Ch>E;*7hrszg+6z~OIk
z5zJ8tU;UKh`wi^P&WUwgRx^ZMhyRMpKdPN33GI@an3Os$%czX2i<2c>fG;HJ&A4*2
zLdR_~A#~xiP;Yj!A0DEyInB{R`gO?zUv7#9*k*NDVX&kq7z&mID$Wu1dCD3$3pDS7
zY0T{xCz)QjaW<whyx|h_a}jrJReIixB(p~dS-9(^(sN}dH8rbXxmp;Pq-UG9Wm&m8
z`BB?5tdt$2R~DCzGdti}h?%K<XLhZ1Zj#fa0B~zhbtRZjIiv?p;EDrfJ+Co2xp47Y
zW0wYM28Ski#=+Q_T{dyOI)*7Gv#v@q>kHHS>Z*hfcT2j^tZ=hD+H9gDHmIV!s%%1$
zS^qCPJ6m<A*q{xssH((wrTN%wRhZq$W#bySDg<>UB3=3<nGGs~YgHV=+>Q%OE-Qwq
zjZ4|W#!&<K+v?D%wEYDW@Ubo2dVDq?$oSunlEm3VGA^&FJ>WaA>HST+7C0VOStqjw
znzljN9&PKvnQT5d$!=Da^@g0DG7N-Jr}*nU2dHC##I2zk3;glX76)++OKNDAVO#=>
zp~n4hOtP7#tf?`V@3xyvFTA)CA7j=HsP^NoT3mCZmZ{<MY3HBngdT!#sBmkuys*eL
zdADZg*|PNSn50zGGWKc9Qonrjb0Swe&*F~cfNzql1A~Ztnf9)6%O~0>489>yaYL_S
zKfTux>tsAS6k5x`<<?m62j>@7g>W4!K5JPEVcfG*=LQ|JfhARws<TY8i!atxJ0_FG
zS6Lf{gF##wG`rs8J4SW26Q-Sd>4n9(+@0aC<$eJDW~=U)2d>Mi^vOfJlUj|a#yJYE
z4;BU{`U53#hKUWM#JEeX86q}6R@`pdTwop2Mv%>EW;bnjnx~A5lB#Z;zRUCu0N*#M
zT0w5PH!0nuWkAF>#)>fvn{a#*QGu^F{+IBeK04^})?AY4Ev4{;pm|FH(yDCrnmleI
zzTGq4Z_@2%oT{ulRp(37lt)e5Vvkq58bOJg-NSi&I(w<ENAn&x?O%F)TC7fpS3RQ3
z_m8g(*5Mo1eJJYj<!Rci@=m-@Cp9pu*LgZAFJGF}-XuL-<E*huf`zaRD5PI<m^Adb
z&>d~jXqXCLQdCt`nT^Q6%T#?87TK;G7bqWxTUE8*IKd^^y3Kr!+pCf$o!6N*Y&kJc
z(?%5Hx^F=RzWc;Imdd(ft#$YZcJQo8nq78CeLktaS<P_kd@EIlhgD4s<m36333#8(
zw0`Ior-7T2T9{=RpE0US5?et>Mw05AJe0tLT&if9v7lEz#*V|Qb0zq|wRU}D>Q>hc
zCtTc9O@-P3^;`T!xb+oJ3$;6s_3b&jGbZY|WSEsR9t=?BtSUwrk=8(<vb1=TS+ziT
zMUYnoQs^(sFY%A7MI89>HomKp5Qn<DlGU%7-ZSLn>1;hyyW%}b4wEv*uC#{xa+;o0
zoqfmjh8IusXl|@FdIbn&n;kfhHvh!BT3!_zhmUM9ZnYDydr8IHKQ$%7{VmhyYxtxq
zTH!FmODE#qWf`so)uM4!;o@6Ta&j~;{E`ooE;Xqf_ykBb8QLy&1Wt|fgSgdIL7#3i
zy?CGN-a-NU;b^e-fvoesSdK5&2^QIXI7u=u7R~;@^=XpXdlWgoTvacamppVZUJvy5
z#s^hqgCRNIJdIUqGlq>XDh!Onr|iM8rk#Nrm%|#9*(Xc~vvTlkg)qu|$MF4UNoKFr
z<lu2gK~xwFy7I9LzPKBYk1uP#2Of^cpUczCy}F#xRtm;d6o;yVW9iMj|52yaZwKhU
zOY}sYk!H_a@NKKMP(ex32jH8g@&5mjR}q}XL!qkB`AAOs-n6fX*G)AGM_DCZPMJPt
z@w)SBtW?;VSo`Nst~49!^y<$<*<JX*e>NQvL3m!9B5A*wj$q*PI?c*6zv719&HEME
zK5Z4HJs(gJ7(3SN#|3x}NK=2tYM(Ra<*7eo=KViw`h3FciM~18c<{LD>f#9%rcWrm
z9&Zh0ot<DYdzu2Gngw8bdc2;+?7q&MqZveU(qb_ir@?nw8k00GItY(%hl(pEm^D;*
z$V;`U&SZ<(h@cmiPo>wZzNM{6cf;$|eJ^%Ns>ST~)f@9@hxBP+F?%`9Tl0V*OuuT!
z+njjn2VSn(amuUV_Ol%_dr!s4dG_f)cddQ<YWL>)G&88~SNc^Km|g_(G`C-OX^39>
zj`z;DVKCo|*Mfwu={=hXcw5&~#IBWBc8Mu>uP(-1hh*?Iie}4?cd(ef<bqfGRHik7
z45VLKn~wG1b3$!}_~{Z$OOulikI-qxVQm*nQ<GsHpY8^k7_c%NUHb!L$KhcMs>rd&
zOAJ>WmuBgEIYKEk`GyM-4)vGNcPMe)E2d6}HtG&u`gEIQ)!8i!<X4T&z-Bh4@0c6)
z?Ri})hmA{(E_Ah+y))^<TN^6T6_;7sTxVJe+I4-taYOiMbZPPEP<$W7)$&;xo(RzN
zPPIlOitq&(u14aO;R^F7OFnEoRe7jw5JwM-*~0^$SLdWqmuh&4A5U_WRgU);2F)Ib
z;kZWge>JvCuC_SLPEMb;TNaa(zI0UP&j^+K3+kRUm)3f`ZujAR`Evwr?T;}v8|=U_
z(7BW?Wa|Kn*#IG)(bN=i!yrp@vj#O!XPiz9wwV3&D;MwC2${-(GCY?Pr0*n;4OYi_
z!75zaCo{f0uSQ+@Q~-}y(H9TP>xdb|5i-DAL|%EU{*@2v(o~iC%Zl-YdMG1c_F^7>
zX{W|i!Oqs~C1`N1*=Dw1YUVdR^)NHkHA_rA8ax>vEW^t<aeRSYcVIWyt21|RuC%o5
zpHVfT_QkgDg^)hXD%6ihId%n1FI0F_KAPyfu@<v8sWDGf0h4~?EFDbRO1S!}YKZ|0
zoX^u9wSKCG&$d<Sq<^XDJsEzaL)(*4ogIo#W${EI9>VpRbOLg-_!s8vy#q>m2;Qm3
zs{xgjlg(1j*7*PhRTj5N(~G<1sxj02!a)TUlgnW+O*5;zrb5Ng58v;brRmY#L{(S%
za1s4^2|Oue`lcKNqRum+!})jzz6@X4^M^X|4azwd;(R|s!BxK)VkfEhn70#N?RydW
zIY+ze>Nvo!!|TQi&Dxi7^z9C_2S`4=;2mupFPmw)*SK%5xvf;w!hs1DlS32C1{d+g
zuxfLdHqgZw?nGHECD4By6VK@Y9$Zk(uS%RQaQJ-@{Ps?aZ=Lil)b2~L_U-s;O?3f<
zGKWHi<#D<}wRu6gUM-R*NKXou(C0bm>@fFM7|u3@iU`{HsTX`uRTb|8SG9U@x@$~=
zeDPQW4g+}N0k7|$`;A%ra;KvLv3tX+J0x0QxBsf}i&?cFE7d-%3VH3eCZkT3lAS8y
zfzKeEPz*uXteM3R6hsYyXrmP0wN)_XJjV#?r4*n3YoE*Wewb!j-FqioP5xP7G5c{$
zE`DWFNP%=%WqM<hr-c)RTHtFKToT4<U};sTxS+0y8J}3S6M9uWDyndF6~w2^IOnaa
zky=zREKc&^>Zy_uT?rt_V}iCuTD$ozNaF*U%HqOcA^Bjv#q7~0ESG8&$qO4yFKF<h
zHF}4hw_IS>B||V?Rl4L&7PGI5V5n3-SJemQ3SecRfZl7WecpxZyjOweEVcWxva&wb
zPP9&%n0tz!P!ErW?R(L5lmT*xc09sGcr$!b$X_<a>?cA{0d>fP%F>7f0;|DN!<%~N
za}t4-Tsw*A{;KJiGdNc1364X-qDou~EyAUQx?@kZFYwg!h<2mt`hiJ|kGb&@cBy$Y
zQHmzCgI`sz@m@n&Wl<nrH=%Y9Cr6vt``@vcebx{P9qsNxBI-@tj5x01#u3i&Y1bD?
z*@6FqDWhF=CNti*n0~O-n-i@SOauk^*u1C`-xt*VCRjL*=nKx6h53}JLpKo*YvD3o
zWzg(lBYguxUG&J*PyR0~y{Zx9t;3eqrsFT#O&Bq$>2IarT3$w|?nrf3W*zYt-FN6;
zPXxCnEqtE#@wMQ#wB$UVm^FOP68?AeiU&0-!09J`W+0;!ujrWF6}o-+#Q=G@l|RL-
zgiXx9@0sH{*F78`oLp4JjsW8jcCDM9Xo*mBTv<%tt~dYOAzt+7YMe-)_bmR?GTfvd
zyLC^&sg}KGoR8L0H!_X`Q9O~a%{@u7n)TZ7lO(EXV_)bEEyFVc<0l01>lJYfU2O{y
zVh|eXyhc{@4xx5frivH$4ob6f;#-$5sr7kH{3yD%ZtiYjHG4Yb&dt;4b!lg9Y|_7`
zzo0G_2r~U5tJ&jw{1nhRt`yykPYmM6+v3^n*WpUxw;9yom-7**z>X0=z{4DOvyQ7L
z7vI@P%4rkX(%EYEZiFXS+tZVqx>#G8GzB^MEk!X{s;*M$;+I#kYi3_0)*6WDQp;{u
z>^O69Nl7$9UKwt^)ue{y_;e=~p;1<|AyfKe2P%K`DqjC_Q%rv`ffuqgqW#8LO*<cM
z?R;M>=K=Z~JmU~K_m9PIkJNGY5r=#0)qQOK)mUpMlgb4@LA3;`a_OISuT`_4SarTb
zhCPa=S?^X^oA)snjn}@-C0nLiJDSu}oPMhPXI@PI`0RhJ=08vWuHw-@Ous0JaE&HH
ze&7RFtMC6~?YrZnD!TqZC;<{6$?k2Nz6rgBElD<^qhg_kj(~&+0YXVa7ir<KD<xQR
zP^p&3N>gzarTN&U1bd-cu+Z%&<@cQl!JTvYz5iT4@B7JvcjulvbLO-;Z5-k;BJ?Nb
z=nxz(7`nut|3VW@TyUBjJz($+0|s>KCj-d+ahLkI!qI4|;J<vh27L{J!T;~ssOHxg
zaT$>UctAJYA99trKExqpd2L9|lu=J<4!n4ENCB=6aW?5(G<v@@Y1yQyta!A%!oVS5
zd3Q+7oJG*6-=sn$#G(73vk7O5%;`wDeI^!_j&%rB-W?JNlrsBWS-*!vsPYDpNT_|Q
zuMu$$_Ma^im>txkq;zHhlHGBKh(p-&0+Glm=gSlWhfr}T#6O%N=yw3li7>K?ONt#r
zmRE;F&UZlf(vtq8#^G*ghmhr^A(4>#&X`d;3oV$PkuNMbb@Td-DV`>p&^UxEuL-G{
zuHfUo)y?Z2f|a+0M1mbMbz<R!0?|&rXlm&!htP9_!MsRbHv1J%99M+AMW=9ck)l>J
zYr!EyMi<TyMR+BJMYsBc4xwj>=u9N^8^M30CdfbeNQQF=US1ax3BLcu%R&MU0m~~r
zA^{JOmwA-nHd2R><y{_;kcXm!;3%~Io^^BK6#RdoL-_J4k4X6W@*)q1P@z?Q%06P&
z|J>kFFv{ty<xLoovmQ`=1%_xt=S+x*w2@0Qmt7&m6&T%}0hL!^)J*r^lOQ+-sQP;F
z^|CA9bs&qeP8nU^f>ASP!RP}JJujI$4!N8TQ7kXNh=e>?cAF}kSUL)oH4cH}7C43S
z%t1xC33uAK0w{v%4q^MzD(DhzNb5jczf=gxhe&`^*y4(fNTdwqS8O;VL3zbSB>euD
z?$vMxSYE3U0XX7X4QGIbFSQ1);F%#M(@N1_2N&?+QoCsm(Je38sDUoFvhU1s#gpK%
zb_iEoun`HiKYG&^;>v>phj8Uh8<BwfjGYpg<QOQU=K*MdH>zl2;muB|Szag+IbC_7
zghMHci*Wy;2(f4VaKkh1M0Gq_arJ{TS$Xw?GwMa7*MI`F-?Y-3XQ4B{(>+7mA_eZ?
zDQFcsrD!7l=T@i3Y@Di8Obje3o`BjMgw|&|oVUEQAri?0{<*Nh8Kx243@I4Nmp3*z
zoG(xjRG<#L8X0O(A|=i>tGEXu5*6|u2&c>;vRxyA4jf%vQd(3X?t*ZL3VGi_B<La2
z#^ch~(wT*`a2lN87&`JXBcTtzc?x=`P8p3;EF#~|XhUA75DC10!IYv~OK`!hQ@|po
z9tn8Rv?;}?3@$*nno|~+cPvE0uD)Zz87Aa41(84pOq*0#TqvAf4pAZRC5VLFw_wWn
zDK|US(1>=a(mr3_9N=`a;?jVc$qK7Nxir8TishvNHL#^kF{`K)RP1=laGon*^QYh3
zd-}~z!HTBSkzfZP;5(tX3<oKPkkQdf<&C~2g#|?uo%+w@^#qX<?sr}Bl!-+}P6ZI6
zs;cDdS2_iClA|5-g}AODa=yxS1<puKURMwao8)x`&Vb763L=3<Tvy-}a!5T?|8re|
zL%=?yutrXK=u~7cmK2YI|FfhJw}m<+WqD~qB>X{W<cNDnalgwnr)H<TXdn`{deMMG
z#E9zvB7yfQ8Rgi6E$;z{1bX8*<rV;^$QBm>M1m)I0f0k9i2Tz?paY91-Hhf8V+&_w
zJDx8Be376@-UZ-rzL8>CD5(7Es{kBA<(?vvZS@@j4Mhmfe>L<F6kYWrF&oiP-|3uD
zwH^tXWJ7(2Ky#3c5(#v`7!=-#n+_ez2+{sN67oOo?;TDVN#!cwOYQF+16G-0z>J&W
z!IziNI)p45>qp`uzq+x$GpJd9+_oACbzs-2MMabPquq>CpAB*?)pOp!L9no94eB;)
zlvA5Uw(XCcbw3$spXt;ngmuiOoL@M7V*jg=gX%OoCtLMLPMKt@euuj!8tO*^?cc9>
zLN5`)a46elXZ=XPgF(S1qj4-1`M6GjXGg?r#X%wey29zxoQA|@1N_J-4}zM*DZM~6
zz;`-hQGyZ)n`G~MhnpvQ-$wvVbLaw*E$SoS8GSGIrFS+>G_zKwX%r5ai92kOA}RVC
z^(>w^>lV;kp<@(_;!b7uqf2KZ%;#|DvVCa35D8Xkn(7cU0p>sMI|*faB~D$1vITzR
zlm|w%z;`%f(E>jbbl>V8_)d{5+TTZl&7V5u=HeO7q5iXV!W1Ogpx!A4P-;;#RTyna
z4w)`n^pCHBCuA9k{_#$MivIDDK!=VkDjhRsO3|!~J>;EYR<w_ggrASl=4i)sD_X|a
zKo$FS<7g2bEGe8(IB|6G45#@x*`mdJ4R{&;xY*y_DKbQB_ei+?$B!<ZGRC>%O7?h<
z1WdBWyEFRD@i8%p{?ceVfWV;NsRYgzt=MbkE6y{0tNXA!#johyT?1CS1ySoh3AOsp
z5P^Q?|I8M>r>uU(W5-P!Guo-kLpJb^oNi<TZ>Lj6OR`AN|E4Yy4ZI^^S2yr>IAPJi
zTLCH>csmttqJeiL&_TFfsdxeuXGxLc&C5mOni|-Gg!89QEGsK>N@}7TcnwrR!F@*g
zXZRcfm5sV1fYvnXcD7@(QFjDXgJh#_r$8fgCf0wkQMW^&Xwjk|b>O6;f=Qy}bE@Ad
zYDK5+NF)rBZIMbRPsjPwDQwYTI}$d@2HQ??fqec*po6B3L*!&?b(?Lcuvs*MWSeb=
zKt-GF$O%&~(PrB*P*sHe(`MT#U{tt7&bHsJMKena9IGJNX*&Y0Ik2Flc<Q*~@x_yz
zCiuyI+Yz9RexpW}PDEykQ}Pvkw<F-111I5%oKdpY+9_z!dOHHNF=$HZr0Ek&3n$Jf
za_R>}y^qRu{ShIbG7FJ%r;`@_xFaXs7rny%1vH1)nYnL|S=Sc!cN!CxJ-H)iJ4Eft
z?T}4!nS*g)>CNbvRXnN`jYb@T7Okx#CT{kJ7fJTCb_iIuvyK3447zzr5uA+EMLT)N
zu+c}N2DUUN;E$N-l(S`1>l&!Sm>7tRzR_i(OO{g?W600+UjJ@03gHbL>v+zhaket&
zTMI`aqZytxrz9<VXh(wXS5i2ua7^*PFy((XPoVk6UI=<2PaoM_-LA{(>XbHuK82u-
z{$r6ERXD!T@w|BuaNyPB3XA&mC@LD`)a@$!d`F^s@bsxSPepwXddE19jmm!9k-%?6
zGU-G(jYmyDi|bL2$%N-V4vgr|?Mybw{??H*SNmH#1P%eEat>1Hib^N^8`~)wT-VH7
zxLbzE?$*UqaKrG}+@M1Om#v~}pbP#Pg02V?OQ*~#5CH(kqE$4Gu7NHZM>{kf(G^KG
zpivJYyGP@e8iyMwnnu^mRNw)p)#{ef1?UIp47O|;9SQs22norK&I(Y`(b*|}MMvjI
zpo35sK6YI3)bWMmoSxZpbJ6BZfep<vrm$p+Z>sY;8PU->5;n<>&JMRtbaajcDmywm
zgeiI?N5ULficGXIg;OSt8s(JALhQtPBklt$8CyCQ*<(|C_3Q5xyy(WP%siqSvqPka
zZp@LOBf2p=ge<x-M?xNaUD33wr<CG`8(cQ*6eB^ux|f5e6;7Qts|<H0pa9V^@CXl=
zkVmpLvqNl%*2$6B7$PEkCB*~A6^Rr>r!y8UlOv)3i=-`jCf9(53e0dQ=46ZG8h8S^
zBwHLi#BNTOY61)%JFyhk!@wvip5au5$o|QZGwxT@KiS!&W&dOaE?SU^{*aD|LCqUC
z`^lEcj$JWGM_0}LKB8T+<H<6=Z(q?U`QMnUDj$XpFDagZ+CqpPQOPpVsm;P8>4PGg
zBs)e4i}VhxX^-sO8p??%coWPwU{rNm<bMI-5uqXhIltuQ!qHCCyitS8<k}=$wTV+t
zL7~$PggN_<ToV%>)OF&-f?lH0aKV5<4!2PBGLGcz;g>oY7nMvcf;-TuOhRg%`UNER
z{?o+R;p_oi#X1DYc$CgMR@$Pua3or8%*Vw9rA4T(n^t&Lq0<8odWfo~Okc$FXU%Xf
zPFeo<pgu4guSN1+Z^tE~XfmXVsT(i0Vk|^^v|{I`x#(^jiSWS@t&JTLNp)M}NZ><7
zznp@?X$3-uIrsd_9><aJhfEz;G<7B-@kLXd7tzXw$C1znMl?Kjrq^Y|<4Dj$uesFj
zxK|Obu5*Za*`7EO{y<z%S316MMzLe>CRDsC6bDbm`KYEbvEzBOC|Q4y__&G4b8`w<
zG!KqM$c>j;2Um9vcDSFSad0H~L8T={xXK+R|Nny8WXWQK$Cje-1L^_|S{w^R(NQ>Z
z;{8UWi$I~{SUspj)enRF^tu*z%%H1x@xNfbvgDf^XQEbWbQv6+Mew6Kjgo+Q)KlpI
z^f^a_N3;%cNQR<iZzQ${;w~;UZ<sLF>71)u>PCVdBs>=)SXt!Q>nj`UDzK;GGPRNk
zGbe#L3mq5ss`_UDPB_(_bsgebw$-hfwQ$V#nLcft({vHpTDJzMFbN0#(^uEwd}W*3
zNYI1E6%|gLHf~HYdX+kajV6Gq5z+6O;%>bP(9O=7+>^a(Bj-H$hF-m{Eyitoqlyci
zdMsq)+DPC-ZZ4WtS~42v5ybbMcAb!IXBFs!MZ?(wDWx21N!b`S68ZocgAwgK9im)z
zh^>Jv$r{LTnvWpc#MS^6WZiF6QRzhIp-|ZwHWKat+(IJy;1oMmT(U=OB;@|L&Ky-d
zt=Mr)L^g|608cC$Gp(S^ab~@27#j(A06d*DM-O&hIt*p2y0-qk;vw1MHFDBJ`<0^a
z4Rqm@ZY72P#vv6AUL)ZTy1H}{bV~u6M~!xzhsd&{hD<3eo;X!H+zY2Ul}@txt1|O{
zPvOcQunKIX*wkD<<WPRdez1|Sr62g;F%)<VqWix$?aIbirq)BB*qlt5khIi$<!~CE
zab;626v)m-A8Mb^>+^~BtO2i2{5m>ZtI?Ggt`KkJM!XTIo0gc3JDR<I+!YY{V$k=`
zi<4X{YSE)5u4&Yu)b#}U%Uq99mH1OS*|nM)OmRIP9X-5vjJVrAn<n4s^3qLHU9)1u
zvw&z_noV8Fl}dk4b<M6P9{M3tsC=0#ot96#_$c7d&ZC3n7*%|WYhGP33QcP%{b5%k
zRZMo(p;oh9v#He_*W-1>Z+Sj3IGtwCz4$&_%>?Lhxhstl=ecH4#XQWeQ@LveeO~T*
zoNig*S|eeGa{S`MsdU3_uDS9_ZZPlCSE6X~ovt~w<Sy4^@+<hM?IT#t(R*C8qr_*k
z#eZke+J&y^l(q<{7{0{yWc6fo<n$ZSh6>j$a*=_YK(Km6J(jxWQt$gQqvPVw!UyoD
z)q|MU2M^+3;~#Q8S&bExhF4={Yh}%<vT|~&VXRyR9L(Mv6HODyRZ5=`K7PwG{7HD&
zHI?pp7|>cgg5~ac6#pt+jz4iLTx)3U3VfmGO8jTV8rK@ROE}&HvdRAlkZ|mA;B;-N
z>#oWNQ<7-?6xZFf`{fj5(XP~^qGAHLC4l1Y!umT*ca5Tx#hOXmdL~8Ds_7V*{zHlx
zlb0)Qrwe3-eANSc&cMKtg9NY{uDfVswvkjj#*bh7-j1EQai(hw?Hs2i(YBfRb@IZ*
zBzz?p$fd$NFq@cJ_}Q1AVN${E=}}ZR%XKGJEYr=HtSs>rf1WQuwN_(b!mSwSx(aaS
z--?;UH`D;fkBZ#tNqjIHlh`mR)u@vl5O31%Ij(zXV;jSa&X(8R1@m&m$P}7>eS(Wd
z&vy-=_;+<N7hDWb{fV#U;}d`1k(g8`CI=-c0gAuNl}zpbgQvT9rkYU!v2a@RA55`r
zyjWx?6cDROr=z#w>#p(XW|Uu!>3zFE*62ixK@PYW)0ocR?kb>y&AJ(tl`Y`hbO+E;
zwMiFavg9gKsO)xZc>OzFBkAPkRI_%D7#DLFU~Rt^3-{lRH|D*VVMb@kCFKR>=Nr+%
zyIqCkYHpZOA^A#|d+^HAcIg5`KA*&NIxV~xbL^6)nNdNBpp*9kLEAgZL4m-<y<Bl0
z2A%p$H!1BMJ*sjchNKPClInpjkkRk=(TQ8Ir#~%n-CUW68TDN3x|g=yqM0$daz?;q
z&Lvz%Q~M<@H!bT{w*h&VxH{9v7wX27Z<Jo2YE_6eZ35M8$k3u{#{_-B%GCgTbSZFs
zVlrs%RJ)WYimSx;FQjM&mLcK$vqROJ`28cUB8rbQlCF%&k-OK3nx8Nm(7Z>nuZMS~
znG|<akD`++0btEyJ@LwztYGz<%U0nNYf>?y?J<lvzX~|rF*VVw7m@@AZUnhCqUTn-
z3cTo&?GLr_``h@ly#ZglEML1|c4l6#*uEIl6U(8g)MgDJrk4X}RYOy1lm9XC&GzZo
z*R0URef{b&Ot<!Laq-k;npP(&TM|i^$AN^dQ&N&@#Xzi^^|G*65kmShVm+9{#d@y)
z|9&IO{zfq3jX+&*0&bzP>488_)}=2!=h|N@{QNdo@7m$!@49+u;U@cC&90z74!Yi@
z1J6UqOb<l6Y3Mpv1N!xV%SE%+;ZMhnu4sB;t!rb%uhX}=;>EA)tDmK<#~YdJU7u0Y
z-qCS%X1yzpFvLa48(e=zJd;3MZFKDvueoUZ3$Ccz0l^rPx4Cp`_=0Q8r5_qr&*1P2
zu1Bc%)9yO7zM_s!ahn8FZFa>_w=m@Ri!ZuX)W*i<(9)mlYSibJdUfc5pX)}B+wvyH
z-S?7f0TtYHWnwh|&nDM%)j;bntO2^`(zAa)bmz-8<NkTpG3@$;zbhxSdow=N{T0{1
zhz~vYit82iKU>qIueu8V&pEHX9QZK6cd2z5OthwJUso3Q(d({dbZB@rCR~?r;-Xbo
zH?BiJ9Ior4ij7fqXz><TYnu8M-mO8eOaAN1tTui+{X=b?^nI?Dw0R3?;~&(0a1d{8
z-s<XDy-~-vx-M>1>^8_PxvTOSc0WXa{m=C<gI+6}mS)y7#n)p9do%0*L`4ksdCT=s
zHHeSif+Zm_Ew?oJZ4d^V*NL~Gr}3-~z5iOxzREZ1yo<eg{2f=X|NpO@_PLf_W-b@e
zHh7E65_4`ty$-sj@b7Lr<Z1%DEH^uX9WTT3c1tc0Y5N^<r6gzN_z>f=^KdA5iHE;;
zMP1PVwoLRG`G3QEQ=K1Or{g1^K;inKL);mZ@{{XBb@0ibT)*?d!Ro>FkGVck2Om1-
z`c8fF)^XPl>XWr6T;J*H*O9J&O}DG)<b!Sxy>Qa?h5EvMr(C}&Pr~J=U02jH6c~Qk
zlM+bU{qDxJ{%6;h$}4owFRq`}C$oQb{peC*pi?((OLt#QyRUWEr(Hk0o72JHT+b=*
zJ$3Kzu3E~I@V$SyO!jE?pRT&KROmruKT+&pcRKAl<N8uXX?7@w@~?Ea41e+$-czCP
z``Z=G9({M#<z?&778jNYB<7d9bLraiuCG)m=@(q_DwIurcVqPl4XoupXDTQWva%ZP
z+*8<`X;-*ESK;=&(%p$I6jkGS)b~nvi|{M8-ErzC!tX@68?r|q*KtRwkLZiK?hDFy
z=<|B+Kh!6CqTT0|C*hqjHb8spyU#0wXio$8arMdT4c&h$Pr~6?H$ztVoj7+3Hpx@*
z?$hdfhh6R~)Is5I-0m0Iqe|VK#vW}l+;!Na*G#v@9__X`I%&Vh{fjaOs!Cvp3cr)c
zfzz%e_n#{NptnM9HU0eQPNU<=Zk2xM-4yp(^$outE*C*@sn5DI>F-qcK6N6WrMZ7n
zpX~6u|5ToYUrl#6RToJIGu(_(_cr1iy}PkHS$!@1QxhAc_-5=qYS^6ZG}UY2275&a
z#~838PA{Nd8nVOPgD%|PIEwNYx#Os!rTbZB_D{8I<z};J*V@g6LytD@dTdnxOgCe4
z8rqi6Y@pBmm-0F4<L6_#2iTbKH9_~S>}y-I+_Th26v}a{5|vtqIP7M*?z77G!;SK|
zzzAR0&fQjp9iGwNovJ>f2Rks};Uyhycv{^F%<ERR0+kK9ep)ldeGQ%L?0#RF4ZYgM
z{k!^PeOLAwdiE;!33be}tND{VuVGXYzO9@4%37*?_6LKsH68PSVo>K1UUr>L=&ZP&
z3!O)AU>ijbb!U?eSM;z6oz*?vwN+e(pXkMzIs9yI+YHwCasRH8HCEuKU2#~#iG24?
z1u5apeQhwe_jCK$mrwO~H(`<<R~F>Z4%2N=+kx)=3Q%e=h~f3A=)sI#D0&D-LhT!E
zYl$ApiS_(Y_wS5Sf&n;~4&M#snlzlLDEehMr{t42*(7jmfxDKvV2T^b#1+*o<g)dA
zA!tQec(~RmzG)OSnys_4h=cyKhzs(gW0-oOePi9H)Nkz^XJg4z#r*T(U&nK9qo|3D
zd%}NDbZ=BwLeH0Q%&#eBn;KqO##J7zp3GJoesqev8Ru=d)qT{fox3H$=4o6xrcrHb
zwa7h&%BQ&t)kPkjW`8@Bl^3M)&)q#~=nVG<>i8xzp(Yu9<YvKpaOfU)Dh;{C{h2zx
z?JV08{I@cap*FMmqMFa)TTiX#@<C1Kxic76ub<Cx*sa{1qz(#?T;Oib9^L&Pn<A;W
z%|^%TZ|AV+{X6&v-?@_;65&tpvN7IQcQYd_{N+71OzpeZMw9n(Na4K;-RW#KKQH1m
z8NPA}1dOsZ)VzWrlo~B%ToKmq=hBN3A8@l{$OYSzZy$7@Q9ri-AqJXuSMtxlNBqf~
z%a}bG-uN&GgVP`ChO4Rlw^!V4{-O5SkGc!l(7aF<9NTxhHL7=8BNx?K&g5D6z;fV;
zzl4@FRQQ(Lq>9JgG1OuuTS_=_l{-g8Za9Cny8(MNe2qKC4jPBUgC9W1AK&S2Mqj>w
zbHMh;+%K#8B@Y)?(uEJ**HQjT4EXYK_e%<P!;7DAw_{&>_emQ?SN#{8sjdz23%|b_
zcRy}*H<P$)KiwTmou77ZQ@?TkX}7_?p*`znS|{A(IWFqMO`mu3GgjNR?nDObhIKZ|
z?!DgaXQSqC;KnIEy3u`JMHf2J_^UPNTQ624wMt#JI7Edmjrdyq(Vv}@l`VeM>Elf}
zr2hDld#?&V+Yf*3cA=Ru;9K@K40ri)oxTm@?Y~}j+dl5k3sl3$h;JC^5d7})cn4CB
zXPcFcn{0#C<}-fnN9$j6-#~jdyT_<g5W_;%!*E9IA%<;YU%?1@Bo^x71~EV*@AX;~
z{rb9_)Lp-C3v3njZR8&0RL>D4bD22?v#LLiUwc-=zH7VtG20x$vo$9H)fNx;d*d=-
zb8_I5kL1B-wElnYP0DO(^qbs<81@!8gMT{*aVx+YOI<#6yJ-H6MqNsL$GuvC72f=g
zO|E|Ru1y*qevd1&{qOT9Uwq&`!=@1M<%BNr{UPPUv}+f)R<`eE;xzo~9vgS>r~)(c
z&jf+xZF}5C_{3g!ea1^?KIA$!eD)&<GCK?e0zP(+qDMb*zpDP|_h-ZJQhKePNX2(+
zK6>I)_bbX`!oxq~CzkN7pJVPS9JE)<&Zgx$2xjN!ZcpX%^xAal3-@vr*1|7s;%4Pn
zIPGy*Ik_R)5N-Nt-#+(N1q3~^pJVcY12$p{`uvEtO#aTD5&qzy4M)2V!D8YZ0Rzb2
ztWkP6>1(dU!ztgmTl4Wj1epA3dUF~XOwp*|zSJ06_buG&4}a@cJ%r&2-?@Wq-&P)R
zXK{dmJU=b?)y$!WKe&HllM}z~xIZOCX`8{~ZGM0XyXi-FUAo~%_lK7m+I4hF2QjKH
z&HKq6O%s1|f280r-1(@DF-9JP@MhcK$1Qg>`N;&6uJ4<WM9Yu6H>+R6rU$83lSUbI
z=-Z4qT6n_!jryU|lN|Xp<rK5+!{ble%&l2J+iabczc5RR7XQi&Fk1AR`$uI0G~;(}
z>J0mX`CY=@{^UDO*PY?7wf>76`{{qXe^8IX=(R(KKTZr$>SnDDHM~NLrv7K$pYTCB
z)q`#vn36zq&bfElf3NkemPxBaDH*ilyn84AJ&#U*pVERh++f60oS=mb7u*MwWp7%n
zHMY@LF5<J#>)EtAKd~Y8`8~A(h4T~R#J{2`<qGXp^)mr%efmc!Eh<~5x#-|0o;LJm
z7ABQ%n8~!RENy~H2pFA9OUt$9R27BsZ6|x9sQi)Sc-m4o!4vW3bG5b0y;-Y=mP4zj
znsw;D=_xHE#(xl{O;G2R7098}{j?TT{;VEP!w04`r1Co2=WIG5KLU`Cq~_4wBfK6u
z*VFXSCtb`&)Tg7jIh`EgwE;x}z(B1<<q9pHZkm~H&<FLj-6~9Ej^xtDZxh>)w*{i9
z7}bEzM`MeRMQghh?9;0;+EF&^+#E{pt+$~3Nt#ZJuTP7n6ZJL5l{*?}8MQ3M#S`%P
zP{wt2zi!viDzB#{d1AG*Y+AYgEIR$a#2nfnQW5$LfHWE#r|nU{AAlpmuX|ch)%z*&
zw0xJ>q<iAE-F#3stqCTl)1h7%)MgL{eRoLr&}NtRva-N%nOoxrmZcgVad<&0Jfnx`
zxUL;hf69WxsA3ZY+DT!vKzeG_)YSH>g90$(HttG;>;DQ*9ZG&UQKR;|Js$dQgr^V9
z{v~ySI;muj#?D9Kt_d1*wuK84!5Zp!vamU|{!9c%C24=~pR(z66D*<6?df%?R~oi^
z@m=ZB^mnpW#rFZ{^;-EE9jHO7rk<|Cr&G12OtxZeFa&FTtG9h<eOgmGJE)O|?)7R+
zzM{nl9DGkCXH!*PN?r05Cb@~y`R0oGcYP!o9F(DPi4+V`t>fSpXepCY`(j_eYNT<A
zf<futbUCOg{ngk8KbR{dj@+y|ViM65|7=P<N@{u;B!sANnckjuZUP;4YNqW~_b9Hp
z4g2VDN?qHhwx(^vlB1~O-r9Akw1sw1eXn;*tr63qlUr$tOvVKQ;06DamX|iP)_zlW
zGT_gnTC=Ql1Zz!*rHx6*qiCb;Q9rXS6C9{MI^0&{zVvfGJW_W*fQCNR@-Hq7;V^D)
zY7$KfXjLk#jzQatXf__Ie$iJ7I(R-y+oeLrfNWYY38D<FQinEYYlq_$5#h&4<PI;G
z_A#%Es&ce%)OF)5L_6x6ZRtoz`<8*uL#Dv#WW6<cXX*`TTar*(dD?eu6e{p3J*4MQ
z!5!%dbZtAn>1Zh&tQL&%ziSO?MbnH{RNh`=R%C7mtpP(?miWG_Z$=BMn6JfBc}MM-
zx-{gaOdg#9`LRf=OKUq_W@bTwyX@)#CptrTf74mx`WDCY9Xr6?@tZY+S`SK$rqr&0
z7t>W^hT6WaAWmh+UcMUipw7t;nRGCzEe*IvJEDvYx9g^b)Yrq4uf_W+I?=@+NPjr7
z9i4BJYS34wAz&|Dr)^SqEeq~iSJ-MnpbDLaU#-=nZOvg~*1bVvCs}b_78O383WM*>
zL^rkSZj+)&vN~K0?%vQeMW+*m2`y=C5A9WT?%tl5s5%7zrj3VSXL$FSu{5`r_Px3g
z{2rtQIo=#v)m!_XzYEE~1T?$7kM^C4KXAM2L+JQJi__w1*z=xDitnqv%0VMTZcQ(M
z-v4E)hm!koF><^g->I-`fQ?Vv4782vI|w?0e+&n#9dnH4RQ?5IR{3|(MN6U$4;5`o
zjiXb8wdeTSU@I(4ZAtNK%{c1)1}1oFi1w*EC=31pATOtKsP>cnmwz-$>tWj0>Q2NC
z$E4L6BKshR_O48CO}^XG8`E7kX&>7LK<=f1kuktcD@WKkB@bj<*e*Rp`M0Ng=(7UO
z!}tWKs1!(8GGB|MU7ujo-y^k;)w%5{)MEJD^2CeJ8rgJiOGaJln4jUM)}y#(b77R$
zg7HxnV&Hd}E$P&j44r_6Xlm6uBbsIx@ppTVv27Wg+dgp~>OhOfXfd>PtoDUUWB^{Z
zCn1*(wS(3ym;;vIRe(Q7$Jy4Mhp-O}#cXU;G@UQj4y!9ZINqiZYE889bQUiBApfA0
zPSklCB+H~p+NW%T@-U+vqoJZPqXcR`8#q4RE+v}QmuRo>q0q*KKPH4|UJ0hO`xXG)
zT?)zkYN@tQT_y7I7Mv9}-Kr#4<!^~~=&$zB??04jA99k*qNTs2z>fMOwa!E3pznrL
zxa>PPMN47A>+Dq9+Eb_79(9>vLkBLz!^}Q~##k{^JI3dN<d}tK3py2L#L-)~Xvb89
zZ=414=dWbZnis7Wl_r!#{A|shl@b*CDMY<LhpnIapkUoOT>YfX)sh(8pg%}uowSzJ
z<wANa?R**}fAB}mLj%u)$>NS%nK%WePgLh3-WfS6qovSTEd0B$+-81mT%hqhi5>sZ
zc;Mp4+qC+ZnVOWn8=7UfXwywNkX(0%_K`{{m<#r`T+5@se%0F09d~N4skrQN7uZ!j
z(&HUC&Q71Q5`?$ss10B?9li}(2N=<*K`Zd`lE$%7wDulOF7xlz>Rx8fh4nKa^Y7!E
z`uswSR=<^%g<PV^owN?r<3oI=&SLE&71LQlt)0P%Ngi|e^h=CEqO7JKbHnGC*r`Rl
z_kvd%vpRLD0Ou4h)xJ`Jhj6%s;S-|y_iNv(Oa*Z^xv7N>en9&pRxz})Y5N`C3@W=H
z%)9wPZfX1BqUl=%by<<88}#IBMoWsV)Lv1)8w|pfnyUrqY$ZP<9445v>i+$`OdG`>
zjd(=s!yc`D6o(6S4UlP*-!fX_G<!x}LXb{nrnIWumZ4GdxO5GP@LbxatpYT4t8mi}
zw(245Z24+_uElRcv;f;HL8#+Ry$yZ3hSTBF$1VdCX9}2pFdkkraHePhP4LhvqYq6R
zmN8Mq!u}`lHbW!0aL3hVI(3<duZ}nZ>L2r8{?+uS@SctOLpXFjtWBi&eHr!1_i#o6
z?SGmR_xfip^F_G2n+OzKlTn-Ymx3XiKWAr1M5d$?m28{$yr!o1h11tw7I5LcDd}`7
zY`AFdI_-PgR>t2Z)MVI*rK%@0>QH91?xL61Yaer*KuYG;;AHy-{_UqXY7Olhi%OVj
zSk<W)>>CR?Eey~@XVT+o;d>}T$b5+tORY_SsqR+n%UGg~eu9+$R>mUwvL5^}2g2HB
z^_^v}Xg%0F;C^ZHv>{&wGTvKl*7m7DF(8lj_5m?Jf%6vpZFOmDZi<_Rzovb0nUSX{
z6$gN|Fl6hWf!f`k3%g*!>s*`^Y_TZ`zX;bPCbyunw=@@}E=V_N_f~DEx=H>(<+LO?
z?8d?)6@Q(l71i0!_0QJrwgc?p9eAW}Vm4|G($9KvAk+0aH0MR54UPRD2bK0Fgr3UR
zekxm;+)B)m`7cD6tMCB;jDJIGKqF5;8b0&3_O<#|KMoskPQhHNi!ze~A6TvEk9YW2
z*S~91{d?cT0#r=EV{@1i8&lbFZv$F()bi2b544xmF_3|4eosrM?e)EJ)M+Odq`@E@
zk7vDY$#(`$#1XqR=2Gsu8yZyIVm~fM6$Ww+-FX;C)Gd3oD)p1X`rQSPRi)_-$@ea}
z_xbD$51pyvtK7KPwj>lBRjq{O9Q%>>ql&j|gy8m8;HL}UVx~L4gjAi_){{VQ|E*<E
zmj#XBEBaVlsEQzeUJw9XyV4g@n|CmUH$UN1nDZ&j0ozMBgX1MXt=bd~XZvRwOJ54&
zk`0>to0UUtdqYMXh=Po0{sq^mLEyoE3JyN+mm147^n9hc7*>P1KAhr4K|FZ31Ln~o
z(9?7FaT(BOzs<!q=>TMa%Hj_kw1dyX!MyA3x>w95p4$BdcjL)J9Q+%HwE&-&57z&Q
zPI?M`uo05~>Tk5oY`5XgyEzF5wC}w*4BZ1$CjVRR=}G%ei{`Y8fX)UWN7Ci6Bb+Y%
znC{*^37OPoI9Tbf2Otp}JONvC{rB1{DmUhlx3`{0-z<hjx%mgJN~Icq7Cc2iW8&MN
zhMftElbLn?oLo5gg;xdx8qmp~xCxyHkpz1;kKQYXL;l)hT3E&Pxno*0CRh9@blRJc
zB&C>}>Mw=rpK(Ilsd7=as4qkyFok}24jeM;B=-a6BF|u>3s%#>uAtmUPicD?-u-lF
zYI+{ce+y#f`P2L?wdiM?2;A@soI)yk@&tSQ?G4c%ziQvB3p?<e4M43wY}A+br&gQo
zEDreoj0CLyFHNU{J0af|pV3}cCyz0%ci<($n4i^OAk)%Mf-a=t_s+eRUobes`P{QM
z&4Fv~tFd+a>!5?9=QuV)*%z@H{~~^Gc!4_$_g~<veYuv-z3%B(=t)c$<kF6O5Wk%5
z%qw+ff)v!&xzY*2bt&T-6}5#IFiQW9NgrHYjF`)~^km9g7G0mVKWupEbRC@?T>ZJZ
z2t=d-&D$Fowdt$6x|)9)-dj&^%mtf22O3WXpFJk9&?ZJ_F4J={dPBCG2<`ZL!9w5A
z#B@=I4~$Hj(LjGmr6Q4#+I1nev+6Kp!1<P-=Xniv=I!kj3tXrqRu-oxGJ^EO!Md?f
zP|sVMn_j;*!=MB4IwO5}K>brwGO4VQ*^t_{$uKJ2{A+vMw%t3W=?QFc;C)08GYNaq
zkP4oHm}q)6PN&<u;ZRW?NUwvW6}>jKn5w7JHbbAJt~xtAD?%YnG<Bvr`&ifk^_83u
zynG_4b*K!g@#v%Y-~o@$jxDH~u3nxLeWl%D1pSntvnWCk;jvmn6B-HKA4^9Qb>`UG
zm85&wVlmxXmN%0&JP3(ee?Gu=N#S7qNZf+IESLVC3j!ILYWp4MF4tBVX!6{(<WnfA
z@-$9G`Cc3DC#M4!Dx<^kQt@?iQz|>=jiE;;L&hD-;E*;nvhj~F+V*aQcTO5@FyY%!
zP7|HEzfUx=(VDB79>sP;R5#avilXEFK(-^Bb3$s{0z9v>D8huGQpG@U(Yudmt>|D&
z{S|dA%7&2|(f8N%nbhSNf?6eCz!B53wa$W(=UVH9j5$VR>fHT@EC{JHEQ;*{;Zf06
zXO%m`jz={6;&HsqGQ^tq_+Z;^_USx;hTgW+wK%msrHo98p^yDKck01S8;0jty2MWe
zIC1X{VnbDphJHD|YU+mJ*MM4{u{63iTW1P47i~A_bWbCJPOQhMxKmaJ73Jt*l~Dv8
zVj;OSB&0LF)H&D2RxtBKNG(Jw^YkB8DuZvV*0iKHRPF_b(?+<Nes0GZ4h`dJ@?>b*
z_}^h!{?wkYbyo+yE+by#i~VC&-+IhzQEDfhW&ZxyNsneI!Ukpu0W3F=dDdWw2kE?(
z9-z#wx*98a`6`>7%z~a=`gL-XYWC@Mwa#J!*#SQtE=_47xV<4AYzW$(e+_4^KHWgu
zsz@Gxt<GzI%B}-5saOT$NKpbY7Dvy|vk(co-nP+MBHkr7`d}Pn$%Un`-fDN}8!gDt
zb<&jcY(S^F>qi(-1rVH&X8*y%Ubrs4gvUMQ3&4A*RBuG($?5fIQcry$r=Be7t9_`-
zbW_hXti4w+zV?*fAR~3{UHjmXYFuVf#UtKk)kuDB6J*qed=99*uWk$GAc(lvu;k`6
zpod?A(v0e_Gb85p{(4_FfrbOY@=Si@21D@O|C&CVc2{8`YX|Y~&mFAy;DRk1@vKov
zIdsEloRQr(>YuCl$%0Y5aS7bQ(%biJa<WMshw3bN96QV=#oG>t237Yb;0qwqD-uff
zXC=c-y-8<@904EHnGE>Er={v3LbwfHAHg*`0`JiJA(}8M#Y6iGbav#2Mb!0}urGd2
zbkP^XQw)Sl^qqXG))ywUs*XF(8;!3d-K?{NX;vO>*j*E-IFy<kO*x}<wZ1bPHyYci
z(uKds#sDH#x*_f2$vginJmIUx@Qo=QYZp|A$Bh($p@MVX1gfe8L0uTfO}pGYcnBop
zv~332J#TWoXsT$0XwC6roh6!}9J1QsaB3YGad{8K_gYNggm!2GxLn;eoO(j)sizKg
znxwN>G_qo)xtKz6ZIF@lQkmX^wv_0TR9S#LMC?r_ZT}V~&9lug5Uk0?Iogv*v!d)g
zn0RrS&OFN#C)=2@VhSFqUxF)R`!A>@h8LqAot&zxX`taf(`?j<jxrasE#WlqP}&T>
zM<-|KEf{XH@DlB41MV4nUt$7HyoJBhVHQj)m7%iXB83$5Qu(d=FX~SrxQAh<=g`{O
zIt$Jsr*V6I_z*YDPKu@RX`uX)+Yq1rb&k%{kC9(VhhvS4Sx4vdlQcRzmlFeWTrT<I
zHJlst81l^r0VU06>Lh%8zKzD?7I1DS-+%O9RI))5F1pqHSFH06^v)QYhE6M(@@|z~
zI^3>XZ0BIJRr~^D0<Zn5q6Z+Ud`N1#_$ij2x>ILi{zZ4$C}ZQ@(1v_s)xO|dTCpDe
zG*a*7R^0J>br0J!2qyA+v=DV!sDICeF0w3WPluGgG;fj4!oS%_5~~h}u3fCh(PN8s
zmPq9XlS|V)zKzv@;`@Q(_Y8wPYMYI0s!x~j%?<d#i^$?>POBe-AF2BtNjUOUaA~}L
zscp;l-Vd{cV>6Go&oOX%dc)Fb<Yb)NqJB$>qqYy|ov7kLoo563aERRdN{S4|>r_!I
z)lH@2EDw!&NM~MSZzY&Z{TL8Iu658N$PJ98CBEc(v|+JcmsS#p?jF)vhzU22%iu*#
zU=bZp@{?ldzsvM5Rr)D^*v9$7lQz@ahVtfmd{p~UeI47c5N;x+8~3DV(XmH$wF^La
z$8vyE$tBwd1%0?5JT$9k!;Vf{ssEr3$jZjaQ0z(Nb16+}=qjD3f%ttF_pIW2Z#*T8
zfn8a-T4!k<eb(U1D$WA%5TD+LI2-nwIgbO7A?f*Wocng*q}_Q-vOzyRZqufSDAJl|
zkaM-&lZs5yImtTxcf4g$!jn478r<`wZO6nXTrEK!z62z*rk23HcH|ke2d#WcXDONi
zIG;{m0SBk|*VNi{-P7C%&wNI2Vq2PD%pWppu!dJQAUL)4S)HZWVf`1a0i;H{DDFsN
zJ@Vb>Z9?6uQu@%y-6`Yk_^NeJYKRsdNv%f*pVtqow6cAzZF2)YnDf%$kf}6j>viTx
z_T%@{e<Z=&Kje`U{Z9R+9|?Ywk9ay(uG3r5vW;Aw_IUx;fJ!bn(&W+kXA=_XmbUd8
z(25uJeJV)M6Yagi3{l6yI0J6&knW<LFX?+!D4<GsfQ5C?dk75Nlbg8W+4i!Hp0Xi}
zWW>R@1_nU!W>9nHD>{$KWTQLOf)45JC^IRe0Zn>UuSY{)<unaYaLS1wVQFpHCG$3O
zt&#s4_FQE=Y$r~)$gAu~ue`3S$>8BNTXY^O#i1pxZ$^7D4}%i7@l){eZFob)9FRg?
zJA!1p?9kN;xp3YaP+98eEU0@pqWaL<|8dU+F7Xzal1F0~d8a_i?tD{cPFV~>;qE2D
z@au@A1UmW_H&(N9Dvu+P0ZE?mbl@|bE775<4#m8~5w`CgJ&jEejg_jiNH*M`;G+G5
zV6csSPgjd_!pZOJJVhZV4+JD~lB(`cY(Q&cU<G|L0Vn76Em3i>^#lEWl`Zmj0+BZA
z$|KjcFhtHwLQ>58ySUmCo#+l%AZcc&hQgGnJ^G6(0JJng|E_+>j-7oc0MxJ2Swb_A
zUpWo>bnY9lWLod#KO<dKghMi^^@lpkn-$rjOD)8;p|&7R*Cn>5xgY6a{(X2(7j(xC
z#)r-NH0fjgsCobhP}$(rRwPqG6K_UJ=<}cGEE*t)KxXGv?LxNM?x&GWR`n@YwQD}J
z$rPMYk(5iRd30to(g;0YaOT0<<$zq;GAyYf_5KnBk@ux-RCXSG9|BD0%rt{;`ih%Q
zt@i2l*uKfmg#I6)U}nAS@e}RWw{pB-QBVo6BUh$1q?obEh{;WW5`Xo8zEx!pR3Fjd
zw~?F}-!>tR9{fc2(H(IKX*B-`!t)Ie>5J6iqN*8IZEG4iHlYqx9pb`w<6%3Z1Ov$g
zwYYC|mTdI*H+n114mdn4t%AR*>M2h=ZJmHL;V%7=6f|IALI&j@g#~-zd-z_z`i>tu
zV4flUBZuCf2o8PZ2seduk*gzVdF72s9(wJ2&cO(2;rNE&(=Xz)Kj=&YWI+;kZ7a^3
zKkC1#*v`s<0`}jRm`6YD0=CiHjprgl1i?2V<qR^Phha&%$85q#h}sgkQSkwt=EcHK
z*Za8snR?v8;cMw)k?fIZ#UYr?PiN>r2VobFL-Vknf?<D2@KVKbn2~2ra!<8bPj!Nm
zC}No%n`+Xlr#Q|;1}d^hWd>?Iooj<ZNS9>?&H$oeT^B(gpWO&c%=krrStS|qd*KxZ
zBH)i%QI)^yEC(7t!*SX+%|~5w0Ke^ToB_`LW^>$n|F9iju^uGqi|U&A9;pem_)l)`
z-*kqbX2SFSvYSJJyvj$gmVzcIcv!dw_SBDm>#RN~0QZK>pgZ&|B*yahAu(dkalN(w
zoSwqjR%GQZ?VaW&`C{e;yR=#wi_~ptiOpT>Y57pO!E1s<?TxS%y&swJG-M+Xwy>7L
zyfimmVc4?c(KD}FP{VkuL#qcN0w=R;^GmI+lvUdpuPTd`wGDfgt_T(kO$*WXAAw*`
z9ph8=ofCBo&dcBoaxDk_NT(9G!=#Dz3})l_b7AAi!!?YrXqq2wutR)7jKL#j*+@}1
z+!t9D5JOQEu5Wy+(j21k!qo}tFHUMkM;aLXJO*E~499jEh~MkSaun{1HMp8a*H|h%
z0Rb@b1{}>t4uTNr9dGPX`4eWqJ*h2mLcr#@_@n}mK(&6?LzT0!%yPHE?AAif;D?ex
z5C<e_+ILw2Qv2X=numtomf)cub>mg_%Q#?eubY-ZBdxSJ8vaJ@Xgc+BavYs73>H?{
zVH)Y2FoPh>HE)~EX?rc?gr|87&ZA<0tmf*JU@&iNAQu{B&9iU-cxNFUdmSN*pd`_F
zk6DH2?t<#d_G!J5s|`i;c#@%3m4*wG4PGfUKgHm-pTMD{D9J)M=s?I#c@{E0l8xRp
zGR@#;77U*}G7UntV_Gxv^@nE2^&0F<cG`>2s3IMoK?g>`suG_)G7Mf2iaU_RX)p%?
zM}wDEg<#dB!)8CzAGt8kHa57$f!}2wLse6wAwAj-F5KNs3>J1>+0;f2Sve@Umx?sM
z0BLhZbA!cEvT&UO6@F!869&{4kQ-2-g`qae3O8(NTP|Ld$txFMJl7vD&TVDzjIR*%
z80rl$>JL;xw7nIzi_f>_tTVTbO>|`8-eB@a!OleTbsgH$#)zTgnFc?SgkTNI8ryfL
z0<z0za5ah)oQ*Gu6Z%+W5dcbET764W18VQLVHg!2h2tUP+OC0>(j~xIEj<YKR;5>$
zEU<<8s4&~$wI^92at+sz8C8LJ>D(-A-|ifPmAeQB?CFsyt*Oh2WEc5*i#*g^gIlh7
z5GSs5a81QI9PR(kHCUwhKpupiI-gqY4U5q!FdL-9x4`sR)d^XgOU6S=Oz2>!p`vid
zj-VwKR$(VRQe|cU{<5w?4Y^4-BGd7P&l7$0LuZ3|5LR}vp=n!J!xjM$b+{X^Ov|MD
zR~yWGclv6({K<oA!SFV8vTj-e-PFxs$A|!ORcrY%wft)hW_;nNi@}EZ*KyGVEdWkL
zHCp9W5Q;s*34VJ2dahElpnWzz3VRbe>Nh4+k)ECkg?F&K!JI*XAgp#NF`=wutF49o
zy^!dT*pu_a(Vhlxk#(|{owq~KXgKKSQQ~;`%t!PwK2aqSrU?x$$~-3J8$YP?gvZYB
zP0FQ;z6NtA3tygLAtT^r1W8u^f;84o`x)!mzC)_433$@U*9Wn~J^hXMRp@Y5quxpy
z#xB}DfD`J*fi|i{s~6-m{?}|ne+@GDxejiTzW+nIZTtb8>*g+nw#Xa?h0tw?!R*E$
zj`<7z3pX(6k$H%N$flA&P-PfPlP=(JSuoUK$t9V?Y-SMNyO{AN_36Cf1`7@25YY7*
zBSWaNhO{9U+NHM->h`^x473c6Y{G{o_SlY6;Wr~x4elPn)$E!AgXe(Z9XkCnbhJE_
z{XNn+W`il~xg^Y3y6=%Ri$=~cEc$(crxE!^A{X`dN77i$ZG%w|w<>S@M`PjYqh3We
zTm-VAEEWt&MX6?2NT5|?IQImEcQ)OlwWme*do}7k9BNiChMMg>&frdCF;w~iWT9}u
zO>i<}DATjMiZNAY7G&jt`qqAs=BHynAaPT|ub5y=;K%q?FG8BH{sEOU$G`WusOLn3
zRYrLy89Z+&08*PgFgZliOAHnY4<Onp?E>i!Z1)s4dVMJ;pm}8gsqz9gJ$^YV&*W>@
zKaJOpPUiM3KI^+w0~=2#rx>gl`Qxb&nCku<pJuZ+{eI{gaUML?8H`dx49wK`&x9~#
z?2MFwH5S-e((uFm5rJKPi}4;OHBh?r@?%sCtr(D;MB!P+d+MypZ#8(75bY+g)1?SI
zy*4euM|I{HEQ=4>D1FDk6DHw4-vw}E=i0w6PEbPmNg=R)5Q5Dsrhw1d&Exv!)I39D
zIuC4=cQI{s7BbH_42E-~SNUbXAzi-Gf%M8%_{R7z5p8*~V{#8lxjLC!ieOHp+lQ#b
zx?~^yay15dZ%nq)IX(@ZLFb|y0q^nK3>N2_e7nuCsJO#s*RH$ME;2=$`#+X`@2wDN
zr5Q-pZ*jN5YBPg=P$9HsI#oT8+LSWy;Tq?{JvQ}%ZId<3*;Ftktqxs(6}V~feOwg^
z0hOK$i97OPPaMr&XfQ9i_#LDr1sL-9pTH4l!y;~kVo(;P?*JyZExwF+UHXW(F;#ty
z1{nL67|bOuP8m{N;rIGfFcaa~cJqw{N?K~HRpkb%s9+M5e}W&!T_GaoOF0s%?l-u@
zRFsZMZ$?>E2JrSEGm~C^2;xcQCGiGa8=@<PPJ4a^SyxmVo9$zkjz`D~bsDH2X#}lj
zy3mScRi)8|YA-XGye?ga&9N;8`to&mhL66igFK)^4;w5*f_dN^^B4x~dBos3Lh?6J
z9MnD;nAmz6zA{vzHKFyZP`x;E8<G{hpBX9i-(+6bb6~mccqJB$7|+GU99fK`3G$~w
ziYtxR?8_DnJE%)rAam|2uK)5^+sM9TjqTup?}bDKT@LMe%wTo8axU9&!n*wdoOY1u
z&8*r3PuLF{IlfS3XHOP&_%El2hELg)4@##Xtxn#iCDWGQkoq|OX|7Z{J%dH?b>je9
zh7%>~t(wyMXAKt86!lmOo`&ZY^+NHN5(q8&ZYpSE!!w|XxT$<2Rz82ZxuN8EgO-s@
z+omJY{qMDWZhO{UhFoFp6~iXM+~R3h33l(=4aQzhZCTJPl66Y2hLfwqM&nym?0a9h
z%syqI9$ds2Wt9}_VwhPcmc9B}Brc$o0JZA>0VS?~iSO8gO_wLQ`6BrFK}Hi%C1Amo
zZ@i{zD^P-TXUngj;rju(`J#|EJ2Nb5|0@4x!_CHE+ZKYzZ}$kUcG3CG2s?#evr92l
zF)rwuEE`$G(w5il){&^66FRKyC+O!+w?iMC*kbHv_5w1OSBusVTMa&M#J!}NmT42w
z+wHOzS-1TVI%%`R{%IUT!8FaO%NyJ>4&Wq(8qka3+!1dhn6&DD25W_gLFhLkayDRE
z$J4!UatbJU%cjN_y=^=At$W9Q@Dq^XH_4>ouP0eF;x+tf{vKEA2i~*6y6`^E+A0~Q
z@5Ccc2*6s`0U2$m>Z^<%w0##pmw^l~R^iknD|;xr%IHBO_87K8VyLM%(A#1aj9f~o
z;@01>D%*@=KeRpaePk0tsPREo!?X;9e=laeqaEeP21}l}^%KLE2`XN!u3r4qIAdEm
zELI`qw?B~)MHeQcfaL6FT<Grk+!$vgc1cGtBSrmU`6@8xy<Zw1s`fSbp;JmL>T&~2
z>xLSl^zVGd=euB^!OPQE?!Szjz!Ffvj3fa!WXrDR>2PNsw5v=IDZ&bp0T+G>21LSm
z0u4IEKN^47X31cOp~Xd?1i2vZS!Cpocmp}-cYV!y7(?^u)F~^GW_@F@N^8FeZKAIa
z%3r@VSYHjl55jK8Lulyq$qB<po1Q@6smnGanv#zg3)O8wmN5*%#tGT9;R&=i=yDn!
zp+AoptR-9^2PqzFUI$j9elS=>{KOBoB?fYEJ;9nSW)AiG$tD(Z5GT1^hkE%1X`GAC
zTp3MEj>4Tb@2J7bQ30j8Fj#sh79G1BBq;C@{XG!JnD>qwJf9^8hwK_D<D$<`a7WJ8
zllGZsBRnXYIZ*tSs0ZzI8j0;dM-ufq&8^sg7%IWb`BhAZS-NCInwxI?*)|g~bivGI
zizeQYmPF0A#>7(TFUJ2=MIaJc5E5uhM{kGSIQLhBwedlNH267$3WF2LMdiO4yiZRq
z*x(OTk)nxC14?`nrCob|H+YQ=I!y>a4Gfmk-nukl6})?chG~td{BID5_fO+KMj$@a
z!MIZOJSxwGC3gHzgB4}$Ib)NBr~U$B)y4TC)@9%iMe*+H>gRE14VJ&}7X?qU4@1uL
zi2gls&R|s}IU?Ud%pH}Kb?H<Y@}}3H=Z@$37w~mei-CIM??`Tm)agIe)gdkQVlJgO
z6NRhuzA;*nd4<U;FLqyHa@l_BN|VPrklyd7Q{#~9-XqFnA;usMM>4Gp5(>KZ4{XgH
zbxf8#-J!0@`x}8hL5jQ5GwI;>>Ah&>3(@tcs-DS`%btxkZK5~`giFy;Qx)Z*E9#r9
zy~CFJCcgors)5Np%O@L}2HVacYDG7uB7T3erB#R4%|zN$uQ>Aq6}f>NG^Uac8fhY2
zA8#_z;dhyXnSu<6F3#vxg;lo%d2Z+dhWg5F@&G12FFn1hd%|~>7i(G+qnj+_WSef<
z(j)QS;U{48|Ks%B-V0x7X_`F4TQJ++d~Xhcu`TLuU2Y2Kbk~|L6sJW|PmjrLP+x+{
z-SK@BO^e}Cv`CcUP}$39NGaf<M`8x;`3*)eQrP+NJqP~arJGW+D_bDd`paa~Ch~xB
znRY2NPoKL1H5}(sOq(D<(#e`}SX)$@$wEKaGugATI(0SN9g?V%*JMtD2I(d*I)ht5
zhAX!>NvKWR52w|ql3VdEJOC^#)VYyqi-lrQlIvGAHjgmI4biD<;Zxq$#AFU^6y_jp
zH>8K?`lq1djx;eYim)!t%==W?gHHA&t1Vg;!+1z-&Zl&uxs8_tA!P4tEJnM;ZA0M!
z8s5@;PlYLx<Is(#51nrdA4f$ilVvvtLU1Bf`=|CH&`m+OiCbR*57CC!CXb|qAROdS
z*;z5JdvYDxe=ize?z{)CFVkoCq|{6sB?$P^jkSKYS&w$#it+n0O%|D!v*_xEv+K{%
zfQ7j-7xONkY4Z@GYjgm`vm=Ls#Ol|=lz+`c+spi!@DQvFnB41xd=2S5kPgLg4wgAI
zXyX+OI@C6`EiIp#P>)K7p=f{fFp%cmSzH8m&bCR~!W=wef<-L8>m4xoo*k52pSFff
z*6VLYE(p~2PR#-E7i9MOCV8UhM4owAHQD#HvvKXI_BMeS*YPsoaVC}4Kz>(mQ<~k$
zCQw8_Q5kTNnGfr32BwyGzU(Mjc{1TDu+Nq*ml=TEK~eG!r#A~KfN078v1kPHi|(Q?
zuQFLgZp+n}wo1kU1o31XLQ3d5-Aq>Nd!n1^Wv80h>n<Z!FP7d&sq>?5`6xRLDY*Nt
zw~>noEsFFHIdb_&aKJrsgKdpDkWWBDb3!6=Q+loYWd=Y>c`!hNd9w$XVxnW=-XwfR
zreLj_2VA3pE6a=YhafEXZiN_p{$}7hxwpy6QL_+)Mb10YlHUe*CHFCz<#WCdC_|N3
zuuo(ltKomJva-IW+SN7Ov7b%f=J&Tz+~fhK&ZrmZy9n%vyr|^nV4)gzM@!ndI0SEK
zh0KRmvy&%rl1F3^4U!}t<7v^uNjm*8$fgZ)5&AgXHnj~UW+DYLZU~nV2Zq>X1k@-c
z!hhQ%A)ZboB8lf{0+NV^4mH`81hK;|!zm(FIgpx3Lx-CzwA$q+8!`$<;Ol%{2;-k#
zfaArmx3F;)@sLqR3b@g>a^z)RL>4sM27dG~<eOP_Gn6y?PA(E#WfXAOv&g&fn27Rq
zA8o1u<(G>tvqA*v@LnsV8Q>1o-eXLb+!GLXQ6+pFQfN*Z%gHw&2+xlw{UZyIsI+Pv
zS6HRRCeJikG~R}}brWoYYu7|*I#uGGo@5saU_V*DBGd7^l$zhD4meB?Z9ROy7$$Wt
zGg)2<eynzN$&mF;lP~i-3f-$i+DK@z5R-d;ipjIYkSHOWKjufl&R<o4e$e5mCOa(z
zLWqGO@id3({pK;~vuP$PY6*nULQ%TFs-~NNF~JAcfUJ})W09>tA8i}A%!MXzGt=Z{
zUgG{@QIw9#mpHm<INamc-D1APNd@^Q($q!RNWBm%9DA!xr}<{v#A^N=jAC;X0ko6o
zyLzg=8BOcvnk?E7K#k4h<YbgH6S6kvyyr!)zj@q(5_t?yXSA&RQ1sw#ja;(>Poj3_
zv%3;3N+~zFUrk*2EEVh4p~$jZx6EsxVUfvwg3uYlLipoV<T`Zz54R2*-ew~*|LrFC
zz4X4rMzE!K+7Pw$E?A4Ih{b}+AAp9L+Yu7y!rh!V_S|Cwa{6AAhm#vFG;NXG+*};M
z<F88_PX}6~h@@(f$urb)X;m+8F1>Qr<D(}ZwR%(9=e&dT+9kHd@2#+Nn8>|41KTww
z2Cj>a_uCYlm<m!#kz}wI5yC@tuo<o0$gb`g3t3n8fXPzNG9NT;d1kqRY9^L>X2VV*
z&HB}cY<wmJRW1y(KgVJoTPp24UHQA7OK+3O>ebgSvoG^uJW>hRFIrKEB*y$&;IGz?
zng`Y21Bjg<%PEsOF6YOm^c6NML)>|Z(TxxsFj)=_90wutZ$zH(sq&;I^xV@p5N=sz
zGqgpgPN_FwGxH=s@taHnl$Ow2Ys{ZiIl2BZ8(r;v+-%8-6M@~;2(QbKZAm|n(U>Pq
zo)#j~ltj1c{7J}oT6_-*f5-mU<OxHNIx>zWEu6BaOcpc?<RS8d!hswLy`Ex;6?5sB
zCo)9E0rtW-2*vJxhO_DNXTe(P8n-=%M@+EgA&EuWwdl5q%*wUq2^%}^I0>(bY-QVh
zoq2-4FH9ncdl6-T(<%;?23c*ONFQBq-<~X~on;wVQ(CdX#udU@BVnNdH@AI}h0(Xj
z5FuqaSk@+6ZRp4g{B*J6MVJJP1mT%O6eE-NUn6pYr=rp+c9Z#rikGTQmw6AqxEB#F
zLS@G99ArpDk{VH`kCB7ZX9dL6n^|Dn;#W)-2oH#~v93X+jotGYzCP(y`-<V6mDc{q
z&F0TG%%Vr5u<j&>FMiEVBG5@7cR8Rbz5lw&;*ZO>*qC_xR*<y%ouFuwcQ^)<Ox|v?
z)`G}2|6Pav*<s%fWONDNY{45Q&s-6{P+|PY)9y1TQ5UoRe>PfxV@{rlp|_gS>%~Cd
z?}USJ%3J&(9Q2`WMRgCbiz!dIHsWRU`R~&XFa7kE`GUHa%ip%~@z!^2+W5e`Kn=r#
zC~1|};F*@NlY70-Pr2fLFzH-^Rj1RUZm5o(^Z_@fJM6S61Ca~1u`y)5??0%^T)m6G
zQo7r0&ZssB!&DxlHY|pNx?&X=Jk!K-udL#lVMmqCJjFb*10pgg``E{QXtHGKpy+NO
zc^*gAKU8)P`YI<Omn(h-+8%tcA4{wpf$z@#m}?fXsKei(ol(VGKvu=|7(|~i(>dJh
zQz&MRWt5`eXqO{%%-4Qq9#DS|<l*#yDhb4Az7>9t&rOzVzwQg08VbT%72SWS;%)dT
z<G(W5bz49Pghw~@f*u}=ysr`aOy+hLi;)t$JRSv`z4!C8gYUp)zF8e167rz|Ejnl(
z<w63=tTs9?%imj$LS@&^Lnh0!7T*<dUcoA|uGFaf4%PehzBXB6+K#U;GXazX4Mgr3
z@Wk>G0;sz~rjV?`KpJvmv~!>S9XADml#4yhrFhx@OsYi%*TQOi=m_^B=YJ1lO69WY
zKfsl(K3edj*@it@_mj;A+;h~d!-*Z<d(m=G9w?%Z^8-Z?(XMK(P<2fzoM7K1n$+n8
zXQGBDO_Ra(qkvzw+s!{^o>u4D^)x)*D&fI{4}E$#sWpB1bs{=r{A{v}H00_^wt`+i
zkJIATeujtM|AmX6Ilp43)Q_$H4Nd`-I{Y}2qZt^oSbjHuW<Lqvh&Yb;9!!p<FJCuw
zO8S#q4?!%g%TAmelFx8MCx~hlDs-pjQs=)+Rw5RJ)3fgglzG8?(Wvqyj5f~@aPE@7
zZS0M79#I!v`FL7gIzI?rfQQeTtY>%-+3+Zv!gU$v%-=XNv1hV60r_(-dhNW)G7MK=
z;FPgxhh<AULP0lFZE32XM&x6f(`R^kQ=>9&k{`dqvZX~KrX@=zWxxLQozP-sZf%R_
zEQ#Jl={r&rX-N{S<B}+g<t}!vV{sS%$hsEaOVJ$(U3D|*$$A#Eq8CP6naqI1#0q<O
zTFNVvO0P(XqH{6UVU=DE)CVRwK2bXcL&8T%H^SyDYG|>`AVm9y4R0spBBuo&lag4A
z9qB;Z@}yZ3XR&71IAi1P57=av9Q*S|pd?}EqsSFs9&fQGc3{<7W6>jMb+Q#p$9m$n
zh&y-URK3e(G5<KOHqW6o%e`0A_R004Xph@^PgOMViI?p_Ec3M<a6=DH2avxsi+PvU
z=@ySw?J_J6Ln&y)zY@+Wq_D)&ty9bZ-C$WP!dJ^<@grhNf@Lx^`$dV~#<vqXQ@-dw
zzdF(4z5*x`+33$_CAjFWwWyPPF3H-Z<|-h9GbbtIp$$oK^jxyV!bVF{EbiJ_n~I63
zLO{epWhrR>H=cUr^;!+7nQ10b8!t!EVXwu#=l&c~hT_6u$(LcVMwR#l*8m~^N|a~b
z)QFQ_r^djpIu&tijf`5S-H%=w&o{wTRyMI%(5Iv+W}#AXMKe2kb5Tes?}{srM;oK}
zn_KL>h?o!g+u<y+;bTuMebvHZ4%sa&Egq;0!0RsQ7p_V)19=S1KwxGgtTHhH2G<4D
zv5jbLv3QZ_yoO_I+e*`lqO$ey<MnJ~vEX8@Oxr%CwFM0^<lyV_04ygw$;WrQuixVC
z^~nJn0pnx}=4@2iAfe%<>NJ?PL2I4LGNQf51K!q^r75wrXbvRKm_OjW-mn3^TK)>4
zuKxTBUe@LadER|15*pL$W!^@@(c_`S98N*Ib1)%Q+@O&RVsCv-+y(L>JWBD?kk#HU
z*J6#SKufZ#BJP%GCTiT6^vrB$CDm%E)Fe>Vfb>?CpW^`cRTs1uD=HGxZ)e5O{`S_r
zYzo;h`xiV6FH~nMA*%8*G!H8EAkR}DjGF}U4sPP;U@cM^4@TbcM6@^%wC#Nb4tiwF
zduZk!4;&O-tooGK*-D{Koh;T8GYE1(SGu-zpp(TErVwJ1Uy$O?9E_rwKeoOxv>%!q
zq;|EKpA@N57kRkt7YIcmq4{e*Tiid=64*dvhbPh4Vb0YSi%<CB;z1ukn1>-8&7XS<
z70T0JL!HZpt+>VQvumuyoET+EDUA1HfZ6-Iq-e@Nf<NoKS?{PLb8+I6+xx>@L=E4&
z)?(pzL{6w`D{$`}hu=}Z>!Bv^=owUX%pF60Zm?3R$MqHqMgUb{UUA!H)z>f={+Ne!
z!}>Q^EKeeUdLQH!WTCG<IQ6~1&^f9@cg}mKyIb6w7~9jvNSVDXUKHu~L0HK-<d02^
zr<EFrY+G+G#L+9OdcRlQ0*SWnHfW7)eJmCNUzBh0Sbh$?S=9^dYcYEV?a?oOST4SM
z2^R0^Z|zb2>gYj^{PZPy@&sCRCq|SE;BvInK%2!;FbLLwx_vT{2=a^C??n~uw!zkZ
zRrD?&Vzp$i1d+NTLx-}gXykSrDF6HnCRNL!7I)3VAOJV`FI7JAs9F}b(4XS%NQ>`>
ziGZRTrVCPUvgv{@BP^azAlh=gfb!_F5n#+Y>tM7zS75!Zu4D2@D~@TE@<J=BmZ=C8
z6v75V(bsglin_jm#K6~Y=A0PJ66F{>AurF(fS>)`D5$WLqb$CzJQ2D~OUR~c?|^w9
zTV%0N`u-y9jmpBPW!<7R6%wF6oqq>!bsuZ-I&KkN5EloQzmllal3I|YXja8g*0~tU
zMwRubenCg+#<=?kt(s0ffl%j`@mz9Go`4y#*Km!(0NDP!CR)rbBkmQMoSKFkeniNn
z_j0h``3azav=YuALD0Dj`J<YtDYYoIKD2#9_C=GW*k}46_S(CQ3;(pqRwITiL~N&|
zqcHVTh|Bp?EY`NqA3|O(5-woxPqkR;b_mXLl;4MF&Yhs!ucle7(IR5pt~+4V$Oa*8
zYkBL@O#!&gWS5XVQ=lqJZh>|jKEq<#5nrszfg^F~Vs8@N6NGkYJ(D9tw01r{N_44s
z5m^nx=D^vPc?&0vbGO*cCQ<zXXAv~$trpAP3})eQBvZHUxmNelowF^LdD~@<70oL!
zvVuACQXV7~6rw@feRBod%(YnCu)gyk6IG!D_a4r2>o#gBRKK%GoSkoNVf%@CfnjDw
zb>h5iy1J*_Vujn7Gfog9nOvsVw@yUn{_zDCb2x7Mk4<pzyUix0gW_h->R6iS>L0qp
zVo3>Ucj7?D=P241(5aVjn!M|Ed>qZvq2KSaHuKdAHB|L_hHOZiK%4KjURMnZe7&Z^
zaw2LFp1a3lp7)@rK9JMHQse2pdo5mqiTiN_s4+q$FpmDng&;qBpY^^fqJi~lkJ5<~
z2<@C*$PL3oi|l8-EbyJInvyZ0N8U^hQt=Xtb;A*WyWEk|y0SYwRRtB?LhicM;vVo|
zFt2j3H;*26BaFZ9eonh{AHW+NMc8cVhsQ0iF52}VpZ&&%Y^SMRm6rhnME;Y{y6Opp
z27;?0a=I_GSY~9chi#`AEEK_AQT-_!91MQMVhPgNCmCpNMOFQfnp^b+z%P1~3!)Lr
zF;%`ik)toNi?BIKwC7PwY5xk&_@I;OfCHSUE_#0@$HBT)&}lZnAnbeLN#F1nQfbev
zwpfDBp*5Fz2djYBS$3z4rPh!0@5Dc0J9P*e*ijc1see_VU&+iTEtcDesb8#~K!87<
zZv8KZIpQhXxq9x?c*JS=qJKx;^*eqE91j<su~>2&c0q0v4qKEKOFunpu?srE>wV9H
zb@O*15A*r|CbXfep10KS=F4lX+8mYH!ciiU=&L?O(b}z7LUNU^vv`RYT$pSAOh+x}
zO~|hwzusc$Cixqz7``YNf3m3Jp^es2)!Zn5!6v;{ya?&Vu>#9Q++j9yBsy5^dj+)t
zxR?Q2VUxv+g0j&z5N`Gk^!gXLgR1?@TwFE`+qR+gD-ivhszeH2v;|di4zBjHWgypU
zqEq|R_H!w$bZ_KlXkGSpHk{)!s<C}2LQuP3<A(0?*CB~iL~P%JRjZGVY_;4RvZx}K
zsceV3BhJ~L;AS4R-C~~W<Q-Ns`-||Mi=J#1C(&$U-_A6R>OPZ@K<nS&#;Bn5zMsO+
z`RM;__6#Z#amQu|UL<(Y_P=Sx)1BXXlIZxG7W0jXTL+{n-v5@xy!1i%b7Z4FS*nrJ
z3+bat?^vuK&53vHN;Nx#;<vtUW!y@Oe?*dcryo$Ev-LfTS6)IFN&mhCKhg*AAH2`O
zul(RL;L$*vPA|!rMI8p<h%{`Mo$`@jAgC~Zw{?sWDBRR&;&bs@u5EXsHm@uMAW!Y#
zc1B^970dRybg$K$J=*di&he_2&Gw7tT=3*1;L1rfPby1BH~y9%TWdJ&;hb5mNk6t&
z(#(NR0F_M~Nqy*Tdog#=+yr?O6-G1oE(SU$FZs-3l`X++u(BkhfuCC}@x0R)Rx3_*
z*|5lDa=^QvCLq1zN>49Zk<NX|3%{~D+NOo2rlOuwCUbSqg<oOCtKh+`{We*cE!+h=
zkwA3n1R9Vg1#zlBvjszYAFyc`oX2GNUxtS|9keO8?3#icFjo{US}bnld<dYV5B%#x
z7UTS0hpk-Of)ON;S8Q(o+9s5NIe4L~)8rR^0DM^Aa?Y*#)-H+!$`LBgq|zWf=I_4-
z0_b?e&TsH%mEok(<!4;-;``oWWh~e@p}sQd>^S5Xjrf5}q}D&$RS^WeY_C%G6F+(f
z1t&^l1vmZ0(<4VM7HXJ(45wj6m?1bKWip6-=fH7`C7%aFLjBy1a%TJn5ful>gLXp7
zw>W9Nrt(5CCky9@3mq`FcaCl$lEvBV=qYF+HUUuufnF&&<onsS_2M_E4TLl2YdYQZ
zi_Jh4-r>p3Jh@a-q-WAw8?8Q-zgfI^5QPT|+Mvh)WvecF_BZ<qVc$r!$*Z-7?Lx)M
zZ@*jYnk>-sn&*vNQPOA874M<;)$^xa$bpzdq*Hz={tQ38iBb|-8Y63dW8cSzHob^a
z<F+s2*1p}Fje1n^m$g_`H>rQy{2-mrT0?ADgzX`--y3#^pX#S`HbW?ctPvT8lA*)n
z=ed7R$bT7UM^d*&aqlLyc&NQc&HvnV+G9J6WRv#|nQ|9TtG<VQKk_5AQ!Bp0!>Tm^
z9VZEK{q@35I5#f3(!<XEH`Vs=0MooE5ARVY^cOCng+LeG{JyK>VRlPZUCdCWFWh30
zBP4GdI(rIQze}`-xwm3tJUqsPcP^fLWP7E!`rz=n^*t<a2~ki&Sq!eaYT#iaeMCc#
z%_7c5&uZ6CDY?}05rl0E_MpARJEaEhz<35lHK|B4qs%xDD>)E%N1PTF*EsDV`*^P)
z7((?&yh~hd8Sh!D(#p1Y5BCEGbCEn%Q{>5y4Y@d1OcvMR?Y;}Dab=lqR$nU`x|>(M
zx6y5g4TfNLNV^m*8eCLic(|KIc*SKy!Df&d_Z&_)#a)A*%aD8q1zzD_Twwu)Oul62
z3gP$v*t!nrs*0_>(9lUE?X-K(h0r18riYebL8XM?dswK!t`HLJQiF;pHTX-m)C3D6
zEkT7KHK<sqL9tO2%acw}QIYn4GfBj==d8DuYrV_KDKmR^{r0zi!g|C%9o>Nfb<J7K
zrmMPkhFQ`SWP(K-RK*bRL!RCXryFd59HxeRmwZ!PgfXv{#)>Vm9z{3@cr{+;8EZq3
zoEtLFr}?=J#S00OfY}i|8IlHps)hFmQm<n-Lh6zZ!qD}JW(RS78$5}BCwlt(BNe%I
zB!Y`)+G_h*)&Pg#S1|a?=Bwo`5veb1r?E1{==RD76n4PAJHKgNM=g+V3?Tb{L4W`X
z-|pDqmYuaN&Oh4MS>v_7GhH+#B1wZ^@(Zv4m<Ss}AMW!3p%Sa{NJjul1<$D*qPz1T
zq7KZFWR7Y^yml*71c|BepliEQ1dYxnKi}oW2^ueIB_f{&ueEM^{i60zT|r6OH(bM@
zfGfKS3Z{7iX!j7H95E|^<xH<8D>7uKYF+qC3aUbA3G^u64MvdCjwpGQr)eyb$WK>P
zR$>Z@Fak_O`?_ju90L9g2R-{!P~n{Jrm+GC>^se!29VK;_Q=|{=%MilIt5AY`evR`
zDoq76H>M|3qI9XJ_PcY(&t<48Fdc>#<~)V0DF_lU8CEv@x2A&UfY906OJjyR3Go`>
zbE#rVClv5ae3P?p)|3b_U6geN=|JIvur&I!Bc$WITQt_=ofHp83EYdA;rdOh06KN6
z#vG-}-iji{-$*~mPhD>3CpRe`_>c3I@L{s<&=>+qPEnF7yly73Ml<^GFB#q!&vPE=
zB$%y`R)VBMVEwLE!`I&1Ph+il!ahi7rcA)?>aSHfMHByy<eO-U12n1;#r<U>)t$x9
z{k{QO0DF2O%(aA61r6jM1dAd8B}D^KT5EO*;?Va_jb%SQ|543_;B?+U6*3tAlNdKK
z4T-888}GCDzx;j14AK&q(kZzM>Xv<*uxzq@Ha-Ape9t|olP9+X7n1KD?Gxu(CPFC0
zT1r@zcCYe9u*|(~2J?qZuPv<7{q*o)e&&2bwDvp`3nw8zB97#-pEy)wDXyGhnv#IT
zvI-(+xpr}l5ftqi&eyJZ1P%^+e{{P8Vp^w$mOK-UX~#j}t86h+`;IRP;>@M};b+<R
zX*^krYF0l~GUal0e;+Fq|30z=Pu#Dux>urTuAdB*aBUoTAqIQ`e{k{x{51zYsB!cO
zDtc4CMyPst32IpLTEM~C`H;4neG1Cyp{1>*Sht|%4{IEtm|h>77IYDy$44|aYG~D?
z8t>!Y_L#cR7;E4U2W?Cj^nz?V42^u|2ArU`^P+<(_p3<Il#56@VhhL_+8yD!qbsA;
z9YA}{`RTP(4q&t!!}mHaPqiH|W+3>%(Gx7rxgM<Il6>y=jv0$pWL{2M3L@g5*51eI
z>f?OXE1yu$K{~!wI=CVCMg~xar?elK>BovUgAL1`5fMiDkw#|`IWvnA`;3;sj$H1u
zT2FrD(xFajgNWxe#=i;lcFkn8c|c}Z`5#PS2r-3B9=ZYj<=rM|tVugj)Ei}XT<W^w
z3m{F&n5Z4%l7nvfkw`vB-`_JD-qDyze0?$}tClehhYpS8a-w-Knj`h5wB>}}g4UeS
zO&WAB*hZ@gwD;IKN{2a>Un=R<7JrJT6|?{t67-IYSYYk**h2MHTm1)dU|Bm)c+mwY
zxtiY~eMv9!Wk2(x;&Fw(gxfh^21T;E<PjnbV3nq694rL$18hbrjh~Emop)Z=SWRL0
zD~faqvn1)`il=LgC<6afR}`q~i+tj63!PC_GnmCMUo%tVJr(<BxmYpKCkvLV>%<{t
zZ=>GYXO71Dw?Pey6+Z+}a*h>^*$Rc)U(Qtkh7~=mcSqk!#dEb^ozBMGSD^u%m&19e
ztK6VXf^|^9mW$4Ru%kbWj1maeG5uqncGP)nl8`dG--p`P&)7e^NIR_jb7f~Z)bhiE
zM?pTah_8|Lx@Ie{RbM@XVEyg9r3es3@m8XC7M9|c7=)$Kjs@B}=Y@b;Vdi@@l`Pa)
z#m<j(B<&vn|1oov6+k(QjR-otNZaL<Pf1F+SMN%*YwV_UcCmKYS<FwS{4!9V%3k2B
zOSEd|VjnBkIAYkJ4u}$1cqFw>V~Y92Xi1&>z`Yx>R9o-7H&`aJqvGkdH#F8MnuPrV
ziYS(by{U2R5l{;tlSUftOY7g3zT_=!yYt;fz6~$i`LXG6aHoXfj|<+w`8}{qV>ldv
zw5v2A3>mj#n9=YyS|DY&fn5w*u9Z8N9f|0AbY(CdIchd3dRJqR{Hk{~hH_iK5;EX?
zNqdzN3S_QU;-lefG!Od}KX6oligYa6XQ3KYs(s`9(llht_8T5Bcb9P+fVzpCw-M3_
zQgLl9-_ol0U{;(r6BE=18UjkN2}6EU?}IhZ{XpX&P_gaX4fMXOQ=)&IRtTvCg*6wm
zPtH2;FFMWvf0DG{O{ut?+xdwbV1AtIw&_EyBRfw1L?i&Eyn8ok97mBL&cc#bF_ifU
z01Jh`z&Z{;0G@qqJU%9GvsUhuOqgqd$|!6WfeAe=k!pGWKL9((^vwD#+8n1Wpl%9w
z%$VAl2D8?n_*l4=hkPTpDLH~E6;Sxjg^&{}#Oy)9DuU>h-M|3XZ0EPy_7SwLQ^EN~
zN(~6zRPuhp&ywKalba_oSQ$HbsN3pOMJO{rQ#=b$3!q)+Cv+`gYEd+;|6F5;9>E6;
z7+Bp@qcx)q^iA9!5k<*4rjJS<H5yUWPVF`4=O&`HF?5Iyh~Z9+5nv0oCPv5S4AX-s
z<aOMw#cu6W=OzKpy9IDo2{JwP8V<C%N8?z*R1A;#6x$wu2IxC$J{qLD?bTSniGb6C
zKq`$oEWk~WjbmYPGQ2m5a0{sbygBX`@HrP%Y9Ba-01BbOX`m&c3pDEd2Ku{K@7LaU
z3T@7p8izECUQr3u#o)+5iob}syW%VLE9%g^_*7?>t9<F#in7@D4Ro^e<**9UCkXmZ
zW5hRtY7Jx4>nJ0#Gks7A=fI6M;(Lviw88TvxnELg@nWQv!O6?;M$jwZJ?>KU7Gl)#
z-$Sp@dlS2pc?@9V-G{W-*isyZU+w(qxg%Ob_S2-J8Yh7ieH<9VkSZp=vGPQ6JlqC3
z2RoxMtQj4?6U=UXt2KsnkylOmJu*d%Ic!L?9|{Yj!9Qr5ouVm<36dlOQ1f4$Vh32&
zC&)%s1OrQX@Dp^5puo!d0T49Rj{6y=H>a6Da}}HWKgHFX`-|eNrU_bIIf?GmU9kV)
z*=9&%Xl2YRfR7-alKC;vTESmI?%JQ!R`WOBJ{1IOk0szXo>Pi+Aps&?2moYRn20FO
zFJ?7%Jfj_R-V&vj^T?l8ylDke<}Nd`s1PV>IqJ#&3^3fXa~Q|B_^iet=E=xCN!VD)
zRZNONcQ%8xrKdyCKLm6Cq#BJiWMJEIMo|SFhm66Z^BQX)DEL)zYZGC0YI#h4(^wO!
zKOKlzun0;Yr4a>Q&_V=}f=QkW+^i)c_fmgAgJ{>o2xq;2Xl!0FxGUR5rP0*=pv~;|
zr?$&^`cSBVG;|UJDzR99X{_&1+O6tdg4RWRTj7^bARZgbIp?DGfm15|Q1cDWAcLL%
zw^rjkJvo;YMKI~I;#(A7;XX<EwyRoWW=_Ba4NA9u5e7M?78~<|^c7qTu4Btv<awIV
z<z?WE0ezCv{1NhruPgN|g604p6w}fv0M}y7h~)5YLK$}h+u8R<eo-QPGifXso6@rZ
zI_r<=(op9^eUs4fk6i?VwV1hA&`4)-sXqZ}A@D(_2=Ao{6)eD4Y-y}BUpW<b>GiUP
z8c8thS$rOVz6YD=>e(N=-HfK1rvb72uBpyy@Y|c|9P|t1-F^&vK%)aYen?W!&5nwr
zst+M`U*8UtXWu~G*^#k6NLRcyxH?i|B{p;66eOy_r2=y4V4b^csHVe*!~lv3zJ`>u
z18E7c%CKr&PN>eE*2yh(wMPgCRIW{Bn9hnn!p78&{1%hpq>Zt^z(|YM5y}ferOEM5
z6<duCqPO>J?&kndKJZnPHYT4&SaElh&P_R@U%6x$)hnVolyJ=T`1a`<TetEI9Si3?
zLL&`)7C&$T?glqHa{#)(7N5mKzc6)H`~#=Cn224cn_hd*6I<lbS-gM<5_=LyCqKY{
zG%tUfJzgxbQ){4$z2GuZHBu?G_vy?*f>Nn%g80>FN9VTS8=r2avsgc-wa!}rMUzjc
z4TlH^p*hWt)|o5rPsJ&-F;)=G6|zb87<(%?`BQ}_|B2Ot_O;c|IrRZt0NX$($_|{L
zWj8|dnzh&2xUs7CIGv7#U*A#Z+;~FKNsncCCtXpOaG8WVR&*LJ-Q><XtGDKM(eGmV
z3~hk0S4BX3#zz2`jrMen;$n3cNyCBd)wgz_BFkr?4g*6HOY?_;a_^ydotalZW%O-@
z&eMM)3-oWdrHOu>(aiWUnWNTA&r8r*!B6%UNgXJAi?TGF#iQThJ$D=ci*2zV>{q7~
z^;t|hVNTb63;%gll5*xm9V*WQFk~9KJ^o16-*^6LBG4I9n;uTlS+06ps&e3urs*A+
zc%l-7gC-}`L<`b^&zPJbfG4AkXxBy4O*fsz#<AU%XY}u(^Q!-to;r_^z<VHix1z-;
z0<6ogkx>-ATk}##rp^lBOEdKlr<|3q?WObX6)~Y`Z4+b~4n@N`O0K|)ce<Gyl%qG}
zJscuie#5PLbG9Nveg>g<h0$~v{oPw<sLS}<RP7?*PWMBwJSSln!4|;mqF-><V$Llj
zJy@Joa6;Xov%<YU9YS?I-ICJ?M(Ic&oh3FzKcH+OL_Z+weFOpg(suCpC1;#e&iReu
z-p2ITc>s_KR|q);RLW9;V6s~vKQ|ytRpH6CO;WG}4QX#9G*jO@KxYX)lxyHJ)dA%+
z(Z<Xwq%i~a8`+A--^ukxdG>#>pH8_;01WjI;>N;f5!}}V!EV0(4fb^Bf4Od)GDx}I
z(z~$DPJNbM^cPy^s+Q~F|MZ2kl|@6F$X&#ccCXGVhga@ZBrtFYtiSUSNYM<$2w=3V
z$I-N*Tq$993ckh(A2UqnIY|hvIQ!^JKJKg<AUg`Cxa}Wm0Emvz8Iy$o(ES0{jq8og
zqt8O}kK}N>zj~x%Aoty;oZ7SZ>%8~WkEo&6V;1eI{og}O-Ty(I1&i2!+0LJBAsv(T
zkj_vR@ek`fk)8%8QBnamn;scYx2{2JbKyawAr*InHn{wV&I-n&K^J4XV<~$W8bg*n
zsx!EqAD)Dq?J9fX>ic!T`uUh5_voLir5vA=h0fUii{MnCM@X3<No7qytY)vW8WrX0
z)lPL$oy%8leV(EY#H31eydqs9qN5|*kb*4T1*CfKYsmaQm#;Gv8p=>I-)4747#os{
zbAQLw#?5KYSe-L$BfW+ViKYBDa7kx9uCw$t;B39Ti1IQCtfJeVK)dbhJ;46D`w6ZG
z3!da(QC|F%;?82>rMHIwIh>CD1pVJ93ToQ-jLxE&bPPom4cSG{>O4O4qudW~GL7P%
zQ#MWn`KOVwDCvONXxZZw{~#5;Wypo4)2f&7%_ZY?27LBIjmd;qO$^dGv)&7DOskHf
z^7HNl?oEnb3q;1i+7@A4;hKruQqG+Olcm~KDcF@MdP_PrSwG_ZcR$D#_BTYXDPW4u
zgI~YwvQI6#2gW|`d2TX;U(ijaI#9G|4phMPqg?eZywo!rfcokD1TyY3U(`1^)gxl4
z^Swc<UDX92<f{N_@zoD;HQ4OXHZ)ad^nU&%m<@U6ieJ)s9v(tf@qh&o<TU*U=B3LT
zm1t5v`m)aQO$nkHD|*@GxaP|xh;G_X*WY)lM7YyhtM-%`fXZC(4E;yvH^5?#T!T4T
zncE;*HI=Apbf3xXofs}Sa+eW{{0Y?0#o{PrtY>j?ZZ%sEXWN%l>*_^Q<{L1%qvq(W
zehM8V-I{%`Vi3~BFLCerg*qF`fKH08U}M7_f~aJ!&WhTgZ2`_#bo6a|mHYIyxxhH`
zCLslI_W!tw5k)Z!*v4@Q`v>~WLJ=_?L58t~txb#zHm#O)ZZkgq)*_wF`$8Ph%GXNV
zEL=1xR6ExggrVYyNEiE_*LjeTiW)6)!Ks2Op$TP|M`57Oe4Qmk{b<iv03b!>Qn<1U
z7U(CPPe8Q*!i(5;3xsg|w^oGcIAV!cAuN(dpkk4J(fQ|z{-VL?;ICS&vxMmWC9oXM
zYq8)p_v=zMgX;fvxGjB4SOB(uDb$$rq$btwh8$Jgghs!CVB?j!Q6^1zgZ*u}|4mp*
zrvxWc&KmT>$*S3*&w;R8{1$g{M!&5$U@lJXGQA^vcZ7NV);cOLBK5rQbAT6)zr$@Q
zwo)GI?6FZHbYwTqGx|n&t`OxQVGVKc!Bnvk{>snI!BJCj1kjsn3(<)`W`#c8X|w)X
zp*L~9;QCcqTjz%&(RmDxxU5&qIt<|Ym3a`i@vFI8m<X%TN=LjP(<1k+;mS{xVP!lr
zu~cWNy^&=~iX$C+0|D$@+b6wcE%%Mk>oKs0o<`HX8fM+SuX7fbR3ZI>$RU3`oYchu
zT4!qi0k;z=$o7OzHIpem1;;UFoxa!k>EeSR-{3$9q|33UNzb0Zrw?DRvvwCj)Fk~O
z$;8s9TxX~-KZ4Wi{!-I;JZ#bi9twzx_}Yn9I`vBfy9zojnEL_S0rw-8TKG{x06tl#
zJsWjaekj-km&189P(<`y2HA8;6NK~D0hF$aPU0gjZssz+1`QkRfTSUBCHYif=tB_>
z0R5$H<FW~ZGv%^|x>SYENc7OS3(gpnTDR*g)eBT?t1JO@{vG$t`ABEQVM(v~DFSur
z0H8D;113E#Z+>{dc(8z7SnX-!CpzzI7sYXuf{{J{9C`c^i;>Vf(@5(;AJpjmDdST;
z*LfILeTp1~^QV2E>70+@^ym5=Y=xmJW!_qTOo0wP_gBNf7BnCm3tqfaf8V(u$bX6a
zt|SAQy^AjlurqR!Is8MQFLx_3zet)4imGD|=>E4ESF~4O?R@FgdzG+f&psu(Jzt5h
zWkx*(DXjVg1uMM3Pe6uG&~(F3Xhh?0MA}NKm(0shFT1|d=QvesDvqx_elm|b^gC!|
zq&XNj(ZsKn=xNqBN{V33w>oF?$0`jBg80b3_gf!C63YBu-{(BLu%y3<fvzG#u?}*-
z?%F}cH}}Kx*W)aj(<7&FNJkvjcQ|(s$;Xg$aLD9AkGfY&pqG#E&&oWid{*``<!mKD
zT}sP`TZPi%DrKty50_^|M(wNHLni>PtI@e?#fK9UQRKj+qdzD~CxK~}^_I8~QM9Q#
zg~&$#iCbYmQsXigw<;BZBJjRCrJT}iivJPlsc}E+tj6O<B@`ZRS324mZ*}kgbcXQ4
zz)VDDq7;wndNWZHkkGykwC-w4n{rO$rW=3JXF69Fe<GvSniY_IK<;8_`Eedjh%|F;
zi6|6qkIZBgpHR{zX@HiT|6CtVXHM#j3>Udikk<r7be1K|kkk4(=h?Y-8V7})3Ne6P
zdUG;u7yB0oc>t<K?dGh`ClCqHYdy`ANfXcU>VlXD2~G@vo<28%Xy_1_E+`{Lf-vU1
z&KqIGg3I#tZ5IBd;cwiIB>@;LMOTuFoc>Ke>O75N-H=Mge%uBBL4p&#7xYT!fkCoC
z%)^rh#{Pq=<Yc@$vVqc9YDj5+DluCkI+6szR=(|PPkDdwTtmi1B{7#MY`7q4s#ph>
z?-_sd<VyY}#VbfcvP2+isbEET2<^M9|K$9JBq|I5sH1EO01S<<axoWwE$8-vk|dON
zJ&(qm4%fID7K%=uJJ_BO3bYUf<o#_lnb+Ic<&>4s21Y9;D@lGBX_=`TeS^VLMFVd%
zxGfnIV07UY7bg)#=`>0sQ1^oL$VZbd!f<tJWXyK%X&RulU~Q4sEeOM+5U4b7Y_L8M
zXki(ug5kXdU5kYV*m?~BiFQp4=3GF7V0Y^{oeT@QuV+((HH-u|GdSu%q@XcfK_Gkm
z^ip$Ujq@D^f(bhuLkm8|bTA+)*&PQ48mv%IJ~qhUm4eiCB(%glIM@;%q5?z*B^pO_
z8X~=lZZGhkg&HjD5A27(%);=n5-p&prSSuMN30{(Nb&%NP-K|F$|W*=ECxbtIgeGz
z3O87qD*-FF0Hyb;V`czlM;I&(jxjX6dY1r&f@+|jRy7e}LzKbPCq|!wvHMfd8&~c@
z-`nU*NEKCT5Q0sb!5Uv?>ySaGSe6>fPnD+f(|OBa3`6U^22ZAk*w}EkS||#fzfjK#
zbC1tp#E%)R4Bqvg<Ogg7(+ngcH;Bf!!m)a<wehX<wO@%gZed@tr;X8{{baN=c(-qo
zNb||nDoMwk=d?GNGl>g?8;X&wZy5p9<xgZ2KJ8$zbTv*r48xsp7E!`S*{h?$<~5;Q
zK5`GvWlbl8*_5ONNVyy|7}CXH37;gupJWXW{#+2HmLk<RJO(>?M~uM;Y`n1sufg_+
zgXlO{X+*s8(-c28*J(=et|2d=`YM&=u>^x5<v<@InTC_;YNEl4RCr-D(U*D$P<pb#
zx;mwH1Mh*DU<Pv3NpS$*<fY(i2B#PYobMT%YH&M>zm}{C9jN3D=<Ydb%09ujl4Qo%
zM~+cWKmv1Yw^pe@ogm+Ts;j{`;gb?-Bb5~Tqnp9X@yEKW?~;Ik4deEZpr}C+d3P_P
z8D;e}zU9Uwd$`>hlQ2Wb(*u}-F&PF+_2IEpv#NDh`nwzcy(|-Ju`ttM)zGoM45ix#
ze<wN+<-HHw#NT+!%|<-i_%pXa@SQaP(SMyt8IKzS>D-2}&h$=i;|u35<lknbv-`Yz
zyU~puX>mR<vH@-WqEXK5!wlE@z6R$lP7;mHFGM2px+5Zl9_SA{dT&32<*5L|5>s-o
zU&Q`hkkLtizr0Ca7C$=T@Ar2`UA`n6$2LC;$9Ba4gCV_=5`e>!NUt*uFd1@nw(-5w
zd&6DgYe$gD$DC^b)YzVZ#tx@eO9Bj|0PV^}gN(+MS%_9VAj=LZcY+GI6J{vzcuQ2h
z|Es)967;&fV8&2r?2thQYiST)w02JYvdtO_&jJ@UrJi>g44NjkL>8*053-^?t{ibU
zUajxlZmV3MDi1+ZU;UMj-D5CP7TgoA#S%<?g_GEfM%-(#(PBLZW22RCma032CJ!+f
zXk@@pBa{hO&M@VtvBU9`a#NX_K~=1)r!kF~fF;;7!uZsA6=X~Xqp<op-0F*kl<sVS
zSi|!p4OUvLxKDYH{r4+wg}6)Q5@gEb1(Y!ULF0f^C{Saobp%m9YDafJWU%}K{vPb>
z!Y|2q2+mj4eds;P--zC{*$*2_od+@Q5rfaa#9xC=u#Pn{lqP+qMbPX=xgdyIf^?w9
zKW4D1u)G0kNp(Kkq{jfD-8>wWLB1krv#Qa^-ClgmU^$MlqYcjDoD7#$Cfg+r_x7Jb
z-V5?flS;ROLGxs;G2f|mlH=2mvR$$vY#<drZnP`PGgyPnraU8&$;H`xqc8g@{c)%!
z=Xxi>P4G`N(y8<bZn5yKZ~<3^C)3_14c2^E@)XwAx!kLsHhAS8!gM|ssQ>Ig!B2AS
zK4|L(&$^vYsn%dOgXr>oIK=IqGj=%TQof38*~P7zQQSCVr}KiObP)+nGP=?532?Rh
zjpr}yoxokM@|cOrPu(ZsC$>OX1j)xD-%mnY%L?#_C6oCh@(YyvO`c+K%9~lw8-e^0
z$f<z=F_oU3iLbx*0u0*87Yv32#}ZKCIxOb(i<(d6>IN5~c=;+u4*-7KjJ7@urE0un
zY;k^)xRr$ZN>$*!DGX(;Y5XE6dC?C7|8ZkjI0fE-BNqR%+vdd!fT4F|7~r0D7qy@f
zuNa%1-VsD$t_S%j+|8u>ryH!vR=!e0GnF2m!7X`@nQq4zAy6++U2Ta$s^d&-L{nNk
zi+_Q*XZ;s|Qtb(7t+!_zA3FudACH2G<i1|<3bHVp=C~*vfV>4b5f>oPuG2M1WE2{V
zlNJxGYYy2vmj_+NuR;enA1yE69^~^=)lMyvuKu6F7~^q)tmfAdR0E37BDu};ur$uS
z6}4`e^hSv!l&ZGDfIr<kLZ{ATyyrNtbcBqn&c784CdUoRoC`qx3<N0tUBViH=Vv6H
z!06Ofy+SE<p;4vYSeDe27D8w5Sudz8N??HIEH?bKVxf_%UM{h65<-9!GGh~oSz;(4
zmSX&*EU&C`#nHnh+^NQw)Nz)hc>`mF-qOP9$}o^u$k*C1GCGOATk7^&DBjiKjnV1E
zO&4~**GyP|Id5_YAJ0SbZk?G<Rd*qgdwLq8os0|=oho-@8NNPZBvI41+@2?GL_tI3
z-8R2%FoaAB98n2xmavA)TM*m+xy)eM-qLrBmP}D^Uv6;zJNbSvd2Og{E$UdP4M);~
zm(i0qq7?6!allBR;VWFk9kSLbD!ynX_XYN?bn|K?3ZpKUg#vCQojeakno|lqhJ3`B
z)kdx}81U1aU&G=F1-KTZuQ95X9j?oG)?W}o{Yza=k;J5@5SXzWVN@gV1B1)BABhz}
z25OHPPm?Zr+tambnDc`7AfBt&x_mc!JH#9^nY9BDhaF4r`)*$kohy>F^{|;p+Bpn<
zgM85I2eH7`W4fwOWI0au{sh%#UU%({45AJvtcao?@P+}~V7U*iQ{K=oI!`BtNfhC?
zY|+HONf$_-uK0OqRx4-})shyJ8>~lNkb<FyMYe=s7`<+{5wF{vKHgv~WhYj+&TWv%
zLbqgdq7M}%>PH3`q9Wmd;EDMV@BYO`V~Nv7povgY|6jT*BA&k3WH=Go<&!q6%PQ_G
zYh@Bvd+z&4kUp-%IhId&sto6<Pq@z23tm=ERR9>8l?)*Tv~;~dan)&0HgI)yg_5q>
zvRz5@9Q{bK`lmm}Pi!NE4!VwliQmBw(X}1QZ2~_tI6D*!tArU!B{1f5;~VFiB0|TI
zyBM0W6O(>sePJ*pr1;?L3Fw(SxhN0YWpL=W_!9|_k<(hi3EH0a?KYM>1wwS7;fU0A
zCa&0{_|ZZN(P#`d)w`l2$+H?~PVQO8|IpytHiwr9*X(n10_5l#-#>sAb_}=gce4qy
z+*H@E0H6s=h*f^2tohLcO1kvw*UD8bzQqeVl^1OH!%=mq{haS%_$o6ZfH(WjU~LsK
z-$NfeY;(E)pepJ@LCFaP!0CbC<dDJ3;iz$<I1h(y6B3-mGCdd;m+3L7?6AQAr&8C+
zhR(8&O@!W=n7g&{2=~}P#ZoB76f8e#FvRWbV|Y8~ehXD0v2MQqL)i%<t-`3PO3}n(
z(`7g1zT3i37Q2S4&Q`l#1&)gtF&T+Rf8q{Ena9z=9}PAi$PaS}9|R-9_V`**X%Gxo
z$tZ6iMqIHNy7FfwP_6!-vd0aM!%uhaO3(>|GmhcA!F1mh+g#g(bOPJFXf4*WVk4eE
z>m-j!V^1kDLXXqR>tvl#t{Qe$Q6Oj?MVseLpzksDj+;jKwY5uK{5e1<tInap;z$h_
z8L?{!1kjWqW+*hXVUjmph4!op1B&hTax;!5+lo;Vcb39)<X7WsRSK%^G}GwpZwBj|
zPC?2@deK*Z=P5|>7WKG<cC>LJ+>V-Xvl;CQfi-^W0*|K8{-G?+l|NDCVcJz79i?}a
zbB7s1UH^h3Jo=)Wg+qvt{!hheyK~3mFG1fbH%9C0o#=Hhyli}{em~AkTS3v!V6oyO
z1>{^{P+4Xe|0IDdasSkcSZP9D0IBy=`=^kwc=s~AriwOZ6I$dm{Z!tJuh5(ZW^;Bv
zMWS6e=>LE_8`9Mqu`Xb2VHra4qO#gs4+E7~vW6{j5$t3fT@Emr*4@+4<baNvMkY&I
zQG+JtHOEq~Z)$R;GVu`E?Fs2@N5h(#EDec&2g6h=w7(ra<!wjVKLN)-wYm9*vR^=N
zi1-a<_Kvkz9eB=6rujds&}MW2Mq!U~0!=n1O}q;T47yTbkjbKv;lZYo!4qdhx;qqN
zvV1=71a7AXqf!VBO;NNl)MRN$@hJ3P$I-hj&97AX+FpU|uIybZ4>K9(7XB0y+Ls|7
zM^l4NN5f4vd9)<LR9t`YH-KZM(bh<qjAI?4x1<Kc8AK{7%uJ*^IvJxKn^nFx%H(;C
zZJP4a9^F(DaB{kyNWjT9U({P8sf%f{L8kZ)1kw@zs*F0b`&46@SDkNk)?;$s0^9`v
z#aqox+E$@8DmvagfO>eL*v__xe)a|6{LHk?rOw;L_)MOi5ztSWa0K)-ie|Jj8TY=}
zFF_bl`$b1?z<^OZ087`q9EbCGE0ZMyM?{-Sq$*w%pDW2mBnSo+<Kh;dw=rLLzF$sT
z91}&r5$6u{0fQ)tq1~RtS;)B6Y)+4sB7C`YjJs0#?XfG4yV8UX<~gUN$!>7ngrtc%
zB9)y0zu4B%WQKH3Cw{KWOFAo3u%-)sa^77m8RikD7Ij4MaVf@RWkLKiqUC?K9~E>L
zJqzS%90AnF(`2}{Zx1Y2pr31|qkgx8ilB6eo*>wh)we)&83A7duwj<|tVwda6%tAR
zbQ|~H0=&ee^$7NJQp~rM9mDsfz-g#x5fMm0F6xw>YC2i!%Y)LCrL@v<d>va??(1r@
z0y4#SW4g6Gt~<8exdoUFB=9wLv=U2tqRO7X9SFsDdYB9uGqR@{u8JJo`=E$4%1;Cv
z<ItPKg6W-)0l~Z0476!g8RlC~PdGsY4DqzD7oM^=(`0C5DGlGF?WCfYS?&C~r8k+J
zk`7k`)+uOkN?Ic)ncV>?&cItto-h`+VM<d=#uwofd8^4Pzo%|BqujpAe;1Ocd)9fH
zQdw)<c~x6T{(xkh#o;5N3C-v*cAP_RcYnjs-f*jARXg_%lXcr7`H#kt2T;S1Y15eF
zEm7A!*|I6!vAY#IJNm*WU(?5Y+qq%LaM!kH6!bOOIH=nD{j(&f?KGrK{Y*Ac6!mB5
z31N7)^*0%!19zbPUc9k1EXT6AyssSqwdmZMt=T5SGL-KbsQh&JPLp$+Hu$gEk_n@D
zJlI5Ji=WGz$x<8KxFE{8%j8}^u$ky=mW{+HSl(?i9D@8Z6LnT32v8}y8+3r3Hlt=V
z;1t?Z3h#o#tQm!k{pD^`$r2!PK8xhXl6%bq{QUZ5mOYg+&xALm@qdLkqq8T%o6@DQ
zXaM9+g*T$3gUvUb>s2rWXV4j&qa_%y(yjnGg9zu(p(e|BtQzK`IFT&A)08R57WDgY
z^K0ip1Lo!wfNp?JhtNGQ;k0>j_*S0FQ8wx7Nad%%`(2-n91r?K9xxf)#`mDvP&rIO
zq}E|$avtLA=T8&p`?YWaWYQx4Ve^Dj*2SjDS%3BauF>j8%&p2U;3`S#^QfCVOY}+U
zWBmK4j8Z<faJ2GMajx0eMM&j*-^vr==s?<Iqle}cHof0&r17LU%{vIK^z5l{KKCi5
zC<=|AIf)o<b8(}$1zpWES#%^mSUPssFY=BxKT%f&(CZYcOo!6-J<c7`vyUsEapeh<
z6FG)FWpe&%JUvll(YjFPQ)U~Q@wB;3eX=atO5UbE%aQU4nFuYl{u$NV#;tlifHD<I
zyDg~XS(6ufgjk64n)5Se)(nV;w<K=`mwc)7p`z7DZZ8;o+R?UgrjiQ)u&_1_JKkhf
z^*IwvPNaa3l(PWAtug^n{+fv<%Xa!v=#!AN>;~AVqm#HT+BVt6cg8&d2L$C!F*@<G
zHp8*Zn+IbNKZQG%`==<@{Mhp*$KhRjL2*B&XlyqSl-wcOpQox04<frP%&U<M960nW
zqZK#J^fJ}m|7EBmr{Vw^;a~%Uga)Cv>X|X<Y@d2dm=6uKn26J2y2<m>LSAGlYTb0M
zkHzawsj4TK+Bn1H2}k_9OpD1Do{WTuNIKgZ`dA9ViJ9h7r;0?*OCs~7UFz5yPQ>rC
zOx8^&cUG#C`l~Q9qqnc_o@d9KNz`q&nagH_mNfQY23a9yiI(g^J}t7)WB^9M0m0DM
zme5HXMAP>~M$+b|vA<={V1Iw!EGi;}+_&F9S6S<GuPSOEK(VEbJxC0WM*tr8n#mg3
z<mW71f?35euR((sx2_c`o?wMBm%XP|GcEAP7IBpvNAOUc2P#D%<^)M!-s@bpv*#-r
zg9P-E$i!B`0<*?x%JLWDBslLawmtMSm>!u1D_vx=+E^m;c3^Lbp}k9R`1UL|SuIQa
zz3ghkq6E>tCER4--{HL6i30JlVprwa4wP83JzzxFD4hm`L8MB%Ml~jVskzMg_S=>!
zQA_0;%3_HZl0<2;4aw|<2DNc(QMZ&g&E5b^Z{}Mr%C9cf;CY(|A7|fIR@e`SEO6;5
zl=zORq=fKqy`BqCp`RW_WLfa8*^O4dV=}`63EkElll0`8ZSGrp;d18z!ZmZUqY_cR
z<I!8}N|#U)eW|i<0Tp00AkK^op_!{pHo!004||qQQ&+p4eaY8?G4q%Ma56H2)?5+A
z7y}z|b2-jorkBrg#X2Jbt8<poL08HbF0ahwT&?&U8864u#<eEH=FWQ0<PC>nE5Rx0
zr$g^^XJGXQCZ~tNf^Gj1Oj#1Qdg=rCi}rdoKLKf!R4H}Cg(InRx$8x8jwFTyD~TH1
z0Oi2i@T({jf!B;<a3dVjl}r;e`S4)zEw!YBg7W9qo1!AA>y~<1AG^_f%Xut;0<P@}
zMt=uDu$%EU!#A0`6h{i=GpOT=3s^QV1$ApFhvj_$0iCqPO`Ri>ug^&JsTbBGTU>-S
zzO~-DRzaKy#}}VYimsE5ecK@$IT3Cji!lHCsCAvzRPZo)^mZjC&i_a`&VJD@Ca8oE
z21Js*5d&1d_*jkjA&bBicPGzAl&&f&py@jV;MF>R!oLR5v-C}*%K2`G$<VLcKQ%dP
zK6VZT=80i-B{9rzWl4=RAm8e-&|oaw3EiLb0xVO;7bY8}A%#FxdZfL>m27&Ze3a}~
z?zxMfkI>ypB<I~@a<18A3B%iC_NI_WAYJiQaP}$>U?q0$Rh<Fx-l7_g&hvJ3rEUH7
z3-*~yxuD_FdP<c#cDNaps<Vmuf)_bVu)Z<Cv3#xT$^wjTEcrb0D_C2ny3akJ$j8{P
zT~csjcLd)r$oisb+c)O>{N0816wK?L&Y<66%eN+L0?q%<Wy>8~3UWQfG0`yRpz>=<
z&&@-AP&;Tc$U}0`A@FWUx!Q1$J9Bdmx%i-Xh&1b9z|%<YXoXSc1=M^hzC@CH!(SRp
z-4-8#A>!W#5I7V7V#}jEs91B%Mg8J(?6^!g>NICn{f>94Hs5gSA8Z(noDN^7e!zl~
z`azXSfO91Z8skC?ioJ~6#r$Z#<=n>oKbm~37CaRAnqBP#>i;v!MfJnSH5&G_>BKs{
z6Z}7uiAC@)E?KPvyv?J6#r-nu`}_|<l{Wdfn!LkRa>^XuS+eWvlzW07QPGw?WjTUn
z`Qi0#jZyUCN%K8*i3UE1mht*4_bLYbm?)`TZ)2Et+Wg45foQR+gYBYGq7hw50KB5~
z42TLAoH1FyI?P+8pvhntZaQmnkRY}WXr>gZ84tWL2*snREWm0;r)tau(rR4P0H!84
z2gwRRG2vA3`M<6&R=*e_LY(OBVdr=DuSy8J_%|fjoU*X(cjc<R7u*g8;=|9vYr77E
z|1{Z<gEN0Be&E%=l)EIR2teJ0h-5<F?=k1HL%P8;H3cn0QhfC*c4wM+iAgTB3QNb5
z?+W|n9s4SmPx~6OWRB0C=eL|Cvv=YfSk6nz<8QEdQZD00i|2mDsjP2IjHGcFy<V}k
zE0vE!UFaN`B+%u>(%&N+SuE*XKDM#dP>Bg}oQ@$C|85hDd1(`xTD@6g1zrlRz+)ea
z9!Qm2QG+_%)C!{b<`zS!i_1hybUL_W5cptrMF{n2VSUK((zq&>3Qy`!P(f>Wpk-%K
z8_akp8mBtYDp5XEHuC<{of<{6f~-$fnY|8;EV;o8q@1|twqWaR<#yo2AE+C&@EKqQ
zD_dGkX?=*bSiK(*k+r10g`pO2TEGrT1SIGw+R@gQmQo`GfsQEW*0=HlNjMUEv*r`L
z)6ZcRQ=YGcTX!=_sfw^}QO$r%5VO|(5YU*wX5mAc(TQpSyhjti^38Q{N{J~8`q|UI
z_QTU2vivmpbJy#ogOayX7c^zSHx_gO+tMoCTIvw`^8SX!&O!MI)8fU)Tnj%rS2zit
z>)M5)Rw{7i61RQK3){HYV=<*u>{af!+Qxz@A_biua-01ad3*raEDXWT@_i^^Ep25j
zQ`Q3smFM7Y*0&sMw6L|MWYw_ApCPjozgY{VJ1mq!*F;+k)g#WTWWSR{B_q;N+>@K!
zu9+u^8n?BStaSoa1x2J%X<JLlT7wn}9G~fQ;0nTqW<S<$YE!!XZ)}pjgVzZQ+bf5>
zq=S{>CNvTb0@{1^iFNTXsI<O{Y&tZn=|l2=L$jJCrKiLvHNEB5n`lophVEp?fB=8>
z=BDA4)5Y5C6ag#7QX@d1w%0ywfMNA}<U-2=;I2ynS`uq5bIO5OKrwT%=u10<I{$@|
zrrfkOaW0z%>P9gZ3_S*oD5d~eUR3AnBy&qVKU5?A7UyzEhzI3}^bN9mquNk<Ot9}H
zSPU?*I1#E+G4cbaMyAn`B&KTLDNW`&zBI++>`LMrr=(-Vsd*YMAe`5hl%Eat8Ixue
zsjE@Y6<1zJv-Ua#9OENl&M*^aDCKp7fOqT4-laUS8@6A0@tgqAiB0OxFV5~^sbDEA
zj~rOLuqU?&V=^p-E!m$~*Sjdq>#9u4S%0Ppy{v2e;Nef?gtqlJSq!3{fQcJ}z^es1
zWsMHqY_Ui;897baha%_h;v&!!-emQlp0`+|Tpl6?rRG+yOSboRF@s<x!;GS$+btzd
z13I&QCJ#Ct?~K&RbBD!9b?{=+%RmcUAGXMJtPk@E%8&N7_@HAU9dbOQ9HTPoeta3E
zqX#YQuYQ?m`nVAj<qH=@1yJ`aOG(ouP{BQ3OkW>h@lHKKx3hE$=-=<Xgy0@JeWO#p
z@ET}NkqWf*G8E8~f!0=4I77=(pv-TC(rfXZ*5`cT>yMZ8mFNG*atS9w!^P}m(Nwwk
zzf54ta|c<0ivEJc$icKBM^Q8@y^H+~O}?8i@uYij7yjnx-^~SgTG_ppvo=PBgZbaj
z8R9A<^>I>LIy%&1)OtcV{WZv{%MaIDBF%Dkn8lJk;vzZOQGWdw!!0FxMvv6kp5Q~5
z7gUa5pITm$<Kil!oO5SnXF4>}V$2oEv~M5A+pK;OBX!T+XDO%{O!7Nq0cbl33Egw|
zTMS9P`2odZi}x2eKuOYb<d~-e)r^Dl6f_a$spe5NIfN#?mywbPde~AR?jVkqJw3ih
zES88C50SygF)t<(#m`5WlKrUlE*CWLZb;0SY#EqbQhQZ*n*W%kxIVa44uk=TCFWPn
zgtv(sHlrs;SxZ$R8CwPreaS>rS!TU}MAU-E;Y9c*12UWUBEHg>9hJ)uO=1$7u;0cM
zt%B1nBdPC4sB6gkkIv<;Qs5Xk|Ll>V43)-tP@bif89>+~zwxd-D~hJ)TM7sZ7f28r
zmP(`9W33NW-Txj6o3e$*ZWR?FK1Xp>5f#enl@W!hTG2T7ds6TTl`mt7f@WF?bm0k?
zC9O;Ef>#qMzb93n2&e58P#Z`&E`Ey3ao*E7pbj5`COl)+IG09rLdzt^l4mW(r6^>i
zQUHJOPdZgT=k|QbfrTMbq2%oVkk8(67VAjFP3jtMF;D~D6AchD)ciNHF$GLeLk1zQ
zbt$w^IyQkHmQ@pRSQHV3APZvs3zJm83-^<dH4NEkL^GFqTML=#PLC9*{vwQ%z<J3^
z`=Xs#R9xA-*3ln7g<mc}C?Hmr1BDt<@k5x{(&u@Lv7<M5!OfI|1V#jt71@xbgG2r$
z_DdW)RUSB131O|55UV(^%9#dL<@{;%%lOH;NFXbN-t@rb{dPJ$n%%EhoPY(K4WeoV
zGP5W;GTqv#NO<7_pP%ekaY9$M1s`3_42w<OT|LuPn{RK2W~$1LQLX9nESHm2N7jiJ
zif}4?!y8@nHqL`N$6~1xzhH8$8_Ly)thrdWz(Un1*G)x{2l3huD7(bXbvuZ%o)z*c
zvry$Vue$ixV(iXfBqG5x?#!D|&^+sR=Q2ao;f;$aNg$nK!BsF>0o-Rq?tBb*I{UwF
zF-AiFd}UXAEU=WWVw4((B4)S_P|nUr%g%`JAnREx5uhGlXpM3nc5$L5vbSK7RqYg;
zk&C&qC?B%~3!>gY2He-1rb^qPX=>*C(DzcAb(m}=QHK&sRp2P3*3(mgf~&+*a15Z?
zkf&b~uVyUtww2OwYN=Jsi}XR~A`^-tL6)3firxvd&$XnGWw4QXuR)W(78Aw5X@zgP
z8gyAek~O+bmw_ig_m-s~tFfW7T`}(lOed^-40XWLH@%_tQkp=0m$_(d1bc$3u6|yL
zg8aZ)6rj)L7Q=9f-H~LRk~lczU5hab9D7&UqSGrZ-U51VC4N$OO)@%M=U|^a%*HtQ
z@3qD>Y&DPQ8mzH68;q|MkLJ5j6Brp^^ar40yNUr{kvA(Wv))oHH!$~e!mZI%a}=w*
zX|1(IIX05r4|8*?G@W+8=XPdgM-N`V9jccu+k|klZn#P#8u1hwxr2)!koB(=K#x2I
zw<2|&%VyPqnvbnhtp}3HsMSk!DqOd%5lyLPJr82HmaFG7p31!7Dhu8SlIyq&;TYHT
zp~ZTgj(rGqz?T8f!&h{tH96Ru0hQ2%$HQ=#%0JK)XA74~W`?SL$a7Czk9E!1Y%!2~
zgDr{{3EZl<Mu|Y*$$T|V9b?H(2JfQao{y!hZ6LUsSYa`!5H1iMgtgf_(D<TyyWRTO
zsaLW-Qqm{GKgOClB{UHR3T*RjC}fhS1y$_8<JNs*Dd;fthtv%RX-kXSVTbMINc7e0
zuvR*6Ctpm=ZUef;8HbdYd}gU_3gF?cH|Grre7ep&FRlK<`px-OB|8=CT)N9rA?d)(
zOTW|G8A;mwV)#CCU)%4oid}YJx}n>u^+xjsM}*9K6r&9aKR^X5Zm$~RNGd-uoRJfA
zh!O~Diz#$@Epi||E8X@CWyN%w{1)s)&-XEc^0xifHkY@NFODggN^?^ZsFCH;hS0)t
zWb1Oia(hUxxZ0Fnd&)hao@hBX?;m#PmNemOw`+iSP5XxgI+$jBqq-2-I%%N6hu(so
z{nk<t2Do6Z=--?49oyFO?C;%0p`JG&gk~J%e>3b57iY>nY@K&X$M7RA_C_|v1D`tz
zl5lwdM%+l*-FO%tK+jQXW*A+3_3sf1zW)e1*%<OrRSgg9*fEPaixaD$PMq&Br5cCK
z`P0lF;G#Kyn){<-QkMLroKA6^q^lwa6f7A5^_1~UZH7IS`utDTs(=Lm7LQKzrI4|+
zucI6JS{9-m`A1(L#TVcE3wNo-Giv*-#BhS4iHN4lHleT>dE8=EK3w_ltn%%>^(g9m
zLd`0pnju=4Wpg?PpfHE*>`CPWUpb|$VuLfvRUv1UCG(u)LQx)5gSA!;mF!B&CeJ?P
zoPEm?FBPA+Rxs5i0Btb<cu`9*%dUA9VFD;Oed6+_bmUiSCc7NVR?9~8UN}0=TOx3&
z*NFji@GMH}mw$EHABl7AK+=orvj|PcM<Fh?R&w}gS7DU)b=w8LjD>$#o!!0@VOM9W
z_yawFA%9tHUWC|ciG7t?5tAjNspsFID?WG>-rLV(c>=!rqT5nR5Nj;Wym%u<Qk;rt
zRy4>C7hlng`dzXZdJ@In28Cgrz(wDVGB5M^9oR}ag6rj}k$!5pFC2~3&tR=*Ua@8<
z8z?Je=`?dHf{Vwlx~V-`9Ruw*NV<A952DJ)K>%Jd4*!{R&2mEF=lMN<D-XbE2{G*D
z+*Ds9`tt`*TN=<GVlumdXQ}hx#@*oI`At70=Q>S6X#mv4zTYD?T7RR5kztGp@UTY2
z^2rT7yka`Lk@C~x#vWeqT;0T@bjAyHaY8h*{Dy+g#ipLU%4dQmCAA*+-mN1Ju+iM3
z+8{ac^`ALh8pXEoFz@1g3;vGlgFKv+vQ@B$<w440Lp&;U6Pufe++x906w2Ot34Yte
zP|rs0^p-9J+nv0m`*B3f@png}%OS#(Mh9DZSb{tuT_oB1U>JQtn1@jv;tT*8QTJ~e
z?F&P#;`+TVhk2C94NRZE0bo{mJEj-Tnhz*={pD{uC1XmYho=N)MS0pV#lKeb@Z#Y%
zU0J5x2JXfE`6Ntxg+D)rdMs-Se8sHDrZmFxC<(75s`@M(G)-}aMq@l~{~r1dhPBJ3
zJUsxt92GC3iDXU)mU6e3FQr_rxmh-5Bu|B&d)W4<UP*0oAOGHt=J-6ELrAPQh&q#L
zP$+1C7PazhP!*|6>B|S~Sc+ktfE;g9FY*r(#Z)09^*|=Zb%%GwG&qr8mRDW;43PMZ
zZ9JQ}B&~fntaDLhSP+%9^(YOlkj3{g>#MAt=SOAz)4})fQ+N-WGY#zLIkwrRsDnpw
zfHD7S5Dab2tLVZx-NCbmA3^YCjLd_H&YTHBZ_!EpQjB$<ig`oXMYzG0P9A5?seDgo
z2#d=-_isSHT9%GxOn~l*iSa0_18ppKvaAcf-Hi1xOvKq(MKUkPc^WBVm<&v3=B;5P
zX~k{Ovt?IWHYDHepi`LQ_q?T~uc|ME$!Xio2$Tz&-~ww&nFG<?_T6u=Ik(*&rqquy
zbNg3pG#XLZh!(v5(!5qE)#ic^ti(WtW@eIShw}^$Oy+8-JSRo@tTCx>YglWV<w!QP
z#Wkj_X`b(tg_b!_3_?ryC_Qx`?W=D*X*jO{EO9kmJqn5giDi-PtSmM|i!LC9{JWcn
zB^$oz?ulYLqpFAURp)vt2H{!;l#P09&QAsmAiI}GNx$Q;RL6Pa#rUI0nsk$kyr7i1
z45LMSGs2^2r3dhi;EtXQS}-GglylX4-l8mVzgzK>^JNm!U?$(f41|Gz%zSv8Cz4k8
z_9*qeT8`2BYgq4kLK=YAy{39P)5hC9Y|?A8A14bR6hoVD_vm!)4wnxCq<&ds429f_
zLg(e(@C7S&!-@p<^)OXl))#W`e0$tpAPN0+s-K6`lHs3F9K(_Q6YW^t{{+7ixQwKn
zH>R9;^dgNJrLiU3p5@`8xOjr>G(>}CBn4-Cl+G0hkLV=C(TF7PKo9G$#NVSUu&xWU
zDeM*4de1fwYcg*f&@EYk;Kw`gG%y=e@ATwGIiL{Y57V07eCMsVP_Yl_LoEm@bijW+
z70z7_{;wj1-a*R7cex8!sY{0>G9c~!0152zBu;K_F8(w7Zq-<Tk-UzmzXeSigNyb)
zi=((V4{yKV9_5SUfr-WFiWI6CjGFrTd)>qdq!(Q%q^BpG;tSAnSvlCFwCdua2>Id&
zvt=96z9DW4FQc$;hI*JlV(DZXa~-Q`l^40tUx#@ZW-KWQDOk+Kko~re$(sYoYcax2
zj1Y)PE<<?{Qw(QvJbXfc5E+5sfzoP8T}DDIa_{4wTKxTrThjdj#SQKMpojN@<vyew
zVevdkH2@I|r<m8hO=({|%+#)jJqmggZ)UfO6*Q|YXnYX54ztdnP4)029tB{8xmtC!
zIe|31UswdS*aL~Jdbr+7Ts#-<VkIiqiDsO~JkIcv%0_t@jWk|bg2U=s%~v-=Bf;g-
z9+tG*n(N^>ugWo4IaQP;C0^AV7|VC=4A4-)bMc<#-@}>>xhsO@zpL|=ElWy;o!N^l
z_0|;RHM1Z09C4nqm?vCUU8bkeJJ611Kj~rFa!{c|l^3G$AkzfXpYj}2?AE^r9pZv8
z(MzV(TazW7UJ|W&#-kJy@o%-fwW$#y)c81R$Ge{8zGWKTL#Du%pN@#2Z=Ulgd3I<x
zF^N}lZ>%^S5k`NF^DtCeD&|eg+M%2wGiNxaUNxQIQMeKCJ~A?{zY3X=Z4nZCm`bB2
zcw7Vq(*V%>@CoMHTa!Er-Z8m$T4zmjc-3nrMg~*odtmV7J%>#8I0MM?E0aBJf>wFM
zDKHtzvP-y8EcJYzJ6oYIcsR*^GFoyn=cDsy!WTa1y>PQN<>01NQ4FJd$K*(6LAp=%
z@T5|&my|#vYZ|WNuLW%+9l^r2sH+5j83`=R%c?5IRT7s1NC^U;SGXfOY&!0&_<Nay
zqPkJZ41RI`OvQFgo~781S+kWhSUd-IlD~g4+J(fRJwQJ+x>~446bR<UP!kyj@BJ@i
zQGyLa=3<V$`6`d-H@}K^b9qGQ<5>6L*E~uY3A}0;<@B$)x?KVxFDKq_89^maLKz%<
z25!PL^E^uN05U5Zd}U_rP#E0wxFU~|+Q;n$2N3FGA@uE895ldRl^_qZZbUbcEJ1?O
z6WxI4!Q@f+B62a;&%v-?B9v-i3fO-T#KeJn2Hj8n=DYZ~P$spra@x{P4KBX#EyRbu
z0a&~NlRVvM-vYPOHFh$lVdO1j>bN{}5l)J-xDuooL*o{E*aU&BB`%H^@F#<SWR530
zhzg562f0dy`JaG*wsI$$suu0R9GVeR&@oUv6^_^GkT8}Tz$vRk=&fvtfMm&Pobv0}
z>u;z5Fs_%F!IH6B08N^Up=#H!FT5wh?f%jY-Sj3u^t0c>`BdLtfb*#2lgI!%)&)Cx
z^lin@@eBV!3rnHDJ_NWdWVxp&-SLjgn___KZaD0NheEWjy`x&%6bjA94JwA9f^&K=
za@%FCkR6uy8}hE2`ADfnxy0vTd|Zom;8<A^jBH8S%UIovl@RpOJkU+_Tj80;HyC`<
zOCRwiQ{YOz!PP5Wf|L~UY4x#v=4v&v!tG?nCVP#VeZUB-9@u<LmuM&8KP@R|vnP|f
zycy2+B{5!LQdXcpL?#CYpG0<~pp1*_z_k!pr&0stukcfh(Z-*JQ1L-<=B|8Cb=^|x
zkZ*@^XeSPXMy)8SUs=xwZYzuCoYqwJIE?8C3xjCo9^5>WhY2&+K}kB_2T_i{s~6~l
zH;@UrSPsAU%zFMATgzRX2#|gLN2|-AY+i;MmHnZIVMz{us6>^g(W>Yov;Oe<TcvLH
zD6ngcc$!;KpN9bxk%EE4avea4AagM$-DGWb*>NP@vT#BE(1>svwvETgT`D|kdt(Yx
zH)4E_M49Gq_b3G^Tp->Gsh<#<{E>&DqWgc0%%sy78~BN0PlxY-)l-jf$*1TcEBw^M
zYM%L@DLK)(pDXuV@`dX?<#Y}xHHA<H8=39JV4J(c0_e7~@Cd4~gxsI-^umD)AH~yF
zDXH<)qalE7eK(+{vG@=aUd6{Pn^MRwPdW|Q<Dy33fK^BKD%$H&;Yc~nTjMBv?+Ghf
z6CNh&Da`Lr06Eh67a<!Z$GuTh`d)Y-b*|)k@M@(ZW<g&n4ua<^<*JwiF4iQaF29)f
zwdWf}5vA2``ASbH^?v|MwbRoAMr38n01Ej7$db};m}^G^zxDj4+y!o2OXz6dPmvgD
z_Z^NnDyu-g`~e5y_;;RB?0^C-`Xa(;tP&eKB|JRv?8`GKb&0dwT|V}Z^2JjQD?iOW
z0^wIhaLWGyFHkTI-3XOOx%*XeOcA=(RrpEyP}E8j(L`2xClZ`B)%@6P`@vOE2M)(X
z=xaZE*w^g;NeMiU{EQnY4@FG*dbk`m(vT+Kh(c1AUp(8LC-KZLsvh)HK@1vAvTuM{
zwwJ>!Uzh6R?}jUBeAvED!cZKC?Tc#w;KqoPo~_QOcupyCaqMYj{d=BKe#$!QCYQ3C
zBZWp>f;B#P3<)87FHF;sOOebpK`bD`tFQ!%%22*K^Z`z&cP~zJ^Yd<&L)J>9Q@-*%
zKUtH0RgTfD-|&+np{*`q76R4+^yfQ#ZHg{<Rw~<qSZ)I7S7c84e;3?z_{ab)wP-wm
z5-l!)r=;cza%pY<^eDYZV2PD(iJgeHmdHC%ftQ!Y{>9U7`~Olxf@2qz4?6p|^3#<|
z$eHpFfZBsx!ChJn@4Ox)gSoTKyuGR7ip!}DDUZU`^M@lEp={!d#+qc(zN;?kvCey~
z%mJ9T|KNz0)aP}mm;BZEzxbv!`udv38LO?!^zs_tfCgS(3Cy`c`DyHp${!X4cwIkr
zN^b3_wP0Gg#6pfxeC5^eqns~NzNV3vH?vkYR-SRJiI;a4A?c5BumY4dnICyE)2x~I
zp!4j6Hdk)rYvJWZ%lJSquYUDJZb;ob+2R~S6N0@gLdXvBs;OCk1uM~0RF)qRK<5_2
zua(sHHCad<26yqM(Km&BA%?cZi*O~1vZrus@;^c&#+F&=A-sNvz;Lf}YLUsAg7Hy=
z@tgn*L}T1VNH(50AQ4YABiygg^(IqAgjexRP}+mTgR%C%g==&q(yLU_Z~>z67&>)7
zc2_>9Cc+DrE6wFODA9`^nmwAAm3T^YuS!k=YafNqk(%G&Po6fsOp9+dy($qIu(^MP
z51_*hzz9`v7;+!)@hZ(AsWdkVbyMh%b~LV^C>1sEHl%Eyw<oPUtm;6_bi^2~Wb)Wv
zrL=;7LswfY#l<5Zvh^xpEt5|pFI3Xqn?bXEE-Qdc`9Jlr&%c3EJ<}HXI(hx#R$g`}
znzZ(&Fwd`Nw5yc$x><}$75R|3FT*2gP8+XMWJ?9@<2@)s?0a9-7)C=el(fNH_WOY6
zZ?fAd2WCWjx3dil#ghpA&fSi1wcG!Jqy=ZY3DtD;nslXuSBbrFP8%$MdzkY$Y<T^!
ziR*vlvQ3By0RipgYfSa?3(&sT+}pUQv)iVk@d0_)&R(ULEEUy<e+))(R+v^a2}k1k
z5i$pav4yXQQMAF{Smmd~abBM2s*cC@DEc19v6tl|*+*q1cv<1}bb|ZeR6h&M-nB$f
zR)V%5gzhFQ{GW5I)6+@bmz|34YLZtC;!_Fk7rN3?yet9;NyXL98+g*ZJkV&Bu3Qz{
zRS}OK-Eb6@ug1|3UyWQ|Tgo?TrJO^XP_bRxMnJNJ=uYmz&-lQe%CmAZl%Mi4l?6;l
z00V|hOqBKV{-UbW&^3Zu<1i+M;NLYmd6VmTIiG-|z0yK(QggHG1=4#sdJETPYj0Iv
z2xbZhmu2V|LoE)2-+OZ@*m4`>OIbs3^N4r2dOKg4$~)X2A-gX_`nu?GjCT+vMmPs(
z2B;fDfDBXH=q9xLE}Wc+{k+UIO%OdTzd%#U1lF|GDE@Wp?^P1ssgec)(_uxL>$WWK
zehzEMNEGu{PDbHrD}YkTPC|LPW-x5gya%}M@npNNg3JnM5A;?$CDwnZaws$Yqx{tW
zzxYX&fmUB34>#Z|l#o{s@+z<nnA`)NE=B8s`ap8&`a-dU`<T0x$4$6LQ43S<RgTf@
z!MI9&DH)<74aQDu$xyFam4zEGS~@Em+Mz}F)Xr(z!ei`IK){ey9Yjk;BC9HwzRL*j
z+s<X&Kf<f#Lenq-p&Ij^gUf-r9FvIQWT1z|+@l9zG|nb+jafZXajDMVr~K650k;Ps
zIp~9wg_K7&r=G{aCpYXtuaZ|ztEJ1q+XNL6PUNol@iN(jR>g`A(djgSxFh9z*sJp9
zr_~B{)e59{0%yZJn)Ha5#ai7Tg@WN5lST!<V+@@nOTc6`jEU?X(Snvd=JuXz_rPlT
zen&`Aau;3?qc(Q&bDah+G6iW!WJ-{%><G5Qt)sn4&o53a@?sJY6fzz-mI41oYI8@f
zmrV;z1~*s97V&n|?1rKh3Xt+2;rg7&^LC}UJmyr;f;{i<&h4L_uWZzkv0jxX6oV=j
z__TXO1s=Sv;t_$5dm}013GZCz4J)5e0*2}*y=ra%!KHBUWU|fsw2OC@CgL-xG8<CX
zLr7lse8#I(Y2nWOhLe2g8lqVYO{tS|sbCg7>*9ie&PsqsDx<Ld+0VH+w6*aiXc0mM
z1^d4h)~az{HK#IVH<F%EexWqxC_tcxa^MNoAGGE)bG&z<6698oYu#ELtY8{4fyWVX
z6P4Y_n56tPV6yVlhywS+g|C&TIG7er;SbAu9)H7iMw&p-|0M7nR&)dnD@2QpH5&|%
zJ)c5Zy~mT@bUInc^TEY0dSjS7v3n|fdPVYa*k1&oHYdu)`&7XJ?$;FBwd7IUdf3az
z%oT*$t!dq0e*bgR6g_+8Wkt$@rYk?$Gw_GX281?49;~7Ph%c6ep^$~<WR`I5F-uwB
z{<HCua;K#mT6Zey0#PZok-90H!*7&Zh>+EJJPPM3Z@KhU*W=MD4GpT5|L0XkrhtDx
zKC<rQOd5(}<F(hkEa55C!jz)cwf2F~h1`&?&GYVZYBm5sL=6i}D|sl;0XNZ-Jmgid
zPicfyT1wFh)K_qg($EfSgf=3|{X1Nzj7Q;H=PW=h)#Vb0V_lvPGpI-eO7DpX3QL{=
zENI(O3&mye*S~D!zCqw37c-7G`xvo5((yqwV6j)hfTFPZ2O8%Es1iC9<Mf_HjvZh>
zF_#u>4f(HoE!we!>B#c<Vny0|mf+o;izimNumJTTnb;rE7M%^~C{~p{S|6I>17CTA
z`-wx}bXyN}z`h;T87!*Uu_bSLoiLK}ytkECo45?lfwHVnivk^sgBD6#-|;G?5TF?_
zSUr{YF6Xbc^j&XD*ZYae2~4L#L=T=)0o;{V_2))VtDPsoI1gCky@_&Hd6m3>8d|$V
zrFUK_&L0Mxu|&%G)h@nHS}m5hat{o5TB#c2rO8}7UT-$;Ib@X<NyE#$N?ReWlI0)Y
zS4frLv(~GCY=I>igpl^ow~*vX@2NgNa3qq+V{Ze*u=RbeE(Z^8Tq-Rvaj=el>+MBn
zKj6N#ke$$S;CV4!K7_`_VFat3UH|SnH$Olke<5X|v~3g&67JcQf)BxiZc)x}oB;lx
z+7qqgNbDL7vdo?3UIiV7580oM6cH}yNY^%aS8@3foZo%16#B<#+6vz2dck>uEdX)5
zLZ^X0Ub;C7{l;@(lda9FYQn(m%O242-wnj&nsg{m3^Bsg=^wCGleTzA@d#pMyn#94
zA4P>xm*@2`>b}*xRZ+yPCSW8%z1tN={kN$LiEkDa?Q7$-W;CF}>m=SFYrFS?Q&ES0
zgtP}g^Wa|3w=u3)Byacpfwn}nvp}14L*wkEkKh}xX&k|_2^pWb#A;xCk>PRW|G~T#
z?(jNii%_3Wz32FoAu($r;c6ryR?eFbTBzWf){SZRTabgppQ(-xP_4BTI`^WMJK=M#
zNcw-_<qY^aJMj}21n3FrLCDh`dktB@ZM(eNoC`H+x3{gbP&jL!3iQJs?+<SG)M}MU
zFrD4&WuqAZs2)33gCP)3!qATbnimc5cqwZQiULWM-i6L*@2hlsY1qDRP`B`W>HSV|
zZ{WvDvYn${fG<X)LMY{xA#wHES87%X-!Kig8Mj)CqE`-Zg_4i}@?3e0dTvKleQ6SE
zZ_V#OaPo8+)KtaS-WAG+!ybton7n@FH{N}U82ewt7NcMrO7$)1pxpmfJ$^XAYk!Q&
zq9fm_rwiUe5t2S-z0e9j`yk>0sf1Dwa$O;m5K1M;gnR{B>Z*fY28+Y@)rOeTz@0hd
zRi;rOo)ReT`hSP6K^e1XOC<X6t8o@a9p++*Th<YQ0k+VbB9D4cD{F)k)(Q@~eiWIR
z{>S*DCyQ|eFl~OytWwh)__yoU6SUSCSi1pArL<c8cGQFK3`?bNw?Ieb{-CZRRDBv=
zqi_)_)En1B_6mN$Cj~E#Qu6J1D5@MOl=~AmrI|k~uHL}^;V1shXo#0NX4DLuQfw2n
z;NE`Cj-dPsy!-Sf8cWPz32Mn<Q72Q1@c67>pjw4~DryAJ5Ww4itEc#rZYv={9~DQD
zz?nD{nS|-B>Q&m6lU@cvFFB<+AZt#$I3Pm7iG1^^Gkj6Do`pW-$_=`?(vG8}&%u2N
zuJLYC4o1fA$auO^!xLfq&b!{M*DP->v7J8OXivTxZ<Bdv?XEQbH@B~srEeL*U0n+E
z`p?xfe|Nij<Q&|3Ao|$i8vpy^#TU4&W1D0l1_PP0Vc!S*;r&e6caY48dcbum#x2R1
z+n)2M_Y>t(l)&q1{RoDeX<^i?J9f6@Z>X-qzr4yMEzH~&U<tuusyOTrZ4r3;?uCnR
z$9Di6&G}o6tI-7cF{q5kU*h|hb=k!gP8UTLSp1WyE`Zx!iPF<aLQ&$kqv(QBno1cd
zT~<=i)p{?y9LyL2c;uQ_AxcXJQCFSo_>&?b)qMfRLr}+aXE)d?S{jw#n=u&f=#93s
z5=CnR>|a&c1g=E}QtZ}cjclGo-_qDt^Lm)o(HxOj=0~u^*P7U@0I;vAa+kx+a2KbY
zt8T7bb+!erQshJu)x{QdMlz^#kgX8GrPuP*fgviG){qY^zd;DRh6LM-T<!!#j4gRC
zGLSlkxZP^tH;6*zzZYL<-H<XSYAq=v)K-Z4&{2!ZUn`-NT2NIZ<i@(Rv=wqPTqQUn
zi*AD1KT!h5G$+hn?OcVxaGRsy?Fi*3f26H2FC>V$$|9i&uYyM~APR@BZzUf*Y%J^n
z*u;=s%!QL*9A$T-!((|cIzYFTGPz;1sxsx9_V21NRX^IQR)Nf^!2^aLK#@eA;!4X_
zs8Z6C5^4PLNWW-vVvPa0UR%uxW1Xvz4EsJ4ntzvVtH(?NY2qpHW~4nTef)xiB!mw#
zK?COjaI99gl6t_&>4wO;{@)|Slp6IhIL*@$^I8=`9c&cgb_csBy<WlBadjKl<5K;z
zCysjLVJASF?{;^YGN>wsX&%=E72M35A{tUiJG(m#Es1immZ6If>8@-Kk-~ett7wkx
z=OWT5prfr+zmYv(o8?PG`PqmRlb}IqbQ`k2!2z~TgFD&N9KuP}o$OzohbSQtAt%Bl
z5Ff<YTG2X;c**EutMhb1Iz@;q5(Z?hM;s)d;cEiK{VQE;7ECmV#jYzKP<167OlG~&
zg@Lx|f8XHy-aHx!jaT%D*Kezty7W3hkVfLM1e^JW!Ux%YGyJ15iA;r-_exUsG!e8X
zsJ9?TAma0B`=Q>u{RvB7mTW78j<6K{f!iucv03V4Y$|_qnv`ZcslRDrI{#%tSN2Q!
z_-=M2)2?&7Ly0)|4qphp{W_Y`D|^^{42{qxGAxoYO5fHvZZj8Q<)N`|qMfbzqHoJk
zbkzP#cO4~89~6;`iV{4UQbp-E+s?7C<>ziz?%&{6Wfzj6=Ome?L>hN_Gb#!)V>=_y
z@@BW$H?zg*f4i-qTEXaBn+lOV$CDOVV8OrLwy7}R_R`9LFn$Q}==u^0csypK;cW?_
z5c=6L40gmH22;>DxPJkCxxDA~h4p3|Bc3e`1(o!(*?hCf{UIYv<>JxsEzxzMc|)k5
zhB5*u8$;2+2aVKj0Ds`z0j}#N0XR~6@5uvsF<2q%?qFGwJj0a`pO`|Yw?-w>p@BAQ
z1TMMLR%&gyUIY-y)Zqj=(Q~HO-nt2;9EX3_X^`E8vi@s7rYu4oGUwlf7ZnbLR9-QN
zo22r}yWE~%3qY>Th)<l1>{-rMyhPP$=sI%{{N{=G*gWb<z$D^&Y*!F9zlhpYMH&*s
zN%z{Hs~aG)uvF79BA7<qfapZtxzm%;H_?D*QM{xAQr@ot0>srJbfur(l(w7zlg}eV
z?9ZKF7eCZiFk8cv56&8{{4{)o&0%l3Ik<|cRgm<bj7&p`9Eu7g@~lEI>pn=DvM0#8
zt^-l_n2)iMXYRMT8!Qf>@C0Q7vhy;;5BZ}o<Mh~c==$3qbXjBIH|hjEgpNOG^9Elb
z+M`kW(|1AvHGfz!l?n04U}V7%|M{@Zlb!fml(_4nfGdyK3}3bHQJe$i`|1*?GT;v$
z#s8*yl&VD&;xUUv06}EH-?Spaq@KAhFDmgG7<~B#x*6uA!QA#8V{cHNFEK>Ps6;ds
zjmGGOPeKFkbB{zzCDM(8l6he|Fkkil@#T^wRThAzJ%#Sn(PM4abeNC=R6cS$Jt;O2
z?yoNpK!C!>70*_xL6Pb#c!Ha&flt~Bqlj4ZnQ%o4pW;`Ke3~1#@-ffg2FePcS>)X)
zUo9$bSra6iwmfU|I0<hhQ|#!k&x*#BsJ^KEcg~FlOXmQLAwKn-%`@Xd10gY$R@*>%
zX`Jf?GSk)nBqS|o3|CQ|Y1jnYMdu4&w>CXA>ooq*oal0A1gia!ivId6E<ojgr_-@!
zW4$P;cWtBT)NQiczr*KEq1EXIS_uklj(ih}svd6}L_3}ZT5a$Yn>BX|(})^ZU0!#|
zGgzjf&)b}C4i~lh2*+1e%L2!t@#tAH!zuqf^knf=+oBI&U_N1a=8IhYQ1(<MD!`4U
zi(1tOAm46;rfJZh0lF)0T>6szwyIENDj50mh+4+BKX(BgCNJMM&Gm9X%w>Ox9*lOp
z$<Yx_>9Io8bfx;)_p)8$RIPchxSG-GE8$XKgwVl>NUhcDE{2JjGD8vN*)x^1kbvfP
z34Di9ZAU-PvN<PEf|zwKY7}Q@b3Icr$JIsyfR0{j9bnGC3*A&@uf(uc!b?UFK356C
zUsa<i?22I6!McS}#eB4t#JuJrT}Y+~@g4CISY1lbB1Fh+6y2CYmcne#oads_!3=OB
zDvmlADFLwPQ3<^ttph#DW;4(dK%pSdQrT?S(E16+8h!Lm6sTx(B4X+1`SxSZP3%73
z<{AD03lu+b<U*GZ2a)UxK*-65Enj4_$*GeU<4?F^5`ep9$Oe=xQJrP{n+yjLut{!E
zW@;9f*vcFW0pP;~Axv3XsvbkUo@f_DBTG1y{tr2agSTPb&+UTmJ^D>m4Z&y#Z0PY{
z;Mm;pkq@1yPvDp}-h;?~;#=wtVJd*Yi^?2d|4-1idHwR)Z@b-n<P8yZ5XRVLT(4hS
zrZ_2q%kdLG(ZEF@WmyZNd-t3XLAmeR9F&GB6f#vQap0d59NF<J+%6IsN`Y<+p-u~s
z{jB^LP@U|r?KFxF))Y4mj8p*Gp#CnpNSAyJvU1EVQ*<b<TKf|UZ1ugVyg3-JhT*ks
zsbCHF$VZg&1)$tA`>G;7@FwRY>|2-tG)=`38{NulZ9b4F0X$;cgV4{LIRqSN*Jgre
zxXTt`7UcDNOEK_l<tk1VSMa{A;KcE^AhbyPr>%wY79=NtP69LU+G3QF+2S7_8o=m3
zw42e@b#}4ype<hSqK>ekgQC)k?!mawxaai{QM3f1*U$K{4YQ17>b=3{Q~+WPPor9s
z{UT^juWjHC=jIPxb+RZ}7Y&9NbTu2Z-oiH7Jaa6xiY!`7d|1I}$Q;jp)S;#(Y*wW@
zUUbW)3b1xVy8R|pUNKG6#WIT;wuHYlzkp+inT6s1Qh%9GDQJ4}GVo}nnh2t9+jt-w
zS^)*6o{j5$)+4s7YSS-^K0c~^3OUWoIdCHuyo@wTY!0mFob5;oO&G}o@?IaiK1XB$
zDQCVGjIKqvR>hy#tkOArhr8;l#af6zT>Poa3)V3f;Lh!-;xm5J$)6)8Q$HH>|59mL
zOMnQV*_zPBVmqC>>{Pc3!VHwI9OE-|7|!pBowgIxNbl^jS!sLGZY6)Y8iU(atuB#@
zDTH~}9gFthEru;as4{e)tp;t`4@R^WXzviZypL<aJ(aeCi%)<~k%VJGU-Ar6^_T9K
zLvmth;z?xv!0?SU*FTEw?~@$<dFB9a;at;HbRbA27W<9OG2u9SlK%>W3xWy%uF<34
z+6;v1PXhzOPhqi?JuIpP{m~I|!*k!+oJURQD9QHydq)ACUJH#OHPiRs*?dZI0@dV*
zV0gLSp3d#I!>H^K)WgFc0U0{#U41kwT;s;6bajQEAX;UWqlm$i1cJrF_kEb4aoFaa
zDng@G4@AWSQ?Uc6pcJi0YmV41S{y7oKs8MO(Z{NzHYa+*D#@7@Wv{|Rt(=6L>^`Q(
zxUkNGV5e}8uLbp9j&_uTRc`N#$-`|ZX9)@dyQ=N4of@^|2b<4k-}<AQc%sW*Fsm28
z1SH|U+mL{(SJ4SH>Svo1T_m8-RZ^)QeHqtx`JbEdloQAcpS6O?{Kekylpq*}+9AXF
zQ+1%K1_3{id7Q_xevz}6q)KwWMde(Sjx%qBHhJiT&1g5hCzVqecgiK`Lz_hC5dAjM
zT%=lNc*zlP0!tQZ&1uXqe3$I{D;xqk-o<C^h3XezaxfPDtX=I~^IqqatVnhZx83E#
z&)b|$bMmjsAI|>G?JMBj&cw)x%HM4#gA^5Cu&+8_X7L{`X)2_g!EugWg5gok>GW^-
z)S5qSK8`j)1ZjKBcp85z$V&460C7d5i}q5dzk!KMk{&A+Ea|mvqG5FDqRoL!;$Bj|
z>aSArFYw9_7+q@LXxv3TN=#{e-}x!kmt7JmxUp14T^b;{goa;?621gYvEh)NOw+Hb
zf(yZeNTI3tOMG?TYdnfhNdsvfbc2BoVxKlI!{;n9Qg8#`1tq)H;G$si8HSNNrC;N&
z18(rCYYC0{Ed(#?MxT;0z$@VsfXfoQv1KjpFg(D=zCE;|kEiJDMm|<1E01gJYok~m
z43m`@GTAOx(a;l36;06zwzY{*iH0%RFAhLiL>__k+<IgQN}Kvvv21KJAD@z&oR9=g
zw>&WF=AZU~2C})2V<d&T!1RuE0#XQ^u5V+MbL`zXRzZQjrOrJr4fLsLXKdLyu*XVW
zQWNBIcgYqcha7-V^Dbx<qa#qbad+ck@gcsql?^-pHb_xnEy5`>)W`d95}+jHoaX;$
z@6F?*D4IXu&*mieeL;?y*_}-Sxi;CHKuCZ9;YeZv2tGgvVSzwMLK0L|Nbo*6T%i>q
z1QqcB5<pp$EBJVe5LCQ4RXmU@c#8+`w|i!i?97Tj&+qqp|9C&I`Z2RJ-PP6ARn^s1
z)!j@HB;SDXND1V2s8i|od4;Bu$X^jzOAg}Hku?gVVlI>kQ_D-H0mg|F;7z7X#szCB
z4<mOC>=Rs15lhw=C?%(baP}^N)uG%U_5}MQRKo>6;hI-b5uDap4lSUZ?+#Va*Fh%`
zYoZrcGeS)5$Eh=NQ)%dm9;-JcQY9z0geWdR>ju^x!|m47XG4=@{S1|lGZX{J)n6d4
zU!TH~W9!eF<FTpUVAsAh#c-OL7~jx(5_#q_=6)viyE!#KP2s^$_9`nKd)lParJw`)
z;D~*=Zk5_*;;rX2%L&|%Nl)BgaX04a-Fi-Ar~ux|55e7?etliY`5z%+wJw|&`NhC(
zP){0AbFcG>q~k6)kKX<eG{Cl1&FU2Gokx5A$q{~}z!Ke`Om~JE(Wiwolf|Dnpb>7s
zeiD&U<YmKm9p?z%iWj3YR>yN1Hyk|ksYuJi)=&qZ5bKe3f#+<R5aPj&Al|3c$L@ff
zxLai-JgLmd@$GX6h7CzjsSTn_<kW|5(0VLqr@av2R+cH{HyR6#@+8$D?o8$cl?94M
zrDZ;Ab6N_gJ~9g5*$Thp01~J-KaGLINhXNH(>|=)thRBBQaP=~4)g-P#b$q!#%Zh<
z*@wh->iLbvwF9`>i6;vB5v2KgE`~%WX;*FZYGHc1X~}%V**hkqX2&9J&D%`s@cwNX
zjxdB{ohCi86E7C0(>*hpoXW0A%|r+d{v;flx(B{WcE!}mEKcP(YR~4h%ZgMSdP>Jt
zxwg=av@`<Oaf2~?L=5Cq>1=xja_UT*1A{o;!N9Rpe-;6Z$yMu(OS$N$y@va32p6Xn
zVdUh}n;@s<tGkji6cTR_Vel}ZrcnZH8#fDm`jdW>A&L(T=QMUaR&7sXk<DWFiwYbu
z!eu8UpR+h{{0K}2>qc;@00?*$yH8&RC!Gt%<#gxGI8w`ZE;pDQ9~G)`^h1<sSPMsy
zt1_hO3PBjHHlg><O0C;QbE@k|;pwbci!-QLyl4=QxJ&J`Sk0dvjabafyqd$7jn!Bf
zYsX<C(M+DWMmCf9J7dFL*P~dY;`#|yKyObms%cSWXRPDY?cmiv_JgbSI&QQ5C>_5J
zJgBX<;U`3#nQ@h~7|Fv(io)3dUkPsHlY#mqQt)`N>O{^{Wte&FA$N`EG~23EaVaNk
zmIOK-xslG(I63H+ZSdnS`3kAv|C*>$LAKu~f;t)&LOg^X^xf7<PYt?7E5~`s4mAMV
zM1Oi5l0>h}jEq&Qjop(u2W)}J4Rb~Mc3*zQljZ;7hLD!jP^}B0GX*)GYa1}V)&7f9
zpY)juCB)9J`~5~F72y=jK-eXKbjwYlD#!PbsT!UbH_d^8hG~TETS}f!?<C1avb6V8
zNc$=pjKg+g2Ei9OGe^yB<<m7%T3w-0APZ(_N-e2$EXypGhs1;c^5<T7norN<p3(Bs
zwnw2dI*M_sR>!OG@5Jl}mg|RegGl@=M>OBC15PX^J#Gb%o>Q|NiZ;t$VWo0MqSU9y
zAY)y#Am6)3I+Aae%g^-1+V|lKs^Zi)gHm;Y9ryAX_h+gci1mg%<+wWc7&x!tQIu6m
zbBv=VS;A1)Jhe*ctmf3w`&08ZrsJg=^(%6<mix|L!Y<dT3)yt_4h9NB$IkVHW2g_=
z>xrz4Ne!GPf`}06FIWq9-3af{BS*1OVqPPs@hsCzb?L#-@C|s7x@`z{vl+hmMl3--
z7GNs9y^vF%jhUJT4<}pQ-JIOVo2=Ur>`iKK<TO4YTqg4YZYP7*!Fk0uaq8>z0ER5M
z7Z*Kmoq@E^t|qYgyGzjGtwo_4M+u55mks%o$YPAvE$1*=(NA$X<lRM_qw+lqhnibB
z^+r5cCCW`CJ!iw=j27B$w&>m89;^i_FOuPo(k#t@Aio&r3Uq#s)av8Qk<Hk)nA@S2
z9oRzqa2_jesc|I_O@l*U>9uP8R@203_B&H@vAfP%n{Y7m;b!eDi<n3SoKM*$m_Uy$
z<zBL1Yo!v?CyIv)6mcU5Z|6R@=fACYaN5Kwq&UM<mrTyxskRaJ-o>d8=s0k<nuE!a
zdpMOd<?y{|MoSuYQ!AE}A!PajL{d(FPrVQ~hPjjB_p2A5^!}Dt;kp?ThD8wD)}HbJ
zcig@+-VXv5Z7b|9q7`jenlHH<Cl|2>lAi|K?Rm%n8)3jMA?28@A*L?lR9gd0%Qd2(
zw*r%-gH~xUs&1tk$FUD<X4$D$2R0<GE?#;Ri$2_>9Z&W@qFT<{DpqmotF)?DL+7h!
zTHF(Cx`|69btfZSNE_kQ*LJ6(0E;u7PKUws&LybewsuIw$w#>sduB=}es93nQgRWa
zweK;`-hXC$XbqH>10v99lCqQs|2?j*_xM^z76yEzUKj(olKses>o`r`5WJhzufdF)
z<1N~G8dqfEmP9>Ogt$(_12;5}n;9Lrx&;$fUMpvB_mC~EoF*0s0Hz#R@SPjDa~hJe
z%iEI3kV`NEuq`K$B!Rn0^j%yk*?B3{9=h$olaLq(AlUN%*QYpjQY+LH?&ijsQyVq2
z&eLi^vz^|gVW!K^XiDjxgAYSHHn?{Hc_d-*<v^T*$kgZ6=4ju|ocg*A(-sZ%{H@?#
zjjii{S7Z+Pa}bAP_uq$c2nO~fkKT;?dcSJZx(T3}Y2<*N{X9Pfe(IKXt-%0BWlHIR
zZEB@7b-M!-6UCVvgNM`!<aB+?!ULYz=+gFrn!V_~1-P9riM+d$iy-AUAei^%i<~-1
z7(fs{fR*ElESb)o>g8Cg&Cw(-U)+mJ#skTzU7UJn1ReXW*cH=}4>64L!O99(bwDHT
z2l3$ONh2d(=BhQk1kXHGSWH-Oz5)`6c5|vzj!f{XF~7C{d2H;ux(CBDr9ZegY7e)?
z0X*i-SBk2y(ny7DRJ_wSi7cNR=DK<xcTh9-`~u`ovUBV|eHDxqxnFIAnCPjF3l;>+
zp4)^2nB9CABVTcN2dCO?ak<06+6MUoV`zAXjvr=bS90NNY=%N!h5EWKB)^j*Exg>$
z!D&#X>)%9dYxcL{DlzqaRU=6;uW4STyslnklR<BAS2YyC9mr6*)GNLGOL*6py{Yy}
z=f4Hm>gZZpR)%C_z5Wii_qM(XrPBTuuq{3tu8rF*XrbqRhrwlwV1^6H{V6z5I&=;l
z#3ikIE{&Xh$HDZ*T$hYne93(WIaSna+PjYC5CqHz@tI`PA?^eFu44D*bSq|;j{0Cf
z(pjK)CHoI^$2A;<ph;bDHaT2?oVHV)4%9XFjGXD4Nb;rxd6LMbJc5>o;0BC%k6Wu&
zTew;9Oi&i->chK|OE(L+$NLcHLw-8}%`)kIPD`c(Hjt_A;h<O&@d2lbeI5D0fqM)q
zybr+KokpClGyN0TOvy(P&wQ4i?wzt4M;K23m2)9ykAu8-AJvlAjBMBzkZOH4GRrsa
z#sQcfk(eM(9Y=Ro-NmPp$*Y4jMkXpL-S;68kKj!HXMcx(S82|bEV7|y`)%r)W;5N>
zkO?<r`CYs_8S|ci+hacAK2g&jH|A<fd5|@qa;orhW)>4mI4OQY$IlhugpwEPu&o1_
zc#;dpxCiY=A8r!=eG+;7q$<0QbDA7FdS7oqaOUbCA*b!Lk-~Q31h+>6=(<;M>_&$d
z=KFU~s%$Q@;S~3SrcbHl$O;g;?oVL4tPYEqw}!(#6w?5@Up>vK_97zK#<GVPi}{e~
zDMARz3WQ|(ea@-xT*De4S1*DEKf`J`;eH%d9^HVw0sxvxZund~d6`LPNEouHX#^+t
zAP)Gr)BtR}57U!s<%+n1;0$M<u|rOsanLE)HJP}d&hIPrY6B<pvsf2SPpjp<$+JJ=
zK;z=C9pNq+yZ7<F<hdWQQjfeB9Vj=W0~6+fTx-5|z_TDt0L1f#Oa#j3oz;55(Zd!#
zi}G|hX%*=)Jc9wxzYp(1KGN}Nq;HOP;e-G*<LMPHSSfxz5Rln{k4jBfvgsVBxkA0|
zRKGY%$WQF0o<>SxqbAb;8LqIr0|vt83!El1TM~vi$#QSKs3u{0DhlA9mTYn~2f5uI
z?{m>)U=VL2MFab4^~UK2^mu=lI(C8^`*0=}9iz_6YWuAHJN4vX+w;8x%gaor=U^zV
z{-9l=Lc9Hf_yzP86DZA+6Pn_3BpT;_*7lC7o^5;r;esIodmjl3A$h-Wd+ZlTzyIP0
zA6%VmAaxg@=5nrR?NRvMX$+_CN>CuFwZPjq{Wmq($lo1-l>#=cvvGFn?$r>uK@+&Z
zReljLWy*Oo8B-NpZ9mM2hSKm&5>!c$4_P|~iN$O8@ByoQBfQ8nyTNB4{pm>haPJo;
zpl2Wzm%c>~TJC&Ige?DnNuSul=a6$(9aX$M0z-WD4Aj!**zllLn|bw)Z(P6~7n+3&
zTsimE0mv;|Tn64}P(z1e06m>}O~4Crg~M31p$FdNP(8SQ|0<=9aTx0Kb>_9aHvJfM
z9~<+FqcL`GXQB!`Q*vA1I`dE2kK!^HK16GASDb(<?sVnVcQdA%v6Q?#7S`3pHW10L
z3sy<;U;(G%o6(rgoqtlJTVao1#kmBh-Ffxx1Q;T=Y+%@868=DK!<fN_wIhQ2lJkS0
zEq?dl?KzO_^5lQA>kZlJ#eZ-2#<szm*Ls~1DL?Q%t}A2geaeSd?aXWU<yA3#SfIRm
zA2raYcY;yf9zs$+<qf1Ml6ND`w_^@{aID%Pejq>%({?0~*M@`5IHTe>%np05!%2<_
z!Mw)fh5}S<*%X-Q0sg$W3H0w0c`xE|1eU}DA-vWo$RIT%g8Py1P+sMNI3LQZB0c1n
zFcnp87sEkAt$bmf1(V5#_ag~?)g=6*uco^`ppM2&HK*fH&aolU<d6p(*2j+rBCH@&
z(S^*4;x%ghx>FHxr2P?yMAvAD1e>UPYRr%3RjL0zF+fCPAuMpghTN_NybozErneQ)
z>vyJ)#q~QWLHr=n!SO1KK9T3u7tCHKXnI(o2c7KO!nRZ9m+E|$4<r|!g(ZKdQ!o+|
zJc2z}i~Iu`X<;|0<<OEL<dmpp_{WX>6}6D0;{=k6xxrE7oo%S|ZY-}lc+mt$HnQN7
zs6p&QF2?f!9LL)y)Y#hMHJ#btpI7^(4-If6O9-pcX=M6Eoawl41gz-f;k+k#`W$#M
zFTlZMo+&8=E{WH;E1>b5pd^!$9q9^|nt_=EI}%cO_15N8GmaCYa#LjDwKE;2SvuvP
z?F%(hlgc}=(s0XD7V&7p>aKk(HBX`(AkOUB4APPfgJt=Lf_`-b9y-QB6CX7@kU8wO
z&Eauj;VUqwr@bQRNm~ZBwsyn(juSLD?LnKszl!BLHCrEFfaoKNKd<2rmJ1>)uEkq1
z;B135gM8%#d`3TJ@)~!$8QZ>@&Q6X+|4%-R837f%$ctJ0daYD<e9xtjd$ZMwVoDA;
zL|qyQq}0U7E5;!g$BiMljc1^WWo@?&0vl=T9f^)WYQ-+d-n)bOL)!0k3&2wIZvg2|
z<no$j08Uf_ZL>+=xsc###fYe19m4Ojmpm*eJ{uN+^%~`v^#+9HJ@ffJ8tFkIDVt)d
z?nT<hpD3Zl1zvF+Z1x}oIH^j&p7vo5#s$G5YRKK^3kpXM=QYVB7~KY(K2oR0=DXxX
zKw(0{mVUPuIA9)@1u0TR=R;yf@G1xC#Sy&v6vlv28VTkLHLpyg)#~0hcnn@?_>8$a
zGRT$1FajYF8yytrG0CG}fvvQKgKhTKp1y&KSg0;3hL=Xl-znnN7e}U=+0qj$-6B4m
z9BPmlG?(-(c0d`NtV7poZ4YA6-lfM9@LY*@(6I2PHg~)c!|~g7j=r;iHnTj=mGbt7
zrr7qCX$W^{JSG4wYrubyNfIaWnyjdF#KmI35V_a$DmMrC^7IFNlc`g{lN3$TYAaM_
z%l?>MK>mhyEZ$EK0-N7r!}4OyF16w?r-N1cNy2hgJxTz@Mu|Bf>Tcje$?;$q3wfWz
zSX(w3R6KiwmckG&@G{OI)+0>T>0?*kW2)9ng>Q5pd|~ZkXe>Dxhq3D#%;%CEW2i<E
z;o@+rh*HR&X<7+^N0#Pft)Q#TF`MAG*!l=yLD+K1wAfIMam?=U#huCVp#nXl)`8f9
zDmi5KdT6C{6};9-&^3Y|NSc#^UC4!B;96lD6#a%OR@CT92ZTWy3UytLT?_3D#Jow)
za47Q|W;&vYV!Hc~?9EWq{VZBb4x9kLr97dWIsqh@dpl(|kchiQpGIz(rB&wXh`2I^
zh56H!EIEn!78Rb?=stb|EF3oFC%ZuRCC^bQW^!&0|D8H0)8!U2fJ`q5F_M(I{7V{`
zxMX}F>ANu~lnkDy0%!Ym9zQ{q@KH3M&sV)#UZXK8T52`IwzW?4YTp9Qt3&k~SSK1Z
zW}0rHreeU2nu^>_yyozkRNVbYFHbAEng7gwO<`ID^{bgluvpPO7POo^cMMMa{loNr
z#N$@}ag9i_Y?U~YSBSGBbAJXcZ+(f!e#{bNqSdVecXhgjYTWYJTl(1@VHxDYZE983
zv6xq9Bp+IWR}NIwqOcK?q1%25mRj>7oX48m%&YRpK5N#%yR=k8!K=4p(WvQJ2A!0V
z(|xA{orZIH2V%lb$w7x-4n`cJ^P@l?vidH*#Q~TDbAtzyRwKm!lT#cVp0ThenRDo!
zfkE08?}}weJgvKjS6{rInvO=Pd@Z|Iy*eqsPt5_O=6?Ps4Jxu}+xmdo9?hf<k``EZ
zTOZ`LT9;Y4gUHqmA()*Wa-e%UokFw87t7R8)4_650`d@?wC?`~x(zo342l6DMf*mo
z7FMX&?*~_4`qqv%Vj5XwLOv8#`>&XsSNmXc?wSf`_#a(r&o5eKvwbFc>pL_y(8{Zl
z7g+%|kHCDv85Tdld4pa0K*=8TqmMYynP#$Jm5@aSy#qa*7X}-uV;DB>=QZ&uWYa2M
zvneRu44d+?plafOT<{_*Ry!gQw#TDeABOmoTiGSY-J;Xn8RAHEDxM3$cKS!vqSO4C
zhSis?!4g$VOa%C{Nay2@aKVk*i6rF?^s8kW$O01+2P;CfR<DIaGoEtDm~{@Q0?vFI
zuAP(%@P+U1hXL}*Ms1%KUbR2(V2ehfb*)#6<IWB0H#Yw#G_SZP;cc+*TZR<T%2@px
zkR37?ZnayV;yX2JKcyimdG!^fN~4I8^5OILU`!bZa8v7+`P%kv!V0tPY4r-TX_E${
z<<IcJS}np{qS@rFW@w7Je?pZ~#$Wv`FdV#+#_7&G<X_XaV62L6f;%Md0w~GuxM1uV
z{XD-(qpGvabPkOo-#pK2w!p9(f3rx_YZ#TymjTOr3%^?n0S7c2`F^DHd)&XXl~*5B
zvsI&C4!7}_?PrmWc8x85aGL{<P`Vt@I$Z~g<Jc}CmiW41;hDFCSKl#|N-xJiK#O}p
zP5rJH)YRX((?L@ivR3m?1i62E4Ouk5`GYIU-v%ujZM-TFlAfBuOvM~>@y(!MGH;gy
z6Gt}e2mK7qf{D(iQL(Z)-*g3YQu*D8@Ur|*HgxM=R?kj(yB#16`Y=^|#~ugsPBxta
zq}9TzC@dBdH$#;&`lW0~AE&<vSMZg+S_2OEI?=i8<g-|T?)e1Q8z^-$iN}6N#e011
zH#x&@pZ7bW?n)gw=oZnT)dZk8^PaFE*-6)6OnDuSCX8shl6?&;*{QEWF4&@9f$l=W
zJ<*G-R~(^*bu_}N7cqX%z8(~~>K0h@Y&5?-4qr+18(LYykTSPL*S~p9(i?Usc6;yr
z-iB41)1O{9b_toB3}|`~NH*s+M|g0*!#R<65V)WB0}h>sfYH=9QM~STwXf~O>re~!
zqH_5SHT&9hZ)siyysdsk_;>j4)v}wB3fcXUk0i+xAVz}^@~R7Jz24=EHP&4Q(%6=M
z7?eux-+%>K-p2^uK6i+J)(%Zlc9_3n_r^A^lP^>CrS%A2X>c;9lIwopZz6T?^Y3Xt
z!YBML=9yDp^W#X%c8@-!vrnieIq@2Jxibl!Xnh~N-1Py!!M^pCM|th;b6kx|uZ!#a
zkUygq#tf{%?m!;>il!i=q(ZxX<^?jO1uKobkNNxU%cq%;7Q^ONE)W^V@POmCg->|Z
zo`y@G@Tx@coyXK~Yyrn%Pufo^P%dP_bYxpkZ$U4giwzG!Pz7Q0i!fVPoZz3<mS&g6
z<y8y*<m3fp__LsC@<kX@kDlZ=*%M~SDPEgL1<ptAi@bd<<yVAqPTqvoRqJW>d`D4Z
zJ|Qf51IT@!X`PV(#q1@hY#(yz2qdNLbAFF{wRQS+%xA45adq#zap6hi!!LMMPQkJ>
z8isE9lK)lP^#dKaw&C<XEFq4$BgDS04_&k`MS_I$*D4;hZT^~{q2fs2vtW380!{sv
zpQV|aGtx-O5B$v}?>zsZhDUMhH+a-U*1zb1`?fy<19|tyz%fbLazX1r0<djg^GU0H
zyo}`ei~N`N?XS4R8?{1$WFbXxL&?Q1wXwA2GCxpN$&_Wr$%c@u6=ccx{JZvzjQN2t
zvF|r|{73$0P1j(O<_-#qB-7mC5PAD2{(yD>a5D*xId8(X9L<9<)1CU6w?DGLw(b``
zR23S)^4}DNtccUU@~Ts>AzAcbroqH_CGSseya=s1;5S~gyAk5L;76<qx!<*+vkc6N
zm%DJXz<nby8x8n_-=`AZtSnX=&fBXz?gW~TQWO5<H96SOJZo|K%8;x4H`-p~&?dxk
zU4>v$?GsEV7gZw=6s!r4!TNqD4*3xe=!AV5;=*=pK8kqa94Em(eTWQp7Jk;)qNej$
z?ByN6JX!TJoX5`<LmRhyVt#(vMYvB>I{yM)8oCM^O@|w+wrmSZqu~<VZnOotE>F7&
z_DX_`a~FQs_L&`>eDQYV071&^%|0^KL-<)+<A6Jy2;8TTi1nU=iY=yk37SiTaU}E+
zpxqt|@wvK{k0ot=u+L__i_nj7{z43SX;nzIrl$e#p$a%DfGpO--2=CsY9+DUS5Tic
zyunY<9xDtt?S@TQu$_7hI`mI}6&SKNK={>8ipb7D;RpLS&jks;+H)HiA)7=U3o=vx
z<E!?iTSJ5&wM4@eAsOUwsPM7&6T2mjQRmArK@(G!uM1(Mxbg!uFI%Z5?+bQc9VQGU
z<q?8ri3lcLc??;Gr_Tr+IdzGTqZA)XHkInD?NGIK^%Ycc;hmA7sv1S)P~x<y)%yjc
zE6zb!n0uTa+!Bq}cSUJi&%_yubb-os;Kb?8OTzrg&F@DCcURh^rX)`NSlKAx1l}T)
z|8^j3T9ypc)5!4{L6ZytA8{4E(uOj~-JGC_kO3%@)0FSR!pRn1J?hnhpmC0%O4HGh
zzNB^-MEj4c$eEm8BJ?5K^}<HAkY}bM`++JW7Gzmw5cX^MH{Un9|LS$HZ})$I82Y$3
zvFBu+D5!S5mm3A`#(G?by1-k=ChLsQLyze}^c7`79*K(+G|q)gSbkf#1x1l#p3r%x
z#zXACic^Wb?V)&Kux9GZWM{j?Q9T$!ya%XMmF=?uYR0f#P5@_U#tz<)+@L|^!V}2J
z*>ntN+;KM`FnE8GaG!&s*wqF<VX~k(tTz)!3{n~0_&R2W`vc)k1DK)YofHS$WhPx+
zVSR~rB1Wmkq#9UTVk%UCntu^3+>bTW^wmgKhBqist$<Fh*1B1s#=*teaI=I2lQm{R
zwVNm{6IXM1foq$GV`E=O2JDl~>4GZk(uCLc^RaDZrVy!mwIxgN(9Wbwzk~jRO&dUN
zamKvBmR~8aWAle!wlIk7->SLgB9+FY#tR5ItO*)R27HHZ`UgPIP8%pZt>)hh+-Grh
zkRX!eLBiX1DuMhuNUi-Y40fc?*u5fMFF?9uh6t*K6`k(c#zKbwq<pNnAMb({QJyDg
zJaN#YOj{)93AhU*Up<})Lp6*zXqW>n52eGGLTDlz!O!geuoXkWh<Op1Uj~1q9^Nz)
z0!d6iz|>$t{vdMF9~Q%^wy<Ji7%8aq<dPAZfm|^XuhewS#6B?S1rt5H5gT@vz*c8!
zGNI4`BSS;U@(@hQi{R)vSE%7K5HjFFdeC1ibiul(`TitijIi5o#B7~ofQg#rac}Q(
z)a$ZgFI?0(;UkTH>Y|sBV0?nf;8&ofCKKF^1AT{m@<oEizm$nH5tzO!zX!uOxLA#6
zI#M#&iLG6Gf#={7K^5NhzD_fWk)?v>-allmCP8cN7lM_HGS!?vXuMG3psVa;zU56&
zL4)o<^3F#S1l38z>n93fTHTd~b4WsCh~GE_s?J}pwe_futb~YTB169KB;kmLh`Mxo
ziUM8FU70MX5|Iwwpy8R*|8h7|il_t=WC-ge)%WOB2ONV)3&m&1G(mOxB%?n)!Fl?C
zkbu>3h&A>*7>HvDDj@>v%7y#1+`*R25Z?f@c>{{Wsn3cJB?qTFXqYXdvBmW%%+OaC
zzybi|q2y$Rqj?$I@H0vKlPEdvH%=<K`o}PpKuxLC5T|CQ=2f#r81HDf>1FD$KmCcv
zZ1u!-a<&Fa*Bn8$V7KY!;+2*t%&>*X1kn61Bk5cv;AWzE4(Nfo;ZDIs5=J2lbM9JL
z?5yanYDe^7Q&0JPK@(BOh0{#))z%2=n>JE0yD*z5V>9Fpp;p-RYcRRDwm`+5uXTVC
zl7+6rypYrZJ@R~=uvf#Xd1*lcVa|kg3)K3WvQOTfI64-6_a_%h>H4X=Ill%+y<)rW
znfgDr8G#U_IH(o^4>qc)PS!0He$f)0U2w%X@uD6R9g-gqaBmdcSKlN&t+63+xdpwQ
zlnwr|o75uLcC)%oTgM_neNfrSTO7<ExJ?;hoeXko7G{C9pF{?%eg+)A>^3c_QIc&6
z2Q9G+VX@X=$57C-Sz(&`ld0Q592$vd;6B~1o`}*@0S;V{MYfC##>qAHa>+eS4jPv2
z<f1}2r&?Vw(6=^g6)_@T)G)?`;ZHv4<V3m{gibkveHqJ_V8wNEso-F-H4;e&AgV7}
ze7o?Wn(A3NMTk<JNd|IvjAZ&&NJiHk>S=PyokEmG&7$^(=dc5d(W~t);e9o0uD%aS
zlu>K{-CAm5BBRl<j(Y@6IFwqA-H@k!g{9HOd)4;CmisW+nrWKmXj1bX>7xK$iGlQg
zKv-u#t!{b10h?qpA48F}aeyhosSjyK3Z<B2uiA#i2d?H-*^X4)s1pLq1MDsz+!xn(
z59#Ykl9mgq6EDs!7jiZ9%w!&jY*M}n9lmX)Bj8ID!2xtCAdlxD#B$fe!fRT&!`aRm
z<W8%jsf3vvt?z&=O5Tbp1(WuG9XP<)OiATdX@JG61yPGVlpgh;oFIb6<(7%A^@K`O
z9uq#&3>@_0r90rc+WRBi2+&b&_G5N+jYj(iti>xe%aH}wgXc=tIp8UFfIhN|TO1L_
zGy!f&W>Yn<7u1&`V&m%#IOPmt6hN9TAcfj{g`~>zN!=al39x*FpgvBf`U$K9wBrQF
z0h>=%Ha24-dc8c8oC|M)84$1PR-HK{exp`zBjJ-?Cd_)!xlv2sEL_~doL5)_V?XlK
zf;M)l%YcVZ0pLcGJm9%P!nVER$hP$vjls9?SqJh&Rm)K<{QQ1}a|T<VBt2R4yjG@A
zl9|hNrdZVv69ocaD(mq4W;CiMAa2{DhA^^I0*Fr#>J@KQPgOo`AiPHDVHF-5o<*kI
z4a^Y2D<!+z9bkpCaHtW_=C6D9D5~*~d%_$j+55qB43FX`Q1J8%Ft%5u!iiG5BS_=I
zfj@7-k74Pgq+D<zf0RLr7Y{&I=(-((>YP8UwQziJw;EjWg7A%luGkg8p;bZPlpX}U
zUv$tjcx>s#<QQrr-7C|(JZE#nTI^sfrV!q;sm-#MT^hk`e@Vk49WSd(k@t2Bzu3t*
zd3%r68HeyU6mB~CW3Qk&aE#rujZHx`r1NeZR>f>}*m@Mx`;t>3D#ub968cy_m}zsq
z4he>Bf5MqN@pMQLS>NHP+Z%qts?2`~rrQg37*+<DmbAm#7WIm{YqsQnI}!+a>ev@c
zU8G~Mujav5)qFnYHLQZ{!9V`GFjMvF>KmF;#cyelsCXN%Gz^0+#8fKV-_bhOa5*dE
zcsQZ`$-e6#P}tMan>pg&bzoqutdkZ>{>1lfxOiBYwT}7+ryW5*Jzo-X$iPDmnGp9u
zWA$;!fmMPn<{!Xf`*SaxbiUD;N<BN(6X+YA!Z2;`kh8fN6)!#n+j{DIYJq}D#%|k5
zCoQ|-=2X%cRk|kO1BbeXU84gJS1>8wiA;;-N7Z9j^r2=5rhlZdS{Hl_*3fFQ>6HS4
z3$2JWBZ9Bm@bKWL8o({bggF}9Co2Q)csU=*K-QknMliB)u?n+}7M&DS7Yme}5?t)r
zjEp}md~ZL!Qq}ckAdZ^u@Cqi)p9$yfKVw()g5i3&X1?-5zVk~s6n9jFz8~59xu81D
z*o3@Y28hej8_BX9eF&+&0w<Bv8Np^x8!EM@6ZLu<9Ny}bAQR51>p`b|kUo|i{#^(o
z)4vkbdn8lf^Q-$ZP;bloS~EG1`$ouAjfe@+yB^4$g8@0a5jNLPXVo^D2|{xqSZ^Th
z1^RRn`XxHi|D2#Y&&`w$e*=Se{xa<J-v!WUNTWM;@O%eJn|fZ@Y2WEoyXL!c^>Jjy
z4}kp81vN*fW@TgRKq3k}7y~3*E~?j}saeR{(207SHX8{lw_Osh*sFvzy65IIJqmPo
z2|sGS;qrHUvjJ~!6~CosXQHMlR-Zx4->WpaE#U_tTP2<56gct%t|0t{h9b!6K<rws
z(&=%$&yT`(dzH8JCt;91FWUD0EX1n@DJ?Ub_+P;asQoN%fF5r`{}aRX5#;qq9ERS$
z0OuDTHtAKzlX+heQdN+1e-n~aud06+(p0b3{~_?IR~>(9Jp5@{*h6JP-?7_FFEXB4
zHA&xLA51rqy5V4$&WZXy<ZvKZ0aSRyo&YIMdi9aH<`jf>74ij<UxGoo&CdFR_9JFa
zfzuTTWRhwpB=tT&P#;P@anZkJZ*8NLJao2`u6id`zfQYp8aJijVvZhxSf2)3SNGAY
z^3l?;*Sx3DrF3v*i-%s7V^Qa+k5dg~HcV4iPaz2oLY2E0PITV-ZT8ZUo{B^%s)e9D
zLTnejH66I*qmNfHtJ#D;vs$)1KfO-X<9vU8vg%b`facZuK)t&PY`Q5$K?b;cka3gs
zz9hySME@;FuL=n54c2>TtK%+l)|ZPR`V01Kg5yeuf=!@Habs&Z)FhZ&wfFPSFughm
z;UA$_r`VdzavKVH1IXIu08g@{9~f|cU;XR$%#m)QcPHD8M^6Q{kKdFEMgF_QZX#Jf
z6qj8ke$g+RTyoN@F3&8E(rY%5no^NK`2|K28essrfkXyjOmRrs4VMK~?eZACCW)K&
z3#v~bP)<Wg+wMSQrt5Jp*$<rlNfpOn<CH|quZ3Ll2d`Ietum!6Gn=BIPumORalM{X
zameomy(S`Ug3AXoio~)Xgg7$Ss6SvYp6Mp&EGC|}{Dvq3CcaqG8moU+T?#8ArIemL
zH<E7nY(UOooh3S#{2HfMUwVj12w-Dz-B|NzsGatB{ZaLp(nHFru3p7q7TEhc8vk@I
z2FrgHZaL2xpr5C~0PFSMvqr3R<+Wdz;7+&%y*iA5gZHs(jAC#xL4Q$2yF|U_crJRs
zCmTEeWc?-k;#ZTQAXMn%%1^n2imunh8EFBk_n^??al)nkH8luRR_{3-D(o9g35D;e
zVj)m0&|j&TrRt*kx)GOjeVevIZ><Q0_qB?Q?4V<c6=uj-GWS-Th~iJL8M`i1|ExWW
zn#{6#LffvI?$d)H6qT1LF+@pGC^klX1v`6fwqCVQJ}*ZfqvF=`fm#7drMipSYs{R3
z{d7j%!8F|8#@b~iU<YZEQ;=#%?J5ZbER}Cn79o7EXkllbK3LPKG}vSm`070UV6rG*
zZ=Y*n8$1+s>{;WwVfucmSJlJyks8PuW_hS#l&MlGkz|D+{DGIk`>*!)4kTYMf@1X=
zsXuJrbI7q7r!b-v>A1wFlOdz@s^krrbi_1WpFm(x;_9VK*qT*cs8?l%T{l`kM1}8)
zG5S#|e9aj&w|&7}eID_fua6|<HJCq2#_3h70Io<sQf*RYWSLf<35L7N!BvCDiuJ0P
z_0|%7f(im$3~BZWC81<Usa|!u0b;6%ewr5R2NALa3I+s=AUD1z_>#nBI0tgz$&e`G
z*QCxs88==t4dXa2&<%7QLUvD3Q>%3%(6b-#gV$@QWlA&SOfP^)Cd+0(Lf@W%WP$r8
z>-VZg(3~w1HGlOi7(zHa(T(KIhA@A6Gs+*lLBC5?K8uF^F$lDLEP4DUl=7USDP_(=
z0*)?^vyjB8>H+#=sy<9LwCO3?$ed%yK3*OXK&Eh5A=j1bRnFkV>3Yo(m?_u@-SJZR
zMAA~BSEuxwQm~FwNbs$yBWc;N)h-wGn?P>KL?_Nw>eY$tCalwzdPEM8Y>SU)>OZpw
zk#0&w3|*#$S|^xNVTa1!dg!VO3j58038?{!$x(L(kxYeKV@Z3JUVZim><Jf~h}Ahy
zk3<l!NFU-8fnMx6N{^v>27aE6zLEK4(<Hs>(1X@_8fHt!d3I1=vRtVqr9bBD(=`}o
zq|!|Z*w3|V4?;x`)vB2a(>J2!ti(fg+Br4@GYmc^6S6@6nQA65!7gWsTbQA9N$~>Y
z!PITR-Ee=@>oqAHDOepdLZ#dY23PtIM-06a7&rHBQBgKERl*yG8r}%Oj9I8xopq|a
zQ9nZ6SyamEZe<8b@xtyEcFV`RH|e+7D{-)J^RDpWWPd%Z+ru~OHBls}Tgp$0Mpdzs
zDT7^~pr~BWTlLzEJM87SUM~T_cO#j1o4&(-f}~FIrMtpunE-O|SXeAA6F`y&2qVbU
z<6)ZosVuOmqOs1{Yn5A@^y=l^)@FUIO7|RHikZc};^o`*&bn}qDMcQ$*uPVXJkwIM
zGChVD3@se*K?0uj3?*Kt-GfN{o%&-T>T+4M9Qo`X*t^Mh>5tigCZ2ceuXuFVAfJ8h
z8MBhh>ti;hrX|g+Xe28+=P6{S;A{-aOifSENJ~pe;ZjmeW*l;ZBM|U)rcI}JzUoA4
zr2kEgbXAR%tjufINH=S0WdBW#3{?$Nial0bL}o@BXToG`*PHa7dTH)DT}r{El7gbL
zg7U)g1>-!%E#ev$)>-Pgs+t>Xt12x?bL(b%m{L+as^(YBwj|H3v&<$duXhgjYG|yO
zT~#wXsUa<i1SC3#H(743v(z+L5~~_5^OI*(WMpS$WLG9ure)1YG-qU1BxYyKGAE{G
zq^4EOoK-P1Gs~PjZjqRp!dk=M-tA%VamBAW(Uh8)lFgY?bIchz=^07pl=K0>#PO#g
z8T1=!f?-lUls@H;AD=&LRKf7_5rtz5JmfaY&Hs6?DjFLrD(6^cCeEs=wj`&SW@cB;
zGR;cNN<pX0*|RF}l$MfcNjGQA$ee|!bmoj?`_}%lPuYLnr|bbv$X1VuaF6I?PRUOF
z8+HJ*+A(QLw)t;rq^fF|QvQZX%^J4O&gj*~jUHSC?uOU0TxMo>OONT->xfr~zX$nw
zjlR_x!$np;u78s3{?pHcnAhrCrH>!bC-$y!oxVkS3T(l<cf!0p$aeZP#ScJA*X!3Y
zAZOR>pJosDwd$WB-pCXu12!no-l0#kQw=_(_6hx3ay|kz>rxFa#P3P`WY|3aq>N3$
zQ~IZ*_Rc<~Ur#>VsDGBhUG%ivK*T2b;U(o^@-zCUB`8;)L6v@C0N?T~nq*J8&*|5Z
z^Euug<k)j^8w;P8L4<5py1r|(g6yO%!0DV9VEnKJ@4ncoe^&bWV4G4Tp<M>_db?7;
zY8zU)zQ)CmcyHG~!Z2R59cVE?c{}9tpYFgbhD-Ac3b2wB&Mw68B1MwY<-m*hz$jm_
zQ?B*fP7FcwjsSN;Z2Bh{?6h5S58lUv)b~X%$;E?S#w!NlrI!JV5n=LfJTY8;rB4h6
zm%Vsm<N4HH{U)h_!hIM$HX!HrDeqS7$2(RowL@;=U<dlmiq#$f5Z0LAE6P(Fo*0&e
z|3)#^{`r3^A0K=bPYjcU*OYe$=@Y}L`gJ^Q4gwv#-%!eJrcVq?*B_oPq~uME4@0Nq
zP5kVlKN%_yzJ+pM|KaIJQs34ShQPnymdRB4jzT7ngZdWsZNowRlk6e)U3^>UihAF^
zt6wAGcIP3$V%;(v2JsnguN;=UHKkJ_u+tGV&Wg1hQ7YuVCl~wpJrrX-UGhFYGL%^l
zgb(y<S<AaVkkOlTRDSs7s6yDsKU4q?{743P^dq^{!jI*LkWb`?7eCQ&WFW_XD!=*R
zQ~8bc7|>wk%Ra7v{G|J7(FrgfBVXuA1<9Q!^+aNaF{kwF8Q3$YAeD?iSq~mOt&Bn3
zXQ;(G`6hiz{}&{n=5zgHtd{Nz8JP`ukmxk>jQ&vx_K7nJt2KS8sF<j)0E6MW_bYjr
zCVVZ!_z@4%x5vLhDaIrN&*F&@_86X6n+v~1F*aWP&fz2L+U|3745@TYK96^j9N>vn
zuwIZGNV_OMypIQ|(4tFnp`b4L+YUTPJ(+x20sre|nMx0ThmQ=MtncND?|qM6vK}@5
z03_JQz#rw0n}3v{j{ON0S*h=S0@T}nf%<&-XFRc9rv9QJ{T_W{{8s-fo>+~*E6UgH
zSI`3MT*+^83*Y`Gw{ZXO@<abW^iQ#VzxjuPY|Wo?={{HSicxIqRq55LQ3j^gSA8S>
zCHLy&hd3ws;Y~b91g~*6v`E#xT?{gIo9Pn+Io8!6b5)j`VFN?qeK)1*B6sDZZy&=G
zQWx9%psLgz4}&DL-*^}{O1*x_6CW8h6TJ))kG}4OkF2SA-bzg`AA>Z?8+~MS3w#Zd
zq@3|Z<BXQ~`zf&c`x_+5?C>|Nli2k20N}$2Jtxr6F2N5ElA&%7!bjHR_+aIuONe0y
z>)o~x!%per>`>)nSeRUMTUhtU@a~Th%F`R&PdD|ID+KhDJFpE8QqQlCG_04Neu`9T
zJ{_ezO^n7@M!p}T(LdJHRWS--(m5IKVNU4+GGisgqXh-G4+NCoN3DfMy;8HuAlHl#
z6&k%D$^%+#RA~C6Q680Lu`=FCaS9<j<75bP<CXFE?=Qc4u0LKea+eGM_~HbEH2r^<
zfcHVkhG$81is2bX-;NY{B+E_s#zx^-s>~>EX2Vlb=btmnkcX#(J;r1J0<&Cx$dKPJ
z%T##EBOCn7C>EH5-UbgeJR^bKGtgj_xMAEN!(-CZnL%;~7Y~-vh|C2Vj3r;mm0?dA
zV%W)W_0BVFk?Ps<fB~D#r{x<~Nl%yam3NO0Ri1_nQ=YyWrj%PWTzSV8C{J$`7&b^q
z&l!OMXT$71QW>mGBNZkXF-pew6hvC;R`W?07jj>r;c*FT!)VlETJqJ=AOstP8Dk8x
zy8dO1VU2|Cim}R5+&H<PuZ&Ze$XF~llXM+MfWdh0I{DSSQiam~WePzzlqsDvk5``F
z7%#Kaj0vc~DC#~@hS53^*fae&;(DM<ySv(gZhU(^28MOs|2<d*_e?U#MuL8_qFHuL
zMumHdU46)u8_;Jq&_CaxP>TFZ21hcdC^ZgFQF=OaDmut&xJ@%i7Vo-gGGh-eSFrrN
z957g)Z=WtRV&4jd+Q~EUk#*)Uo)}kDRpKL~xZg~r^)@`QkA)Vc<|PY0vc{LslEKE#
zmK%RVd6+#1#lzlq_8|dPvJ%@=B^MewSAO^!4-$gYcY3&xmGeL)COC=J3g++9Cq~Hm
z^JPrjYvk&il!uYEis*k{3-)8Zx}y%P#()V66cDfAiFIa5JsM_RaB4s?MxzZ4^2dRV
zARw!Gx>4zA^Fll^(r`DTEr!tE8}W{nn|hNXslVMMGsYt~8>D$Hb&)}`>kcoH(XPEk
ze(<|hF0<uU`OUc746-5HndId{ez*+;VQ8*cjJBBOV;{^*ln<Rt@PRR4U6YKzXEQp-
zFl=uIUhJu8DT*;j7nkB4qtJu5;~iTXCETIB19V)pb_b-4!JKoa4Abc@AU4<*=uWmy
za>Hp6cPZ@`+zlX%2w&bUGsEJ06#5DG%GLMWs|@sv`xHc+?pKJ`dOzN=G01xWPn#yW
z`H(XY$Xs*FgDA!nROmwnX|=KaAwVN(UVdcSGDrmL!Y|7(EDXk~<#MCRD-=2$T_L}!
zT`ASX+4m1a<``*Scv#UXqpgZmowv$;x$_b9g%yimCBHhbN*=ZH)$*ua#e+nHjYMu}
z$fHWzUp|U1F?!$inEWwjja+fR@=*RbiZkq8*P<V6pq^N(P>QWhN2~+M8Jy48fn`~z
zm$slt%Z(V7nDuyK0QRp}x-+3wZtqenptGv0HYn=w3A|#>eDH+QOyiSs551pK%5Q&4
z`B=IUc(HN5v{4bPWlzfu#BD+ahS8x-vO2OnBlpquS$ty@eEwO5%L<<ZST^mQ#S@dr
zJDykcb0_cWLI!MBdi%y^xkSYl0Ad)pZ<Swd*lO4$b!=3d+_BHv<ms=u-LQ#4=C`2`
zYwXQ!XqG|vXgkydBiGG4l=&*+1$<>xdg%q_>kTi;V84G6Kv;z}JLSgBHoS`d6#j=}
zHl_S+yX23dFDd2sz9fT~__9oqpI(+Vf_1l2C}$5KF!ge5j|^eqUWIP`_Q|ha+^1L(
zllKExhR&~eV%@ZM$l%is$P{?*03fh2zWEgtXJZilZ>5vF{;f<a<6cGMtm7A7l{w(<
z*TD8{)iU698UAap%kV94C?oqO;4>tie^V}0@Rt1TOXcCNw-qD?ydwku_d9Z-%7ggE
z8uoZsCejn{DlkVKl3{*+2(K6}_a0Vy9oH#;e5F%{HRFifYu$U$R1D}-@5zO7-&fi>
z^S%Os85{S0AS;>Zqe_WakD>(Qk;B2RZe;F<hDRBBfB#T!XzfQJ4eNFO$0!=T1JZZu
zV_7rZ`U&7LlJlR+jqm<cDL?&~EE_)`1B$HFn&WaQ^9h+Jj+_7lHdJ4q1b9~Jo>P!G
z)+OU<xqQcI8J+2$p?s1POk%gsWg4#kT+vy>zfeG&p-+s#?mQ!di2hO;<9~mtu)?IT
z<c|FCl|qm;Un?knBUAYOZ{)Tc&dLu#-^!o1e=EN!JtseWcMd$ua9@2MD6prD3(C`n
z7Yq+d%6<ApMQ#0b(eNT8`Nm6zt?XgV8f3hk{|dP?tG;vhBgHrOaU<66+=HF7aAo;|
zz4{<B{Sjwu8?zw?@}Z6T0glR&0~__xWQEz;gFLcTZ*o}V&{n0$V|(-|B<fY<7kTYN
z1g68?;6{q~Blywt^wl1v@E5Lz6i4u!(~tnQVXcDR)BqIw<2Cfcb06ZPJ&<~yo(nL@
zI0hR~c=PkuDqLYu3SSt2!h7GkR^glkrSPMPj<F?25|tvCXpw6-J}5~kd_&T;3ZEKo
z2qe!W8KNZ8zeWo?7)d8wM`SV?f~A4nlZ;Z=rj$pD(!Oizwc5v^1(LE<rG3n#f7i3U
zsS4ypX@-#`IWW+R{FY|$CPmK#%1rQSngQ`S>Hz&Z9Z%P$R7QpZFD(m=Uz@3#vy{Ru
zwD7gZ^jvr0P1)D#78`>fvlSX_&$(7%#^qOY6f|ZQq42eaB9Lq^QXn6uh5ur74;Yov
zeXaO!K?ap5AX7>(27hL{dyuLULx3|)t-WrNA(E^uG2kRcIs{uv3}eYDTH$JmA)V=q
zmn#ezeN$6R8Hp*WiKz%cWagODbIj(X>=YUnBHvXQ221=nXS=~fymuM;kf*kTQP*xa
z43s|HbP^wqKZ_4LPNJpfPZ|cX54JsK=ixfi$~ixUxS#3oB8BRZN=kNCuK<aI*kZ3}
z-1mlN=g5o<WKpK8Ln!G8IdV#P=V!y0I^Rq#Zn$MeRYeU4oHEG|zZjDGruV!vC#5H*
zCe_WJIoo7P8IWqr{}oP)sLIOPg*A-`+YPH|w9Kxpud+0hSJc&2<L~%dvNS*(J}&>7
zWdtt2j4LRbFpi7!<nT}IsN%Bmu?aoT2(=9>9y_*R*!aSU1!bhdNeqv02y$Lk%}mx}
zkb}=;ijUae`fGF~nc*ack#BxCJmEg9cK&=zO(QA%(@?7Xu*Ua^={Kx++_-|GZY)Yl
z3n%7}FDNf69$&!PR|=Es{xpnMeppR?!v3}<xpdXwZvDe8h)lj}7-OxwJH)!#V}LFB
zPeY83FGQTPp<Ir74qI4XZ>gzVG~(t`P`0dgVSS~A^=?(3=$`SnMKxqCMo8AmyN5)S
z<d0RzdwpS9f$}_|j4bFQ_N54V*h;P%T3vkPK`1Pmm_N3VOm`CF+#4+QHzJ115V4N)
z_Zuj`&@?x^w76tw@ucz*#iirQlr|_1J!8p8X>)fGFY5f|rp6TyFBpr+>Llr#x0^V~
zxlf6uzM;0JqMA(g6HB^(*|zzK19Y}g9^z`9Z`r~Igo<ZcX683ESQ^=|sNT`hahXt7
zP)Y{%5&I1&EKzVO7?)o-wmg6M@X~^^ZbYS*!;A5)h@nDOc!@67h?Bv#pFG7tC%3}+
zb+z?UL*$R`qL+Jv^oBO$JgjV@^*~^#OUc-LMz#ps@7`jj&TDvKS;++O(TIWqa>YmN
zYh4yo=_&VoeEuYo?<Ypuw)u*$J9(B`7A&+hG&YnskX&c6(0a_^<u1Romit6l@A2^u
z0WpUc7L8OoQd%$?GD6Co#J;xb0MY2=V<(!#lr4_%Q%Qz(+rcoa|0F-sx<tg`6Me;g
z){?pYeP%(7Yi3q2dN@~4_C6^_TK&6b`N@3QFn&>;r9t4V`OA=WHcNDM`qxy_zFiED
zQ^A&W0ToI?>Z35HwxO}OrrK&s3%528_G_xDX=topSlL)rThqWbT5fKX%XRAyfva0M
zqq?dxNwCx`oL}y+fnJ4&7mUcCFm}A8LhRK>Y)*~_RKLGgTmregSL_#{X^<QUfr$7|
z5HkZc->R(n?ehrtn&|7e-oO0p#-p~L@S$Q%fa+zHh2*^`hLEmc(UYtR5)Y8}M@8JO
zb+Z^r76*$J)~FZUtzl!rtf#hfq}D7(kY!de(1zmkb#AlkEtdHfGGv%I+&y3Zv2vJ*
zT}7kC0oFga7_2FA*y0$h3n4XT5jTM>79+hT)K%A3Ky*e_RTI+=G1EsOV@>T%aq-rQ
zS!UInfYxljrnb={jhScsKu=H4#6<kZ6;;f)<Z!HIvdt=%dB{jW#~vvbZ+7ke5{WAq
z#UavfYjaDC{3WFU{Yjc@^u`%kq7Nw^CYr4$6Mc4U9WYiW(V>05SWc#ei`AsgB)XH5
z!(yLMnQQ9mE%^%@=YZ{Qv80a3w{93`Ahn}JUkTvJQezk!IO5$`47RphE@ea2{V^OD
zVTidleB9jAlzE4L>U~b6rT`-_ugus_0`Pc@=wmw_E$(n~H6g`0p6GUpvDT}3jV|=(
zjwRXGIa@mu+{tQD+<*r+GQuc+VvQN?ZrxZAZi|T(N9cUHe?VmGimX6#X{6{uV)lyO
z<d<2H&OLeIjvBQt$tKqQ5=U@5#tm)Ik*^Hm?K?aNN9b(dCW@Dxa1gW+`}zc<k1ggp
zvErX$Kt3%MPuh-`iB7r*naUcrUqtc-iZP`5ZDSwT;`*7Eda^rRoRh>J%Ni>hp(^sr
zJh|%&$B*LXSJ25`n&;_U&y^L>d7Z1ZZu>T*iM_%9kT_*2hhnIyjEkLLThllP!ppP+
zSDPeM)?4s-W`3g(Phqj|5^75IxO!M5GvkI8=Z`HY8&(ikapUY>Ey|^a<(CyO6GN%R
zadP|Dk18nQ;^JzPkdD;2upwS*n;Xo<7L=A2m&&-rbK_|_lM03etzc|f0hglr1a%#s
zz{RBiB(#~OzN!*G)8p}TW-ZiQlZ68dS5`GZ9n!7|miqeIdOG>b`cpymzwMw@|1bOJ
zpI<bYi_0%9&7b_QxY&~XLhENkLcHbv1Mk>;>xG<%Ci%tG`2PbEs438}u(Hz9(9oL(
zf=mUbHsks;CJ;c*8J7CuS&Zo#tlZgt9@3-0)spHhqB*HDscI(15DYY|wz}GaIp;=8
z;Y=YuKEBs5fi$HBbnMB3ZDK#O9k+40TpUw~Tp|~1;ucvd>cI+CHH|QcDyl(@{G#Dp
zTqUbX`fnBcH>ukK3I8c)_eQF?ba+82HxxtjpVelB0)tglRyr2C`4x6jH@_mufiTrq
z)Xa;E=ZYr+hnu<uuEAd7Q1vgFl}exe_ukNiil)lSg1_K%TFn6m$PAzW?p?wjbY*3k
zmVe~h4GZTpv}&5{SO-d_r>g=;S7iUW7qf69N{h!qqxE`qePPk?;_D?k#g*ijjxQWv
zSX@NMj&{Y4@i=8zMf!~q9#cZuu%3~}ldK(q1{<mQ6*tG>If>%cL$i1eiHPGdJaIDn
z(jp9C0~p>!IkUGeF^!Y8$$t#33E<My;L`qUa1^;zH8@kMBY4s<Hc5Km+Wl1!?8Oxh
zd)%8d{vpJs9%gdb>wgZiyWhRBblCIW?AKJ^0QUSRgAH{ksXvEZ?+x>BK`QhF$R-J<
z!@mDVFuS|ogC{yq<%o$C_!rM3ON%FzP|;x=Pi3c%qP59y+eD6}yk+!s9$zt=nj2N4
zDrWbxH59q2u0}?2LlXWc>8lF)1)DphS49)Xj+NB-Y-A|sms#^y2hHn7B~B4RtlY*I
z7Qs?kSW|;#SzIq+ZV+e#4NT0sTavX5*L#*?&%Lw->n%BQ$k;bRDy~dFy?~S2ZDRD`
z9?gNqgsO(Zn#$VQHC2tZ0#{hZ!7IUyFP%^zPeC}9)UG^P>Eo1H+HDP~KVwp<;Pkn<
zT<on4brthVEp%O*&`?=hZ&@tcI{(64FWV@+CTOyvT?}vH1`UQqla%V908}ZIl07oL
z%r|aOuL(63M&F_ay9xC#y2J2Ir1;LMnrR`+)*Eqj^j0yXDekX_23kfQdd~?((8%4I
zl`cr_S)}_-FCOWBCyYY*9^%4&=;4&6|8-WepJP>Y)L=q}Z4m>=dxwk>k$=fe;2!JJ
zoS-O~X(;c@RPF`+|7SUeBI1DM60XH^30yClg7CyN!6~?}!b;#9#Q@+^*~CwN-zN6A
zeU&0^bs>31(T#*m7diKa;Z+TF3mdH!!z1XD(v!-5spZBh%S~j1C<<<{KH(U{QWvMW
zp^}?WSq;O~dcYJ-IuDB2dj%y)+SA4R$c4>fk_WSbsX0J0wul){<tAzz52k;g-69U7
zf2rZ?+=z!hTSd|Oe#skT*j6#Xg;pdpw~7KSbN5y;uDAkrh@B`<Goxyz#I)45Xw<CL
zgt1u5G&GKfP1#VvygtLa7jxD#Mb}$%in$=kj;1;d5UBHr8@$?A?CX@1L%QH(BGc1F
zcc=Jx>*V4zlH4ZxS_6v1t$FACb&aICO-#g}-ECsLuF=|gZZv+3ZU@edN#sbrF_<iG
z7bE>u6KI?@yO<B|)#_h2J4R7S=o*^~p#YcyW^zQ8on4=y;9}Xvk`z;7iV53(a@c<e
z9zf4oFPp+WvHE~&q7|(#6?3r?65Z|NXZL!HImM~p5LLVB&<BJGc2m7{Po*m}wir>P
z37RsIXRT5$Xsm6ls4lWJS}nz~pksgQ%f&GRdXYjIfd3K`7hn=^{kYgj#5OVfe?Cy4
zQ9>{5{-=bB|0jf!Mh7h7tI+f>c(Um)h)#Kfj&g5$=g+4xlQMX$8w+cgCYOEvy-ah;
zOH^AZVE{p1cT14$zOYHim99qOtexKkdsR^T3IB{PE+i|r8N;o^OZr7<<W<3!iM;jh
z60B<(*U*Nm8cHp*;6zc`7ZQvA1p$WkVmqp)B-LaO0fYc*y-YiM9U>War{5R-$=M7e
z^Z((Jq$r&$X|p(aS$)eANL`ue4%a7dZ5<tLeS1pEj(5sjb=IahH|uLJ1?I{Dol#W{
zjgt4d5x#1n+t(JW#C258U?mQ8x?BvUzEu}GCdAZ)U!CJ!Y{dh`-(7p$kJkI9hAJ&)
z$W<H4|Ff1B+zZ&DW5VrQB4{au44GgIXO2c|`vly<byW1QE}15KE89O1`;a_ZfO;!?
z3Ov*jXidJ}-P&31P6jr>=XqO!7+@PZOw8_aX5MI>-hgwO3PfK_3GgXfxmFx!LuZNh
z>x~Igi_;cFS;w?jNUl-5PL$fgYcgm*N_yyZq2$*RF^JZ2i|Azx4XvoIsHwCJ<Y;&x
zhb-SL4rrQKSa5x}2VY`jZ4Krglq`0}wrY#K_dE)P+uLksZnIt{DHF09OQR%Th2tH`
zmIU5m&6#YjwakP@lp#0(K(?homvs(t3!oBhCx>L)I58A+4)?3BFX>3fNUhi`_78SM
z1zILDlln#FwMu1U1NBf*n0B+O)ZHFuCM{<zFE;d({D?EEuw$|@o*Te*8~BavyH~I8
z)=9-FW_u9bs$c48sio2ahuBP&Hex2e*&g^muNmQEr}Qw%=zZ<6u%0aDB4v-L<DQ^^
zckcq$kBVcBj%cDn3%Zq5+^!2E590zQ?wUR5T{JAs4&}eo({wO|Io9urafd>Tb3g)z
z7n157TQFig)xSmDSOkts^T%@COG)Z^f`MgS3A?3#aexc^F{n5?q}SAj@7K0{lA|Oe
zpTpML`El%@9tL2*!>CcjEIDcxu?K1x(FbZ8u@}@ha-nVYm`5RM^C(WiFSHka^xa<}
zSS(L0tju58NvLkW6uh>j<VUAa$x@Q=*;5?VyBTRp0)qdI!DQ~S11MT{mff{XCcR(p
zF`#s{8&aSs&#00y+fA|m63uRFN-yz$@5cY{834UWa?Ak#Wp`5k8P%En)y;$c5(?Mg
zz7oZ((G2B(W{62*3>rUtA*zW(gWWGUPVv)FH0-rCe43IXm$8r{QIg}nuA;s%E*9>U
z%AR;uW7T}iEwwe4xY!BfhsoZS1ln3}>4<lW=aRWNlXb!Q(CG+6{C7Z^uDZqo4B{m>
z65dBzJ;<v;NkP;OHHKK%m3Ww>5s-xYT4rK5yK7c&G2MnD?WfjMB-vZV$Vd%s<GDr-
z&h$701_|G446=2N7Ym$N$dw%N(U~Qirf!x=3i|p_K>&HV)u|6@COS9Lcb_=Y7CA{g
ztCMQ1+$09=7`((o2cyW%daAIWUs`;RomgI8Ze3}@S($f<etiTv@qx6ZiCj<MHr7O!
zabMMNQP)V=VQCV<`oGWC@gyr6Vb!glgq45P6vX;FE5uyfX6)o<O=&J?_LvP_N^>GH
z&N^4y<Z0qyXX}<Sceh&DDAhBmHy~P@lCa3SA}83|F*?${-ZIOAbRv@94-xj_$6(4e
z&k*BmXypkfGJcvk(AxgFr?qoof9pp}(yi0yF1PKph?!2kn&@^i1PS?-%sbYT^mVOv
zfVI2gr=8YRARXy2-jTnS8dLuxZ(MKNkVfVtmu_#1s>#l0rx;&~=TJuOKlA9?YvW$}
zfck3bLZY`lM}}?@`;kRgjlO*p{Y{qO)eV%h;dko6pcf$OW*FSN7l2$fQ&us(%Fzaq
z4O3qWOAhgI**8oMZxJJX?Tb+_U|$DbK)HG90*p%Pjg5UQd{8czKNcp994wA4E6E=R
zc?ognVuzRJj~Gv%y|~y3MTi;}jwmdkfn=|#@&Xp#WRkm842|#hp7nH^j($91miE{(
z*V$x+J5(;*%I<KkJ?p66_j2c|7Z`;9O$=^g`dwA27aIT9eB<4F=&5%unk=|#3>_+Q
zi8AB#F4UW?l(CllJCcf4%KpDHn8U9%m_6fbPtbUTN0eAR9X#p+jUiNDkb`sJ>Z2;q
zdUd&n^?~K`@|S+I;hU>_D3z>nG&!VtQ7?xg*`F@n(B$}=oQNVXxc)kr{uh(7-INUB
zD`R;olJvu6(o53aq}&3ld$GX@5hdN&uwbbewbgsfbn34ZoB@X{Z4)Dd7z3(Gz+#VP
zCHBC9=BNZr`FIzKi}lDkLx>gxEGOmy_3CMs8T+B3aVAG08|otMJ6Ku-Rowj7tKgpH
zCNn*Iqiyvsj=<W(g|xPbF223L02g$b52VXg)q8X_%E5bdufNd&o@xO9O*i|=0W7-Y
z?(rEoSn+d`8?<|*yRDw?H&ius`{|Uo)FC82QyJFe8$qP0F%zt{AmOd1v4VV-U<7N&
z(#!N@#wY3(OhP~snN-RQ*4sQ~DuYH+trcg(tkETI-Rl(DawY4xh<fW2Il(T2(Kpsu
zljQoVOrluJikgF(kDZ95rJkfGx(IWO7E5`WRZ-p0gDq+@MyhI{vLQQeEUX3g-Xfa<
z)I}F1QA$d%p(6r&rQXtj(~&Tdd6KbPL}ThT*3_0%2DUe$C;`aQcwJD5CAHUkS(Bmy
z%Ljts%GwDE9-Xr=6O+0?dtNIsR@ry%Nj}>m##?XC37pn@2DNi+UL#fKA88j%ff$(1
z5?%02nfdVB-q}P;^!RD%uYbmH|DWc!1Ww{F40v~V&EZ(2Ncn{S;b6E)gCWgR)h9$>
z+o@V{Qjdp~Wu^vGAGI6VvOx5-`j2r_GUlyA{G){KWO*g~6ZTT?G<hs2^86$FD8*P3
zGNBET;;C}_s<mxhXpcWw`6l^;$<=yswA0vHQV}YSavob-X+2#POS8Ipl4}qRZp;X(
zw{92~?Jp%>FRZuB<mMu|eg;`;5RKN6C!&z*ZBXU=I?4b}W1eH$)@R}31p0S<jkrYq
z9Zj=)^K`W&08P_(UF%`>`Uk|i*@_#)Auip%^c$@u^Zc#tts#tNwuGC-aXpT9Gr8>z
zc&XvEw$^RdTUY#qBaEGOF39U=NrBYD#UxG^tPq22{!7Hidd6WYiF*?+>iKSBw9VWs
zj&()yt(*0EQvhkbOKiP%CTkQ;lyxNs%Z<G3gx?iLxEbQ~?)NyQp84K)<&u+wFf>!n
zV5Rv<oD{DxlZ#n8KkLUSF{I0aRn}E^F?h$hmvVK~w=b7XydM_MEz^zutN|N$zc|i?
zCT3ex-i%_!y7xGc)31pmeU$wV<7?+(1!uZf#L3%z#lbXF-+Fb69#tdBiaZ2OK(8dL
zOIuKgT@CCZsH}yKCD-i{6S_%1&9%Csp>e|MGBM7_ao)6dZz$xtvAy<QkOf{CU7G4{
zUx*(kPU=B^zqgL-`E}qeWX^M6A}q0DnRtH>4@~Rswyo7F4t4UVt*ol39$Qs2kK_*%
zhx(Rv|Aqk<NAiPoxb4Uyx>`@ihSEi=+w}!Q%L>O^FXx1?^*XsU89OUL8`oNzjchfQ
zMPNPqw>&M$+KLt=T64D>J-P!>X400c^Crz-iypSIt3_w$Zboz+Hm9O~c2BImr|!E?
z>H3h43UMT9TLVL$agY61+w?W!^G-d3vBUFdxbCkY+fet4laJjV7m_zj9H!dhLRrJC
zen%rsE(o(XkbqmnIIme)v|H-y>ajc~8;ZomlGj9u1gR^p93>X3-_b;V^}7Xy;`OR`
z*2~HLRIj9s4O5?nxG3R0vz0sLYkg*WnC*`ZVuLfOUjdmx3DMTRQT(-sKvQ>geBt86
zJUh0K=f!C{vgf>$7eRn4e@E`6avdpp71DKThv@Cf_Tez{kd~o3Z)K;>XUkyow6}_U
zuk8*r0~n`LGDm@AfHYv674?zywKfm&mG;9lKgiqd@F6UAS3Y+I`Scyp-}+R3u!lfJ
zsccaVvVWJ0qAya!Drt&(CDXSwJwA$|<|%CvYACI}iLo}rulGxeV_>h<jIyWb$fADa
z)I>3mdShsO(v6~7X|V=;z<X5D6p{H=4GqW<iL)*nB2bwiLz6}3y$aM>tobj;S?BJ{
z(xq8j8w4gI9zuP^O%p4s7g|W&e6hv7s$oJ+)q;g2V3){SJHB+0JZO}fy|JUrU_Jbu
z-8;$*n!ZtPP!*)yK;B7>wX4kbxzJXWF;ZGkes@DxUMP^|-`!A^?-Zg95S^V^pqQMz
zS;U##yTu$SZrrgwX2(50wCULHi~)Pa*Cl@IdP$6xbp4V)aXs)CIuFu0Oy^-+@sfC<
zhXu{nn5SLIJeycz&Hep1iA0_IAl`I0kafwQexz=nc*T`%rXdv*#Zhh&r&%{FinG>X
zUc2KV(da_Y`g}Myd;o5sFvm+gC(w6g*tDYJMfM)iRC3uMMnIwYQOy=A?f$SH*c4%H
z-rB!ggWPMkjVEBASnAQet4G<F<mcIIrw@umuuV8Jn#6Ci$Sco-Cu6>z{-)?+o4;Q?
z!6ql~x{8K|o1juhRW!`8@(D2>%8Los4aehs7A>4nHP5nWIFgeXXZ8gjdXW9Qu-6hh
zUT~8!g*N?FvBtR@XEse6y=5x=-E?FFgeING_?v1+AbAM8r%v1>jv_03bS^#btcO$L
zT<2S`35YCx2zzomH&GkRo%HDxL#%#X;y*BKvJExZ#Kd-^_4tFaorq&#XUa}`I$K0~
z!%pi#r+T_k;)S3Iz2A?c*vupc-V_)2=|&x8W0)1;V^@~^c|T0GQ{Fn)o}ve0<e?y^
z-V$xywCgc7-EBVai2v461LA*WjJ`T3-k@`n_8LlR)H6uez4?%tA8vIE>+5P8tP6&M
z35WQ4_G|{j5y_A^Bx?E49gF@wyBOJC8o|2Z#bE0pL%0GyU<Ww+o_)#W<6vE+HK)v<
zKKPL4PLZQCxMBdh(~WK%+pR`+P8SobEsyJa9Pxj>O-(XVNz91Y9{j0}A$C1tTE?yn
zRWo*Fn4*~%<=hR%#vKwjI?)L`aAH+`<HCySVHNc=<?cQ_BiN~7A*pcD#V{*b>zA)0
zDesG8)tfQNkwLm(a{8#qIjT{SrVA%4zQ8ocwg#rYFODXi1(*agj)+rT=w?5n`${a9
zchXgSC7R{O1INU8y3NhUw*H9th&Npqkld4E2{YFF>oVxy{1f5;W}p)o=w7zrC&lA#
zJ*L~`^J0m;p_iYlGxdDmKT-z^6sXx?-<3J5r+w4=;uw|n^4UQ2v{}?esmmTXD;mkP
zr$ujD^EYCw6PsHU?SA>Jc)dKmv-+)Pp?&Ya;^d_iKxI?!8H-lv{d;McE`{88#mR0K
z(w#?(Q5ms*Hruyiovyczq=TfW#0#P>f?;f@XnO{Q>NnDHFVZamW(?{4TIXwf=)4%C
z^Xpa-vMQkDATeiq3;7>kh#919i_X<oQ4w-kAQw+IUl5-lr_W+hX~(4uPIEtJFGZTV
ziAt(MdPyv(5<`kEiUF$qz@J?fhoxvjIoP)kGaHGVaL&%OBydz4!XdBh2qtx-5vICp
zs;+O2?7xxs11E4a2#=D~8HP>1i-ZK2Rz3TB@uhpGF4^X8jQJllUGm>IO?ObxOu1Nt
zp#&Z_gCQ9wFr<@}uEr=b^`dBV1D?nLAijEIBxx=&29RSn>geGuSgj2>g2h4ZC9zUl
z=<8%-fRj0ed^Xe=qwKt0wZWKg%%_4$4;fIX+E~?CO$mxFRKdfARV;px_Hnvs(iUy>
z_q8`q$<nF1{;o{F;%pUT^#2OHz6_oNLf|qUMu=}-mv-P@4o{#<><VD0+FZ*<kX-B%
zcO?E*5eJmUg<&gPG4sv)8GBk!y@OTOC2XZ7ovy}I+xoG(Tbz(W10P96edV0-4HIER
zW0t3^Vrv<zyVWUH^U+}wxGK`s7;QrvM|7mDNM|C(AH)r~i4N97_wQyh<Y&>-#hjAL
z#y*<FX49A}5FsZ^bsf?0r&0GU;{{7SmI-*IUd()YvPC6Xe^pFmIf>*_sjf|b?a~!=
ze>*wQ*BDIO!!^x7k9g$4K)>p2Oe3dCk>7ams<`SOH2TUvZpzu5l12^`prtn_7z18>
z%J`ZNt<zg$C~+QeGG?>ia_{lmizJN3+~VKQXtJfa7^kw&nKl$JWRDVS*nV>}UPpi9
z4kCPtBKtjz?lfxcL*`7BhSEg#_c5MA5i@Iy6?u<*;Abo*b$`Muvu~<yTMWo41+FP!
zH9BY!Ny#^cd&n_soHjvOpMrI_=H2H(qCAa_{|&(CZh%_ePr+pvJsm2aOkFq5MiV*Z
zV{FcYE|e2=fvv226o0>TJO}ND!w>A-4idl_x&I|lD<h0Sl(@3aO7=6hk`iwa*P}xB
z#(zy$;ul~n`w!t<o18Mgv;`VBP=3Mv?u@*1ZZ`UoreNc19toW6=9ETvZ?N$mNPzs#
z!2qR8J*L(Q+?&CSQ&VBfF!55ft2A3x%$y0;+CZl;<XP7*0$6s=1a)^3t_XJ24^wph
z<S93#y+(T&!~Vx$GMq7sNaA)e4BPDY`Nn$L5<=y!XWEX0{Xgwpd32T4wO`*C$Ux?K
zB-{-5+yr6>gh3P}5hH^P36s^T*AOB`5F$6x(pG_5+pgL&n3`RyV6deO6(nl;fC|d9
zt(H2#v#+&J6z%F;%i1Nvb3NPIR^D%)^Nsg@2}tdFYrWO{llz^s&p!K1d+)Q)KKqE*
zWG_r2{4AyG)?o8>s!)7{WjcX*Vkv!8B=)Ca7D-crvT%|%3P#93o`n3FS1fLf&RsuB
z<jC@yvrvA<x?sL>Pl@<C*E7NF?H9u6ZP;3_FeWe8wrRQki!JkmVA-GmChwY{M!*<S
zE*doY{z~oIK@if6a`CspfEX#r$BRhdQpU=lm=cFiJlT%c7%x?c6|x}{sU;`^#tkDC
z!@_es{7v@<LdjJ9ZEzg9N<UexCD4&mdJ^8*(XOI-qrt~x(~9ZzXu(V$FPZ{NX|fqt
zhV81P6^n)_OY6~9T3&)Fr|F$5L>@KFf^DGrHZ6XrG^tW!w>EOP+_*;MNfr9H(;J0C
z%CC#UJ9bdKKB5nAeaXK2xJGQy(3N;@i+grgt(eDMiMMR!3M{M>kMXA(%wdjsmCnYA
zsVUBPq`Y^xC`j&Jy#mdWwp7+eis{?T@*Cnr{)NG24jDHFvWV+8PS%Od8XS7%ESKg}
zYKa#W#^^BuMpjSy+EF4;Hey>6W;Y6^7zyLVk|-!HO(>mWtoWjqAC+mN$V?Zd(HjkJ
z>}Zck)lt!;=x3Yhs+BbXkHxe`)Jl$VF(oerlc<x6-8eZxe5A9!_*|11VSG4A9FSkF
zGw}7&WF>qrH90)KlL`02lx(KJ6p?H+tk+=TYRM3JwdM`6cB!H`*TYyKxm@e;C2xkQ
z?tZR8q+MKbvrEU492F)lUKuIr?aAUA>v!h4U{Qrvkp(@<Xld;zSij=+Q$1Q~m<Zd%
zQN+NsZELF1ji;@OvZpe;A~eA=_5O2fQ@juFIjPmdO-?rLveJ<I&SWubl`FxLMCGw|
zT%|@fsbg>Tfvtw6UaIa<$+l5f4(rnPNZaa;PF5qOvJKbvFKfApwhgyzsW!^7;j*g1
zy|dD>HveDKq;wX%a3%Y2|1@z#2M5BlYs?gSr$J!uK7{#wd?*yIPwv&?jk(iBf<~vl
z2Cgo5URGizGcvrr%jK+%IZUlNvS_1w##v1^H>GT1<={lTENpYD`5PuyP6wZ(vq7+v
zGqYiWsuS4oZK@Wf{}ikVR6CL-5uVqQZ86r(5cg=~L6BusWh*NaYke>3WQQg8hCrgn
z)=E-*m&_9N7mL7@#OPL5BtXg#y6+nCXI!?EOA#hYv))c0*+vh~7Eez&AE=MG!dp_Z
z?XtocBMGzTI*)NwSwyUHy<M7B?Y$>M&P4D(?3O98S{ovD%737IZma@|m#iFmjr-<6
zV*LXHMn9b+&Rt}Ad%Tzl``90)Ag3FeMe=CN0Bf3bl--uCIvl=>)nX2D<ZN%~bh8+%
zxy%u?Jp(3??eSui6nmdB((zaUV@$?6{uQXiQketcFY(-qHLNP;2-Uv(b}7i1oC^SD
zp;e97&Scok5TccNf|aRLI>(opL%bE!a|^{)epc9RVIkN6TSjLVi6#o?Y1s)ifeDi)
z^2^BWBHy&RBKTQ}gfPD!U4$?N9N5f29I`v(sI>!Dw7@LblWzKwK8)U)3FBVUbz%{%
zy%wgIzF*_cU-PmA<1dTF3{9_}AW;(>-UAY;@$BcsFXHq`us5Mfdh{gDAv?dDKpzyq
z2|&`7dZRcl?Yjjqk#b6&y;BNzEDcB6?<j{k1+Rch1nik14Zn2iEx0BeE<_{&?f`o8
z65M2)$AQn*-Xzx3+wGtlt`_-5U09sZye8qYYsF1bitgFPA}EjiX>BWX#?#k}MaIfj
z@q!+$jA_@28>1}5XSZOR_Uet;zu-7nC~`LK#L7OhLkp;k|M(FORwbRtfagTJC~{kS
z8EK5QSCZsDbF`sM%d%51pel@Y?P7<=CM?g*xJL^;;>O*p+^Ge0+q2eaeQTL$cOP8g
z^ry|=+Pe(1<cBX~Ap~v_O}#TAhc@oj5PGfy-QcnPN~+n)YuSDsvTuF`GpPCnEty{E
z60_*-8}u?-c^7VSqCLq}Ix|#8za1ZJ=t)1FL+?HwtfxEo2Fps}bLVoAR$j+}fE6!*
zp6iE;v^uDB^4vbJ%H`DyVf&me=~~?(Z>hD_T54Y45;zww>0Y|5y~{jOtCmT3VowG=
z$4WC@5o-dW@{mxG*x(x%x^t`rAUz2cp2eytNB`={XwFHt2(_+3<7Vdf_5_3Y$3YG#
zVQ;Wvt>cdS+0f`qBKuL^S#MKp1`1$vV$atuOM??;TP-z~=-H`!$<6jv?AhHcN~>Z$
zGC78+iK|C@uOv}<d$-BR9&6nmi7MkW9)y7#$k$<puv?w<?zbaGyf9RT5TjlDf}anV
zk?RJ$5Jm4`WSr|x`D-Bt+<G)FIJiEi<0e$6=~v2wJ%Ep`y9lmG_}mqoHgE32`7^Iv
z#L>FY3MWt~ef%W!QiPmHOhNd+&&fwk0pLVn$OwcGIhG#-T{QQq1)i+jK<LWG*^P6j
zHH8<>Z=Ac}YB_99QMx-VSm+6BF^#Xp`GgfzuEPG!2qDJoLXNQ;UWkykF47XNHgUPV
zUoH3H3&0h|tG5e12<uFQ_4X9yP9KCg-|!R`mT{i~i#Phm6qAne7m7i}gN=@!kuc4~
zGvU+Y2``w@INuYCBf)Cd#0$mN(=Z~>GyK<@^jzw}ARVhG*-3D!c9`q{6TZqjygj(P
zIofYtNz~5t;P8~pPI<i=h}dyT``3DPE%kq`S6=Ss-{7nMU+eWBU9aN8)+^=q2XCTR
z_Q4Lmt3OyX$Gn`26E%)+>f8|Hn}HrBsa#&}h*C<tY(pv(w7VY;TvwLpS&+(nN2I6W
z{YtG`dBAgUsZ2BO$Fy79+m?5(Vz*L6zG$n6Np?j6Hse6i30=?a`Te`O^yGIDoax_j
zCosjDUmQTHr~lpDKrM44n=Lu4j{z;9YR}aysS&d6+zBpakH!P<<JQm2P!culh0%zs
ztwYZ^{e%ss4eP|;>{^1$BC6`HB{C8xQkJNACsuOw?F@-#1>lsa+m3T3sdHi&tKy$l
zM_bOy^B|hCuad^MYP@qmRgO4btcu2Tf^?Ips-pED>)Eo?asypURPV^Z7Vc4;kCv*N
zGgW9Z4;e13a_h~}<IuR=7oJK?5O1Qb0`s-l@)EfLQK(|z<Rq+&IXs2~OCTzdHhonr
zjPbT=eO@b$NnHOF+<XGx6xqtls_&=ROl|BCed)FzhZ){{-510{b92A>b*<R^sjU$;
z2KM<!Qg~OMNvmE&sP);mVIOuXF*K3Zy@(C$Tl?Vq6u1prI^5n!r#F6qFeO{p0VHrt
zyGCZD*qikLPCFZJ6N`B-fA*v{Tsm)^Sc6lD5h<YxnsJ+$OLf_C@zj|ILOYW~A>;Km
z;`yP)Zr^<b*LQzX%WBc$IB#XXr<Hhj^6NWAb)~yR6oQqAcEnc^!lW%1a}&%{G-5;!
z+A;5GMMEVRow-?*8;`FQ9eS?g%O7wKn&@bkXm%e&X@AfQT-N|vj-eBmy{Y2_WVc9+
zV?*un2ZO?>{)%YPhew^^1U%n#_8!p^V{Q0@UYHzl-ix54w`1SUe(A>7zltNKa+l>i
z;M#Avto)K>TK9?9l`QirJ)h?NPV@Meon0ZSq#IkIi8dCcq*7wDJlSkard2{x$Yu*l
zJ)@@?f4WcP={X()L_mGf@Q7G!na0;e#PAe16iH%W?n$IA4LG6>d_$bnOQRgrA_0%x
zl{)Vhi=+J2HoOSek8n<$%TM)#yD=%H6I}DRL?Z3EUnCi+_lrMjMV1XR5M$6Y+YJ{s
z>un2?4X^#cF>J_|!}d{RBz#*e8q)iK*h+oN#ZY5akLc2j1-)W{mJ|txal+q$6Q#fR
ziYw{N16W+wYI<skozdL7hP|+q5gBYA+=}{xqL3>0i=rG=*b76i91;04=(ZgnRaOxN
z)l#n);s);At0=Qv&*O<XJUJ4U@`ta7(7GOR#fSynOY9>YSEjV9GbJ}~gOuI(q)5-U
z3#vR02~C>|^g{Xwf!u5pP9h!F^#oe|U9rXZ*+ZgCCwQVKX13khirXD4RxJz5Eo|gg
zSv!r0*AtWMJbLAOqHeAU;M7uWhczkp<i%PPaIT1>TU8MUCa?l><ho}XE*;f}Z^a=7
z9eoT=PJstSLalE;kAxi~%nd<h`$c}L47(Yr$9`+<c$h&)>BAH4uRrvQU}bBYv|GV`
z8-^>0^#W12&AwR<%N(`*NHk5q5J;3;D(`?=Hh?Hef~az^JnLmc7>-76!7@0IsHf7t
zonjINw&JALNYt;Q4|*{HFW&-|%()5SNXPA+E86X@h_^x0?7Wso#5iiM&=aq7hs@=f
z8ao12e0b`<rR%h|whJORqM~contBFy@obl=R`kA=1cP(UL5toG9uc3T$0q98y^p})
zJHJvdr5hg+MRdGS&!VZja0({dab>oi9q-?a#%w*u%0epy7cHU_>-FqepEd2j+94nz
zxtrrk^bv~C&YhxM(KrNZs@<Q~v@`n}@Y!~rq!Q(_sJ0FPV#fUWvnMqU4inV8S6m^<
zjSnmTiMfwJ(46|4mXv9&HapxDo$beD;=Ufz*}4Wtyt~B|S$1exejiQLtLgYCton?4
zJ$@*swNq)mUTyxISFaE6eNv<uKvAnDwOaZLX(f6tZQChkM5i?m*Na^bw2Udy%c=Ae
z_(jdDK;QNq!W8a6S7(`;Zn(`+@qtcq*;G0>00bkaQyIG72BB;hL<OTxlDz`f-Aa${
z#Owp#Rv3rb8C}%)2t08alli(xV-Ge9b-Umx0TeH5w0x^b%5u$mMu&Hk=;#w-f`c(T
z79vb1GV}r&xs5LW3zV?ydqmnWXDQK%9b&Hg8$F5J85wApHFrv7H$}nZCh`Ml9EFAY
zw~Nc7bCayxrF49&7(rj&261U2RFg3?X5C2P(zC8PKG_xFg-#ws`Eh;XwH)=38KfP1
zU#s`m+Nh~dEKYVO+@G#b<f?|mn|`cs_ldk>dn)oaKxIguI`AGjDd9FQpGgCDds2Tf
zT_2XH1_|tSYr0-J*tEvON2U))STbSSx>H<(hmSmo*g49feyAIar@lhJT=s223=}ug
zEmz`;2LfTqx~W?)&I&AAfOoP2F!8sy2dZT0^@qeIm3{?H2gGnUey}&8!?Z&e0&dkg
z!ds__6<!7wS|%U?7<n5<8%wc9_d$kuQ^Ldb6uQ0@itld@h;%yhCmaabi_?hTCVm|^
zENnZqI+W7r?IO{gqy11+xZG*EZmQdXBe^$zAYM!ecgT0=sO%utAQv6N2^7fJ1GMf9
z90*3XLs5F-Am-`aPm4-fGBJ#ZE!N7NB}*lmDdsqCJt9=xCwsxlf=O0EJPC#M6;)C$
zF>lFLJK>YT#JWl{Ps<K_g*@ZsE@(_w4mM6b146fK7uj(OQB0DEin5piX2mh45j#Xd
znvDZH9)(@1GVzk?R3w?qhBH0LEEGjKQAElUcWV8KxQuZmWMDQs9EVkvbvp!H7^?KN
zMC*8-tl>&ZV^OfGyDO}`ADG2Ww$XUAHXeZ>{<m{z(Vb7@@E-k_MEX<Wa@NEo`FI9w
z3p^Up*ZK797UceXFT7zHE;W3oy3z!N3PQ}TBptMRa=4BZ_c1-)@wBLuI8wrQbwv0P
zCnzJgC^^W@)xnofjMay8wUu<mez8<hwtc&JKA-)-xPhImD^x+H#W(~MM#2NZfRy?a
zH;bp2kBEW-K4`MEcTa9}y<X(f+A-Kgl@hnw33%G+PmC~$IbVTj%4W)a#XywJq^SJ_
zQ%2uoUF_V$P}#T>jYB^auWLDyvCDT}R;;l|q?dPyYty3>|6Z(DCz!F4sBsg-DP+JY
zeZ?x;P>L-J_|9dx%`bn0<D}yE`lm28FbUIHBUM7K`1W>wV<~#RhF7n0E4G6|J-%5?
zq^}$jHDhdC>W6m;M6HOZ8ZM$N>aC#UPv9EFl_y%2)11Ac(fQgZ^c*^{8O!0wUZ~=A
zyP^L)yGs-sU)Uvf==8*XF`G8*1<$;F9Mq%EO7z^v8G5E#H+_3VLXMi9JcW6y8Rm=S
zE9to>pvQ5!T)*rtYOU0V2UsL={5RKhHL=WOBwh5<5m8t;a5j{`V%K!uxJMKuKrq}9
z?&wrf;q5&F+YmD)P@xwU_*9APnVt0N5s{bau1Y2U9qTEoiqvq#wXap{lv^5=jur+}
z+&f_U(Lqt=O*wHXjEwIeM3-|<(ul{!VVc_~rl}rJ%R*<@ROor>j^z}WbFnp+tWg#@
z`MCIHPDf-;>q@?iiNIj1JC<~-n>W@5v_vW_k+2_BIiXj|90l7S75b*E)~~qhsTAyp
zLmaiq+;tHTMs7!>84qf*laViF!)?lZz@kYT02$LZ+P9v8i8DalEm|C=E4>|pF3c)O
zyqbBO5Te6DXyoH6^vk3&R%}geC4ayR9Or22-y|*@F$e%h@02E&N~MkYOh5-)mz;+A
z?rG@GjGBz^>=ii`a?RO<DQ{YPEjj{oYV`#GLJ(WjCcAV;YAy~HOM#jd-O%oCYU~%2
z^USqx(b3)QV4{l4!7g~lmZG#H#?g(YX(EgVk-%eJirgC^JtNbb%Y^mqf}wHk6Id?x
zjxcv=dsl16ib#zKtzKl3-B{-CMt?AGhZ^Y6W<AX`>?&h#gx-HfT%FiyS$p4@suw!e
z-nGw&T+`Y+qF<aDChff86&%E+Z>N}<9C0PEmhZOqj^XVlTN;eCC&d8`q2Wy1Y#0#-
z+Od^mYe&>f8z*;mm!A(*MvS#gIUd7s7mc2*=Xt`RU}P?(s;6Q4m!kIckKwIX{j~Uo
zp6=L^loLJM^vYfOgjXm^7&ffY9S?~~>GmhTL!emJWz<^=rJh$CZ8(5Yq*B<BSljQd
z)8RMh*7J)QHl4oIBc>&oRnjKjE}ZCrjK1d~F>1!e1q61*--g?X6<~O%m&o)iljDY4
zyC6Q6b+2f3Pfv^ZG+(gsdKI@NJ;PO%3q2(2^C?p43aiNb)N(*v<4rj;TCXhf;S^@5
zekm8TJ=0so@TVw=xOu-AktOTG(qjd)t+lfYp<cK~zjV|)%2``!s?ao9rd?@pMebUo
z@}qP(u3V~X)BGlq@J=LF>!RW0WE%4zY)4SsGPB?m<vXcf+rcUd&nH;IN->ot(B4Zi
zpMG!veCJn}>KQCyi`jIRO<(L0SK0Fk3SuE0?}6%b#e+&a%$!wok#VM7V;wuK_8x>o
zs1G^W;qy;3w(j}E@jSCT#yM%VS6eb9zB$FPo!>8J;29<R`<<~UZK=A6vcn4H^$R?^
zgxeR&zTK`4zpKa$gFTEM*e^<@jc?zN#mq!704c%gEYBM@@bPxJ(zIAv%1v>4v^;v}
zDKR}0g)x6zQb}R?0>Sf|vCwxk44plG(5|4{fFr`9kMjk&W;`k0xf?IRl&R4AZP^NG
z?;(*|;=$K$)1uT@mg;g&mALDOg6g89<Do1#vPjigV>L^n>Y}oGUF7;_LH<-pYUqja
zdX{moA@0+M!f1{Q;IItNVhU2@<+rjfU~=10gKYUB5tJ#Y2(}G(p=Ujd%S6DvUI8^w
zKH)wXAV#y;?NQt}MlZ1*dME9mC>wcR9MUhCqcyQXccQXKHjmMhYc8OEr!0oFB$|*>
z=5Zv<bYKYf?IHUd2gfursuRKrO`-K|5EeYzl$44?#AEw$C3OBF(W|AHA%P%Yv5(uc
zU(8MI_9QJIr<Zv`Uf}p6oBo=C9qF+xA}z}U9SQT{?6$+Aak3kUOora#d(ML!9WE6s
zP{kP59)>OaiYa=5k^GDpsne#zB0lr3RpDD?<R8=g5h3j<*gx2yk;i7Wa91>hG;#Qb
z<9T8Wm?^Lh$z$2gJOfV0yg%y317-HEiBT6Z>H&aG|F>2c^pQ>$!ubkc4R&F?t15Mi
z3?CS;62_g7n}wSBNDwDT%T{7X=^;(F+6REi3i*)5h!y}3KOrX@Y7yo+<@AN}k`|14
z^4)D0vbxbZdB_<!Tb>hm!twZ=Lm1<ah%*T9h$n|CUBc1yF$#p|H!WN=f3ErTP+<Nd
zYMd0TYJi{h{3f`^PHPJIJ;CD$Srd=)P_o|RSt8%u9Z}V`q|Ng6iF!tcg9g)0U%`V&
zcw{CY&)%Omkg)CNW4$y~D<covNb=T7Bv$UA?+^u;FmFg$cFr-qb}XGYrjd@HRyku(
z{ycVM-O||SYV7#Vc$I=5ILVHVy^M4j);T9OtTS>ru(NLthjy;Iu+Yvx<MUEYaIpSX
z?LvQi>gPMSSDju1b2UYO)T11DheHm4skh)>o*Qmy`-*mTTMs8Ww5~sxQX?l)lmnKZ
z6CT&Y;rZinEdaF0ivjFWpFexB7cttciv#vh{(l_F8K3GQmO)06Z-5jP$su*?de*xq
zwT_+#N5R|*pPskYC`&c_Ns<e5Mmuv{ERFFy^L0ksbQ8AuXI>X!+LRN*ubkj8VvjWA
z^5;a6MhmBemT(BLQT!{H&P)k?$$_DbO*lL{R~wqcAbr$%4Eq8b18v`eE##xADt8n$
z{Zedla^vQ~?my;5xcxA8`K2wu7NN8zbfW`BFHMIM@U7npS;HvWI0K47;A1`AD1BZ$
zqQ`j5X@}4nuF}VCj<f8BW;j8UOlP~P|Aj+W|DwpcM|MwHbSc)TBVm_I2{k?^7OO~U
z?6Q~V6!1Wu_>CxXf+terGI)!*v9vD2X(tazj)Oqa$u-g)V?)=wT4+UsqN8`g%&{>y
zbUoh#ETUItV^byvAfq40dYv!8M*Zq+DEjDzyA(*xJXoZgCt!>i!~n=K&6xbMcr?zK
z_qy0OR6QQ}Ok*hA`-TXqud-t}#c%k$K7^*`gerR8dnl8d#)fhT4+kbu=Wj)lJ+@pX
zYG`dB<J_C#NCBmt!|{Kk?O-!a`PZzWcm68A<d@!ZWvC!C7QF0gy&x96gZkfu`X--y
z;EHI=_suEUyBmQ#&U|0*dk}A;8lU`4l<M@+d*UW5y_7zD4?X}J{wVI2#SIjHB{|jY
zG}%Vmeh+^s?q84VBvLmxaqj4Y!+K8dGw5^xeyuk-l<7=D2g(?o5_&NywgGEs+w)=}
zt;-Kp_+?&9XCU-+f^jA{G*Y7*P9U`3o~amou7I9Bq2Ee@(okkEA;jE0MIbffHERaV
zT`nq(|11o>6i-Vl!4uBCrPuSXT&nxL-lmvG!~J+VV`CtcuMO%Odi-ai)iLYE`i3^l
z(IXOJ{s0c5bn41bcrXmjXTewceg~%=1PjcfJ!?glajY!#YFwV<5gKuOho1PExY=zl
zjPed`oTIN+O>F*hFqK{vp>&!mLMHFK`Ci1c!sjP(7vj}f_aUx~UXWL3<4N3yWrxhr
zOtp<fP~S+bXJ;43h=_!3emWrTbQc;4ZZX`B39g(0D_H1weVN-r>aP#o?A|llE~Ud=
z2*WW2ssCOa1e~6ZsEP^`t>2&*_I&fK6>g(%gMJBRq=Zzs<w2ZUTZVz}NDjxX9>}v5
zP-;TS-W+Mt=GV|L&Q4sBm8tbKCXz4eJQGWFiGBC#g=tY()@^`=?BQ<kfd9Fd4}gBI
z+$`;J^`*ou4j@z(`IC`tk>LhEpLCH-ktdchWn?HXfj-;`sakW6h3u%%X!QxsmrdW;
zrC(2*E(ul9{eQuTDLKp_{ArvU6M9#tn#pkTExA0jW~jfjFy2QiVF@#D2nP!$_7}E%
zhh<j7JbhN;f+qEDG&QD%s*Q&mLet|a2X`5sqhj8&Bpk?bI6BZ}%USfI<O;SAvGLxt
zP}ZRC!>$=Ns1LC-$M_QUU=GQxm7#Xxn3@ASBm<<t#a9_)vALg)#JV^`ADA9$kHu!E
zI1N89rmY`~)&YofBJD0#z8kdfG*qTpkLfLnH%brc<fhQlIKD_;<QFwUNwea((U~R=
zC#0=n3czOHH)p0mx4RNNY(d^LzmG<Rf*Jl7gbHcu%+S?6CtHSPnY(Y-#+1rJ!6MUk
z`jhbpU|_)}gO9eaUcml+<q}9b@3=vd6Rn5kWIpX1kNBx(@!{0dC33w*GR$Z^3+-Z?
qZxA_I{trtPNleA;CKn43DMw%ldi2kgBaENS3^ffg0#$L}(f$_#Bo5{P

delta 154706
zcmb5X1z=Xy`vAOi-y83GY%JJV&@32l2RTxjNr)mTB_SIrAt{Q8<OLq3OX+gLr5OlP
z3PV)HAQeGDhD8eBbI*C>T;%uvzV9Exdrv**>AIJR_dX^Q7cU{RC#G6lR=3S&&#*e|
zZv0=X)nd)CSga0*)0Sa@GIPb=MTEqV<jfHKpIZ8VBK7~2(f>pA|BO|$g=#H58Pyy2
zd8L2P!5LP2uBV1Ix3FLDez;k-H8Z3V&aygkT^ZFozA|F)@DX@cuB(P+1pQ&jwb^nl
zj$E8~N8j&kluG88RW}O5g|FCOU8c$K-C0wZ8ah8hJ!P7k{!NsAuKqtF{=e1cvW1xS
zzu3J_tHbS7Cx~~*A$5q97=cf0UWYRz0f*JC<^;80ShU*Ee4HH7hePSG(-M-d&WR|e
z9taOr7e_~{bHXo@WBRzl#$83TB03XtGWf`CQzu40Ag8z|o}v$88WM6wf5eXUIzm$P
zV;jV#sL8Pp$XEU$yTxJ)DX$NWjVrGvR*zPD#oZ(4^kE$$yTxh?$xx#b6V)I8iBOl7
z{fT_Xjk!W9(6OceM5@Q)qsiN9&r0RhS^uQMsIHl<)IkZ8$dCGT9eBIN<|?Y2)RT})
z!AA~<y02WedLSkhqRgZ$r1Z!ftwyJ1=)dCBqvposYH+gCQ{+u~K*%-yk$x|`#cK&k
zMBrhoH7l`baB31EHv)rJyjeMYaAvQ}a_Zd*(duVXs(L%^D7hJ&gV#&fZ@;2qdePkq
zQH0zMj@cX`)%ErJ`es(gt4FInD*a6U;Kn^6srvZrmLyfZUo~3&rOJ8ow?0nqYqdMn
zi&g(1_kvFxmZH*X)d+bQ+{EEw3{hrhg8GjfExbb1gE1-UmaHoadJCeuJG;9amRUP2
zBwL-NB;(^)^@W_qYN3=w5ny$@Ldqfx3tr1CtA3etg%EW}gztEdqv&jnvxJEHBRbn=
zWwT+<#H_OFg_@rcB{*iYge2>?IjCkOtCeh5z}1wLiE{?H*>1BrL#pXBE)`~0E6TTz
zBgmPTo3hhvHkW#&RyrvU4WdYr`fsg?YVqBQkTEJ#QU{-mRS(o|q4ua#K#m7j*lk6>
z*GVA60vYE`@w!04EUS>9)~UCNSk*<fDp4%j5R2OzRUoxg>w=`B+l^i#YRStAWV9gd
zVR=GU0&Ja-`65G6MRkQcQ7vs0q0VmFD9Yj@R3#w9At5J&$2zP<Pnwn|F#f6#A$&`v
z8uIJ{!u&WzEo`<xy-_bhUC=0ro$j!!*5;LjYbLel*+dw8fW#DyYpw)f$O6w;lC9SK
zA`6O#k#dkRH&ZF9)ACJ0z0}mVgVR=Yp|wIF{W4Kt)=*J`?|xwV15zA98TGt3MYXq`
z1NZGhgc{r2zsjNBZd+Y2EBd)bmi%5sUA`y`U=XRG9(aB@l$0gmaA`}X2#e-qPA@vu
zZnpr%+cIOI@{G(C`ro4A(!9)h(0yiR6V=jFQth3FsRvs7c6TAMI%NobLiOEMOMVz+
z&&s?IK&(3WrOyB3I1P`hC#a`7?54-5J3Ee|r)hZF>n7FFvoDNoMxsbb5aAw+T6<Il
z;VqG(Fs2)c(E4x6>>;ZCnwAIsCnN}@k;(0{tBX2SVvOqXQf5@QZAnpI8J{9#nA8d5
z8-=%T(yB?L4jH|2`}bB0CUpY)-pn!(b0ISdhFr+ZRfdgtt$NQ_hQXa(naMGk8BLqF
z>d>TJM)gk3nzU<@0oJ{l8EV_Nt3du7lL+H~%uIrkB1GVUu7V7o6lKQ3z{S~7>XvCK
zqJ9A6@6T)`W@cuF!Q*a1RT%I|=84GX+O_SNpV9Co2Ey@o)pizlhzS|YX7T*L{OO<P
z|I<I;|J(nk2M#)fIJNvJAFaF&HSfJD<Q5aG(wSw{S?|?=<(b3_d1o`LLysO=<%&{f
zlqc#}GY8BK4Oc6?$8-a#_K+k54N5=AN`m|(RH*A`J%r?;rU>CX#F$%1hEj)+sMfri
zqCT0u9M->q9Qg7qb}p*xq7!qj5Ou>G{{ttSatf*Hrt7il1NFYTY)*vmy)Hk$z=TrN
zBx}^vD!Nj(BT94=*r?#O*ZK?|J}gAS9~~MrY}F)0z`upO<-dud<}dg&z;sY}EHg>%
z`u;2W9sZi{JJf22Z7v~Rjrrgq%yyx~{t%^}xs(JuTtbZcW5X1+%fgv3_*WFI+v5aD
z{o#H8Iwvgsl_aV;i=s&gs*YqBdj@sqtBZaL9_W`?Gu+P3N`Y#Vva-~)B_FE)Ec9(+
zv#Pnv(mq}qNz`8#MhHJrq*>Kg%l4>|%OccImn2aeX}8%!;-O%YkW|!a`6i;qE%&c?
ztA(p7!p-(1wy4!g6M+^Uyuk&ga|U^Y3hIrGZuQ4CD9MwAP{==%=~Q<YH&olKid65f
z@NeQRnz(wHp!QttBdgs>RX!Bf$wt@YdYoEs&7V;gPT5_If^A_W3A%a_aj4ZGKaHfo
z&95?RsXwf31X)v%%zu95gWc{%*o)Vq&hEV~hP0rxDVnhk6;|PMSy?dAL&~c&)+MO-
z*EdtM*ZE*_*o%5>XiC)dbrHfP<`^B@_!F_Kt__tcQyxG+M@Cw=9ooCk(Eo72YN}1u
zl0J%7^nPa5fHrNfZtZme2F8=hTKz?t0%2;sJgW5soZMDj+tYWx)2`MpPN1A<Kk%En
zaZ`kFnSqg4yiZLlj!<vz_fK`gmQs=o@=y|uIMJ;Wl-$UCZ|?fCYQ_pwBZr2op$C1)
zaC$;gU|T8jP2pj)T5Dx&k@HhDss9#72v-=@9@G{xP-VO39*>054aoI{hZRU2iL$lt
zO9cuyk|?$Jre<({8shlsAs-Abi`x501@eC2bOlOEGi7zdk@i&0?jN5SQ564KsPDqM
z9ZS%GWYeI1ebP*Aa>Pe|my3Bdlin5LV5`23cV(RV)3JY5?~w@MY80HQBiN{D)H$(8
zy>vWMop&rLjuOS?35h|XG#ORcXYjB-u&o&>CoI&}avCiEAu9qN_aO;I15QdLd}Pnz
z8T|(j@6)f(P>8&r*+9MYin3<?ADJdpGUa`sO&7w{fhCQS(S_1Apxfd#{%N(T=T9&r
zZg;!XdS9j$#hi&Gu%Rvr!B13{lGM8;<$U@lW$tmj?{pzlZF43R(kGBuL}_Q(`W|BP
zY)Mj8dIPtIsutf3{=-;ri$y)ph8n=v5d1<D>J<jII^)|W$yTO&-Bu@qIPj-OO*&hN
z;mYF<i4NjQwXRH2zq@!N%Ermr&$=o)1HaEe2<Kh&(c0rJ`r>jG0=35q5s-D?XX&Ta
z7gF$^d)1YfD^th9?zO57evZ?5Os)OX&v49v)4zM*oBmp!5DQOUCoagBv!Wnp463e~
zSHsj#er}=ucC|9oI$nE7%=}4WTv5GiRRzK3P@nwl!?xF3H2b=nsE>b+5U%Tdo21^l
zaRyG!MnH#LXMj2^R#o|@64}a_vVIYX(Q3qJ1zj8JUR8w^RnVuy(P(w{y+&a+W~JPA
zi~8f=>@<hP4HX*V_3$c?-VoJAkNf8rG{o!Fxyi1hzWm@6)SN3ss`u_OL31Fllz|nh
zP`2pClS0Adw%gTpPb$%SIgp={=osWR78I)C*3T*rEgq3F`V+HSu%<oKGm&9%5l<0*
zWt;@xH4@4}sfp}?>+|sNega9Ns>oq=geXYK)_q=k<r%t2)cs1x%gC}nWf(3I5(*Ou
zT9%U3tavrAj;#GIk+%tGBJrWnX4O=MY$pi63;HXBIWG>IhbicoCPG<lW+;g#Fku%$
z`Ww~Dmxu#eh7uq0>=xJ?PAbBrx6pfB7K!R()U^z#5<xck!O2p;sGp!tJedMbBS|H7
z(nsa>c`uNEbPtPR%<c(Egdq#io?D_YJpM&PEf@5YJHV4kBo<P8W~PBVhKxdJz3?mU
z#TGjpA!%&!r7}d(p2Uz$0_XEcgm9CoycV(KR~Yw!5P^}5-`#gOT+ls^R1#$B)uDEl
zwB>Q6x=AhRT}*jKe+2j_3{EAIX5@ZwsnZT)%ORV@oQYK*UM>$4lF0W_9!{=qv2))j
zN6x^-g+e4GB>6G!bZVoMi4!@-VS~2GevD(#tw%xdd{Z=ux;m`4raTndv--iisiY9v
zB;##<_gTe^G;$2;EJhaDTi(B|%b~@klMH=ZC)`N$6US|V9u-I>Ur?hhu0YU+qeYb9
zqbg`dmQ)~7@M}fV3>sAM@8q^?)2fqveJ2leuO8UR1wC^}nl2-nE1QH7$cPXWoh?H`
zZu=NGyE!uOgdAkxyc~3jf5{>~VL_#r0B1a6Iha@j$(svvYLH!i_Gk|e^0Lz4txgC~
z)Dg5?D5iqb3bkwa3GA_kr23Y(KzTy+KpQXKsf`5zYV$#R_}+{55r1`qS~U<+rBTqc
z7VZ|)LP&#B3poNCEeKEhn*KX_>~P6SuE9ZT;E4+^ml0B6PcsrNSXr!8dK4FJT`PoZ
zZ#2mwCLM2M;9Cb_X3T-wiw4gXnrEd_=Tt+WL;_o4FzBIpxkKT22xfhw2Oj@fUMJj%
zL({jgHlCFiI4fF(hv`~rZIsXeYP7ShvdR%EG6+o+BnqT1dYABOZ66d)i!UIa)I8uz
zm51(aQQmXswTJ1ch#30o!h!lQJDfzq%Q0dY><S|>@FWlUXm)E;1T3l_*v=CYkFbNj
zofh7Zgc9gd8&Ucv<LKk9P(<?^kx$@g1H$Zp(`tdW%}7OIH@k_qOm+;Uk0$X@IyJLC
zyw^Fau5Np^?j5sA1;}fUw|L1$5@FibtSH_33Qh-%Z|0K&rxl$!{rt;qgm{Wns*vGQ
zYmxwk1zGLjQC0K=@#hQhPHWUie=)eGw-J)56`uWojwVp^3ngtxC*p)(TaikYbnEN1
zdYLcZ{~3DpB!yqA);a6N00CCO?A)v{tx=b(jRab^Cp}DVryHub^+^S$!?f?(6LdA3
zwMB7!I9Q}<H5kyAg~c#&7DAifEh|zzaX3~7M}*fpqK~?zy&rpaD?FKsf|1xoNKj~W
z(OJSsu@bcXIHxQO>>}7xhUZpnR4`~zpI*cJkL=UDcg2hb?K3Jipub?k<IHMm#)N3K
z+Z|bTPjEy3n5=T}xF|DA75_+s8r{&@t2-degnQ_76QTWfj2bt05z4^$?fA1t4`CeK
z-klk%74{X5k}?%L4DC61SWn!%VDPYtdJx(CHK7|!9E<^7j}Z#|(N8E3KlIH`g3n(Q
z%7$i!Wn{E%*SJYLnEg_ASs2_?2!nZpg&94cjt&3UZ~ycE-+$5=6F%+eXI#6BW}#r)
z3nW4Nw<Ebv65TEf^Nw70PB%wEnZ|^re4KW#Hm(;*A<%smD(RE)KJsBQ1%v9|<OX$g
zoDM5&=|d_DZ!iWgEFdzpZI9v3!#=3WN-K~mTFoI@xdEohf)`)Q`jjOz-Wp84B2}n6
z99-ABKj|q`essd^c0w98BoEZ`3kHxI!d;!Cli=@mn9$MV+KgXQ@OhHX&~fm_K=K9y
z%4vfq14((IS^y}sR%Z~I7KB1G4<;pq&30L}iv^?{5$-X0i5fyagSjJp8p-LhYuiSW
z1oUi0l=b^;&W+c}Pf-*~my>3xI}U>_%}9#Sh#t9M9Es9WN0ahYF-nkIpCsb5!8HBh
zblaF5HyDqKK#$y+9Pb}Teik0E{a=28lUW>~GCL!Np6GUjgrOSfI1Ih_Zj}(SJl)B`
z?M3bO1hOh{N$MF?!Mt2~eGG6+fsK<%!!WnY=gYg{-ekY5c`RC`H;I)94;cglrjXO{
z(=?LA4)xfma-fH{m`$?imi6Ar8WK>)dcF>Q$uXpymOm|P12d&0MJF$vd}s!Fg(2K)
z(XwZfI3he^M?HEms1fEt(gHu`y*6+!AQea#>crJoNw}6VH_Iag^MMJVKZVQ>NaGl{
z+sSeAyAiNrElKbl=+TlEAuA_XDbL$1d_4W0VWwBxy99j#urDTM1z<zelX79cB~iW8
zHbKi;Myiqohi@xB54oJ%%4M-?Z!Rav1oD>?GmQX*4-Mlstz-pp6Jmusp9^uq8pEJn
ztF;PI1O<moiu%j^NMWsE*r82ajcXzQiC~W6L0HeG`9OA}uZ@|Da+>rJ$tH=Y;b}I@
z%KKv*3>&+&-fKv;0H$m_rZyU8y0!gl$#W#Z&i1tNvC~I}nI6rvp41>PPBxhhA=Xv{
zuwLEGy=F>+56@z);M6&i3dJL{<6-<p3=Im4@#pMin6t>=NTw4voT-gC`-DHoYSE%L
zQG}{zPQ(e@3}aSp)MiqhK-x`{IoihGe<zz4tIL)PqmyuyEf#^owhz!2cUgrem;7Z4
zgVe3$1f1S)QljnrWq0wnu-Zf7Fl;NUS+<c>lHg1G*?AJ}HUNf{{Fr2sM7xhRb{@7p
zhN(`?vK{Z|=VAv>n|+3vE^XlsWIY424;W^+wTqfgXCE6ocq?$oFw>)Xcj+@(9>C_{
zrR-BSlW`kzSF#>zq-a}r6GV_3dhRB1!Vxy748<>&Az~4~G;stKmXUPmu^!P|_?=0D
z9(&2vM28Oz4jv6#*cQ=j3u{Oy+XBc(sQY0b`5mI_B5OG~`Jc_-!DiET?k5!qTwID$
zebg{y*CLDYdMJero<oj0W*Bs6UmVgg&N2x$Cx60mHj~{QiznrDFFYAWqT<l{9oDst
zkN8fW_$S#aY6x65U$O_i<aq7$5!Aj3%qrWQUhXbu*qXBJ`fi%#X+PqXVZDa-FN7g$
zNV3-XC?N!T>?TUI%gU`hYq*U^yLTMb06Kk>TH{r}WrNg=xolpVdg;)gA+_##ohn-d
z1=?)OY6k1hWBmHyB<Y1jZO|6iuI4wkTeR7qBM(ET<s?%0!7yaiel0;QAzU&%wQ2cZ
zqLvk|@F3XjwA721^vQ8j5At?qiSYaQtWYTa8ck%^69|#_`Rqj4x(VInWhaPk@}i*S
z35<UCtRyWV?Hdv=TxC1PQ(V~{KHJ=9XorG<eFnp%eP~JREW({|cL^qHSsfNEA?5t`
z(G1JJLEpcJMq0sZ=a5yd8K8D*Y3Gry!g!1|FOoQFTd*<)IX{wI@-DpmBbfj{Jt9pL
z{q{xAliS@^OK$I;!$T&rRjdMnkVW7iG`NQZIR%d{l22i1iqI4$UK7mGzI8UbZVG=I
z#sh6H6Sueky<xa~G%HanJ)AW}fT&-{a|u2^^R0H#)o<~uT`pMk6R9Z<!qpnCUVswu
zX;xd9e~lC;pd~_xC>J2iZo2v%el;ysB*3CyNSg8k&TP~+AD%DBPJ!=#!93IXFEEug
zF-7n|-Y0=8*x1$IW7|;q<?083Azo!g^KEtJ8&g^6aXM=*x793Ha4QFeXeI}d-Rjh^
z4B#cko7>pUXS119K7%=Yn3pZ2L*7mDNrF$qFm%~Gbo;sd_87oazC|)nD0$S_*`4O`
z+XvF@F!OivIVR2(9}Vq{hVSy*T5Ry{ZLB0Oo8zB_Z3#MuywA^a(#-aC%uf4f+1b4o
z^RrwYIC_UThz8^zv{jhr9Vd+Jsm=I9cUUPe+6}-v81M@Xdsv|JU&JCVLPEgB3t2N@
z_P;(_Ci*QULz0~#X(?OHGO5O#E!>G0GRSNlngJ$EGi%*0XC?U|@fl6FmxJATCEJTp
z$)EGoTHnLq8WWuUt2@}$S94%vh7;btPi)FcAOCEdgW-3ZXhDXH_sI}Ac$YkfdCI^J
z4D^q<<AP~QEg7?qC=0>qPKKwo{DD@7_VT}^GFn2O9h~eQ>-d>A42m9;uP~@2;o)|-
z(@x2|flZ-kbJ#6ZHMJ=i-oJ1EUSPRJs=(gc=;%zloi&iD0?bJGRe{q<ci6~7A4m&g
z#!?WUk^v_}*k&FoOzL?slT7w%0|j9lfkw$f(?q|WWkhi@EG^)c*&R-8gD9Y{Dg2Fv
z#`-^JnPK4Hs5JED3u*`C)6V2`GPl%5%j;#eA7tSit&r=;z=j;1*SB)>9GLgJY8C{d
zr}F#+b1@2h%+GT<AU;gEVI+Wy5uk{l$WnV{VcrFjMhc*3xX>GVoXb*RLV{2q{tXi%
z5E2(7%O{3~cI~4`0aLn|z|*01F=%(NIh0Es!Gzrh_tAl=5-sdEDj*j_{!V^l%&Nu3
z2uqAg$HmaS%P^59+q{sGD3sB%V}*JIl1lul71L)FaxcZ<9)2B5oLM2d9HuXDU4&M@
ztdJO7>`m}F28_~fE8Sv0w*@AvwA%@o=t%InIlh?;1;uP83wi^oBAAmcRMhayu}?9e
zo8jP7wu;5Qd>R6<873Y6N)}2G%Wig`w>e;J9t+$^5iCNc0M>N$DNmNm76gd9O`7Tn
z3BO=i83vDVD}5=6cxtG$3KfMZ1ds5r`yS;dI&IpCO2Rxk%y{7hKkRbCzN&&%XhWb(
zCZ;5HUqp+jCRAmj16!+8VtCk1Kj)Xa9dNn2kc$y?Or~%c%H2T%9=J|CuzwPU9}KS^
z2Kp&}od-=rHeMN{MtWqPCHo;2G?;KOaAz-*j1qn!hRUR-V1b7hQHAW;oD&IcYYGQo
z+jT_OXbXkY%jD!=7IR}S&H%yff-`wS%V-PlGd^Y$Fwe6~Z<Z0Bu;19tvWa%F2qDqn
z?=IL!y9!{TgC>Wn!*5REL)tFDa=b#cznZ@(Sj87ibp3n8Mh{mbmPNv#JYRMR%jPHa
z0=XbX2ddl}t!WE#H0{<qwy^>v*AWunwOZ&d?Q5MK4ioDLjiUGfMqyL)isN;N5}-|O
z;a$CM3>*9T&cQ<OaazU|LZkJP>Uq7CDuhwUXxS1X+Y1Q`>IrjciBbsHZ&IBde4(B&
zjg|$42zm}+`R|Y+_=sfBvCj93fP#-WZiR)t2q8*;u2<`l;N=F0DZOL|$&(pOSVv2S
z+!hG#o;KK!a{N9zw=qRnrJB`HXiE!hLJWgXFNPhUbugg}MN<t1*rtxS4$D$W3@sUM
zp<%Rx4_RUvTv+m{1iPCE8)@A~h+|K&Ad{lsx(-}yD!fWdGeTJ(6|kxj&(5H*9e7UY
zM~f^%ybmI*ZXBS64Iv>qP+vGkOAA6Ged3}R1zSsDKFj%^{0Kv8f3BSpst%;L7Rtio
z=Gn3EU7pYoX0<j&3gsAhm|Z_$AaXK$j@j*fQG86A!k%NAc~g|nr$rATB&0lh?$2MA
zh3t01Rv}e?N;8Vbg)}w;^M7&dvj4Uh<_hWTDQ5f<U_u^}2hse#kini}p6<ASy@%LG
z3bi^32Zf64@0ilsC0vhyp6>_=EY@@T8t}>t%1#EDjv4&gdxTUdU1~xG9+d5YMSJvu
z%u-WzSUxCQf)gWz`qBPCf?nWv!*;fiG<*sTGINr(>!YxI$6DS>*(4g9xZDmceT;zJ
zaOuA8G#SVkf#r8yZkN_~tk9UymLW{Ia3db=>o){UKIttv=vC??EX?&-LaIZ|F;g|I
z&Up0m^u8Gk47qVzNE1EbR1+>u#B$e&y+XWpZGzB&#QSpChRjn6cc#aoy*5ec$(m>|
zKI8Uug=D~!Gp2Mc`As24Zz!C(AM0C%?+A(yC{Kt*?{O)o6;2UY+X|LkgV(`y<K?$-
zrQS$_G8Np}YYV9e+b)<YX!WNGWr^PML^AntM@X)ok*c9>dPm5ijUpt6A9saRhS#r~
zDruST3Q0uo(16~{^<-55Hm@fHMRF6O_sQ#+$~yf4B4p!qbk}H~1l}b8jT`fe32^6*
zDIV16h`aC^*zLimnf_purFV8?^J_Id83}KU#?pemE#$03cCr+qP?gTaO2hA?v+KgK
znZo<DS3&rT;|sUNq3!D|V1%IeC16O;0pSX%is`E=aA{1o2scL|xF=@`CfaNO<<|3e
zb7N0jMVKXv6=33OLDVwlAddCU08*E3NLdhrUu~HxG^fsW1ZhM^s6e<e)s~@iaPfeg
z@|t5lE~a&KEC2;aht8r_us|5eD%Kd3b0aP-=6&Hc-$+}2#G|eKK=6=AK7;f;oxpI1
zIj9VnP(@7Fau(^Q>h)uIxYcks8@5eDmrOB5o3dCi6S$s6B1k8?34<QHhb!vPPaKnz
zrhT^r*#{nn35wno6%x{!Kh1?AbNUeK&k~0i3(Kcui(2AJT`2V$F`M6opYI7l!{`yM
z6sv$(jn~$%60i=Vmv13?mk&;cUQE4|t`_VBzHNbs@4*3Rw}n`A0BLUN;u_&OR(xd#
zHsKD$R73_Gs3)ew-M5hMTF*x|idip2L4IAa5`4E#SQp8w*H`FL-{~%G^LoL-%Ak;R
z*a(_O8?gz)4O)vNuX4*A7VXQ;0w%2V!XOFZU~!;UgM!XtDuZR#VT5IN53wd}orzVo
zKBG}XmJ|tvv?N6a@mo5yL7xaM2(|<0Ji=(?@Rfg;&&n>l=J)M*Vgr7ON9(^+7XrPm
zLxyrAPK&mFm+pAGPx@}e_H)`;54A<jPJrQa5m~6h?~;-HQit~ZULlW=H|Rsga84IC
z;SDJklGfxOKp@8R^F3NYv5-p0MDC%>qHQ=RL=y5gw+S{uq=99Mn5vCDjLL>g<`+1$
zO-F=sgiPTdy0o7^(@`=8tjB#y-|cckn`6Qi;X#CYrVgu)xLqEt?Qx+#2@5v4!t=|q
z_|TVM=+#b~K;W@yNlyS`eoo&sRZp|I(X{FBXz+E|8bb>P^?`a#O{g4>36V1WT@j+I
znJPiy=K{7be}y(~>2HX`C7%mXCY-K5U!^Qe%rfN$GR?g9d&mLow!-6+!X3flVQ_{~
zSQw44wpIaQ!PesBr0)HD<NuAKg{$Um8aH{7zQhqS1ZJ0FU+jwUDKeV@TUTZ$sT;?~
z!n*C~dYnx*CF)Rx<D(e({cEAAn)Y)Pa)N$i-zj$bRt1nH+2vu{DIo?rd?8#R4)yZ<
zI7~-!6WN;?a9|1M$#CLrHb;0wuR}AsShu3}yv7BCd+L>C=z2`39OnPkyf>`qXv&1{
zkF!HXd{H0+4jvN{%>H4xd<^|0R-ye6ja$9rLRdZ{3K}Ow1nY}3kjC&sr_<92nyeGE
zU6TeKnq*M40eMWy#?|=GI!e#hI#jhNRA8%SiY@b>c>%(v`AZ0aKUpFLj|&O;n<uav
zHk=mzV&<t5MJH1@ZV#L&5w6mf(0}QIa_q8R+98zRbF|)*+`7;3R||SW0g?;8jx?2l
zCnZRshMx<$&~jOJOl(fZ@X>{RaxyCR?lY**@IJj842Lt9vA-q#EOKJ=-Zj)S$%&AE
zRmcquRNfh*^{1dPp+;9I8OS?gg3cidwE9}O9%FOyHs>(~Fr5O3T{?OT6W>74{kfq9
zBMO_tgi)r7@rKp{-w36=7uudgUHr{ubUeTNT8L1Fu~ABRzXS;Q@=idUF^25<jc|n_
z?==p29=kU9942zeVE!5oEL;?x!<ZrCJR0#U-(ng@xIwpLtnR_e20{+A)?{P<QYj+x
z!wW)*p(FWM{&Z|=ye#}-82^nQcSGghglmTJoBX&3oHvDU4C8lsaIi|KgHw7(NYqZ>
z5gw5W{?_{c`6q3MKm#09gXj`2zlScJPa5xW0C=s?MKJxu(1))T1Y{n)#Vq~gGyAi%
zAm;%hqVA7EIBYkW{!R5UG<prRzG|q2M)T*|wOgWTHmTy9=xeUE1^?tEB8Fe+(28Z#
zjQ?*7v-pKh?O>=0U3Kho#u^uQ9bZpK{z)`ul&+hSOh3i@05cRgZTx<2ZBnYKB6;RS
zJ3r9_-=vwoiR6{Ihd<vNQbkAS(hO4-=uyEG17$Kyf9OrEq;_zc2fbn%=lpvnJB@+4
z{0b(x@aKz=SIIPjI-E^|=X$X0J~-2qN6PqWcG#*;X@aePgEwHXqH9RX*&g(vojL?D
z=dzu2Yt5c*s!pl|7WfzX|Kw=Xnm^I5EzL2x2yD(Wg~EX>Q#h&24?8sCFexP7S8BEK
z5qTAUqEj2}G9^EIVpTek7O6eh)~3H0SwOq*;bIvySNld|7+JHnY2PzXsm7n;hV(k7
z+s~ZWj-ThzZZtMwL$~f8laBm|7b-M0-Df`Wi`)SE`c0lgM8x}A0-StKhVT=u+851D
zRsZX8^x`MkwC=4;R-beE(q^A^qlUm^wQGA?o9d9%{}78K5@rrjdVLEV+U9&yF7c~O
zGJqd+YBB9hLkRXUaw}Zg^7f|A{{>RyC%Ls{FPkvUs+(Z!91X~q2fNVqR}Z0$kdqE;
z3QTv{6q%pmWiEP#DaQh{uLv<(=nxYIBy=x@n}`t$ReBYMA*lymM%6PvPd95Xm?H6=
zGt>3|cy4A6L@Y)O7-hO2xOgZ(W&;>)3V2e&{h%WB*zB-(jOjFnhx!{!<aK_TLrWQN
z>QCTgiH|BwqVy`be&-4iIpyHs1k;~nG{4FPXD6EOVS{uK$u_sv^&OLk_%$d-EmT?!
z`p3yH@MtB|Osz<nz(oH7sC$r43wW@iT^Z`FGL?fm<#VF6<qJ%`Njhfq*?iP1|2^oP
zp!@8xJK)k1Q;ODfp=mft^UcP0pY->D?RG0))1SsK^J*)WnU-K@&J~lCZpUVEdQ8Bz
z=6g2Y<<>c{4`hXDjBlL-Lk7AIy$rUVUpJj!=hf=0GO1*4b2-*G7wZ!gNQc7#ub%bc
zgh_$Zp$*w+T2I1)_kaf1k-9VJmW+x{Z%D3AMNBQF!0pYZILIr(uAH_9OsU#|&8B?4
z6@(pN=xmrtx1i3E$EC-V6~+ijTGy?nz7#k|V2%G~m_alU47<|m(40o$)XcKbXhlvu
zJ(!e0gJqa0!GuOUw9)e$W2a_@vhl)^Iep>X=R}N*e2EWid^S#*c*azl5#zr|<%u|#
z10Or=>INYh+94-lK}#`-eEUp5^kFFNnG*xc)|lEu;Vsnv1NE6!csLVHRS+IJGe#C0
zz~Fi&Gq#63gO^ku3~xyNAQ*)^Oi2`sAD#&Y4!;8}dSU4NEL7lVxdnn)KO8yN$5AdO
z*YmgoJ&uqZxK(6Ifs!0-u+_<~wfWfeGULi{4uNd#e7csgmdC68R%F`jn;JaEr#=>N
zQ@sxD`|YN^1}>yJW(5a}*BfGoSH}ufAYs0#jDB%AE#U38evnlL1{Gvi)t?tqbVJc)
z6CH?U7{9pNq(JFdOoHK*SiE*Eu$;oKK}!JP4E&YB<GdC}h?5;R_at)s$z90tNi7ZM
z#oBTvz;{k$HiY3nN8z&eFtLxxoQT?*5!T74pI7mRc|%<6u*NHVcz*hFbbzw=64U=U
zkxqFAds}^az{Bf|)!gy;%8Z2_-)o<#DlDF8xMr{XoPHFo3liD$|6FzAep4HI)o@hT
z?5bEv3Lh!3cTT)m9dxt()dQw@O1jNIF$(!ehtJ=Hx?h;m!Q#k~Ablk^aZ+Ikk`AXN
z7&#Vu>2)rF7cXEy6g5T&qq@e6nYfztG^t}DR+i!5B~u3M|J88brNgEI*wg8M+-LR?
zQ!~iei=6`{=LIDk@yFDg!vYhoVunILi>gL1+LTJVYV2&usYLI!XOF1~{HCGziW;Cl
zJWkV9(N1&&m+v)|X9K#xr}<(N#QZa4egmZq6(g_Rp{>|unvd^;Z<PI3C$P%EP#ftg
z1{XFDR@LEJX3MF{#1;W-OQ5)?XvUPINlNtZfilc_NSnBm(E_#FXL^(PqjdiYG@0Cr
z&HM_l7Jk6A_`f1g(;!>8nP_)<95#(2R1VX8j<DMvz%zHiHoA<F7A=v5mK$K-XQl|P
z?PsQOPakGwY7Ewo64+~7UVPgp>X>Oe@!i|yJH&ABA`Ui}SNr$4=_=be&hGS+%4fN4
z7WjL#pR>_0xC8YK{7gaJ98v4`xoM(raX>-(UP080*qhJzIEc~L?bR|)>1xulhL{td
z?N99BP=G4g!m1xRC8l{u(c`FL0_PaobFl}=U)=GcHvadFX*adJK|8}VKi;TD9=b(A
z5yJ0><kCanw+1<}TFzId*C_+~J&FJ;;9F1OHw_YjYPzz{d8AQJWi9F(6J||yUF)YY
z`Y%kD4Cvn#fYf2ZTExtAh(Qz)zi9Zt<m05>0hHhhj2vP1Ia67!$9dCapL0RIBvb{y
zJ#27$1|u5w2|3Uar1NWi?`NQN2liglH7;LIxFIat%N>W>tUOyD{iCTH6U_fQGaLu6
z;cjPhXj?9rmixIDKL<h&#g}LGOyOF7rdOMD$#g)!PC#4uwX4C~T*twNx%*67!GiHE
zbHcUaE2bAnx<8rlY}^;~%e^7>Xn_kZ{EW?a)ZU|}p1_D7lpF>$GIQO(Ic9cPP-PTc
zGadGej^DTTqt<SN75^9)c(oDNO@~OD-$f1jxf}vN<v?`mtf|-7Am%qy6rdNMq@i-}
zfv&tCJAq^Q<lA9>58WR5i*RLtH%gWDcakmoBWjP(i@1Tl1Gdrm?9uWWnA@8^DmzS{
zqT8cdNFUC7);rDd6*^t;bd}|>py$h<HLODpHGpIjSRdde=xO@HfXC?4^QV2-=(EnH
zlhKCc!SXHtQ)7I_L*NbZa<?6R*Hn}Iz@3f{65&ZhF$SXUp>N*re;-X}&fITm;5S4_
z3?|KnGVW3Ca8!^E?(mq0rYyL8$&>~?-qp>kj_W()#bL~CQ*W3mKNHtDB@Xf*nd-+m
zu<Su42K(jcpP1de`LRG>uXR}5UbuY+Z}Z*nJ~u;;QK0yysTwT3ZA#Eee>aH%d-iNy
zdz=EV>t=@qYtWWb)F|mVl^yD5F@pe};Fowcgy0RzjdaPgPdUk<2$gLWTIbak|82tF
zB)tvMcN%R$hs2J^=zislqh6G8S{FXqDJKzTHbzgl<(C+X72h>sQIE!%4!^-c3i<Zp
z<mrpx=~nb}Q`zY~?wh)h^nfYxN8Sdn@f5#OkEeAwG^DB?sNN@XtPeo}G9h`sc!{$u
z4l8P3c3sGMIVTQY-HHMn^)E*76!N&h`Tj^3l}7G&TwI7dctf(_0M@IaRTo464MugJ
zb;lD^LrN>Zh4FC+@Aj4iX=SxJwoefEFu-BS3i3Z9uru79(cg1nIlL;qd5#=O^&<u$
zBZ$6S3Fj0n6n697nz9mp97>xgif44I#^~WwrpCm<Sq?gU-EM{~Ze?f*hG};8!5FyS
zlV=M2W*UYo_=bHo*wibBMMvRIbZ_(f<kW)Ay)YO>f3!O+m+*bo@AZML(V~ma1>PTZ
z_(K%~gMZCo0N=;((1R94ip)Y#=F<-<f-#ZeHhg2jkAIHkzTs|$&R_Q^@dC<7AolcO
z#qb8pIqp<+{A#l6l`kWPYnx-lLb6~Nen7*27;*_MLw?JhgN|R1SaB6fR8VYL#L#zu
z4|$9@=<(&16<_tC+TrJXeCM3*`90lJcdQ*&)MvDcj!g;{o&HX!J1}PhWSl{jmYOKO
z7304<BeTN}DMJnH@Aif?)L)9R!;&N{|Lbw3Ry#?YL!fP*sF>^+)aVHqXgSJ2Uv&Fw
z(`8!SWN|KoG$^ZB*rr@%kkx%0D$xCVlqxPDu|9RcX(gC+nm5T-uLH`I7vs$B`t<EH
zbZE~(FlQc?8|y7bMT&3bD9|HKEYA&E#R|b+Jv)h=q3dlnwH$O$6_w!N9Yt*Se>-&t
zIEcMo?Nqw>ivOm5n&9V9=uHjY*{mReY^cv_>i%cxker%&M5gVpAoj<O&LFG7q@iM*
z-jeR?3vk#_;d*>)(%|B-oMhPYH<D#nC6RiQVVoDKuZ2;gdG@hkQ_8q1;%4p;CyPwU
zWqJs81Z=3aFnp{cW<b}GsP`!ETw0$MrCq8fdI)4R6XY^}o95?gr{1eW-yC<?&~xmZ
zDWb=ZGnG`o-Swrr4Vm?;K{VR%l?6+-_(@PL1`uIb@)L&*-G|h%ft@UwT7FHGi*&>~
z<7+<|42yr}Zi#`XlXkag*xj<8z@=O<>e-2{YuqZ-US6&zrmjb%P7<uTiDs>)TkQ6<
z7R1+HXoBb$?y3&2cG@GB{%5K$uk`~r6*bVMI^v4|#u$c|*?#0#c(r}?#P`_dK_lfa
zCZQ`_{}eAqHdH>-^TdG|{j@<f71Z_&?i+M#s#0uvnp4L&eHpubLve?X=L4x}-`lx1
zLk|3X4mj*Cw)Vh&oq_E{{MrE;RGOP*jWYNw0((1i27{%i*g~Ju3Y~2#Lntbgs&*@1
zlly>f%y<@+RVHh{soOz}X3EOjUc?4ymd*A%WBzQmK`Iw=8=?BD&NfP!o8$A^qdJNm
zQD*$Q88b$-$z&0CF;rX2Ul4bZa6G^VsxQ1B`+=_$hXIN{R8_YB=y^H#9g1^^gJo}^
znWN1@^x1^E;sB_>8g&zP4CMfQmRB#Bis6pn?A8(v8m|`+nsit?pZV}KMYmu<&NkTH
z2~k^f0j7nGDOI1XKKca@tR3-gW5C9|pOXZqmLahFS0G?Iu-fn4MC^pp@r$_eQ_9!a
zvMdM<ehgDXqR&Ig{y$@<<v}Xg(e<j&4$fbgQ-x~BZm)<7ImLw^_tA*}JKhlJ*GL?8
zR9jXU{E1L0n0DRN1reLE1O0dUV*k4{(G$BpP?Vuy7RE)vENuC+c&FgJ`!mt3-TVZL
zRlY22{r@@uZocvSHx6`+<Q)u*V21Snh9j6ToqGd~^RwXiUkOvUF9l#Qr#E?MbS+1b
z;*TA%C}Hg*R(vK#XfQct1ZDzDU&Zf1Qltfu;fo`=Ogy$TQRQ}vI}w$#o1GZ7%;)ps
zYl8ptNH%Ezay%wgpG^ch1+&F@Po<CyB>0^N!5fmzKv)%njew{J_>G_9f{&Nyyb2RG
z{SU;y5-+w4M=bk|3iY$#uW<tXT8zVv_CRmif~AXcD$ulQy}n{2DC{GafsBe`f3Wls
z=WszcoH>srt5OOp_2}$q3;xA9*s=VrU{2)xa!$1GaP!e1oa~4Gkx%aY&Vt*{DDelK
zO4YR;UD0YfY>$`bRAaFR%`GE;RnamBh{^bk2OP#spYL{tMAx6(nP?%#4HU6sHE*D3
zHlf$auyAi6?_Ai?H%%@O$FoFVu;PNgY1at?{Q?z!JlXf<+QL;i)mfzii!{MkT4g9*
zm9rQw3=vg5tF46kbt!W-$=}@VP~%g~)0W1qt8>Bu)0s(d?a<TvWq@~>_|VKK=)@+#
zDcB(R54RJleEP+o3m@gAQW{R&ihE34kX=FhaikbV*iv*y7>e)GrBs{S@pGWrw6zg7
zOcH4@qhWm4-%uYqJ=vGev!m{>$!0HpllcwvPa|s<z9~j(TPBNj`3xF<wZd;lI8M0F
zQ3d_Z+$rK)j1y}8CmQwergCcFW6%UiZlSNr>R*CJz3qj))5XKkRu)6E++IF&dFX#F
za<Z@6?1;jyF$N`FsNr|8M-a3BwPF3U*j=FaY_V#b@uS%`yE}t@G+QHcMEnc{uAp!D
z{O=VG{M<JE%yw`EeRs*XVy##q$zuD@*ST%Z;IegMmPyOqC}Khr|JzI}w^@AO_t!^T
z#Lv-L9VkmsvQ4}PmfDde_`zIpxDFV7o7i{ECt_NP!;Y^N{`Vxe-3Q<rawME2xV@Ip
zCZk688y(uEO=!pVjrBjew1Iy<6$=FXbL%$Dgp4^X#!Bq@!NcO){^ulY!4B~X<d>5q
zDB32*!`&U?0f^oxDzJSUy7XO+h~<3C)*lha_?N-OLt>KedCsTe5dZTv`v%DbVm9En
zh`xDEKF#fWQWFnxKUeM)KjD5}+b1^A_h_(RJi$F4xJx|F{cOHlJmfzKGWLjna$|p9
zSI$69IaAiI;1_p%Fy#KGoaE-T{zqx1uix^IGLm~N6^jo2ar<JikbC^rF{P>g_~&EF
zAnx(HFO^pM<LI*rKYLembG#2B70gNsB(yNk;#PG%q%?sGzf_mO*;sPJKZlfexY2Km
zMYq0Z=0R~N_qh6A@tFRY5-{U{nBhBM!~t<^;Q7{rY%Mt?9uGXsI}<KK=ss@wvbW8x
zVRn;vS(B%lQMn?Gl3~U>=8w7ayq}3$@aKY+vIyNyi`Dd9mz@^-1&82|63nyaM&flk
zPL>+N+%w|1;HV}Y6%`VI<&7coc*YWOL*-S0$0vu%!`b5(hspZ`k3X}SDKRcjlWVZy
z&UW)Qjw7>&%VXHU{^9cb{&iY~W8(JUnFB}2ALx^kA#J4mnST<@`CRl9>D=ey>w)Jf
zC1SD<w|z^3&$as_<s2WX>W`Agv17j;C65oRER9v#;(JJlh^}$U3^u`3R@v;Ip#64S
zoDhVo*B4?H-$8r7;E34jlxU~af$eWdS@7v8ak760m~c}3H}GTbccM%Gfz+-A<-Zrt
z21Z((7rpwA=O;@|;p%yDVPFI~M}#GRDSkoz?Jp(BK4oi|8|pI)YnbOV@Y8b57lLbb
zJymIxxetR{+dj%1AqPnf#rLa=Q2k5sd+wQEx3z)`3GtyY^sMNUpSeys6O^ySJx@>m
z;VW^+)6X`3Egt2bO`5Ni>QGHzpv>eR5B)ZvhYoxzjtsy(Cc>QRL-gkn<~IV*b!`k=
zN6Wv%^3CEVXgOBS_K#`rd?QAoeG90<4%5u9=z}HG%+tBY;tygS{qajbh;RAV!e7+`
z=QYhVj|e>9a84}igX6DrV*kMNTPbG$b60uuVE=RN&mY7sV&Io{S$rJ)b>f;hE67T=
zfr?)PPZ+2KZw{K0;5+fMrVRJ*1=GjMn;C)Iy&*5;?nB1O%h|y0aq<-Qw@%~b5y2_i
z;Ok;OzUQK2hSD%H#hl_hqic#e$V{2N12B!~t&9qsy={f!zwLt+O5nCI=b+-3$L|j+
zuLb63J`nxX8~Z>U7kIv_yt%yZ+^|%0aQ|!nh>5=Emb)Amtdass`IclJ8rbL6Z2@7}
zu}uj+-*Y!WE%BZhgtNtcG2OTS()-;0O@;*EpE-ovXX?GcKF98f!Fvst&2hec_R8i#
z0eIGJRI2)(qxd$0TQ<2o^xDLU>Da#&{|%4+tpw~XL_QP`2e#??L`?H-^T`u2h@MCN
z6#ub}U**t0hDd%ie@>);PcXlMM6D6oDc7F=h4g-q5n$6erLTTmjq%D5?(qn_g4L`E
zs0BZ@D}QhU*B+ub5tOKYf>aj@|E?y(Awl9T-JDO9`ue_e4#>5k@^)n{x2U;E>IcQ~
zxcMoQG%z@zT^=vr@frHxCdxw@=Z>5tPY%wZHtefRvjuL~iKoV@F}#vx-Wi+$r4u9(
z&Ye+gu;n41QSD3RHEuLHQK7g9nxk!r$`Nh?wY2*miF*T7h@32ct;3QGk0#5f*x!D7
z6K!A+53~Li4{|^IJQh3X%g;U*M{|$ch>}x(yhN0EPottF<uYUskfisx`B7H0-->m$
znuESthi{nKjXo!@<fd0%E!p(#3s+0ixW{K?>52aMS4Eo5Jw7-}@#v4^Mk~X($3q_|
zU+Ir~JXCmkuKGZ!sXq>)&9+cE#;uDBm#q4PZs9yhfnrlNGr%sG4LpKoMTE6K%M|Fp
zewKL#%(x{}RF#aAlA!wzF%g#DlJVaz2<Y;<VG^~Q?}Zumyb#V%Y;7#nhF2pb-YI*1
ziu@kqsq$~hOSrve6<3$A3q-Dk7tq>&DdT6ZsmD9#th|n!)+dyS(T-5VkuRk(L{d;c
zO;uEG$!t%g2vydbYeL#)<i#pxB?;bLZ~lRs^2JQ0n~u09vkVBQD=&9dTrhhLu5@-&
zKIInKo-_MxMUW!<o-^|v`C60Nxga4^hKD9IF9G4Qw2j-!+r*p=-D;ySA#{l_zlnJU
zH@dm5VmH#gK|N&=H=*vw3iVQEe{4`7i+@pi>g&+|uLaLvM^7q9x^`<6D~$gdZ}nj_
zbe+Flqbv=MY89SSY}6<QFILn{SrwcCU!GLvK*1ll{^x1ve^63=`nj^1n^GDny`Uf8
zBTC}T9_;I^P)kptYW=dpGr@;(66NsU<D}2HonFsXYQyY8odmj{uhdi)bEEUlDi-~m
z3ul!A?(yzu$ptYvxF{+{;&FfURb`kyze9gzEI0p`*BJ|WMk&L&$46tO+WPGBaT5Pn
zij=<LW*sk!>Z4#J9`@BZsVr29mo{*tr{0q1F%*q`TOLIJwqPnc+(B~u8YNK@yQ8JS
z+~e6X(#QJYUCJ0xc&&`oK!4mIR^sLL=Xhy9w|Lre`31<A5T+636*o9m$Xpx(;d|w7
z@YsZ-Q}@ceCVaKS)7<u;gTgcGna8ph@?Y}b_4W=ltDT<6A96?MyU~GliA>8+6%B#m
ztL3D{I`C=95>Kvq%>usL*Uij)kefCMeebBgc;4hm2EDeZl9CO@x`7PxV8zM`@AO75
zQk;<gIZkP^A4|~hFH(4|yfRtR)eZcUY@qGZ{ZE@G=K+Ne>2@Ya)P36a22y=oqQu9f
zZNHMc!e$Gec;YLAHm$Kk>Zc#Jd56SU0PLE?tG3P;n7Une!9b6U66qkW(;k*cQ==Id
zExIJ};8aMGs1>0SwJAyZh@-@W6d$YX7i&X&d1)#)cGGI6>+0Fey!A<|hWhHuSxT-B
zZSrh|^A4c0fF_;No+_$$1!X?B;WvNDH3Os3@ckpXF^u?Ip1@7{I0l`XHUkYbYf?tx
z(-z}aDo+KgF{>1wv2Bgbez%Qg1?Dt1^ZI`51~XM6b5toF&TlaICG#_+`mof2$N!Nb
z@t1z-MMiUKvwnV2d6$FPIZesaaWSMks-Y9p48pMV4>^}zna1qdf6Dw-n!d$A398Yr
z-!gCKw(i!79ZN}fqm{ykMDxF9it@Lw4e~SQnoOOi19l|Ezt`m5+;#(-E7Xt&&wJEd
z;bkf2FHB*KufWXqsR{-O?B_;VnK<1qE2VCOmff2sb=Hw!NjKoF#btJZMVAex=hm-s
z4)YF!qB-I>18#mwWtQBTX0YV5lNFjmsF0%E;BJ<mhH$Ahl*T#?cWM|8+nFv=KetSV
z;Xd2SOMNKBsnRlTr*;)38Zmxd(V#q?pUTvidFxYy)JAq!cIlg3>TWnPY^&T|e@yAN
zcdNlgiP*>Fn2yccXBg{tMQ#T*>*8HbUBT2x&;UGe2ZAcf)15qq@c6}A{&dgnTIl`;
z*ZsLuepLr#_%8I-gO9~6GBy1Zw#Xy7$M4-%XnYh~YVbG156jg0ym(mVt<P4CaT<m!
zKXRM&yox!xnI=>cRHs(?$)FqEO#{&wy~y0AhKuyL%8;|=syu+(v({aOYGR7BV|SIe
zxv|kR6l#Gnh<gs=XBym)H!sOI0(3ZVS?0xd|9fT+^jL_vM$v2xFU~Np=XR~Pj9reN
zczl`6+v{z|WqP7~!hpS~DGbP<bgh}96mxqH*r^l-pvm2(Y~{wLWH8aB=Y>@;xIN7?
znF3#wX%K~Dijo&lr@WsZ70Wb3?^xw^?uZp01+#lbdzj@_c5zeMRAb)E%4!n7^1Uh&
z^~tVOF+8rACAEZ_6%m8evkZ_O{amJ&quduVuSDxtmatNJ2_w<@2V^%KuPklm&Mv5B
z<ct%w44hFm>S?vVHp*aKLjRGi3>}^RkuP%_j}y(*(Yz^|`B3beu6~($t($?oFISSN
z8rfONaH&DE;<H{so%KLApl@(hjA)k0h>)XI4QosOsV2hx7oPSTW_L1Jwt1&G%~1Zd
z%p2<5>e3jP9fn(fR^8wOwm&Af)tO399KhXU20x4ZD%0G1uV4Ah68v#qrn;K)+Vbz@
z)f}>7vl*}T&Nk@rtE-e+_<2P<zV>QE3O=?_Zm%C7Wcnk8hKP6fV5U5R6IvI@Jm-JZ
zQ=yubLSuQwU|PkR%oKH~X^6&q-Ba4=hn~D=VDSF`D$fVxE9$Yr$LTk-rH}Nn4LOE;
zJ>OSZX9T}<KSLmNzs-M$)|MAe?aCkpzsMf*F`}l@U_;R&V-GV&<MtS!+&@N{3b%LR
z{9a=Xp@hALL~pgIhQUrPELCW-nC6&k-%)<ysFj|JnycU;O4OuW16QoFN_}8LB|L;G
z;Vw353%Bg9$Lvq71<5kaYd*uxdALiaNrvErntNnEIb7TkUA1K^@Q9#1ba=sl^fB9*
z(G2bp^RZmS9rC$D^2G|&U-UX9K8SqdEf#X2t*;HCZyUUy3_D9A6xa=%vB@G)!&}uV
zy~>@_FyBbUWcV&$;Q<MamFwz!&?8nJ#jQJElburCVmM_$ZNIA0*4H*S<nz}q7vtu)
zUCQU&Mna#bwbz0^3NPP(*_pf3#9>ezcbp7>JeL80uwlweI=JJ8DZENM;*#dVmeEL(
z5pDwybziQ$tk0)17P&&1#evrIeHPGBEZ=xv;R7{yJ^w}F^?GLB2DYmu(VPO^@nS8B
zkGMPCS7<W++I<7#_gliqxoe5RyC|(3B|=XxyXO|KG?RlZ_hGmU&8sW;qLtBZeO+Do
zf}1zHHiPDBZ9}AX<OK6)TAnoIZ93IsT4hZ=gNqk-MCk^W8-AJDd&Ce7K37+wx#`n&
z4GLuY8m2EXiCPC5tu<uzE`5)grG3*ejgaxFK}_I11N8d@Rt_p>GV?+I;}XV7t<M;I
z%jL6i*SYu5f%XSlzECRnz99=c3a9<No%u$!b|`#~W%*Pbd->YaEP4By!snd_)nQlL
zU&nw{AynxS;H8g4m5o6<X!qR`zStM=Gv}9~`T6-qf~S{fe1P%N+2C9_;lM;1y;4x0
zbayIzy6pL;5)J(*)17Z>$Q;(FFAdbeqJ;RpzQjxSj0R?Z9qw!cGha3fYZ8cmYr(Q6
z5}$1{H)JCDQbU96l}wJ5VQ-#fg_y^vc&UDE(7+IJce|xfZ9?I^eG5}z0h9n`_xPIT
z?{#2<iZS0}=7aqU4H=8(HZrhi{+I|63iFg2`r;jVn3SWLwbvRLOw!G<N(N2ORUK#G
z`;pHvf*yO$pkpF(p7vWm%2B@LK>pKZ45-_=4FUDkYUY<9y$U+~LBi!#H}gT&!r4lR
z4)T;a2It|IhYAhBf@s+I$WVs(q><E1Ux#7$VGf|bzE^0BMkDTze^7YEH2-&{qrODE
zZO}5)n={Y$QgcJ9?5{s%>e;sVOXeJ2O^!7?DF!>nnR$EgX+v{GU$LkCKXNwIZDhX0
z!8PqDQ?rkc8t|TUp1H#V&Kum}merI@mY<@=@55>aebfIWTNK0%`CR7nY+cr&yp(){
zie>9MK06CbDk?cT255ZsZ$-ndZJSB>Z^J!7zQw#QZ|+w<&oo8wxVr5OzU_)Hn4cMT
z%HT`xZV{-#qAAP)OH1=V97gclGC@6+2=hz^Xa=-k2{tMx_gWZKf9tz4P19f!ttK3~
zYsd{unr^1yAWg8D-ZS%t)U}v#Gc{*N78{(o(u+zH9W(U2X_t7_1r3%eUG=e@OBLWQ
z@WQ@;vZ@VN_Ze*V*3Ov5ym(lq(ilYCpd$u9X-OMq+UTKG+e&M>-AA;Nun+hqlH*Y;
zga0<G9@6#4)7Xx&KMVg>y~GfC|6QQip?i_Rro2;Vkeu9$@)rF%cQ5jc4O*t+t7B1~
zOUP0daNyMYffafvsE2>R5_M2-Ifg4Qz~k+B=Gx(gYTd9fWcKd;aKIF92*?_oR#xjE
z1ToX3MB!tN39Yg1f>khEOMHE=-c2Tz^KKe|f9ZR<A(T4tq+Q<|a-g1flul4`5C=BB
zW03mLy^MM*nqgqJV6Q<@T>qW9e3Vhf+&1I}uEd#X#v@qT>Q>hL28WFdhgpQ{{S{gO
zqiSgA0K@K!S~6XGtEItRh##u7({VC!sKFplYpuMYKc<L(sg1$Y&3Rs;0Uo_W$@3DQ
z1C08R8N?upS9~b(erN7aGOb+E8t>(wup1#r(K#nD2tQpJv3Bi*fxR}AFx5k$ai1|P
zS~?N~!8RH$qJ}T$b%R8_zXOXs6Y{Z8Me7`x`{%p^kgQMZnB`W5&riOiGMD5V)ljM_
zY$v_1W2a(!gE9P}2_r5AvtLuA<NAj};{b}Z-~KRYoo1iWDk3cU%%I8gzh<{y`L&_&
zIKNoNkL`rxg?}lQ2Xg4EeTYTTTMijAf{zZMoXot2^Mls#<6`9mxAJOR#v2syf_#HU
zD0~+gtNkZ3wPA-oF&K<q;jEqFcDR|(+ToI#5Zwe%M466;&)+rka{FrssX#~Gu#Sd^
zpmr;>ziojg!WXqN@8dvx`wOLozUtR648CW%(x(Hu&83FEmMxE28tdU>gO2EWM_#6H
zm+*(-LU{*d58PG|a!d&Q#vR}JGsO!Nf5ib>(YyYcA*>wzBg?;?`q7{sKL3TKPg1TM
zltYh5j4xi;FVp+%-ftk*Q56fTv@S>0VWoNIDI644j>`3Ps41PaqcUF{neqtDzrg|D
z%dOnpCQz*kil(!znJ-g_og^xnG;yPKGRSqmgX}6h4jQg<x1%&t2k5OA&};+*SzFs)
zs=;~PP!ge_dmm-)3Kvt+EBiXi%op%N=d!d!5U@>imCu6P!IPI!o7VdXkw3hPK@K;C
zvjzj2X{{TfjOP}0uZ_hvs>@f`Hb`4|`=`T<W$g`FuO;1?n~hkm4VgV8K1X}LGmGnT
zUN(5FctNTXDPe|18kl3<+sZ8+M_Z>FEWvZ>EXqY}*MZaN3NIoJ>o7eY#K^fihPb2X
zWvQjUXHpl5FILU$Dp6(rpsPX0AM3#keqv8U+;FS1VtYD_9b3gvepxh{0ZFS&mBtv-
z+zCa@>kk5nJ%jkKEEE~KZPia%sXsU?=df~|qtnJNER`#CHKcM6W+~O5u9Y^)He~KQ
zEMet9sxI~{F@MGFN?S-?eo;C^F|W5i+g_69>OUxnk~&Mg9k}O3_vNX8erhd4^TgzC
z(pY_YVt0ee-}tY;woK)<++&%~7Y+SU8K5uv=SSrO4!F<G$<!bA<0Ki{eQWTf7xqOL
zlNO5Ut`GW3eARNwOG;1+By?8ha$85;WFfkL>vFLArqK@74<t~6bN1CY7jv6jdW8vq
zwU^<pT_epjOIs3Y=1VtPFBTb6i{7xeA>lClT?P(Cdh&EbDzyq>JuFLzAvS3jt@MQ_
z{ZZJdJ&%Yn1gn>NOKzwas_WrC2LH5sRZNCc60WUk=nZwf$uezI-!vSvC*GKVD+lco
z3<<cfj~MGy(C2()aLpI@#L7<bWq+{kenpzcp)Y?S_L8NBJzYuN7{+J&HF>SMEdGO)
zk*E)8x9=<K4CS5*S6G8NJ^tVog9Em+k5mWJ8X*#5`x*qj_c9jlonK}!l4~|Gvk@eC
z<IRQw!?Zt9t)@jFC`E_lvXJ$c(wV!DG>|EIY8Ofd8VC%jfy6D1?jEO_S8z*<S2JBp
z^+)p$4M=R<NTJPN^oGY98Qiwj{iLtCZC+~~h;s1`@o=WKnJ+KhsmHQvbf<0g4Lik3
z3V!jqJK~Bqm8_EtEkBf0EuVjeNSu4#d?g40?I66nOV2M~@pI;c-3B#JHO|~urJVtd
zLwgF3?O@G5v6>;#uzIOEi#1SPUuym?co0nfNUFgG&|515b=F8`=$~(H3{}@)y(M5`
zp{~N(l7lpTq8LzLc#84wzEcL1IejgA{Owx9<H3WN2S{oBaFC%JsBaIpgu1T3_b}8m
zYYbqjV*CJuJ?!3JvcbeCMAer5QhyHYOD&Y=VCy0r2s)!vTN-TJXJr*?+p^;g?M^QY
zW0A$GVFn|1<i5X!qs#-DcNlX4b^4a$erjz8LloU&d!XV}8}4s6#9E)E8T;f)UXqg`
zFWo?<SH9w!!tQ)!$Y1ZQ$xI%_S5u3^S8+SfW0svN%b(^M-v5}M#FXXtNe1Z+8^ofD
zmj@XXSb>c-;oi0xW>0CXbbw+oAlTEy0H19L!{me^227gs&Ayf}1LyI!x_2S#$=q6K
zXi!UU$fTUg-<pPoOWo_jGLLP$Dx*0*pt4~e%9_aNx>-XF8O!R!u>*SlBUG`|hD%)A
zo3`gQsT1#8CjQRKdA)y^3xWq|)e0p1_iKalLM2_E%=%5yUp&W+Z8w{#FHYfTA8Oua
z6yc7OnU}d_vcfy#MXzIxfo3~j9mTgWQC(5`6AL?P|BTTooiy`jgOfRW49hfqF-GD;
zrvYzBG<k!GB;I{TbmcIuK)ZHEO_cZy?u%n3+E7TdPbFiex46449?t|DuiOk=6C}Qv
z(z6^YG}@*}EzpnU3|YIq6<BawrlO%}LMgX?BTGln6RT`8=bBzE7zPL5mXlz)9UF89
zZ!%Yk92Yuv1pcer<MbEN9587V`r|=*Oj(S%xhH)Su<dNInJ)#D8zFIp6pGAhqgj_F
z-k~hKIa<2R?K5?*nU;NmdN4yZ^Bz%>D_}eNxy)Qn6)JpW)*IEhbWp=JX09qp&n`$~
zyuB~YkRO>mj>!<_V>AvLY6PB)koNmINSifPu10{Wkdk){$p<?3n~_rR<u1yjXJ5gt
zrdcl5r``~H_cC;4kh*~=nOef0b<GF4^ZOouI<|Rm+|XaR`U2;W<z7@aaf|Q2$8>p%
z8HVx-CHT1+eg;gP$%lII&btf|RCZ#fODeY^z0c%{^i?jcWTM%^3nblk`Ao^qE_-XH
zp|^1L;HNL*DKMlH>D~+S0&k#P$TKhGj@~&PJ3DBDGG%S+dxr8$)(B=|f=u)E2!nJ|
z+BA5RqYZsBf0{g+NprP#WtvK)FXgqH#&EEFn#9+SzWrFXL)+`9!h*JLK#^R+fk}6*
zI7KS<^9$>JfB2s#U%kbJGIZ6Jx23~@Rqsrdz771K!=vBfhAFbX8*g3;#gou7ESO;C
z;XKtY@Ww!Dd-D(uyf5Bo%0s6ewD~}~#f{;f{(KD$zkgk5puKYeGZm8-7~J&6^Cbrp
z`?>QC+4Y(kX1$G0E6y-?6&Q|PmCSs0aNHB6E^ID~?{<ERu8wcceZosD^k2x{y1Kj2
z`~}<O$3+HhuwfRSPxC8Ok=CAV;JW*>G47(H_y$W2D3~MhePn&-Nwlr9c%C6~wfwqV
z_vzr#d&AIGAObUV&x66@HdI+$jsYwme(jyd;@Tj0c9?Id#ZhwhnaeT}JLmHCBdW8$
z17;5@zi)_3R<FQP3w;BI8hB-;#ODBu#xpk~cxuZDhDe?Y?C@n0eN}GPGHGUj;V3*k
zmNOxsuKtbXyhVg-D^VKh%M7%$ZQLsC3J9123i6+2&3bgMEsHn5DET+mF1;)7Qgk{d
zL(yFM4feO@sv*X{`aq^HBlUVHH)13|@X*lCQ|OTw=q0k@p)kp$#DUi<r$YNpm}h&>
zD=!LXuSx6w?F%()$yu7ZNZM{<;L+FI9(_#PGPSWq(h?yEwsv`~B!zLm$vnA_i9s*{
zWX|c+>b);Nme@$gr81wUIJb-`$12Ow<zzEn_|Uu~xGQ@xspdqbw~mxe6P1H(*3?PL
z_TVgS<Tpx;ULMqzpHoKpfUtgV2z6fGCF$iP?aN)#1BqK2yTD9e)79)??&OoIRUhEX
zwgCb`&1`cIh|#;OH)We=`@qaGuw?vXvz|NDW=uAp^}Pr)dWxZw`69trM(=8reYDy;
zrEuODbdENk(=XUE#(YiRKN(t<F%;1fXPW<n{6rM~>a)ym`M~^aj+xKmtZHxGXQnT=
zhxSEUUzJj{MIFrf6)C`)__|r*kNk6!vR#Mx&}IeS&!;Zh*saR9+_kZ!(i+<4X37F?
zH~WH=0*{KMaER$rRs_v~oe^|V3#XZHSiF3I3WheVSZcv>3tT@Wt<{fP|EctXkGu3Y
z?J4vBTgkjhA3I#x{G$()-Bk_9>$RR{1GMAo75t~r=(&$K@RhP1E9K2Tx*z=zqZvA7
zz(+Fo){U0DMqcM*vL80e9FuABN2Q$#yE(Fa8vJ%jdQK-ttJ4w-siOMo0x~?b;Pt_M
zdWSl-mo7_>P5KPo{%M1LmM%#;<~z2>Y3y0Q-_V)RpEYa}c(&`7^sX3K_2M7W06FmM
z+&yWr>8bfMA4%!qPdz)P$S0rLcg>5v@pA*YgE3%O)CZM-&{wvHQm@l)3AMrHJ)(`?
z?deN=7$&z>0s!2Kl^4@XJl8M)@aiOaVDOri%geok057R1A2$b9kIk0T<flOW#42Cl
z6p5DGT^>rWzpt0S=%6bY?QCuNMkJhXF25h<#~13NIZo6?{|{+j0Ug!#{C^fglK0;3
zCL8uWf`tUPkgR3{6n7171rn0r5<CP6F2$iRxE6P4S)@f;C{SEVi%X%URDe>vl;7v+
z-c-Il=l^dx@6FtqJ2Q9gTz#8+S2PG-5n&ohF%5!C(8!L#<yej_9l^2R6I@OWYg1PW
zzs*Pb-+6;8=SU%>6!zz@Q6^eGC_}wuUOQdl9}dcJ$N%-%3#W3W@&Cx-{#y?App02T
zMG7RiJ+8kWVBys>t}|`G9gjDUg_d&olDgNdH7K)odb`YKjv5K|o#isC_pc*IpEKU!
zjg9xkI&tWRuc9lyqQh0eo#>-O`$8i*uftO=K3=Z4`Nu;`qgv*l2<@H!Uxm?z6QM=u
z*uGF3lk@EfJtqc|L!rf`f6h(~4uuv~^5%wC8ht2~{*5#CFw2>GICROsaf+X_oDDw@
zUGQ(l4<AW~F9+qLgZo1BD+a`U5xU~v#NPjc6<hEK)<6Bf3@sP=&n4rA)3;xSMhD7<
z3<asivCw>~Lu=BUBcY}KP1o5YtgbvqL)ZTs=NCs=&R0i6hi2oLz<6%ppaDHH(z%q>
z)IpsczJ_gjw``P^*0x(>X2T|O$HKL8))|;qw{@?!4qr;9t9DXa|2jR}H%;j=v`wq_
z?fUdch)?WNH_O$pTu;xy{+U@VTlE~)w2P-@^)5XU>ZN#k)U4O2di8Q$6P@0yA<f?7
zh8N8k+@*Jqf!$NO;O@QbeW78Iy%Xv=Qfu|@?yR2PE4_BhuKg3-&ejdO)TDz4L-U(l
za-<c&eJrMfp=CS$Z}WN$OiS(6C$(JDcHQGzG>GrnxP9-oo}?yyld=-~cIlefr|qC2
z8MP9JItL9M);4Qs<K|ginzV|m+tpXQd;9uLyL+os#=g*~|7lN*TuXWLC#X>`d&h?h
zY~{D|kKes7v{(?K(O;F@ymEQ=zqeq|-`c!Oxi$OWbNu~q9M^vxr=y=%V;raB{I49&
zzxFGxoc+q*4*7Ba?T{b$f0g6!I#^$Yi_!U=9``?VT^_@>Czw|RmsS3w4}J?x3FDod
z)9LXfa9ZLY5nOTv??PgHf>TRGEm8a@Tt$krb46^tn{znOeW@8_+Vmx$MT=Z<EAQcO
zh`UasD<ap?%6mCyfS*oEa#{lC@&x!k%g3eIcpv8sq{(tuE{5F4kzBNePvmfku5RN;
z`8gQwi02Y<hnSvtt^ik%W^U(#=};bA{C%<jS0aLUI5=NoqMNZbb~9vtQILzt%R8K$
z!|ic<8EW=%Q1=w#3WxI!7pP8mqAtI8VXh;Tx><qLIf`p<;~gFjhkLnv9-X&Y5iS|L
za=`<h9rHA_Gb~EraP=+g*~+t_bJy>oMXkKU$0Z~hRnhZVXlJCM=suq=xzqE|&Utw!
zrV5D(PMuTsRlBbsW!*D;(_H={)D9L0=S^@K?vYtKAK(&ImJeTs+QWILlfw<4M)|4g
ztI&2xMcq4mZkMhx?saGfq`Enm)9G{QsWERtJ3xsCK61qC)<MbqBQPWBk5D+!=|vqo
z6Llg5y$$VzEC~?r_UY9o+ja8;<njI)S{T9T<6JoKTG#U9pP`)~D3QYf&k2TiZ@vrd
z9L{691UYV<citsVPITmC{mR634&z-Ys3%a92XiTjD5uM?gFeo!B%+w!M5B}&f)t@1
z&gsTIe!5l5^Kh-8$_t@hxLIpBQ-irqP=(@o17*$*;o2e52dm-@kM<4a+9NR$b!eDR
zoj92j<BHP@CulMo^D?I!g>nR(@}9t<nh-)>ug7b!#+tcgq`ElNM}i*GRNSJZx;c-R
zX@Ui<TykFC?cqGQ=vjBGToa|{p(dJ!aYaEz@z9dldWy^BN>F?_*ARLVa!@J4COZnH
z@iKWRDM=_or6Rbh5j?z)#>7gyei6FHM{~u)cn_))-GN@}DluG21n+UMU4(2M=jVKs
zQB=v{<a~j?g31=-I)?Kev{+Xlv?!{$A_v`7pqo(S41?z8B@{UbU{65vFD+njxsqHB
z*o4N5^T~CaW;6%oj|*HBRV&36hpq$;4mI3EZ%T2U?YsvS?Uvo9Ws|j??Fp-6%W%bQ
zya$2IlIh1XT#B9d%8~q+T!;IhtwxpOii3>m|0}ub8WbU4d9HX~-V0YayhiJgRhrj<
z8WzhHkKn!V3F?HgXGQ5U65WmE>V@-Ow;b38l@3>s`&BQ(oe8%maUAYUisKrB;)S=+
z18UK^IbQA&y@+_G>s#)Sn*rj|<wLiqan5xriHSH9Fwy8xC%NRr1Qb4CARTgXBF%Dh
z^~3oDxh*rK3=fCS0D}@z6O9O8-xwA1JPQ@G%F9LD_yiX^D!FQO-G}8M9G1XU1r6mz
zj~AfLPDI&8`8YfMG@L6-?|$R+&{`i?5Ug-Q4%T*w-1|s|2XaVnTv7Hx0(^jRPghy3
zlH5WQ5DYGy1*xaTSLV?FB_IZ1fzB&e*QX=6CUk2iPAVGy9#=4oN2lawN?5*%9Ng%7
za|B#;RjyMR-sj}ps1Xm>ebAtcig9tNy({z{7T2RsO1JbljNpwN@vau}HJw@1sTCJb
zXD4zTHL1oG%I1BD3s?a=<eUSMb?DHc719Ru%jnWCvqEaWK5+x%61w?%4D)&W`W%B@
ziG5Szu%_|E#(QF&39*gRyQTDwZJ9ox&%hGS_<mjSXpuf(NRQO?&PfA$3`t2HhLog!
zy?dk%tB{e_wQ5@L_vH1CyeyJMkbMPLfhtw!3N_(<sFeROq)YEXz5#BxvuBr{-BJek
z(F}3KI$g1~(g*hF*4NNMzgEY(o=2zV@H#L${d?g&&XjK6Aqgox9KE{s=$aDOI(<No
ztbToCYxL;dJ2u`K>-5IT#_E#ET9Ye8XSzvtoSVw=lox0l-iIO1<wk$~?|S<5&+40*
znvgYYfN$u)!Rdd|<NB)}WmOnG9#fg<>RbdpugR4_aS}M653`tm*Ak!V&Klr#cIoQw
zIVh|9kiTd_mE|l=Jng8Z_z5BE!D#<KB&T%km)f=OkS@b|Vabw}_7}<Sze=X_wc)3x
z<2i}W)aHuAb~O6`s9s+Wx69kBSHIr9x~KH$=G3Yeq7!554CvQ)P<r1qy&4qvG@B@v
zr#*GJlC5~0B8k2o|NV~=_!83+`)8&&)BAUccR2b5!q^epvWFb*vA$k8<R@>`-M_Xj
zSE4zO`G8v<pZ=GUl-|zt^a0-V%-$K@(>!iXiR^WR=#Zuv19NC7_aRD9WItNt;(A;m
z6a#(ue-$IEN4KnDJraEBy<9_kCT3_F669EITJs-DLQU&)Et~L(=nwx(bdMn!J^K4H
z;xp6xI{U>BGej%xi#47`w?^&WZi+to#;34;LTfI6wu5u>2+sfPPQ1SOwC=va3C?cr
zG*7?yfQu6Uzq%7je<hZpHVwIwE%`)D#Q&?X!}<?PP3`LI(zRdrVQJn}qp&WA>_??z
z%TZT_+oG=G8*{h^z7Z$Ep=k56j{gyHgSuq(@6|ogGdSMeBXOu+RS0O`-})<4W3E+Q
z9&`RghY!;OxrH0uxU0Kkn4^xXrmLIN9alYl0J_vhJ^FSVJTSIJou;uhnzxE=oH8J_
zyU|b4FA!Fm$L!OMHIFN&Fm+6D)Nr+O^^Ny9`Z~$d6m^+#87(zw9~VjyK%4Ryp8u;i
zcJ@dgoYt#X59fgR6jz$w8z;!U@n4&(5ib>SzY7;b+cyW5^wsY>q#p(fjKeN3#)i&`
zscG)C^o01>uHJNCtizG+iA_vQNsEn7=-Q==CoR#Pf*k=cQdmc{%R}Fo^U#V(s1ClP
zJP~umBmP`iB4|^M9ZB*i>xg%9E{wBUsyxa@uf>e2ZAH;akDGCM%YX$#pabR2;d9kZ
zu0%}t`?=zsna)%?(;RA>wi4}hqB&Qh0Wu=kG51z;{`1i3>p!Tct7lePLYKt8@q>rP
zRqvC6!KHee7CAzz`ejI-)e>_Me+#a7c}Vtfm>~VLNi|%9<LkLnT}knM<l+=+gRnd^
z5knCMbdE~45v`4|N<dq5#Cv5a|7-AbrMg}5eKUu2^A5-w>hQ$X&deB)K5$^`q$Y-a
z@{FNXGYG>(SDn=V`{?uk5)mSeXw8)<3k3+*ghY&_|5OiM98Fyfok{V%oeimP8+dC}
zJ@h?I_o2iC+Hi$r`!K%9lf-|wE+eyF51%g~J;9OabY&%K4c?9TLW9D&%AUjuj`#{a
zGrGyM6l&KNt)g06u3~O%9#GTwF|kC{mMWEy?(?Pk;$v~CN`f4u39)EmU1Ga-@uoOE
zT@w?#CZ;GsdbA_gE*4oGoX6+G)cqey<*0$FrN@=wbUGTzRcStqg2lJv5)jQ;Wn$yS
zm^lC0j_ZhM#$E(YqGp%-g$PspxDH&joX5?%ndQ^>9k`A(=5%Pbd_?m#Y^b@}t*d0N
zNC7DRhg~91U_UB_tBoD*OfDa_@4_vhw_P~p$B(nSVy0XqjhjdpQaR;M$O0+b(>Ud4
zJxEzZ<I`30XX!w?bPZ5~ux|B{DV2*g%d<hQdQwvJrmbsJObe+HZe743by?lGk~Aun
zs~?1Ad!o!5MX}vELH>A=&>iBgcjwB<wn<c=2e*_y@4?-dX;Hm77hUPe^`jQOxKmon
zM|8Tkfq3amAFdD8>B}hx0!-@5tsrMVu8qt)xgWQMs%3DMX;=oggFO8?2NnGg6R^Sk
zIebGLz<FhR9bT7*OR8SK7On6hN_q{z9`us|obp#pB?fW_=+}X&ZTTp65KO%=h)bd(
zgSk)X`@x*@r*mb8aG#e)4~;o5mw*{qEqP-go@<ldB^p0I8j?Oho+K-tNvhqXR{bV*
z$<&F9r0g@elA+2_ZgddV${t#F1byjGL%GA`&&09?&e%fphjFoVXc+eiE_>lBg+PX4
z=t?gPy_SV4>pdL(->Tu<9!ej<d5A`EUr_o;t_FQHl3PcuM{&LB;3x<hn$0z~AUjqF
zx(&14d^G)<&CQ{yqv06Ke3&%35@)960y^Vacf}z3el$0l`j0`~jh%@8tYA~lO68|u
zSov%WH-IXR<>IL8SZ+1h$H7Cn_JO78IC%EqI4n!@jptSuRD#@airg>P7&f%ufHb**
z+!)VorVl5e&^spp>M;>zf||{gIEgDyT_$mhDReR%p~x-UPP9?-IP3!gDk_iMJnfyt
z6`{hbxia+aWR#tsf*jkYa6b716*eUlPwjY#-`yum`8f*zfXk*uA8;k*$T;``w}A#u
z<)Uf81}xKNwnCYXZ{QkJm1$f9>M{c{Len^+#OZ1r^qCHC7Ma1-k!hPKawhaCk@Wsd
zZZ^G~iSict2JOAtEN(8{oW)g=srVK1Y;GA{oQ-(V(HLqqhZ{*Z=5USFw2E`N<#cZ@
zS6xPT(yb4%8>2{W6^1^s^gM0??U~25m8)k5otO`gKby~OrL6=XeM5j|EkKT)3%LE1
zxe&3id=ZzQvX^j$X~}Q+eL>hFt`+rLgjNK?R%*K#-Ws(S0pVSurYXz|sOVBPubV0q
zN67763Y+cA@S8aVpF|y&p;)h$!Ck1TymWdix+!$@9Q9rfcO71iW#7-s(KKeS;Bc&|
z?7e#{fKFM-H8h+VO}STbLutY)MAQ0J@JqARobqSJ(^kU+-jCD<UtkTlijJ*;dta^L
zHqzF$YM1lFS|oqC4q5%{;Qv1BxzaReJz}N)2KWJWxSFCjq6Dosaw{p<CX_&lnyQ<)
z>GaJelvMG5!Oe(}!<!LP3i`)pSg~dcr~Fy^oh|VGvaN_Hy@-=3c^fBx$D>KxpsC7s
ze8}yy9dQ%00|Mc3kzVIUQ8RaNA5y-Z+<R)hnb*QiFaHdUrR_Vp4kYb@6BUu|ccE!K
z+l5dm`Z4T1_c7{R@m2IE@YPXyC;skkcsFb}%-XXXWdORF7W!2vlCJsDRx|g&Ek*Vs
z7_RMA8^>Z=zYi4v9T9YY9|}BjzpO*<=RVyJQR$zmRIT1H#cx5CK10xS{0wFY2h>rZ
z(gAK8J;PqIT;SM)+<LlwkW)@{0#bo8I4G;P1&wu`jGj6KYvJMu5)Y#R>^Q7?Jc52X
z3};OHT=nVk&(U#B{(@_#`n&BPp<(nc6+bI%Iv24Menf7NM_|aOM^MgzM<D}^2<Oi^
zA@|EKvE9EG+bs0<DA$zQe5p3E0<`Q)ZXQ)R1|!f}M9}bKC~@B7Xu2JbBfzB-;H!B8
z?s<2DOAzEv7rQA+S1{{EXkqH`754!>{t8v8`0GuG6hSpl!jRJ^)kq6I#cij<rywOq
z4TsUO+_0s|X;kUQr_neRYQkVR<c0}^c5Bhx-`~PnRR8QhqlSZ>xU<|6+I|+1tJKK-
zv#9G2&gtmEb3oJ1qcecK0#w8V0hi9hg##~e^=a<~&QHTHLewW00S&!`xLbD#JyE-_
z<zC`r1j~%CxyclBnJXZF_*V)_cXDIY4PU|Kp$3=XAY~>x@iNzm9$iL$cz7FK`G%`T
ze|`&%@!ujSPkzgJWpo{FzXHE1hW>JeTjnpmH8e~9VDJ8qk6wTOc;{w6Vg17=e$U@N
zdU^iqGuhuh-g(#=&=H|X0hi~WKJh06Zo_!RjS8Z5cHT~V?0gk!;|;O;r@!SY<)$S*
z-lqOoGe+bqQ&LYp&nKsOYaZ%7SBRjfc0x#QdCYpyR%oZ4bug@*&|U+D_D1TG_Ci%^
zFY=LcGaA!_&rfS)d5V<e4nn9RrCbMt|I-eJlqT;RsW;yj+G?`<bTm@`>}c@L>STaL
zI~xqUIty*IY&DXF>i%na_|qnOH;lJX(oliZNEefZTC_fd?@fn(=fh}4M}b$YN=-48
z{uThob`h!*--wU**9zsE1<|!`0y>gR%^!JF4LjDP8g_Wo3_Fgd8L6$)4e*BmnAz1x
z<+{P<d1gL;Zr!gEpF$sp@pm;m-jBh2lf+lo@cjAsI;v}D4bWV>sGCqlqfW`k*Yht7
z=O^W+!Zie?ph1+}MaZMk%XJrO(1LEfi(1(EiiR_SXmodj=d<pHbxnF0MZMhvhMv#I
zN9v+}O5hv#e=Wq<FjJF}@OFGp!`uCP8rgF9GK78D%SbKRTc}C#W%%K=%!lewelVQk
z;~S~aF(2=vg+4^ALZI7xCI5ypd{Qp05U+0YwKTBj9UR<(UI2l2JpeYjYos2!%h#jt
zV)EO_Ql3xKSe@S)0#*k=`#mFd!aZJ@<gVz)=cC*A_&oFP^R;PEdHxqoLcjZbU4L3E
zUoS{YxP70msewt~^L1(5wtNx(!w%k~*X!Z$4e8Dw3~+S-v_CM6p7;RLU%C0FdWl~=
zFmiPN5d~_Pzz^}i^YK5LG@YR>`G)jsMShHiXSFnh{Tu*0wKBw<4S>~J8>u^58`+Ar
zF~F-o8sN5)yhtez`FKswfrkbu{wD)m6#(r&^EEWyaX<65bEB^4_|JS9GXKIi^$)7V
zw^5E)$@qm&*4UJQ7k}levG}3@KJ^h_n&KYuaT*=Cvhab3B2@4(uQvrn&a%gRO)CB#
zpU;24GXI5%iqsG+6h0P*n?9ay1iW94#`RVB!Bpc3FHy1=tAKfp5q`y<@QMDyRr!rU
zbfcSqYrc|=JoWkrHT}nG^7-@tnD~TmOKBSlN07B1AMAfsmv`i%+P}*|EdNn~A}{(k
zzOjl<=m9@2`3(_&(5F+Sr#e+(p8XWc%QoQgbH>w8<&N4AWBxq{<D}pDMB37eujT)w
z5x>eLcMke_<5&8iBWu$HCHrLt+S$25f}nJJJ^LD+)vLZn4>-A>0p`mPs!;K!_*vV%
zCj9FlS~5V05Il*-uU=?PhS8W4`WxVh0N7!G(eQr`fFlM9)%?BM@L%PoQEon%77gL8
zOvx?{MwvYw_y)PD{4(^pX9pS%HxEKlHg@1^_z!pDaRG6}5I(Ow-pp>yM^c+1d`<s=
zWWIeKq9Hkab$N(7vQ_t6y7Dh^VVT_h8-7?i2;JfFp1gz3v=D;*mAmtga?`+}d|ovO
zlv-*&6ur?Q9^cd6b>ge~d-vvTCOXhg2+QG*xWR@K4hO&%LkuU}8)7gF8ET{kXBsY_
zpJ_0Z9%fXJf0)5rFUw%Knq{Q+8g77p1i<MdjMS)+2DmK%RvTrco)3UsvW?WI*+MP<
z$UZ!-pKCgjH&eB>M)y8`GzQaA8GM+(Xg@w9n1*NY0-f!iCxn&^<wsLScOh*44xC)C
z_RHcJa9jGK9d^#->u8DSXzY|U40W?TlkcL|%B)d_hP7i1w|K@HzW8FSk=kOMVd%X8
zIC#8~8a%-ODFBw9Xr%59fDI-Ysn-Hv@5x5$+W<IYictyC9|+B8MHY|a%eCJ??jFV~
zhmFK#sqgh!e6k#)MTe{SqT#%9(t~Y;ihnRdr3Z~v-=nnmOYJ>il$!pt_U@Xk;<vNa
z{B1|8_=VAYima#c81;Qzd)FMR;s>;M;y6A<-jl&UkJC%>Gf)X<$MJRKym8}InQO=M
z%JD}9C#dgP6Zp>ZJRARTpX|y?f=I<D@^$3>2K-BKdA($thz7G9iL#t`6Z!TOURmJf
zjhh7AO-(Bcq9t3NspLM-RFfWP@6_k2+Uw8x6iuc(-svJ+VPqQcf>(Zm3P~>f;&e<D
z(tduyE5DI${L&~3KE=y4JAL<39k#2#Qibk)rTWM9T2;DLdzX1*D0BJT3FLT#0vvp!
zT3F-{m3fi&7T>D)EbT4)sp1p0x9OdVk9daxfQjLq9~jYEeX0?|XQvveou?TA_Ba5J
znQo*;%rL;!0nk0uNIe<=ThB65e+Yn?vyD`4jsY$TfaT^Ish`d@ENk?kk$U4pBi{SX
z(^KcqS0mp{FW)H<JugF$1AX2@p|ciWZm(nB6I9m-lTb?ziz_BUX&TLQ3GHdwd|vrM
zch)4eety^9eJ88<1MS^qii%&?-mO1S@pIa{!Bjp)i%qYG4o^ck-<qn1N405ct?b8J
zGbth7OU<UDrjw?tJUgbV&9Tf3gzWYhLHSYosa&d|HFFE<F<`k>+z})wZEQ2%nn171
zO|$Evkk#`Db#)~!mzwq|(&T~{4p#Fm(B64NRD6c^=0Xj52z;FBhd5pyDyVHKR7lnu
zg)1>3feycd^>aDZqmMZuSu4ETO)2G&Z#=K+yw9sTk_GjBO?$UCtN3~C-N>Ti$Fz41
ztB@mv=gc=kB8Cib2kCJ@H5M4)#Q>PL(BS=jp}{a=kpW7J4RBom^er(`PXxgBOO4c@
z0^o>cMyh4G0WJ%GaVw0}Lo1Bd*L0;GxCg9)(iMBd)au<9rbIB630Luz+Pi>FP5)4P
zTO(9_vi8oESH(wY@8{Y(!>*=3w5#&Ei0b>AsJgthq*aCXZj?{Z`@aOa|2ynMT;0tl
z=p8NkYuu+j1NGlAQVovJB2|g*{OWs4{(uC0kyLx-ngt9A?nK;Au5{H0kSK>{R6!v{
z?xp4Kl~%|-`>uj&0ND$v*3B#=Bx`}~O2F5SGBB!GVI$ZPlxo^Cq{$NB6;|_QMHzwX
zj(6Z%bUARXMbyCURYY~o{UR!Ja<uxs7LBgq_6(j2l~u~WQ_wo*8Cu6YQ*F|Vw6{1*
z#b;@6VYZ4-)ZV5!Dn4RP&W`!cN+UcoR_WmU)keI`4uC~JGE#R1z*=jJ)UN|z*R@9K
zivT!zospV<y#a0vfR#2Fsiy*9$BjnnuK_T7laU&}SxCw``FJr$9rQBhs_!4Qcb5-U
z{OX5lZ`W*|ihngv?M!RUSKkM;w~thOr}i$tK*iT;@92dpzG$H;Ct{I`Pg|tAJ7lr?
z9;?0IF6Qe~cqAexK2Zpj<IRJQhH5PLk5MD>e2f|bjf$$V{6$f<^Ys-|@g2ofdiml^
zjQg~y#plJ1827rpPIbQVUI|t5(h_RU$dc-NuJ*Q;Qt>Hx>k*#lP^TDCrPXN8F0Jys
zE^V{|M6(+4)5{3T4#7`l)L>38tMcB~-W|#bDcW53KpP>Fo|IGVX;xn4JEgtr#v1zF
zZU?QLiH34LR@MJr1%oEHzLkG~cA<hwbH%B0w#K2$#)39fQ?`7w(b>gr(Sw^l+hPPx
zldT4LD*$F}Gg3|44RB5XEVjc){Wt*D-f5&>4uIWu8L2M=;FOPz)B>Lv;HCgrc{kRa
zr>9`+F~_93OuQNctF(7PhwAZp4mI84RNoVwO8R`4O3u>WziaQlZZ-XZ_U__Q@$1^V
zwO7T@c~!?YOi<rnYVYbkb->u`GeQt?oJiHjp;nqEs<pc<QO#7gqWWH=y`w9s_+q@Z
zXmcbu)rmrUWwl0US5|q<@2T%e+B;Vj6(5PWF+;`&eOoA+RNksa?BiFP=-=hU8Az0S
z<6o<)IeSzya=H?|F6v(mOz*0x0o<{=(Af~{#3k=?SN*uUN^Dv~mGG7Ju3b~b4{7g8
zwN!k!_IA`(@y&Q^<#glIw-VLW>!{^iRY&D1TvvTB(B66L3HAMTmhd0uA~Clh$p!eJ
zp3sRZEXOXyZ_D^=%9QbN5;jik^@X1F^{9}7{$JMcQ<M#)m_yj9n^|87p>G=qh3IsB
zY|ji^$7d^l_@@x7G!VMc+fDp5Su#>2I@dtxO3Oy$Z>=)d@;3jT&3sq<g>DV}Jf?F)
zD44SoiW7J8^&{jQP%P2&hC+A$q$B($v&t9#36DcJ8VRBF!$*7}+R{kScdZIE7OHAZ
za$;ja->!VoSkU)z)0-IJ#U_HjiCMd;pf8d4G!^P<63QnTsmqfLVd2e;Y-5`Vb+t-F
z|B6{;a}4I;&4qHBfbPwOdK!2Gp!`u>{f8e1dFgBmaQACra35=7a93_ADCaKk*ax>4
zX(RCTZA;;O*&l(FKCJ}hO!+{{yT7Ce^kM6qxw^3;1Ul3vCz+>KZLw=maTTB7?{%Jk
zW2O0bLl@zrjK@_WEoIRE`1>fY@%KTq)$7JRo*X%%^Sg0>w*%MH<A40|55ALNg5vZB
zzL$I^q?@S60U@2vA3zk~bI?gy@qc{{3JA~@vtNTQl#0%ufbTzlRqToneBn7NoHNm-
zFNGtt_?Ykor5p!T`h;+l9?Oq#&dSl@uY`@%_aq3OQ^IG|fw%JX?v(He`A-YCY0()x
zMxGUJ5{|m$srxzMYx!J@TU7J{9(%*A0`AQgF46ZFf!4PHy?9BuLfgIudNTq!7GH*<
z)Ndf5*0;hBRN;#7GZnrHDCC;(3tg*e5h&Mn;V%7f9cZuGK=0lV?$cK{g-7)1E#Y_S
zWQWiLx1j^qGX>GYJHkB`8h=;#j(UD4JfH#%kS+NhbljAoM)v{5elNVG*dHLY@B@en
z`w<V*L*WMfELub9$A`jk+8{yl!JmX<^msiETb};2aGE;)f&zMe6<%OF7>}~eAkY06
zK6orcMV|<d{Py1joc31ksc_eiE3NXHsB<fe;CDO|I1@E#4X%36g*Q~^1&oM_gs!-k
z!a0g-1A^t1@QT9Pg4_OD$Y=8727)3cf6^Zi;_v!az@O3I>HuQ)pCHnW_W^$N4&WyT
z%uyyk{^-7-$^SN&xv<G!ILK@^`OD{#pOu2m(I)B?Vtz=sB2k|$L(R{rF=xI+xG@Gl
z^We?jQMh2f?SCqmBTZzrnD@{Li}@33(j6vEvzoV1<uLPZdKL!4_HaCs8{i=Lem3*R
zxGc?LAy<U?Q#I{vFG~o$jWBQVZ^>&GP3m#;rwdv`{pamw9>0kaRS~$HT7m)y3!--U
z0NEnVd;O;)%_x?V_)~r)#$`bN)&l0O)VZK}FP$!IHTz2yGQ$g=!oc752l<b}Aa98R
z+M|ehADtYCG)FYj?nVP$9)rjGMe)dA43ASoEM~e}%)E8Jd_4gbH}3`@P=^xcZHlRW
zTS+r&PCg{xU%r$9)-7$0&{C7j7^%a{n#*aaTgqvvX8*bJvdeG9%AQ>IrzMnf#hJgN
zvvKANiq2)3aL~4R^EL%bcfhStP8fgHY2N227jpS`y3LY_PI_SP;^DAvt{2uRNAK59
z0Q=byNVE9#v_2yt@GBX;{VmEgI?=q_pIA}$<Dc)Ky+b8bQbc7luDp>C?>|u)5)^3S
zdvLIlrA8HGc~eC;_*Ge};E$<hwwUNmIe?X`qcGI42CA2@2^k81-_g)`ye2eO8wru4
zYC(entr!DBwb~#k@$tMibm6)Jf%etW&C95ZG=({~o(?^fAtlGU`YN;!KTt(kGA2S^
z>4v(zn+-t)L7-KQWO?%S7F8yLrE_Ccw}RT6n0KhqyS^Y?Yy!RsP2tExpTg2QNf4kw
zD?Wg0gl5RL{U8X3nt`A|Bbx*2ISo3hw?N*fEs%G6OFY7lfv<lnna>Zs6<X_1#!M*s
ztu>gHn=#h60RfOez1t!!svYX~@l@o!*$xB+THGE`%MK7~dmoQ8@?&a8JnD7Aqu)H_
z4eyM++<ZW%Wk_ie<C0~Sa)YUs0_ar=n0I%<Ls$sDQK{gIPXk(Y5zv=uKsTlX?bg-2
zPl>hC-IQp@tsDSoS$EKsK<L~9r~(!02}r5pD+aV>If}Qm7o;h*)}l99l*$S31L#B_
z6mLRbh}yUcS{wJ%jm@0_>dn<iJC=d8Vg1449e~H?HE4nF2B1sXHW28owO|=K2rOj=
z1N|Nk#n^R2%pWU2m!S}JYXi7SX3By#0{Si!6{lFdU>JfJ&|cN-@Zow)pOPWP;_NLb
zz|0ZI0dy~I+X?|8qo7|2nEj&=yaTd9s4yB2B{+T^jl2r9ag2GF8W(9}k)}jQ^f*An
zccB#b#zD%5<B=_C0v_gx=-QMpIXMw53N(5*l+TzXdqs|#T9Z*2KmvtML7EaU2d02|
z$OkC=$h{y`nF<2JWS<%<JEkE=!~Gx(o(@8(86aeT3iQzop!q)ow0WjlHr!$}3(QJG
zN;&|&C1!&~L9fjQ;lnxRyK13F&P6M6d<ap$%8yO+@KDOzdp`ISsOlFG5Kj=G6#9Dt
zL4j5;0QCMs<jB7W544RSy1EEya~A_u3f*#v%q*8T>^P)EE|sOo=$WM;D21N7Oowiq
z087*5U@@(L0HuL^z5-MQ%3cY`w+e)7r!2z!)nMDX8ouuP5t7QS0rbNfKuW8)brzDg
zt(BF@jU;^?vWA_9gUYN&+O_rITd)C-8yAq4yb);;n}D9(WZtVp+RV*b`)ITUId6WA
z8n$hPYd_x#E+yK=Z397ps%;0Pw3N3RB+%g<5UGURs4K8!)K0xxT)V)m)Wc&LQd-ZJ
zk5TK0K!GwoF>h3>C1$sphR?pcW$|+Vw)qA+s#SgjTJt?HBWy1or{qW2ZP+(&A9N`7
zwdFQcHro#i6g1>h2mqwj>zL1gD%Drz0ODPNUTM%?70oyVmNJKt!}>j}dU6<|R(}pO
z`3pRhYQFsgbd){<l?r;}2y%q|2<DYX!Ms6+I(-QUL7+v#`D0*FVq(T|xh2U#Q166n
ziwx!YN{2o-pxeJd$HbG6qQpt%Q*em_y*vfx4UeGX)6=@c`kVo^#93&&D?gNo3HuEK
zHlBk31x-GWYzkEP0+<!($_1p&xriK1FX3VS8jln5<LYyWpM4p5Ykp%sOX9cY?+I5s
z1^IJbF^8IDFxa2>su{=66uM@9N)gx159sZ6FbQvw@yQMIH9C9K{EU{yVv=?47P^C}
zx6OyC=^gWRs&LnQn{3~K<&pe2eGk+!iI`o^y${0Dp~#W_z4;i`{{gcF>4EtK{ZS7y
z!-o&dx9HT5=5J}g7cAQ!!mhDDneS82pUpo|%U{e_DE?QB&X45B)<@tgKNx&-9-Gfm
z`V;ey)a*C#ReB1j)bHk>NPGsC$Ir~?>Bw_T2Y0+MKT;2&TldoZ4V`tsplPpQZm-wK
z(dLc$7pnUQpsGd6<RRZ%h${N0T;6whY^(<6ckj%1=iRg1pd%(cKFWp1_}rH3lp2Ib
zjXajebhR(oss#fr5@LBkd?+5cW)t@jhFZR*OB^2Cc*{e=jcP%(La_X(xSVF0EkDsH
zi{)qPW5q+sksJnUqj1YFRN00cWg-CO&kK1$b};{DN7^mX@`{w}4sS`2yf2^S8ZC&l
zd_$iNhc~nGTW-<&1uU1yRZv!02rO?3LHxtQmh*HV3Zga?v0R}E(U5ndISd~agA#Qr
z3MrL~L3!!oc-TvzFi%T>`DRJW3;MPc%y?A=%oj^r?$VwzK-ZVGT&2QQu(+97&T@~2
zlt+$Mv6dgGY6U=1aqvrzhR9JU9yv@7%On3&hXo(_mBai5m*qY^by>cnD{iPe>cL}&
z*Yb!~C%|aj`u>21C*skyqU9LHSF#ie#iEiuwWqQrCej=Kw^g6h8(8(dXIW;V8eJ{<
zX-^f)8hKg#epO2$8eY{hUrjDs%`#qvj#aa4P$8_$(C1XQtX5I1(ahAbhGnUW=B;Vj
zrb1Y<Y0&CgI)ruGPL+yv8)jE^ENfL1D>#9Kx|U5Us;uBH*0ro-P^zahV=X68N`1=;
zm5NoJmJO>q4Z^BUpe+q8AFC`_-w8CKk>w*5#Yzv;l*YO|toa1W*F;CLv=it~6U#J}
zd16z`UKPSh&rE4amMtoZHJ=7y&G)IAcC@+WvI=3{hecxx%R&{!3XrGaEiETi6iY#k
z4=cgrY8sY)$5aSQzxyhLm0u`{?GQ&wHHEg<v%P3<Ijg2&DX1}HC8$F44wwb{zN5~I
z6`?@4J6SHM8L%`I=yGSozakTBM1jsETfR_HEEWa&Bt=JOcR_3_e3+pMM5&g+<alQ(
zATK1b#7eWQRH;}<hSJkC%M2A&mXs^fEo)R1>&j5-+SRg5MX|ONsB|}7l)sy0q$(6k
z&Cx1^rKUhnyITgT=;$6g0mHgLC3@<4l@S$d&=5Lkq+vBWTg|3Wu^JtrqF8qdw5+$D
zSD7JT1sX!WJ~`4(_R({s^wsq$12NVUnkXgj!hSl6HL7Mf)~Etq%FyMd_SXqmr)n%%
zrwTOgvL%wD2UzmZ!2y=Gs(o0y3RHQZo)@dwY?Y8UNY9I<tU%mgodt_pfmRzRmbU`E
zH$<mmp{uG?rZzo?YSsc{lCc(5%cL;*hUrB*GfdZxRVnQK2$eo9%hEx$2n$nz%)@m}
zSfXl$Q)WhqBXlWPr?LdBQ#A)F^CqlQL&!Qxm!jldIZ9_y&`Q~s;i^g{$E9qYs-Ref
zYVy=MS1rg38>2^!l7{uD#-c<+#j!eyMX6?*A_|Mr5E?vAw?)Z|<tgNi&ylujye>eI
zS9t=13Up(F&a5w9S>;%~hEVg(mcmqFl3wZH)6LM<vU+)C^qa|+p=$BFPtp05$zAXV
zx?TmvT2@n}%<Hh04WV7%S)!=(R7)FGfI`61HiWKC)s4g=S5qD|U57BQGt<WDmO*MZ
zW#(3Sh9O>_v|-^JLN{jUQk01tmcW_?%2bV?#h{uFtb@%|XSQBF$~+7!;t;wyTNkCI
z^`E2X4VkN3wbFnpeW<5>Z9rHrYdWxA)*z*cuA8rmQcx_KL#Q6<+OT}aKB9s4U!dp3
zYFd-B#(=P-*3z(~7U<q0UCO}48bN76wk4WI1>2-!@>&~Pj!X4SN^sv=s#~X^SbB$2
z&1_2%TCvR1ii!HX%XK~_RIwb_T&+ZD-4!~jugOE`!3tdwR_A6Kw^Da{_$s3m2Bf&A
z-fCS6R_t0qv0_(RzSieQtkDTrz-wI-7VrWkt<|+*DX-^Ur$c$yYmnlR9qTPwO3@Uo
z{svtumiKzjjXI=wCEq5U1*kxKHtD()UtqN#N-Z|)(W<1~->m0Q{DZ}Rz+D1GZ`B20
z8$c_C(z`d>rgt@Ww&@mNLqMR3+w~kuTf^2s2u1J6k+y4xRw{KN)o`b-QfYPAE(oEY
zcj`H?aiA4d{8)#udw?ynk98L8BM8*;6TMhUBmDjoU8sU$TS0H~a+@sRXHZSN(h{5O
z(Tnxn9$g!D88j9&IP6#N)AcIt?~{GHC~P`teD@6qI}chKb{;hUDSqDlnVwDQ8L|DK
z*{7fn4RrKDOvIE)gyME=M1)ZNLzWCR?cyO_JoY67$~>%_h8+rlB0kqqr7G5ZuIo@x
zY*^?nk$3d2<U|J^(W%(F5XgR17llm>>@XXsvaqfGrOy1#m%2fU+Xo-h2}-wz-3?u(
zTnpIU2%+uAb;(Kv)I6cHC@3~Nv>XG!(j_Zyx1H1p3W{xy5ZZZC7gha~&Wv3UtpWz0
z)+@kzMo+_rh(No}=#f+XtWHo`Irc|%bLIV!Vdr!dn<Sc0Y?27{@p)Zu%?mmKdnOvo
z(2F{RjT0<jE@|47CXFqW5c=ejmS0J#_qDDDJ1Uxt%*#5Yv~uYiokc;n8>rHvvB45T
zHL@)QsrR>*_D0XBiBh5u`z_kQsi66;>hhH6!=_6J?YXKKO5c9LXnalg6oQc*d52xk
zfnql%g!13e1t^h=eHkrB^_zNOusMUd_f4G-+cW}=zNMqsu+eN*;uRY<T5Tw3-8&2_
z(1SaAHibI;u1;0@6!E(pJ<b*u#XxgUFP6fLjhzs>e@~Z(Egpfg@9QWwdo-)o8&HiO
z^fZ0jM=Pqn?Gr+yALs(G0i+4Q29O4!u?W=Uq0XYTojVWpA}HwapDe@Fx>TA{#Lqfa
zK{w|_>->^~iajFDbxNbk`c<zA1<m_Nr((B=tySz6p|g3cJLj9ny1D(I=#bL*u!E$D
zS5WLAp;`Z?7e-0LUQ!4(c&dw1(yl+%vkmxNmxui&EH9twd9l-Eregarn?ChS4`pmT
z3Doep&Vnr{&546vSmvo7D)!Q{UWMe%DEjfG<tqaXri-tzid4E(Y)avq_G>JJ6?DQI
z%SIK#9+g1STT4e;cEilm{y!{Um4JOKO)~ba1p4-^WwT1ahpYK2gb!Dt)cPG(cZyJa
zQ&R1lx4^2+5=)w_n#qSudK$L8IBJv2x=_u9%`cAf=C&?Y(c`(TAF9j2!9mu;#^yuI
zJl1;#(mL2WPvr>;(V?9oR&948B~*v-fm++Azz1rMc5_y3@s6+5b5#K$f_1wJ;ZrqF
zR|TuK^?;Aop|sMhqxgKS@nIVV-*l~3ZPVb1)vE1h;A^%9jS1HweA3qT8t_S5pqL0f
z8$NC?SM|=%t25(MwI-mXXw~)*@VQx2gwM^Z)ExTf<`C+aPcJGy6|YyR_=>A-0UXP3
zeW0e{dn<OJ3RthJK34Ae#)sE?DvB?wX8NX(PQ{nh2MpiED4kEqhA*F?bfbvQtfYMt
zZN1Cnz-Q1<x)qay<w{ZO8-@knL__IyF@{A`iEpC<y)9wAp)&toQn%%KDeL!Y8a`l}
zDNi|6?b)|MdB|D`?QLCBw2el`SR?6Bd22A8d5a?*j+L=WY7TtAG*j-fx;A{s)U@F{
z<_{_h_FO|LDAt-CgkM1=(vBfmhGVOCu1dvLEk`XXSU*tF7Zt2qRp?-x4o!-;&XNOE
za#-;h)?xL_NOhOB2(5Ek7aK^b%PJr6u2LLs>plgkVa1Un9wyHnk9DuXhTUEHz<4#!
z_yjGFEV{GLy4etb9pg_8w&02yMP|ELk;${Q5|byhGK183&-$4m4I7lo)iu>++pvQf
zpj@hIRc<y@DA?##DYBl))tT}n*RXChq?NA82*BQ~K-OB;od)@4EvAI)YHQ_?HIJ#I
zdL^N*HHzBSWu&<3F?p~b9&q@j`d0Zof7M?b8(3Ewda$n=C`YYER^^9RN+msM#5nw9
zV+L8%gfS<(sda-P4cpbY^&!c+)lgQXnRS;ze%#Eu-$1ZotX8O8s1+?3WN1t4CWEb7
zD-Ds|X>QF}`$KE%K|{~6HjIE}Z5d>6I|gago+;t0_DtoR@4z4%-e*cUt|L>s?K)W(
z8cOqaw$3(?qn$N9vZ2e9nLLA2tjZlWN_e#BqFF5$J3f_($+tQpQ;wx+u9Bs#PG_1(
z|E`RHCfyiHq3&A6%6V>f*Xl(^*7soa4DQK@Zq`e)O=ffUwq7(GU#yRHw^6v)eHdTk
z8$}?rcJ|XsDhrsJ!Bke8{!Ht053nvWq&*s7Rj(VB^Q;<ZU27=qI!Fs)*$4PGqlT8u
z_I$8b^)hm42ove}8l=XvOzE7-u)R0Tddv`AG|RfqKz_(#>IWY?)bhwm=ZvtPFxZBT
zWQx#w6cZs8vKb_JG!xgiMl-gpA7gEe?+p(2d&5|3kpei>%klRw4sQM6?71e>J2LIG
z*3plfcTtC(){(o%TR-7wVJ%w++#qc;Q)F#h8~?}Ct&NNOzujrAj2r4|+mfhi2avw2
zZENng-?5g;MUOIVwE}YL4zrE$Cw^xgREEA7W~&<@L}l4V`nQ<F{;WWYvsl7&nXsu+
zSc;bh4!1ETogNNR<^f?NqNx4|HpfRJY+3%vv%+2n<&w`-nq!Nl#v^U{0=hCsLgd(a
zVcnDI*+@2L(kO_0_$=(RXgW2DC6vmx4fn5;!WRV7s%)0<HXEX<77icbrL55`;p@@J
zvA;$5#$ZYs!<xNu3<&A%!|xrZ5@XpMqsQ8g25f9M&UP$-xyReK2C(PjS<bT)Sk8?T
zS!}{2HeXDIh`iK(vTavDRLm6HmjUce4lJdVMWlxx*tP{2woJ8s9>B&;vmFXxZKkud
z*cmLAdnSur$$@Q~#nL9swjB=0Y(K~LMF4ZmWwFo?ZASvM+c~g3^H|QA^I5DbvH7Yj
zU}@q)mi9{y?C2tvbID@X&i+eSTD_&Ll;~wF?Zq;dc6K?7ty{rj*(=$6tyi&F>}r-X
z&qpkFBM0`$8kRPFEsLeEV`Wxe&(iE0SnTHwY#n{Rk)<u##9{+Bvsi;ItcIAaEbY}+
z)`MrZv7BqRv$U)oY`*3@S<W)M*tU@CV-~xX1N-<BmNtDiD>L2CV(;x?Ii<a<EkEVJ
z4((&}E!fX;_W6{RQs*<ap+z5HvDZ1UO9$C}TMn_<#KUaaJATe$?k`xG)+20<-8;h4
z4jg5%1z)n*fMcw_hR0c~_z9Nt&l4=|o3B{fj+3lqlTWd<E~nXimCmp<@hpoy%7L9Y
z$I@1xXUjM20!wRgk;P&!u~^90toGYqv$TDeS=!uhSX!TNSz4VdZ21abWogfIU}vwf
zoNKSMoY^;64ef5SnCq79V4!ykzRl*lb(`hfdx!PJ%)4wvcKeRSs@`Ms<-gBb_BaPN
zdvGa<ZhUXs88Bh>4{YX<4_K_tkF0s|4_O-j6N}x;fgSjnr7ie{#RmM!7OUPP7K?h!
z7VG(AHs84?EVl7CHs9!{EUo?TEara3mcjCzb<Vx#Ea!n2EGNBWY5iZZSi{#WR^knd
zy~}}J`Gb|Y^DT=_{gcJg-Z4_<Rf%AR??@Ai{gwkel`DdoT_`hwJ-H*8nLu_Bo4H*c
zmfac5VnPVZc|QksFqEY&<XCJV&q`?|u(Xn92AgkT8LwCv6790G*z_<K>lV)Dt7c<q
z1tM7N_Z--nyllR8c9wID$YLEN7W3p|v9L&1%7e%VX6AA*Kg+qW0E-PQ$YPBPu~@0X
zjLi8_3_@3;SjJsNSalynvsg+D%UP)?i;2Zp>`@NvL~&NiiW02$VI|poElROiY-yG=
zxC~3XoderfmgSsVj^*rAp2h0MvKYdb3HvuWu&?7Hm?`R}_y}f_IL^W9d*8{@+%6U~
zyV<gT=Vod9JuEiY%X0QiU^UeAu~?x*7JHThJ5!OBxwaCEjjGJ%Yx5pUi_6gg;O-Ho
zk>AaM?XSk#Ij1@+rDqK`U(K2<tzaz{ds>U-JXM>mhqZNBY;;`~YhRDW-1S+^+JMC#
z<iI{}$kLWHVzm!$95ID@z7021+j0>Rv^0;^k_&&o9^)yMpSm}Ruu!b0ltqS^fwWRn
zR)Rf=mHulI8#zasvE^RUoW%yUVDmL;$;vF%ilv!av)Hv9*e7jReN)>;Fbl0Gq2~P5
ztzE>XzyMsbJzIfq+ea{Kuk#%um{rr-_gT)79a*epC$=EvJF{3&GRt`_nWgPYVU3;A
zg{7sWviW>zEEbl|V&A7noCuWYi>?vbwC6o`5uCS*Z8%l$7Ev$2wX_@S!lB(+XD9Vw
zX=Qt|SWqt(yV;A)=kLwZX7^#SUVT~4TK(8^7sz0-#~Ezdj`e4ytQ^2%!w0f5TMlBe
z*uktX^9*70-5SDj?itErvol$&=P=f?YFR8M4QDm{ngjcCM8qh6{bIIOk>sgk!_6#>
zv3;|yj;(nv{F!|9Kdo^T9ugknzg)?72Y+!?$JSKc;OSi#9IkkpO<{5VgH>!1L3E(5
ztuxgNDQ%^i^=!Lo$QD3F>f5%c&~No^>uA9~q#bNvTTLSyLe0d6wypD<0chLEwow5}
zHnuHOO?c4QwoXaf)x`FZ0t|1e0X36stCSS38DuI3UutGsMR5ZlYEg4YSD=&@wzaCU
z=PKa9%J`PH<tqBLrENXMCxiK5D=;h2#MZWt=&_vExQ%V43fbD)Hml+x0Dp<o7JDg*
zWPdwkQ}($=wbymj>tNfYipuxCtvMa(Y-^^XiOII5s=Qapx{gCBTH&U4fl*2cnxxux
zsM3q2**2=slQi2JRnNY3UE`RpD5+v{-EO*}LU+x5SGq%pQi?4-AXtI=^|ZC5i#2Q)
z=txgn8&z4=Ua(0PGQT(2lrnwM+qPbD>dZcHs#3W2eRZWV{dA>2$dDp;a|WtPf%^1E
z4n>G>fNh^5L>g#Yp#WD0q6i9Y^&pg9fqD(r{hu%dIb}O2*HBvvT3yrjj9L!GCZdvd
zd?>b_6lifKT-xJ(b{p-B_t}a4!j9~MpnoTJ@?NjAZ3NXC$#y9#MzW18YZTj%T4b|W
z`Oz$A@EDeMYYa=<JC<!^v&XUBbNcuQW=>LR0xQKnk;Q(=fqglN)v#hR%Q<WcL-V)z
zAi`=2^qGUFMogvc%Y%~qI2C`4d{nKMJw|p~#NX~`Wd6E&dc-^VW=b!6jO;%gRqOuS
z-%)%2>o2bZXYOl%0PSUWrvE|5-w)9BdUO1(_TS3!_XBjj>>pXr3W_R-KjlvF{%!jk
z*PIxC7d|rYo;o!4bZA}K4T=AuP~SB-F3(JGFgfIFDsk!B-_+saJ44+``%)9FJZ0~n
z2R9Gmd<D~8dkj@NZ6A&c1QKvEPLLQwaS!dC^YA#4-$N_!+l$Z*kg3BN`|{j8<~%FU
zBFC}y1;fd4*4~4bp0%$C!5Q<oO36vKhxUSW@}a#eRXb;2PIu4QSLDHMjqZ4QcNMud
zorj=CKiMbKBRpgaa4=A_pX|}(|Jj}j94^2grhv1<FZLAV#7!nLUX0!W55m2Qi84FR
zRsYrA73>Zic%c-a=>-Tb{K!6q4nML_M8-s%U8M+`{8$!@Yh@u=R#fhZJ(W&hurEiV
z&*M`Q&&Y}WF4|X6qu(GS;u38C_>z4owfq{;<KOHPY4%h5l-#&QkWBX><@ObOFcrCM
z?@x0t+gIR11so2f_@%=)_F=)eIS!Xi(2jTZLiFPUyO~mdx3>?*g>1NoQ+82ddh@$I
zH3)Z}Ib^>?(W`IlBXi@fGn)C@UX+$SQ-}#Tbty=UrfSdaX>{<peG;X-uulrYwO)$V
zg{jJO7*Y16JsD}PL^^)~RRw1JvCOyjOcYPP&_F5kiI*r|!7KLVLAXxHL$hAni&MW>
z_RhI+hmowZ1T}bV7pdfHdqbM`+CDiqu23|}Ih^9&*r!08d<+z_#?a_9(EIL<y(1EF
z6`HDJ$sdZJaW#z06h-g7wRg?Mdt@<1Y3x<|V0wMkzLE~SwNDAfWt6x?#}iL6L1H1A
z_@`2rzC^9+W8cBrW!LPhP~V9jO8N;Z&&g>uugkTDV0NjMF5IwZ&1)jUHm7{fjuHr4
zZ`g++k{vEeJ_C0=z5sVLyJ^p)Q#VnQeQ%+PZMOmKx@}*D5J$kN=87f}0p)OceQKnR
zx`TlF;|?rdaTkwT-`Q7!-Rp76ZZ1F}_w3E6!#zm*^PYWC5PY2=yP+`oO=5a(T=XYb
zU2*D^OYDqNxNumG+-MHnhtMkDBiEhp?aOHF4=|+o1G$MHJeAT%)7xBP8sZFLFN<58
zTkMKjQrcxPDjOSv!;OQ)R&*dpoIsuOh*RWP!__pDBA52(2lioP3KplxZCMMFFN4K&
z8C5J&nsz8<d|4ofwugxL4RDCqFpqp8q#_}Trv7LjA)h$DQ0~SP{;R|M+ZhuHY=`-k
z9rvNQ;{V}36s9|}iMZ;%Ypl3h{t#KLf_Phg+gv#F#8&~gO(eL)N;EP~R1W=k9VcEh
z$mN`3gi20wh|2FEB&T>sBcGSwf4D^at)EZC0l#kX6n$#TgS%@z;uf0eMcO>CxRoAN
z29%rtNZ~8z)1l`+@mrOOycT+yC=OM#0X0)bC9xRouP9E-nKoY4QLZv{D3bNOMg7I!
z6Qgh<fNV_Z%3>VNs3MM0GncO_E~e<$rGjZHuCk<VZ$hmyA($T56Jsf=x_FFHVyz)6
z2Y61dAr3J-v9yL*%6~ILY!XB*YKjZx<7>_IMJ>26x|TSO+I}5`a=S&I3RQ#IA+^N;
zG^@7k6%PzKT3cL{Q$aD>R7V_Xq*>^vx?)ipR99^Lmo$I*d}71ARHYh<0-aot8@KmR
zvr1xKdRk2^OO|@#0?PE34x`;wQI(IYiFwElf`4dP5#MSH)fWdE63v976{BV4#p86X
zzF0z@N)%FJ@V`dHzfBAr>=4{UEL;d(lH2k3qfVR&fibwLm?sxSG!vgtSab1ZD32Qv
zxmvYrQ213bl3Xps%W{%SN!os1EKC(!ikGQSEAc*AT8j_J)CSORZNyjfqOJJM|FWH!
z%j6I4AcmMI|NG)^l&_=squ<;~ENNO-rL$=AH%JyGlfQQg7}jNXLBiBj(PQ$TN)tJg
z|4zCXZSq^XiG@rY?n=ddpRy&*(xq7H)m^;mZ`MOBZlW<g#kcf9FY&d1R&TM2Np8dO
zi8L!!EaMODD~6f;#rlaBlfQC?n8!qo`-|_W?Evuwbr>kV^`{Mz69*3#|D^08;xCjr
zRD9#l&J@E<{>8(@GA25gB|h<=9xj*S+6Zx%$-iinh{HyXW{bh5U|cxs_POYGaY>{z
zMWs@de~ftE|9lLTl5L#$l)}f0FZ_8YfR{>46kqzwOcHaO$TwO1!(VNRD4%)qf%uSG
zO%-1TV`_k_kIB|atVye;i8pBKbhvBE4Dl_;Cnn%_K)L8=o{CYlcP1RWZx&ogKhGB5
z%Jtz6)JK82sE<G9if`Zt%sv%AP^3$0NViAhx|&||a5vekdE&-(b>_p{%}KPG{QVY)
zp(g*hg>o&;UnIVvrHjSaw0a4kjZ5Lz?aRb0li#~S9A={ZE5&E@=_>IJkDlI*nT~9i
zb+;(dcdNzg{*xb}O8jruh;hiUPHySR>%}+0xHCB(Bf-|oDBboA;&K1@jc~kw-X_s*
zqE9x9&&j_9+74_Lf2BR!#9u8+1}9gudF@*DTT=7^PNYlQ#cTfkJK#ZibizOaU*QnX
zUE)DiJmv^H(BS50b9NFxMyK`aV^nMI-6#s@N419Uk*l@*UNH#4un%?OZ?a#m{m!3?
z&;2Q%i6Vjwcc~^SC7QWWEJ523h~HvB@?mBshZB`sD>~@uLDccNLt+UNnLbAx1$`mD
zU1vEWBEXMAOZ1nrOvf>J$$1>*a-TrJRsBl*gTt*<xEoe>SM_zGk0zfKZ*mycal^P0
z)$_%IH2)MTKKr!zlE$4u<V-w^!pcVBjyaiU_E|Kz{pZA+wB|g#wfO=Vw_ik@ZM%f_
zy7_DIv48z#+5g{uBNy_)x2Rmoa}~u4xhC!~(UI%0>gWx`{h6DHXu5t&sT$m&>!rn;
z#99=4N4x=N`n(7n(^_;~ds8uVS8Ed!L`f|rj+T^_%2B!?IqA|}F~wi~JF%2W;Bg@b
zE`XG)ijo^i(X{-Y_?v&}eY65umK*bd_*aPA>)(st_z(UdD?a@|{DZ#!5$?MFP;L=F
z{RHs0pT(jkivAVmm3buMke;N+Vri3q{1Z7i7yO212XTq6cuX%6B#CZ4g<~K74(_MV
z<W_EdAv?avOYxn*>?>J`?=}44euGrCNSGGMMM7IB`Hw})^HxkzG{E4n_oT|yq_h-C
zr{0Qw|I9z->OS;Nd^7Ku^u&L}B%wuL&L!Q)H7t1S36fsXXL+P2v@ckCLx)4~I36nf
z;y=tuxlR6ayo7QDnWbE^vl3mnN=<QA)tXXis%?>eQ_F=Js$8xWwI!aCJ?KqlS*5T1
zUBe`=$-h2a!ht!5Y!YwsUyhK%(FD*b#M9K;QeBxZl3LrPkNuJ;RW$kEmn3*BBOi=J
z7Zsm?p-3tDbq9n7Dziev!ok#ctyqsH3ldHd&oA}#@6IowSNNuY6k+l|D=3*@Fv4FM
z0niN3pW&h@wy<>5pD#)(VDi6LL_#BO5-mB<Z^uZ5pw5GXyPQUk_?`c=ViIETYH{f;
zdN_|4Q*QK@cKotcdZjWe-KUaJni>`_Zlm~4QV3a!;gMEZDoVpkO2hr;(lCh1mXY4d
zy&9G(a&w$7U>ulHR{G9AvYZsJ==L}<hXrZfgYuFx5MYuzGZlmDaxOZ89(!Uqnp8ph
zP}VG;vaK}g(T~Mam{&<xm6on0!c~nZqoou~8L6C=qWWO*5tlzE4}R7vP4#ba==yN-
zt0DwJ_1YihM#adoy_kaMsLShA&nvy~H%ySLXSPo&p|QEBcbJq)RqIJMI(rG$wW}l*
zrY;qwG5$vt<rp(nmi{2_Jv?kx5MxqRL{{Ny(o-r_U3%q@sey`yM=-Ud1G6v}o>^1c
z0|T5c*i}%Jy3wIp(q8|B+K57V6!ED8Xn%whN%f>MbT$l;W3Mai=9NqyrI*pkcTr<l
zI5}y|_I&whd5aPSsd9bkoIkRG6ot6J5sMzRgEm@yDXQ4J1P<umTEa}b8cHOa;_-NB
z#VE0nLYjXc6Q4tkq!s?&jpY#gpoxSbXK7RE87)haUdcjzm~SYpBYab-5_IrSRL)N?
zOXj8M-BKQkXfCbvA8am_ga2Id4xDk@zj~>nxHnU(U<CGQO!0jlnw_syQ9lS6xI4C%
z%A1hta#2cVWEo1%9hsN7{4sgyK^y6;yy8f3Q2(x_iur$PD+zEY@_Q+!O)1=e*H(Iu
z(%Vbtk%+FE&cBWH&}e%UM=Lr=7CQ1iM*ejjq(hL7^?3iHkv_T|9TiE(-j~j)X*((w
zDMRNvN-tyy=vMF4D&(PG%SGp>lAWb9yOYs^$d-am#o9&6Z}PiRQCArKd|uq?t&M(%
ziIXTjP5N5y#}ZK2=Rd+Y*EwCnu+<f@M02`Hk7-7C=^ZWXA^k`*dZJIt?j=3+5AKcf
z)3`ps2la)M2lta6$adhkcvHJ*FBK^elaKaiNT;#P!kL%%qATIpAq0K$a5TSL{iVzP
z!viEt!G0MCHU6l<62_J$L*(bEp-9Ji4ukrgLosFMmyg7ir=ttxp@*5$ZFyyiMtWy*
zQ7={NTP%{wWJ#yB^4oS6RLYOV#&CG>et&qd+i>YKfBXn326Z(Oa&z%+O4?8&k!Yk8
zM!$~2$a8&^becZNmVSbzK6)~$Z~~pP7vbp9Xtm+W1J;cK9yM|46KpgTA1hr9=5g_%
zH<1n{#I(V6ebOa=weeC>lfUl-=u$RKFpH>DD4GsUlz#Ugnj~BB%Vdq_LJYi$@lf=L
z$RH|YDHux=K9F{!7%rES4$moyxSkUeOp~Tc_uvThZ2e2-D?`<W6u?cZ)1>=qn#mTK
zK!;|R!VQK4i{zy@)1?b?e0s?=8qOKrqPS87oXJzOSSXd7DV>6R+|f%<A|W5-{8V}@
z?gX3FqB#2MS<+rLv+eUJgz;?Yg^XfjVOrq|l>B{ho|ey%9;htQol90E@o7n1+BX)x
zd%>qA&GhG7X}_9d%u2L_q}wG+Qsg|vO>T4=w6b?(9QDa8YNct}rQ)gQd}*IQo@9r0
zT7W0Ax)Ny2<ihAAs}~8Prkf!6@<Qorm5{u%L>W3H#grs|v2<2WLq!clFB3kfxI{Au
zA+>!@OeiHRk<KZ#XuB3umZ~jPnubrlD4<nwFKz!F@i%^%^d0KX>GU`#rD=XF5>E!h
zN6V#K@TwC%(lv-ZB*fV1+6w8enr7P)gZ-GM`K|QFO6dpxqg5E8<SNF#iOm*+Yb*am
zW!)NEq#R{_B>6Q;vv&o(=p>6q(u_6I*<8Gn!W$MXMoFduVYGCu^uRxR9fmb1z+MjG
zye!4HC?L?FenksXRDpt#RAPg)M;3)G21kQ}(X^s}(J(5!5gBcp<c9O!X2oyV8=^6e
zsA3e}I>t&XwqVSfxmC(%f*bHR78|1~%>M?ie6&saNe(Y;{H07U;l*W%CGu0n9db|N
zKoIY^Qyep?UyFxO+nv&Fbk0f#IPK38P8zWbq5b~H@-$=CCsIkd3&U|I<Z$KpP*_yH
z5Q_3k;gr`eeGQ7+fryb?f7~AFN8pJ#oOZ`*xW4mV=|@x>HuhrHL}_*W)LaBT+&;NJ
zG2JJ}7scb~XH$_#I=x>yEf47)?35<iV^YZSnbPGY;*{s35RTRvLVem6<EY62)M(-X
z=>n$h4)i>C#ziO4&_eKeuY*dr;Kp*z(YBbEqL+a4g;W%`T^^FVT&L6Rrt{@t+AMQq
zFm-$t6G6ugOXuYZ$3D>fVr6JFhaf0DG%AAj6et`?VP8ml^?a3!R-$E@k>#lB5y_t$
zS?K(JbQ=e26@{py@JI8b(glC~mr8selZwdEf-Pz~+^K+<HqDKWr0d63D=`1>Ket#S
zna>v$>2wK{zV@raB`7JaAV>ZhsP=*9i}sRpgYocvMAU<d;Hi94wbV<8yCO7`rxmqP
z(^Jy-{_3aY9<=`%^r?zUH$6#=^3koca_5Yg$K+v8Q6Gh$mwrWcz@djv#wdM-;?M}{
zctI8{69Nst-)y+<v-u?=XvRh9oVGyPQ72yljo48lk`7#w6H)bEnq4}oJi;x4ZhQ?}
z&R#~)$ii^IbuoEtoQ?kYz%}%^O}>?`C|TUpe{g<KUP)Lv4lMb9RGoKt6jl58FO*J5
zp=4%uXLb|PXh}99RVl%OA`pT;c1p0Llwf%fX~AA7!AEjLBm}!45EL2d!GZ+{K?IeS
z&_xIY5fu=4Klj;<zQ2F=g3QdBQ||h`%QRK<KThCti6{Aa;pgZdgb)R?i)@(~r%HB3
z?{_Edh6LTEd!jo934FNU(^*yi53`R6wov{X6I-b4ebL+HwcS*Gt}mMuc3)HV=4`u-
z8c`#J!Ue$8lSZ<NjN@#}X4`aH`@J3C5UP#-L0<+_4$&;d=5o)b{d$R**J{=zh)D|)
zt~60on#Z<Q=MMxojqgG%Y9P<n$%x-T9m6Ibirx-0N*Df^&Z;`q-%d?&ptd^>YXc#d
zFOkF+BljYoW}9=G;X}V&hpqnlk?7U#u%mLEGk=LrVYz^&u}KbU;B_-Xc}_<MRQs2m
zShfBLJ392&=n|Pb3M{QTs<!+nmj1BgjCj*=5u#$o#opc_Ru!Cx{!2CozPtnV!AhDd
zRTmU~xoXz$3ICtI-Fp&B?s~WFRdpw$UAN+tkn_I!=%hw&)NjGF1woxvZDxtOY9`BS
zp=O@ZS~C~vgNoC81?S^btJ9<H6cu^3(NZnFI-#jr<4<g(I>%e4dTy-IK~+W=bl>|U
z`W0Y)6duwbLDl9Ot=0T|6iv*ZA_2MqI5Wi@mGhU-ul%?7M~Lh4$GN5C5u>vzI~Tn!
zbl=CA4gn)l4Sv{2QQOa>Z{}Rk-VKjss78O`ARYKS`ht7xB8J(D%g|Nu!I)PQa%Yb*
z5MTPnZPAI2+B^z!*)cLPLNyz0v{NM`5^2KG$e4xI1egtd&$n##<`u>-ZpoE~wjlYA
z0lapNWvSQm=@i#>m)TPN-Pk}w%dGb&Bxb3Po=>z?a#Lfw8`jKd*2wiYH=yl7EsO-=
z8VF|DO?I|O(q?LYd(6TuEsdW;7uLpO_z5Ll4*1)sPR$}|Ss7-0>DGoBekg@+FZBKz
z#;AV9YOjW+8|bBQ!{yt{SQnxzO1C6Ls7ZaTWK|Ynpk&f=(_r{JW0HfK-oM&ts(S3@
zcy1rS@l-_`pIy<in@as6J}G!4#4%c_lTik?Q<SkyHX#FTI%rzL^{U5Q!&G)#!*y%g
z8uwz-wKoRpjm=QnFevPl$S0t#L74m<ZNR2Hs-kXy5~EGyxV$B%O>7rc{2R7@Sq`>&
zp~e36^2pAN_3|sH0+BB$NX%9LE#*|g9b>h~5-4%%pNV|W@+RiZj)bY0gYiw2PgGQ%
z&%ij5jXzz8AVOY*t6l@FrfTqdtFt=%n|Gjka(v=Qed0MHlCso;6BA7}Eymcc|A^$i
z-bztrvB5dUCNRgq>xp<)%b>i$vkkK}PNu;tvQ^=+#AH=)zEuykZ)IYV8WL|Hb(l3>
z;~!__e$yFwMgq$kl_<-apCrHAI`SLb4$Y_ahZ7^!w_hYitNhN!_j+S~ce<!*+Xz>C
z;t{)3x-i1ft_FRFUraUtAs3{Cwuh*aeo=V9IIam40X!_(>rv|paLIb489Q8Gy1cWX
zn{gkWe}>Udw0cH{7U0+cpCLA&xTb1Yma!*DaR|1qD(`6mBTEKz^`&g%ggZ6I=qyu)
zQqyugnp=N!_g!U(@t!6z&zIm->ls#i`3&~Vf4du>5kkvJpS?dJTRqXk_=Q+pj@q`L
zy9yh#qBT7Ycs!F(*YIpqpq3PQPC^q^-OD)WuFo?Ng{OMUum4*49eADmPPyLbAi@zc
z63ew<ywOG-?_(TB<Yt!klW|%b%~j-IxR{l%F^yg~8q3|wHyU1<dbiBryR@Jge3Nn5
z9njCf(wW*{hF&&6e)s1aagE%_0{QJVNPb7(Y~0hx-E)i43STiTSB$FDhZ54%{Oc1t
zsQFE?eBV6Hn_j-v_{`0}4R&^?+-}el`hz=+C?Vh+!mZoxxA<0Sff1#QyNn;0ibS6d
zA)t$<C5X^9j=8ae<&bU}!b5J+P&w!~h8gKHKmcie$x3k4qGUKAX}GZpp2rpl_&ckL
zN8zo>WeM$6-aW=v*L$x4+8wx$^}^>M^lEGwn)~$(E1+&$XT__CwF%ADsr!v-L@lxF
zv|hjbHpj6(1>XOmC!)EaGNGCBK4{F85pobApKyTtUa^{~o_|GmR&fs*tM&UE6=KC!
z*Bj9)d4zGq^*_wXxC0(B&=<ucnZF32Tvc3wgxEOB`1Q(`IrzpC&}aqK2~q0mp%8n-
z7-K7A@j-&oPO2*Jlh9gC&W6Q$78#g{cwDM*Ixipn0p{zdv8?aLM-9-c!pG!QGai@I
zS^EU9Vr)cbGKW5SBWrQS8C8v;k!($S!^Rs;)P!w_n46vq{v8KPc7+QE-TbG5w1NAn
zl~7=zK~ts)#t|aP`0iRv=3N5}@$*EXvTUA}HB|h-zBiw2;GAW%N<H5CA9#2FDF!|X
z7FF79b|)3c;<kM|IG(49WvOfdycODl52r#8&)?~7uRfb9GB-zU@NuMidsaRzGk|^6
zhMoymsqk`k<<c|4G1+j@@Q)L^3Z>IowK2MN=56T0>z^}Rv7j=Tby_kT_G>3(*saeC
z8>ZzTLk|HTU`#YoYcD5sP@`TjesBl8C?r4WB?FXi*2{<$j$C|3?4?|FJ~1I$U3$g9
zkwl+^c$DKu7aWeK4fKP^(e28J<7)vh?8DQInR1GyUASS_t!%>RQ4rI$A2!^uekLbS
zHp6%s+nEnVEb+&xl8E>=>QX$bnljS>IY|={a(W9(t?iM}Uah|eIkK_Dz}m*J8-8bO
z3STZpyKnIt5$fkz#`kPxuEI~mtdni{t0!-rKU&`Ur4g@UZcm_L`fEn48qzCaln^4E
z-xT+z)g26;`kIhI4xnf7bkD_ysj6j=Ba&T265h#%O^{v0d8Ykjsc{fnIuJl*=JUrf
zAF$!J$%fxn#GAIvL)=_e#x!ISpQ@2PhBTs7|7+Mhbe<{u)K3kVV=xWAK@ePv7IrTU
zX3m~BjLnDxFpdVH8m0=b<ykbVY&@YHwc!bf)w`IxN4#llc6-l5>oZs&<gT+ZVQTeI
zo~bO;&*Z{TQ!mC7xw@V|4tWf#q)E9L1ljmZ|A%y%t0|9LN$TjcFkY_(#zI~gfK;?p
zSlEXbu74u<aGdHj9D{qtTZR~HIBHP`%><=+rSb+|QuMY^JpyHFB>;lvm+(?{bpAW?
zcWk2#U7W=KPsVTl0%eb?Gu6I#jnB9PP7~;%Xb>h~?R!Y(ZSNaRSY-zO04JBGM%>TI
zb^Xx5wI)M&lfQ#1KV`I6c?*pLZptEKfR@bx(jAb^A$=V4YeJ%O79030oFD%GPE13s
zsksuR3fo~Ry}QKtRJcZv82k=fy|@&!ZeoRTg}fXcd3rcdj5fYDEi-CFabf^!=&k-^
zLp!-yLAVBNqMgd`k4>Dq+yDYjL+}TWZqb=|Q<cv}M`-yP^9PRi!cVn)%|gWK6DcZ7
z2v;*U!w+*-$d)0`^8ASW;*AMlF|L?`a^TE{@05OK9A$j@k{mpFl^Qk}wcuZ+869rX
zToLmcUqjwB#@ks9TrC^SscHqCzeX!!Z2y16(3G`E@3HH!Nny`y)!TAnOK*hDhMte-
zYb%b|P>0tW%h|(RTxIl7y6P3rT7IuIR-v4_@ke0YI924dY@$xa;=?xk98I|CbJ0Y#
zUl<;}kw7O<Olc=1&y;uI?GayT3l*jhS*TI!js$NPHFKjZBNL6M`9U*^(-}%E`#NYY
z<f;t`$oV}@O-xlk^Z51~krI6Irg9UeMddH>Y|kzT`<icMABB9T_%%tkR>OSIQ1~Vx
zh#bD86BLsZZKe~mSrm>O?W{UGWQ?S2F+jl5*b+T*@mb8|$)_=;AFDFHcL!}1(K)qR
zewS^N-~HcfO@h`{%htw+e4meQLI`J0W`FX&H#(}dKNzF*E-(8Le!vcCsYdKDj=F<)
z8iPdm;{U3MmWkceUmcKTEq*dqxm$lS9%$tD-W4?4GMV;*Gro?h@)KWcRgw&N=G}mu
zc3`(50mcl`v30-|i_d@&T6>LcybWJ4J*IPMFFQ(IIDoy>XP+UENI+!qNi#<9gmCp?
z88F4@8j*}#QKw&w&Q>k2i8Yn~kYTCiwZ^CN2m)-uhjBS-#{Rfy_04|Sv>c?(vKwRb
zRo{Kw7=F<B#NBcbogA7CAVGHNO^nm;u$)ImZs{~9M*t%F++S`NuErfP#0{5q4IhHF
zUcA=|Q^tl^OD#Mq8k2(s4A+tYh_D5+rbQX2UjK_wHD17=fp)Bj0?fdcobKggLMEb2
zh9~*-8H6d{*GQt&<8tgewMxs=!ERzejXNR!P);sDl~$Rj-sg;m)fxL40&za}i<lHu
z`8XoUe-zFvKPh8pq-O>ZxWWtQjisjypq8{O_!XszQhpbOA7LhTR*|R03z0a|hNdRj
zXs5+i$i#8lZ#3wZlV_pR9%p111(wqiP`~ctS}!~CyXI(4DQXv#4gCo@<^VhV6sM;Z
zraG_prl{IK<i2hU5anPN6y661{QRew4?@rXveBi#;Pd)(@HrFCl^{czA@~gey9>q%
zIfJ0RlcjRo_##!=-?&mQ|1CbOe8y@}Kja`p7p`&)vz>A;8X!lR_*e@bv*T3ljZSOz
z%_ZZYRsuRw5mVxiRGXV{bk{X9Z=5~C93^hew$@1Q%1=DuDmw#Yt7{_@I6o8o@gLB=
zsk-EYcJH{t6plo7z)WC9SDI(t;f+n~zL`zT*hXqiQ}c|wx|vC&qqezeu%`4tmWD$*
zsz6KgcQ??AYeLK%*8(t$`e&^c>h&;le~6BIXCSHy69Jj4Tbo!Qnz)I|<f!Uau^2w#
z=2ijyC7pBIcL2xXk>)}7Vx-KVOB=HbFN9{vFAG6S5o&E)fSQlnn%mr&?Mzd@I!6VX
zW9`+pHwoIL2OyFSr+|!nhI!PDGEF&&^Z<5<=Be5d-o|Q04Or1Q%hWoHv))!lC?e*q
zI6#4g9zLb*G57II28TWMB1TdDA;8bAUK6er4%*h&gUxxJudNz&CAmrA4p`?o+r+D7
zi^0%Cp#Z(bEmaSn*-UlvnSxjGk}Vi@D6zKcM!$Iodrph&xYGW1YxPKsxf?B+or@Y7
zbTlDDO^Y>mxT89lh`o7nY>7}01{q*fM_FySTJ=9z-j`qs!kQKcZUe^>u3{7y@)J#w
zKxsta*^nIdP?C8xcq8C|-mfTis=Ys1ZR}_Y3JdBI1XBmkMM~}KB<tmmDz+Og6yhsV
z)pa%xgl-&r!Rn$4^W&PTur0CeRgV$2sd{!bSFA{eZrtP)6Ax`@s{GCj$ZutuETcYM
zeq%D^w;)q~i?ignBHP5vsL7Gv@T)j7H}-0wfq~uS>XaVxyR@hL*7TC!h~6@0-Zk<&
z_F7ZIg_)2EafYkZx*jIqlDVE;KX;wEQ}#?4YbMx+FVBPx`*2)c`j|W2);E~=g1v5(
z-?4pV+GRJHV)SKToFkPqKSZf69pl1Od2fPOc7GFVk*nI|_*Xkv>V^TDkFxONB-}DM
z-~7cb7^nwB+XNxT>c@TU)S3db*8O0R*{Tt7QL~diQo#+2LC$a+!d2kE2<039V<HeT
zIXG=V=nHkXaN((2<*X%THmwLADi{Y3<-G&~aq9@8VkHMnzVURM`HEY7yDVq%9sF`$
z=_rr1R(7%qyUYA##oZ=>j;@2*Mmb*MBv&@XNlxBOoTOriDe{*s(13mUQ$$F<8EPJL
z*AA1NuPc;a=N>&WcY%sM7pFsOjb*3Wt9kdDRqnX^%;tJ{!i~`}9aLarT$JkhMofG4
z<Nb0bI{jHkU@Gp1pX(klPa*(ehT+TE_WH-|2=)39GoZfu()O#`2?W!ge8_y2X<>O`
zJ9Nb(2TB<|63RRBJj)+H!dxDlbfuW_$420pO@FvyA;q~MgZoB<46b>^-0sdDiD2P%
zM7sAM$IC4I4xJr2+B~#kjO<!+5x?XS185KAO*QY^P1KCB=3#frqjLG9$N1%4oHaI&
zrjbb1vT^%1s^b%;=w5)^uK=aX2a_Z)IiCZ%<G<z>H*K73`;aH~*xW;GBS%fY0GsX|
zuLWZ|YPPrCAz!tcAheV&slvq_vQ__k?ST64B(t9?itq49@Ivo*<1|NxtEW0T`YLfw
zo=8`*PF#pBM^8qQ4w)hxHLchbWF`YVr_qCi25P4w=J!7>s|kNLD8Eru`>#c;6+UPF
z<_>+{1YVf+g6U}LK^zg0i%}IHa8xH>GzoeUcmZYV8lS2BFPlf)s8@t2dQUTLv2MvH
zSqMo*`t7!*=`h>U>86eYB3(-3I;;90Ikj~Y;t?k^Oi(-`C^~9{Or6CGnwJPI@JCI5
zrQ3kZd(ARW!gpE7r$J|7uU{VHzOq;0@Rwf|ejtIr^iG0Qm)k-p7q{}nXa6(7L9=1}
zMt>2m=)M;L&fBo3XF45%1a;wmW}Na(j1M`kz!I9Ouxkes{`|3+n>&@7D<FhSRWX#9
zK*eh@5z41bLEce!!w-Xu!I^)_%p^c8;q0xseoK9`#B8H#a{a7)j=9_&^9Coc>7ryp
zht5I4{bsyBqV!Gn=J;GKyaCULPcgGq%oBtw!{?c}K<VAEm-H4#J_S0s?)sRvs(+c5
z=%i9e_%fDn%$R@b4X?l4p@S+~%(m=n>>*xIZXR$aEzpE2DcrC)VcmA#DD}%*ra0Q&
zM8!-eqFvCLaR1=-rlq3aHg8hX-!UaHMuwSyvlI)Qr&hw*;Yn5xylXCV<K8m`on&gN
z_b0r+q7`x1>F=Ar>gnPH3^6+jnVbv#f7Vbj2|m;m(+#5U{Wh<hoD*lMs~3rclYz80
z)uc5t%b%t`yTZc(y>E6^KYXO;BF|~^V|nL<h@r+Mi8@Lhsb)Vf7V;9&R2d|N40;i3
zl)!qJs$FUx;b5|Z*j$#n+z*N1F6Uq(`h(5oEi)xEAd8F??9?pP<6~1otMdP;xrv<P
zr<~37Ps~X5$%ELt>JxKA@D1b#i1o~c6CY#mGNMGkvhau-o;wk|ahrj4TDT)IL3vy;
z4KgSc5~m?cVrNZM`8QB+-e=}seFeJi;mcK*zvHd*SMf7rB|qa=niBub#=9Cj60#q7
zqrbIUyUJ{-K3XNamjQX}6qb#vO{`vSRD-^RC?or$Xm|k;tQ-9;RjajH4&o<AokmGi
zAHip}*NKIO1jK?rLilvX1-rTGzuw#<?}K18n~kZ2wTExe*5K#Ruvp-L5;#VriF|7}
zReyh>?Yvx$MB7RBS3D5DQAAFUudx>0!f!-D&-zxR!-ntV_w=Tqyurl@+)IcycdsW!
z{bw`MZKxF|q(`!gnpKRyRDJ|)XrF;`XH=P0P&tTrQcS9<|A-2JvaJZW>D563Cu3mN
z1JHl%HjLGp?|A`tV=`9}l<oBcQ%c)m3Q)?*g7FgMU!)p+2T{h#o$T|Xok3az;(rd0
zAnz=e&YqvqRl9$bol8gC?q3+2t?Gwh?acd-%(Rw2n?z{PSJ~O(()iT8e7?}5<5Bi5
zEzJdb*4Zcp&v=^2Ms-&4nVx}a?SJDR4$dSPzAXSEDVqc^G<^@c`>8#qq(jL(cjFn(
z*oy@_bst+Vu;rlZop@E`L2lmgs;7$zuQiu4IViSwf+to*PV(YFWyCcp-EZ#2QISuD
zZ(?t~2iSnt2jw&ZhfIM9(g~XA<cp#zD^d-Zi?mC><T2IC!{!Pe#ON6Q1_mGd|GQg$
zlt%;{mkcdA6+)d6>ijR5Hz$vw9<-W_y~^sK>boKxCwUm`*CUvM<ByxmIL%B>4QroG
z9pnvHyJjP7{@%~KcGQ^#s!wU0=rf#;-e=MJMLsJ+?cTsGYwJXM>%jWXIBh(HtLl?l
zib&c^R5v*#8L;1+I74~rwHA>pSjM3%Zv=dX>UUZnEJVIdu|?VgAN(7p%%C%9DtQB#
zIPn3pp`z5%-`S`IXCYXbHxic2r>oWaO>u2zPsbJR{-?RpZS)tH@mDf(+4cpS;{eRg
z>6h~dnO2tS`8M-^<Gg+^`#dNqHdPh9%ipSMS@!M=rt6mdEgZG^qBiK$CASFirt@7I
ztH5RR(5EpL*Yg`$o<{EDS6H}SbFQ>B7KyP&t_HaFYCBSGor+yjFek2!Y=EIsn^>!4
zMcpL(pp%N(h~VDSE+$%8?JQFjHnligxjMW#XUkzFsFBUAZ{6O_Einz`N}vnAXOWAH
zd2=ODTFn(+OFh@jx?a6(#ysNAY-wRGtZBvV`dqbZl&mII;qUocTjDQeVnk@I0WF59
z+;Hmvd`JSR7=ZducSKm?KFEFA7aQzleh*KFT&`>j2^9{*ORkBuUX=L&6n^Z@R!gF+
zBW`&cb^%|B%#}w3T+GK=YFOJQx4xZ47{?QBLE=3O%V9a)5c`OPfO^BUj=3`}3(2$I
zBfqD-`UV+a??lP^xCqtXv5p7d37>01{7Vz|@Evem{URWsyCbYr^`qZf?3Tn>WTk%;
zYXRn0cCcCr3m`<lCT3IMAq?9Pfk!^;*yuWMuG;)Kv)++p<*Ru~i6es-u<b%Y(^Uh3
z#)!MX6-m}Wl~9lfSID!&4<u%*f{t8Wn`DK?D|*7pR&!Qadc643L8N!2bh2i-n>txI
zP5U~t6|k!W<70ah7oCvJ)5Lj9)u)e%T{gmU)RF8^R2I|!fy8_@J=xMRW8zdV^1}C1
ztmAH3s)bWj9cUPiEQw*L#q!D6&;!yN?k7uuHQbF^QT2kv7`j>CyF)T8ME;CS`CXr7
zwG2)tTVivhW8_%B>c}=^aq42Utvcpfzq-Dwc#SMMLk*h6{u7S{Lwk>$fH$tTfUUSd
z?V(tp1aPBNMRyC-Med$8LH6)fVuNRUSl{b`iP)8-05G3=4ei{jSLkspgVDS`td!jV
zEGPRqPq;<Kh_dh(?wDakt5Lm~e!puh0M){4S$^<(+8dbKI&eH@6GQI3&f4y-xjsZ?
z-PE=)lA3e?Ipzin!<endH|v5)QFb!XkZ_@)if^=nVQj8Q(wQD@VqYk8>`g+G3;J2N
z>$h>_8HBSMLg|_&(YMdRu{u$1UeEaEs@fkDslM`)korcxC2(OT`dX{s83W;!;)3AZ
zz#24x*ETa-tKEaFqi)sBaIla$8&{33dDU$szUKeO5-*>>kv^f*vm({=Pm)uTd6yNZ
z>Myo$uGZaZy@Jfk6a#DO5i$<fzKGFPep|zX8-`)z^%#zfTXMu>{C^LI-(kHH9DD2;
ze=r56_6`fPOvaL}=%Qjiv=CzVFrIUlRTa8&x-ZCE=ew;#q5qS+nWaV^_5@Vv4WM8J
z)8aa+>cN(92{K<NtLPK>D-i^nP#O^cpBHmrFW!Fb5Q`#94jS7?NT6b<bu^e;k*kIu
zOYHhjPC*;BBa9S-L4_6}93c!b;AR(s&^H8qNDmm^aB<loIAzj3>}t`yBCX5rli$tv
z3)NqIKz>smf{<h+1mFXtc80x3z+}k?OXp0GK_)p9MGL$nW6TCfseM?J2;iEUH6vk^
zT7NrfF_WH!sd|jG2*V*_w%rVJq}SOH{QKVRKU!WjX$(iM7YPH+#MRYl81w%iXX9Lv
zrIRgCbUJ-u#&5*ciuZG+%cH?70`86`?XdnFtW6Xvls<BL9l|%_0wg@+aoA$y6Cw}F
z{tG`}(K1c>>#$Z&jk6>`62MIv{vmjqGoI~;d`dQ==LDha(G%sjY?Ay|O}1=N99aPk
zkb!;{#s<{(t=@dKwAgwCMUhpyI*vS#sn)O14C%p=rW~}z>L%kvfB3W|C>OBAtTlMW
zHJ?j91r40k)zi=)_rHK}?e(nCgxn(bL}?sPg%`(0sus^#f`es(9Rw4EpBE`4{|9`#
z=#5t0pNaFT0WatmAa`}r<d7Gw!*2ddC?4@I;mmg>(0m@;`QeEi3t23v$d@fi^pV6b
zjds^x#{aBI<(wj>SrQN?Ct<<OxFkAwIPY4dcCYDjA*)+J2hDXHWylN+a)ghmM$WK4
za|1JFzY0s_w`7+5R=#RsQJ?ys{M$cUeg~E!?LqA+L3xCzRGy?ftWyl*dw@vd7G=3^
z$?N*jIaX7lLij}cS&^qmgov1H9bWOK6~=jxXu;7RN=TVqlQ=+CcO&5X`8<o71hP1Q
zM|7^$nt=c;1zq8-9c7jdMv1@Pn26QTQC`-YfP?huOKiul^R3nHvT}>hdRH&NVrkS;
zt)EWye%H4xkWQTUZLbrP&U?qIce}qUcFpkj5PU)u025?!UQLckTwC>Xsh>osK5?y8
z>Ic@RZv6)+cA*cI_cbc)#)XzRu#&H?<$^ZKhujMx%&Wx0YCoPDlv5u8a?~xd#GlBb
zItWBIOU?htI^@n=%zHzB)p?_*mLN0tFXa_Nb$GoZ%qmmk8ms>O<Jzg)mRVce)Q@E=
zhkc@ruyi68nt8!lBh^js`Oyi>wdl&qCi*8Ca24-Cba&6<O3M|YD;RDP140;wtE(pf
z$)~!O_%vh*55>j^d}f_-Q&-9{4_&3DbQ&oTI*X_HD>!z`YB8MBvPiro)0mvtM>&m%
zwHDq9wOqkC`nvz{H&ignZJj2|T(qVRrt8!*va-bX%9a>_X?IrRE3HFP<UY1fLaHk0
z?}Vv&g&6N^HdurT(zC^GFZ1N6)Lj0!XN7H+eql)xcD7Jb_YOIwU&0=zzZ7QoZ<OBw
zUt_Pbhxnx0nlJyxI_oa@RvQrfk=V503H9Hx&{Lb_0cQ)p!3Qwa$kD0dfw5aP!^tRG
z@oJOZc@T5-)@)AqT(vf1QAGa~G5oR3I>JWcofQgxBDw$b=My6?uSOUB_Xn$=dULxb
zgzPjVPv5v?b@fcL^oRbS)fXdaUD)CmE1>Ql>5Wq{KS4XEc3606Y*r9CDSx*^lv;n7
z)V}JSmLP31madlA@+0K4{wF4_=dj^#Pn@c}9@Be$-*{3WcIo5K#%|ZE*BE-w-Oypm
z9?R5pNF*_KP<)n}zL))+yzk$?k_)awEa7Tz4e!`m3t4C`NSgt$ph5oZ17ZjXL6UZg
za1!AE#8~!f;z4;Y<y#QIUcCFT2l(TMhpf%+)WZ-lSX7Rx$oF?uMRz+*RP7P#fLnD`
zUqE&?>XJajW3&@C`)W^$I{Z73LG1{C3$^q?zh8ZH%o-)@C-X)}cC=YvAB!<E=2z=m
zBpx)kVK9Qb@Epic@o^S4_Jq|A44_Wjhjk~lr6=_)!{1E|Sv9?)06`;v;CTDhBe=p(
z2MGxwv*23-ypJ@)jxYVq0^gPAw6m+Nq0QAqDRwPEIITPrJQbWUZD5uEZsEF~4el6B
z*&A!1d_QNndM7!S;eT2rN~a4R1L~5glK-;6ei$2ks)T6I(u>Sz)HzE6Q`tEL_j)Jd
z#7#PH9dt)t5GP~i-ytF;hhqjP7~!o*HR&Pv{qjYtN<RhQzTo-jfQq=xQ<pAlmX_I{
z?uIo<wSokyaxl_0S!mquq0c-T{95Twy3(Uj`)t&TUQPq9hk2QvjX2YSE3&BvAX3JR
zs*feucT;?85}iF_T~Rj{bk;S!4QuW><PL1%X^OmU=@CO)9@_SYrQth4>avOc#(sy0
ztPk@@fC!8S2}fmK7->v1*CCR#!abrv<=A!kjRx&kwe%9(jqt2?dq#SM_oZ}$KxnF3
zUje->jq(sI(NN;lW^t)%bsLYMnmJhLjSgUmz5Xt^cETyEzZ%lcBa%7?{Y=V74vEpg
z?mgOj+!fIt1VxJB(Q&>ULd9pu+$uIbf5Qp5B;Uaa)bB*9wUKb!F3Uq*6n{rgup#&0
zmTVde)O^X~5fhgrFD;k~W)h6t+Kb|Yv*AA4bBv+Pr1lI+doyg0*ddJjyA$HDJSVux
z7{1?Nu8i<`j=4iA!V=caArhzQr^M-CseLgX0qyylcI>K0AOpHzORi0m1<}a&@D5E%
z@A1Z~yIXg71OnmcHCc7z3%u}2AkMShjfj`U_DJw(WCB#+bP}$GE>Egl<>{)L4k3S_
zCegFVElu)>zaT5(oU&BlB_O5&%ZQou?c^ctk>OR0q={Q^*=bVxkgir=<F!@KWxDD?
zz+F^82w^MqVYpA9g)6Y8i)V#9xoc>368Ce2SdUTxQ{58Cw)hJSt;iJ5I=%Q%5Lg4Z
z(W#za-LL?}r4Lw>Z5Q=Txxbs5ljZ?JXHyHOm^tdl55-GJ_eda^qGd_^r*0ySa^;i^
zhm^B!!RcoPjlaTi@rf!d)1wi7ttlzU$?}|Hg=7S4FthLnr>&~0#)2M|?O86SX}K>x
zpz8A&vSKMj@nnu?i#sUSqcb&yd32;rN7y}s{J<vHp(eh(-Ns!IA$PKc*RP5P`9;V{
zWr9B7+8E^9#C@zjqB~o(t-GdnN&8%u?<eKt>DZQP&J7;A|M&E)!zxQt1wCR}aW6g9
zT$phUfR!eR)ae+dOY%HOiEgAggk;Ow-mvK6YdlyPd#{BGSYR%EEhx8EJ$<kD9F)Ih
zqFZ3w>SSnUWFOBdHkRHwose$&PeYFqAzXfgXJ_zv6dPnLA(a77BhilE=-KIR>Fbf0
zIzwqQ02=rmtFioV*koWok4U^+NoVLitwX9B)?Wn20FTyfxoXNqIG~^#c<lOokGN{N
z9H5q8h}K9|HPCa|U0=Z6aw(hXM<Gj(_u>B3oArU`f=}!Fb+uN{TRcbIwEuW?h$$Cg
z-=HDG)%06EN8Bm5d33r#E}ImzswDcf?{>|QBwtIks`O3|(HH7Gu}LHrrR}!9KN9F1
zbC+kOEGAtnaH*0Taku9zE>Z^8(!bd_10Bfmsq-A{mcbnC%puUe>>XjU)l{Sa-GXrs
z^@!c1eTA#yNqzc&80YAfpo<&RJ^lHFNJw^RdnrrZw4EVG43`CW3t*KHCdcX#Z1l-{
zJhfQjz^j@Z3Vx4CRPMbVl5dDKR`;c{Kr8Sq_py)b?iX4(`2d1X#=+KI(5gdsRb-LQ
zIrk9ro%E2$b@N8B+cG4)=z~?YR$N%<52$Y*_J|ithLIL|AgfVo`b1xQweJzn4tM=X
zPiH+Y8c^@Lez4<cQ69VufK^H?OEM9l1!Fu1-ClssG@TgBSq0x#biqoW?RS#Zg-6-8
zwT~gP<Vh_2(?`5HYDm6KdfpkL=Hb8ChRT1!Lm6Z`%9(U0Ez$nan?tZt$~84WUN#Pr
zzV%zGViu3{kc+@zy3{38gd42<B-5Bb-h+Ky^_1p5+K>f3f1-@-RR2-bpdH`L#tfSn
zd_3sZc9a6YB=zJZkKp*spkOrCoi6$-nd~9aNA^x*F8>58YX^5gkuLFBs(y;hTQ>3Z
zNT{K{5fP7+!VYa!r;!*QF;jytVjd_hYT=&tNE9p=4WLWPF27GH#PsRRYs53cE^I6@
zK1%*n(X&Fedb=oRyqY8mo7&7z3A0~)j1|;8=UL^x`@Dw??6og=lJ(AFn&?6E&%#c9
zU((_ukj<-bUoExgZ~l7M%bMoW1h@{ME*^NrQ|Atw#%AG$6;FvtSFbEaD_2kVY{E2@
z<g<nZw{UfLGs=q3&G2k?x6Smlmp7*47XEAConM4{@c+qK-aO0mu^aiS2a7K7KcR}k
z*F3m;Q)YWKK#d2a4S>C+h>k5v3xjS%XC(%ZrIP2s@-c77V+C{NET_E5^yF<+G-?dI
z_*#;4cF*$=&5|+#s!`eZg*an%3n5<rd{32RH%;9{j2poisje#S5Uu)`d!$^3BnOm&
zxbrFd$S(_@NXB>J0?#(L$6FpilF@I=@BDW>Qi0Fl;N$`;VMdYJeFlff_a3xd`<^W4
z^83M=OXv~9NC&3FRpEyoLgNc%`ZE^E@4AmPf0FH{bGa$>u?Wu8j)#@=moQl5Qctw5
zjo!c66R&FPg(2P(^SnZA1%Q*_W)*%x2I$Kpuzy!B^L*+)^)XLDt)O}YaAG8l>o<4Z
z^56zzfDK>CA1f-51pXDC18!><?$fD7<=+wG&_U{<lkhN$KV$7fRx+47WtB{K>1xCq
zC_3r>+0+4quSL*YUK_Fqb%q(?o$H(^HFUjaKNtlnf+Q0lvr=M%!|nxj#KR_yI*sKP
zen_~zVuP5AY4{)IXMEYgkl=|v1SJ0T;KRQVtxQDeb?|ZR6YTlc>Z&ro^nA(^u|xH0
zs&C`169*CuD6PVOz4I%%s%vzme09J^Cff6B^dh1XwG|yt>iL~Gtn<G?D$MxSb0z6f
z-w8>s-30Zz`!=IF+(uQ}YRnWv>ZTa{omDup=Cy49%&nf~?!anoXHnoP9=NtETB&ub
zxx8j8Q}}tChg@8)f{RM|>+ZAohfTJ7ma~84AWAl5<r*rta9glBrG&B0mL#rL%Cp0>
zPp8e3Kt%X)Cvy+bpM$y6G%gr`U5BN1VI8k}^CyuEBqg#cNmJOmhz=ho-{xq)`&lHG
zG}$9Ot22WlREyTAmUFv2B%6|$w%|L+pyV;ErcsY_+A(`Vf8X{6Ssal|`K;Vkdp-Nb
z3q%W1dWmnmgt)V=YM-!Ak1jG`842u5UdDCtUn1e*@apIo6)~O6g|PjE;ak>v$c~@`
ziW>eok=OFac@c3eR*c5gN2()H4PiY(6coJ$(>4nt2m!S|=)q@6%LH@KlvM6<nyAYj
zthF(RL_uYfu%a&j?oyMVhCxgEG^Wz$*!0K8`P&Pkyon3=3?wl3QCp9Cz9#(%C9e0Y
z*E_7JXk&C2)%qBmQ*}%%=)Zr}l!D2*U;rt}cc1Wp4`8b7-y<YjiVzRX#uY59)3nS`
z4LLyVRF7vcF*cs`ND6B<<WJUNXz%x(@&HSwp}YqTW`cP;NXBT$$e{e`w5*2A&fq?6
z>4Sb4@SBV;`BmhLCaB_No|dZSemas2Ipe8eLWr?C%D>9*Cc1R85Ym6+cP$k_Q}rt<
zy-uXsJqgIL_N+%rPH4=NuF6jMA5lH-;r7mddPp_`B_ih`N1d7s@<?rcXO&SYnY!(%
zbe{W{hk6N+?2<*KBf)%<Dnj|k?J=<`W|Oatnz^Yd80vY?UiZZdSOo66zqN)ZBq{4i
z`zJIk6%rY6!l3(Oa#hiHXse57!M+Ax_Q;860fiiQvXM9OCXrI9GU+CEb|0e)4AESb
zH}dX>_~Em)@m=*_=B$kON_cUjyX;CYoq#qs_BO%tZQ|8wR~Zs8BxoARhSil@NorIx
z@5j6+7ab_bf=<c4upU!)a&s?oG!tgfOj2J#Dr`<7sj&aYo}b1k1gq)jjI`OI9(FD{
zI>RE6x4*XZu5_2S@**5-!n{)8gef+4Ym7K--a4UtIycwZq2~ricu$JzAm$G=mZhd$
zgW8=x07r6XK9*qXD6d2$FoJXz0ogX~RAd64<f$mH7-Q0k;YxTj<}ZuxD7oNNQ)<xp
zP1<^;l2N)hYM7G#8<e`lk?7m4o%aV_n6vG)#F!rUVUD%;9=W0=I&rj}ORo(t;Ri!z
zUv7E@)?p0FTSNJC<Hj&OnjWx4(yCO89-Ua%)ys2!+pAS?25}-CS}TdA2=YnCdsrp|
zfS?OD2QCFuT;r2NB^xP(`W81rz1B1}>7nNLe(!!1<0WFYA=cYm_K#}N@<j3Jyiz7f
z0cnPsk!(21>j5REqG5*{lfX{19}v1mPjobFN}~6d;Qjbq(?BFgUjX{qndFryT|)v>
zwM}i(sWPH)r#gDKyH%aM+92ifEb5XaHWI0x+(z#DO<lYaGlB9Y;YtT6cTEH*zy5oo
zDtVo~y}$$$N4j?=dt2+7Ak4;tK(YmqQk0gecBXh&xo@ThNg`9_B_IrAqKKJCrg^{9
z^TaC|`#ku^=(e~{Ne@8;ebc?J8`e#ZqkD!oP7jP(Q%@@aOzE@ktSok1R+CH1B&6=%
z%eaCu+YuGdodX0Jo#O===*EVHGNC=W`YbX?HPhaD;3@`5yV@)80KTI%DFC>=okK2q
z*r6*-ckgE;%7#uAt5j1{ZBH*MTB=Edb&!imbohG#;=`ZE4qnP*G&x#HpBH#m!>xB-
z<2~l)UmKh)c670%Kp*`KA9($BLQV4W)0c4&w_NW9{Oscumye0lbm0OJX<<@KV^z`w
zFDdm#uNc14(X_G|eH{v0fhYCs>!ksRoIXBFS5<j4p_g$tdGYaOmW-RG@@K|T)6~za
zon$`C7j#FL^!FZe%LYK`dQ2S=CYmtF8&x{cOW7;Oo%b&A?xdZJ*sCBoQ=Q+@LGC)w
z3)p(H?7)m9cckw<WKMp3vv-|4@fL4mk|h7*CB(JvR{5>J&D&D88HuhVeWnQ?+<Avr
zVriLR+2nd<srRQEZKbeqt2_KI9+Cwh3Z)30FnQzB-9(9;$p#V0yS)<rmCj7DuO{Ts
z#{pJ&s+cROLo|J3W$Ijqz))5gGYoc;v9guqn(6$<!M8Bg$H=Qv)yL2vm%H0t)Y(EU
zZg^IQpv$AIc53l(?*Vu2JsgNzd9M&+{e4VKs7hSqt^?wLC?4?s?B+cv7mFV9Ch0fn
z^d=2Z{3S1jRvrVyyX#Z5z5fx-`!aV;Pjg3MwhS2QB}PCsot6^0D&-n@i`<2O(h(9>
zc-KTAJ@i0muP)>n0rg`F=?(P{>kJ6AEA;~Z#=4tI8P#ETO_BFLnNt>)p@hQWX*%Jz
zBg<jnE<$fp9))U$J|;(0^0@bAT;wO@-!bF7*!F{-^oBQb9~tk>ml4F<nuNQl6Iw1m
z<=wANOz@tOIid0aB$Jgh$-7@}Bt3fzUZK9R*&GnFCnkF<+_WiPjEP~zaI!mNs#j1G
zoCdP61Twz-wD%a>nkDt;zzb9(J{%sU=D(kmr24;`WT;1<^{#h&JjV$7DGe+qEA8EE
zx{N2Y;(4fM)(dh98(x&((=T~*^u3f3>7>b`SG*^nX)KC`9+E(|kS$nKg)>?GBBG}K
zUqE_8?gP@hcB|lt&?$Bo`AC-fWnh~yHRVc7<fGG(VT)%#46;b{zBsXgeMVyyS>iqD
zUM>k;fq)d^t$bcwxVqz2?{RnF|AIm!Taa4834?O+HLrMOV8gHw`2Nq);p(M+Mw)6?
z3JYy3MHaKxY^h*<E-^(Vzs^YUbG%Y~fo=n!k$~Zeaf!{<rTeK$9Q_6-Ibg1w-jp}l
zU51uu=6LDBAacB>7%@)`l5kv>)Y?i)Md!ujZ`Aw_3ErO$Da~H2Nr@?GG+P&W4=neJ
zTTehyCx;MW|06gwo`1Gl{Fe84@V`15s^9c$AChw--tkIco)_totUK$W{Z8*{36w<@
zk9sr7GfIWk`P-^B$GNoNJ<Yh7=d*GpU;PV<hDlSMj=?;pf(hQ{>hJfx(_}+P6w^r9
zyywB-YCh0nNickgGxn?IZ($3A+$6R}2RldI(FjLn(sYiwV3C&^bZDUBP!Q;DtKOJF
zzk=DTr~}*jk>-Df(pfk<-)nA19u1qtqyHCmzO>jY+?a*q20(*Hx5RrysD>||s;>8T
z7^KcE^@1BqeXKMq2_||w<*1hAWgJu3$HHDcK7nBLboR&NE^A=A_7rf)-_P*EEz7;Y
zHkA7@pMSD9zxvcGkWwag36K)ilNoq0``Q6=Sgx1!K(4Ui5|g`X2DJOi6t3ic<_+dt
zM=oK}7)y~VywFF-hLu_pWlM}lXkm0GXkp?iujDI8cwUH-4j1jzq(}tClGV(6`Whjx
z^=pNZ>(<E{e3kM$aD)7P>gTLSb|D8*F?Lo`Z?$e-Qb!t;C9&);y&Kf|FTHiLYs`Mu
zfeyK<`!o=*p&Pv`+?cOr$oy|GScBArk^okU0%f~6nwyS%>m^p&ElVsDLAdWMCJ^w%
zJy?6GQ$4-ZuBSUZ;{LqJo2H*;2ZS>Vws^^==q8=)P@^fT<^tP4qsmL@LQ}IOJuI5Y
z{;l4sl_eCe!T-p2flRti;jKCc;;x~RQ^}-7yk@Ji?|8!dy_e_>L$l5lA}^=LAx}@8
zWt)1OK?~ixU5<{%pMW>AvlG1R?2NzBcr+!<SBJe~D(%2jVzY9xz?Vp{(k-k^_4!Wk
zTG{^)h*mU$9k?`x9IahHdI6KU9T%TIE|&V^GzvgB1-a#CucW~7jBYljC48p^aQmn|
zQ1996Ec&>PgMo(a^3Kq+)(I+fySl`*`tRmkyX^5^FIxxW2lMq@KPBROz2CSC_65x&
zjtun?Lcgoqvy;AB@6HwbgMv*aMRF%KpjUKg0?Z8!k3SIPb!IFAy@%@Y24rw~8b2Ek
zdIbh#NDasrd(5_~{;aR7`ty*!5DF3pJL)atRS`$L+uRdJghV{Qc(2qm)rrTr;4hPI
zy!Q;g*TiGNlf`0?)Z*KI1Y!H|S8tVi=D7EFmMxfoFcQN?s$nG<L{%rWHI<7+Mr=5X
z?n|7|g*xGii~vGHC+J0<@}A)7T$Zscmi9R@-y}AcQp?Wj_IlKTbJ{Bfuo(eF`?kSU
zMD?G5m9phGHua-3!W8>{*K(YqXY5;{m7cG&>(hHcCeQUI#isHP??}z&nhU!t=Qu-i
zC0<nwrpor`1%yLi_&RYUaspdxp|r~p4Q?N0l=71X`svR^+QiI`rkMSBBBsn=-dXOO
z=e%vT@(>p<RCREQRY(A|0b8XTz~5-CRu?hV<Psi@zEryt5jy&kw)X+&OF;&U!|XO{
z+GX$IPbb-M`;ta>S0UYOI%5Z80p2U^i$a0qh>En+fti&B_>D6g+v2H7r0^p_9vjic
zsw5w<;GHIRwOicO*2$I9utH;_!MJQQ8)QIeF)alVRForyPD`aczlAMk9}(oB0$8%Y
zgQ1)`$jT8dZP)GE%GT}x-sHatyEDUV>Ree}D1<h*DYk4?YnxONWXS?Di?lts>yY12
zOBZ7Gw~eqjxU~^BCPZYE{N}ZhHIHp;n}Yl9cc^x$t|2er*b1DLKib)g-KFhqpt7ye
zwiaHnVNiKW-fxO&@0az{yzF9ZSGA_tY@v$NDV5A$!L-TXa^2n@dCOR@tz~B}rDbBB
zC#ya0VWOV1ZL%Y}NzVrzLa23YFb8IiPpIpG1o+Pd4kpf?tiFnYSq8`0;v?js{KMMB
z3{mS2f<;aFkk@UDwO6^*I@l5p>jpPaaFVL(;_SojzId5Kc%t1)i=-T!9pv|es`we$
zbzhP#(kvI+(Rz1hM_c4-E*O+H-740^wp9Mnb{G|3gc~wC>)WLT2z6{(r61C4ZfG5q
z->)6>4p2+G*dyd&AWj{L*Gcxn+S46!bPRsPb6suGVuZ~8seFl0lan<;2&N}Nq$Mdf
zaRK^(a?Y;?q2vf<Kf}%@e*lK*`@r$aDJH0_fc>VsFJKFhF4B>@Ih}-00!TkBo-UuV
zCnMACPu=8hviu<#@;g0~gLao?*^+aW&0e{ea%}PG(8QXCfOMrd;$2tSzqt8VbF<8s
zxoJKlY8a{B?{1%T7xb{jgF!GzLTo3h*w4C+^6c*1POO0TMeikbQ3bP;dZ-n>ZA{l|
zAl{JN(I%pfw%1*2A9VLz$GpI!3C}zd-$7NZq?cA|COHHr_pyM{ePqY*X)(Gb_!B6$
z8mkdE*rasvN0K>9aF;Pf6IIL?+`i^U8?#KB2xzE4Cu@)V29>t8uf5$}a+58ERcQ$O
zg&=){E4VPOeNr2h+27XatvE*q(P)7IOw6BeW6I|bw1J4n6v%JMAb0@OBm~iw7y850
zxF{kDSG`SAiT@URxm$CKEtz2gc~e?LZt<E1k?@~e?JaKdZJLXu$IqZT!D(*+f}+e;
zLs0ZfK+F#R8F;QiahvLiIykcMHNKhPxznC0(ToU}#8&UKgv{#iw22VPyQonIWE_B>
zUVAdSwX}-^4VL<OooJcgp0vBFMWnplHQ1(JL>#f$dt<WHs3G=Iw{R$83ZxH@?Gf@D
z2nZypvU0%Px?whGN*auyYrSg=?Mq;(*b(~Ky|ZHsRq=H+F`j$u<zTZ6peucROMxhI
zCo;gqd)blh_d#WPWwGOIaxJ6|sOuc&vi5#kus<?Xg3l2hXsXIY3t#!5&0c^HXy_hf
zxV5_a4F;tY)Kr}xvN0ht#7=k&UxVtTwkmuJy?&`E-mK|p>RU<IsY_)^i9&l6S3GR5
zbca1+can2K?@=KOaz4^N<gOnjCwy`=ETjV>r0*w7p=cA8Uxe7`HCFgz)T6>T^B&U#
zOrAV}4{7uOGKO%{1wEj?$trNI(^3t*9dCQdbKuKE|I5;S;}}_P5<pxsUY~u^7T6m2
zf9#`@9h&S*R9}zR+aNYCEk{yRNx%p2`;-kr0o#H3hRQc0CfYjwh?=j%=e+5%Nf>jI
zO*j~O9`qDVZ%Uew(z9;}?qbnodn0tpfyfpWpQ1g$)iWS=3}&_nh`De%2yaQTNLw<G
z3g2bZE2r9Y$bA}G5bcCHkWZm^-W*?J<$qR7c>r?#w=o|8hu-#_z1dB9-X>U7@PhEh
z*cUYwfezL_>rYqJFWI%A&3Ia&@B-N_;~~%RS44c{26KF8AasomH>BkXIRtR@Pxs`6
z?(%Zt)Os*sKmp2FbnCO$YRm-wUOL0xsn0s_t5kSR=TDFS2660~iOQK*VmCpJ&$4f)
zMdJVDi1S{vBRGi60A4SVMPkS`(Uw{=+g=k4TP^#Jj5?rxpsyUX59a`Dj)SJkM^ShW
zd||5AuXCVVUKi<kdX7*;>|FUB^rqd64a<@gfIDM?0CvGv;A&$6f!3|_?8U@($or6x
zQDr$Qb9I>woFxGYWKbVvMKJYN<@OTYj)!I}!JyEES~H*$7uZYO+6BlgSQc9($|X$O
z{cRhMG&h&Sc+AWqY6&~-`4DkQmJID!-eHzQ-_=I}f|F(t;nOjn)$iHI+=}-(FZP&5
z;lVZ5KTTMoAz_QIbRXL8iiO-Gd7ktx%uzFI0OThxLirUfvhge=IyTGpXQ@jSc(nr$
zSf*P3k(Qm^I5)23{FC8|^SYSH%wJ+Vx*DzaIMBAvqbYo!XFU~ivQRkPG_zILWe6hw
z$1K(D_X#_yhAy{%W0?XY2{DA-N?+laX9+1T{nQ3aN|R`3uxC;(<qE|Ih(K*#Vbdos
z3$KLY$6PgHDBi*93^bwtGv-nA8C1GrmEKHg$1*Dun7-hJm^d|VwGC*19KuSw&+e{{
zKS@;N(@J(O?=yt=t`}^d8Z$0tlv})3i+`L)9cQgxhtAu!9>YeYa^XrI(3aE6HYDcV
zu>s2|>hq8?0DRp<qNh&$skoJxUD+}sDZ5(6k@EP3P5O<L8!#ipnZ){jd<;Wp@t3v)
zeTlvzePNX6=%ZL&3r+6%%9ePOY<Q#No?LZq8zAcS-`F>(hrhOUH;<)59lAh;lTkK!
zw-u>6f1@RgG(*wZorquw!vaNBA2f)?dYI7V`!T)CzJq&)Z?YxXgU0Y763bgbsHop4
zoE{P;P%CMea5_X)zr`k_h~%&Zw<d&+_LpnWO}A|o@r^n_e3R_>197PV)wbj#OZ-mj
z2&T|PGG#ic=O)wNJ#PovZ0k0g(2Mja)!Iyx%Kcx(8fwv8eyYE>UFk7J$Es9ycrWP|
zd$-#XXcFje|6OR7%|l2(joHCj*Y41I9&|!S2kZM1+$76~@{qJFgkMneO8?fXwRlk}
zsUAzc_meI8_Xz6VsnlH*-r;Mds;1B~z+X$-j`cs=JKXYJns}t^3hbP$F7CEZOGD`m
zHE8I-JJ4pzUi&12z#}w-N(rijEp=9NHFBT52L>lY(k36V`V@Uu;4H*>8djc`kQKG|
zZ|;))wzMs!hcdF3$lYkPCEGsoU{FyC8Y9f$TY{o&NbNzL3p;C_RDKwWTyVq=m-CaT
z93qLTlTTt=l>TDxmcL;}X>ApGl-z=uUO0pl5+O5UV!Crg<szrOT51zfe)v~?0l71L
zHe0^dfs;y(YkdP#5)&+4i=9|@!lt<lP&%R}RaN`AY0dyL<WAOMcrHB|)PEV+8%%{J
zICr3lw8(erQLy2s?MN{Vf-NEgMtmz({UIk}O+b`Q|BVsy&uH^jGBw6lIXUXrg<K}B
z!&J{d=#MFlb6Tj17{^biavy=`G^8S-#jDh!w<Qy~ntt4cPom8$-bIV`{6ok~vU3{s
zLl{$~*FjQLHoB+(WES{7wLPTo#5uHJ;5;&r;Uqr0%tr$01^W;8>A!8M-2<K@fQqs8
zI+2lrd!Ud#7qt~8$u&|gt+nm>OIp!`qHeIAl-af;om+^7eu3J>j)L-pw(=V}INxN!
zYCDZ~@K-p{L^}GMV12TR*g~4-M^`$OO2Vum<}JT2h7QX|$qzf$*b#-9O|FkN$h2j(
zbrF1=+SI`<O~XYBMgl*lV||ZeD2dD$Qw?e6xNb~y2OXK#!nqRd*wPUdBQ;F1cR6Y5
z;W6C5yp^-nof+nMkZ!zSlT6$tb82WCL{Rf^XN$W(+(7|GMLHNsy`mf}f#Gc&IZuK^
zx^ScNWL%P}pT{d}+d5!$(3q~2x!QnAPPB8x6v1KN{Ey&lj)@W;?QC>wqj@ikKzS1Z
z|M!wW4_{0oamRFyxIHZ=*hLc|p0<;e2~AH89m0i{yJeJ$T&(sw2c!&oco9}@<ptbq
z{~6kQQydNnISwkpkx4i5J7Td5jcTc;OB=#3gQ&d_<9sRu6bvT5Sn?wr(?4G5>UaA_
zbs^Rff`jvPK}|(ue7G90ofsCWe5|*F^QpTaPIhK%Je!NDf>ZG;96$m+`2>m1e%DEI
zwAo1p>UWG<u!){wlR7&4nF^*Lh8yZc1jW2g4tPN>1&~^DYFobcXCxZM=7ze^nZsPy
zg(bNAyXuAT&8B}eV=L7w#X01rraFSeGFdI~m)=VT^OArQu0Hw5@~AZdhb$E^Yn_y%
z$M@~UKCeo1M7~N*l2#iLr}_HBy1Pl&`77NKBTgC`&YA=6Q8NN!Zb-=Wsva4RyCTye
zeLp!%NMuO1gVi)ONB*)TSN6R6D*nEryMt+#+Joa{Zot5z|6q>BQr*&uZ&<NYGkQAI
z1S8=oZ3z|`sFl4OF`$TglJ-C=v7;1xU&wQigVKAxz9$qBd5v?xy>t!R4>y4kX>OV_
z2A$FJ2CTA~*EyfK`PVb4Al4vW4@E{%YVb9D1LAN3t+0AIPRr68oL9uNCSoIH1>fG_
zV7rUof%KOwE1Gc;o9wErz7Fn>e5Qd^Hr*0LhZCs)zX>Y1c#|U*btX1{!{sJwaDRvV
zTuJECMg2NdKjRu4NwNdBAc_LdlV4o<7E*X|zH9(yt4=z}yN8(m<rkS{lLFx=Oc6Re
z3XbhhRMsE|*ar=!ztf;^4cyG>$K2v{mK_eILo_5+HCJmsMT&gzA7_(0<yOvyz2X$c
zKJHIdHMcp3-Rj$&U}-cJCn6S7?sN{i&Ruerz3+z9L>pIj5xhuTuuCg3C6^3#bR$ST
z|GXj0fBg`SV)0OpLL0c+!{mNy$_kysD~3Cb`25>Fj<{x-m?z8b@#mB-gAuAe21NSm
zW1zZ^?$y-UEl2@)Sz(gY&{!?LPg4d-CQ{HAnM(_&+G#OOC8XI|`mm7QT0{4RVf`^Q
zo?7B@)W8RvQHT@*4up+9u{|nzZ=6~Bpo2vtE~rjm8P%2$JHh!aD@GuI#1Dd(R${ru
zc*&2s?O_qm0(szpQQ+~2NOdrBtvC^mQEK5xhi0^Bq1ZZ91lC|HwZ0k7KwbjD@TQ}k
z#qRpiS{$Iy_IJSjDSY0cBkFlvwq8XJX;N^$?qjRFw2htubrp|wFs6dSN#~Uit-F8{
zEP55E<h@57X*x`IsXWOVc+8;;oh<XT=Mf(0p-A=0{Q$xH9v4vy9qXa>`9Jv_=-%(!
zh2h#_Iv0%L80R+ekK*w(5mYH^@yE1<+43oQ=+}>PJ`sjP0DXsb*S9HvTmF;IX8s0U
z(j_`Y-7(&g!XgRYwk6V7{1k^idIE&6c~@KbR~^IXC$M0uD<+9{%Hl<G+-hh?=-!y@
zY<5pg)>N3rOzG+brg#MsU~sW!cl3a6yU*;SRPrUJP&PFvo{+5n8g%WKu`U|&(=K_k
z(_Do;<CGw%vcQ)Ab<*b-LlO;vDAAy((4c!>^D;K}`46R8#B<K_70)|;wer*MF&T2y
z=+*OL!hDvhe8KtHo&2IcO#C~<lQs$X`s7Az_lqw%QiA|HVJif4m{xAZD~1GorK_0O
z!>>3mxEEjHad|&hu}-+Vtr3cmNS+wk<a^OADo5$r62%jl2lPVE!H{98FAUv>Rv-2;
zyXrQ^`LDP#zNhL{;!ur%fFw*WsfcqrGAcnn+&9Sp)`@U40&H!0F|6|YSBRSGrkMES
zUv)}2e@v)<H1gagJUZ-uXymllI2%dK95lukN=-#TgHf>fsQx6=RFpb@XzJN89qO5W
z3SmnyiqP}t(g|scubEm>=kuw%UUx<z;N~y!$7%a<-c}Oh0l9^mL~#i&H?JQ0?)8TA
zl^Z$Nkz7?lg0R_iy5xvAof@&at6xV<>palP--!0jpC=lCN~WN62E>X|i_4s&ZuxxF
zEQ165&<2?Nxd$;p&mTsFW-V|Cy5T>B{G9GPnRBnB%=!MeoKIPc&O!w%c^hFk=pE5s
zli$?`j_*l3)_4_p00uAX2Lo-jK~Tcp7eyd`m9G6ol|}ODVU%XkX5zr-QYBdVfwMsj
zd;*zj_(A_;f?Vt5L4?Yn9>jI37GctsFLb0(S}ePN$(CGC?J$JC<5B;S^CvGu1Du{f
zpgequb7aL*M=;qm{2p2})3r-apu#!HTF?pt@@VGYcOF(;yG-N_Nh5^|*_ESL$9Prk
z$Iiy!{BfH?RHk!4H~osu*L1m4E!I%vL1ZiDRH7iv$Q3}?NGBmtN<v$!N$F%a0sf0N
zhN^LGa@1{?;K|w3oqlSct0^-ReU9%Q1WN*!<2(|J1Ksn}YofRjl=$E)j-yI0$03f$
zj+?cY0)@pZ<t$f;MOC$0i-`;>PSN(+>g7J1+rYKX7Ews^zl!OiiVhJl3tNM#n6b`j
zrk+|Sv@iTnQ5?;8r`IE$CRGLpK?>;>nia?JQb+D)2@#*e8s|5NB4g8}2R=!FVXD_T
zfR^wt(5IKaaHM@;j$mZp;h8^lgPlSLHw?<cjbiSUe65vZrff^-;RXoWRMFo$Qrm#Y
z)_L!#n;`#$@0?9o&E05}kAyFQj{}<=pbSA?q5EXjW3$hzI;TND6E{06`MgX}hu{p4
z2I%03TB)s7z>n*y91<+$vw<4HDh@d9)Sj&lz0{;SSUUQu+D3l9pH%JOv_apRSIY}9
zxnjO&Q^L0gO(y7D1BbZoB(U!gi>-L4Z2giS(f%OsQi!BmchT%GNqzPe+r9270wFzr
zcBpTs&<R~5ovV86!eCF`9olMEBj3b&;Y$?LdwZN81!dC7r5ZLlz749pkY!uy_+DqR
zRA!yNPgq=nQA^YC;u?Yi8{Ntp2gGrIEjn7>hT4g0gx5FzAjdcQ0LORd0Y@5P$rXY$
zp>+KJ9)yHO9CEH}<gPsINM~vw4$P(Xhn-v1sG|-|kTN)zVC%DR0v$uWq}rDM;`}H>
z!JxhK0KV28W0YmTasuw&;~_#Mg;}gHO+y2ILPZRzb8tlDvqu_$(Crw<y-oc=*-2*i
z(n&|Ys0Haoy(f*yh4fO+F!!yexVq|;1E!04TkxX6hXmxJZy_ZnHTBL<G7(N!_w%ej
z?VNQ_|Hc$t-|rlbQ2(hHqq~$2i;h&@6AV{+R!==3pvK!B2C6N8h*pyK>ZX2?vPOoE
zRu}&aUI<7P;8n^z=a7ZLeTdxyR;D`tFu4{(&Wp{T!RNLl5R;==XKOX}f+Js5<a30Q
zzMDn+St_Mh|LsUu!*o?N0mLtIwGpLy>;`E#eo+)#1_?{L6?R~Ee7G91G_jTHdKsDL
zx$Ka0z*VUF35MEOl^8ku8sCq>Cv?va-R7jQkq`WnSE`aKx@7d+P4Bjz)A-=f!Yh2h
zcnp9|EFIZ~HNq*`Tt({8o-2b_m}R5Ai8*T3MV|3DK_#_n;@j!gHSq-+xt*H%asd0A
z`{XkmLKrF{(|5BfZU#i(yQOc9MvnukXuS6}A(jO7QY+tTw;;?X>6HM>YFQW}mz=OL
z^->rD>ATiG@e1(43wn^LpB?XuP^ZF~(ynkH3*`x&Q;?~$;$a7UrCB5+Rz>=V$6k)|
z31CfcGYsF*CkYMpNLwHFihfi#pyfM--@8NG%L6l`d4TspH@aF(cPuk4G~-3XN4~Iz
zzI6*~uO)*(&>A!%qUP}(c4NIh>F&T^k+&UvLDBp|7<^r3vrjMEzHi*2j;|?6fIeR<
zy+b&RU^@CEW0tbhaj&cIrhD|j{+P9kK8wZ#;hjXxX*4aLOx!`nua9qN?CZd9aAUMB
z6WIwmx+>ncKe&rp^ECXey_%5VTj}N{%7a6ae7K9#I{M_>s2~HBn@R{PybH#{g-$*U
z2;QgohFYi6E<Qw_{EwE4S?Z2)$dsO4eMEWr8#w)Olu}+YTjxvp=k!SZk5z%q9L0oG
zXktjf*H+FIUcqIFSJm^e?)R;v;B#G?Z*5R=u=HlWL26&RZ@;^#o3C3Vw`C^O;||aA
z<;n^XKHGZJ_T-z@Ak_8QKDd|n1Hef~%7|PaIUl)t*Y#h?v!by^hYpQJakW?9wZs9c
zZ9(Gnn5%u|Xj$T)ZLkjrT#yHz=nGTD-65t&y0fwUduU?O!yp>??o_B(V3=Cf6Ox+R
z3kuOgoc@HQAckn6YI-5t)JycN(=Ty)``&T4^ky7=->D;B+N+=JfT8wJbHSe<qrHVb
z;`7n0YTC6v@`faiL-sn^NHv`O6W2p9Pp*vS(<j$MHDj&|?YY=CJo4!Eta)G`pTLt$
zRzv$)s`(luoYvE;Z}3U*7E_<R_iVNHM&A*4Y2SazEr?wH-_M1a79Lxk#oM~|^Su)q
zx8cKKRJuL(|Iy{UD+UM&rRGCIdYO&Z0hZBrwVf({&2A~5c50#K5A?0o!_eL8F_R>&
zHf&UxG~HfR;9DQMLNG5=tsevl&AVBXGs_9KQq)ac|GLE|MqL0POjoN!-0C~zUcR;A
zutNb<f`Now3ge<mpCZg~TUTF(y6~hu%1ylk+H>>o6mBcL%hwp5yPHQfhJ<Mz!jQ^4
zQ5w^$QylRAb`zaB*hkF+)6hmlLnM#}3o<j^p+N^IPYs1$s)um|xT)BF@<m6Gf<)DQ
zxQ{YFZf<~??(re4<zet}?%9Do{m{L>EpG4od_aZ;_sj3F2Yi5tMGyK~2ltZzFGyV|
zq)iu)heT|qNdl7IF#Ne@sx*u|h=_-MnBI(z%l{p9xD8j@s5f4tzhUuA&a+|+pzWQ<
zecjZZ5Bo;Bb&tq?TpsDe!b%<O<J+<WxB;<HB!3?>R{lMO9=~*sc#L1!et~+WN~-2@
z-$A$P31+F^so}AX(!^JPSP-qoM5HGQkn2g?p<mgPA-esyguIoSyA{|l#sfJO`dG%1
z$sE^*<9$Ifr(?3A9>a8Spx*Z>AE9&EJ}d+FS=@Z!!NlOh<r92wx%m@)(T!BmB;REw
zz+{7cHD5XdQB+OV6Ocb@5v$wOE_oYNwyaHP0;LPt9rJr8G2{<>6ozeR7yxH!;&^hZ
zkE$=S3;<ly$UbHRPCmo7tavUcD#V;YGHXOWELcW1^m*S8ZqFCwTnD@u6taRKYtV7x
zmS~dk1Q;tGKtS-)OTKBEfd*A0O1WsNV=p6UDqd;eZM>UofPgM{nQhdYZ9245^#z#E
z$<uvr>D@-j%%QMVhj<>kjTNWN@R9pORFCkyjZLJH&wEM`?R{s4)FsyH6Ajf>T-k|l
zfC2Rn;y$el*u=ZDMCr=5YcEAZ@mw(ZE~!t<Zt`z6me+qKNb~yt`M@_d5o+jB2dXF~
zND9*5`PY04BwoM~is7uY5O&Y@{YvVxPYM|HgCNGCVxP{h`+jo6=lG-(`5Ur{fw?ek
zi2vl<3RM39)b)dQ&X-9>_y7TrvytmMNHcF9T6jiT!~Vgu(uZaJIe&9ixxgf)^%7ZS
z`swF?<j`*@hb1b@ePRYL5Yj*WmL_^81<^|J9;I&IyUx2l!9Zn0bk>6o5fmoGl707{
zZ=v{TAPNV~bhULL#Q*L4KH9@+TEsa?qjFu#0L(!BZ6N9wqtvk9Y|3SNlA}}nl&`zm
z`I|k`U9ymA^A>I-I;R^T?hK8i5p`Y4hW|uT<ziurGz5Y+0gE5=N9u;p4K>tAO-4ao
zNa5Jh*Wz0!uJ}~yVp1Y*RP5T^C9FHG!iV)eWEl)C>VkARmk>hDuXt%&KEd>={8*bw
zGLSBMgv<`OOP2pj`NW4wt(59U!kY2H;d54K+LVu*YdX`kNjOvb|DlQlGKIb~kVfTO
zk<pDl(<ep898OBhn5O`h2CwuHt6>E+iuoregj5cFrH$I%0_Kg_hqrd;+rBilWhHAF
zwmL{9>>XdmATvA^t8B08e&WQryQM1Jz=>D>Xp5{7H2z;cAbz>ityt%iG(&v}lPFi!
ztpiU?t_;bLe}yl=`UW&`>(70H>vF&J8Vl9O6@9^#0binQ*-~N+8Y<L&OZ7&!6c<m7
zRza*A-cFN`jXqo>{YQu>1Wsx{`Q+EWZQ|X<Udy+97$ri@-AHzp|63p5g_IYAR|W*f
zY@$wGYqwRKSFzT>x2(0`JKy}^EgDqNq=S<jBn*wP>-WT~QD3u}1CRUoc*I;}{D+%^
z0YH*jM5mG1&<+OybL5FFzAATMRgkfy4L7`=s(_tDLra@8okr0k8I4nNf_jN9)jnJ|
znIq6$4>j`y1k(C@-$#0(lojN7{=uP46}jEF+^yd3lctqCLe1!1)Y*Y9wO1!zLb3nO
zS&w+0t|r9`9EfIT!z@CvJd$`rFk!GU{7*jI?Vp2Yf>1Bcf4nMQ3?NX~2R~c0!QNfI
z`TAu#ryxbG-YsLueD$Z#HQ5q1r=(X%M^mh4dx&(f#_PZ;h@Rsq@d#upNoe|+%lnWQ
zdux0~qZRu_phO<f>?H%2bi|~$PH=#e4r;Z=->|d!*vX+7K5<p)gd{@cSGccB524$J
z9Bx<y)gRI>y5b1rHT|e2FNXX-NC(w<zxY0JmmKqT5}%wiBAP5Qzl!eRRKNC0qPg2K
z0Fa)?#XOV=X?up+c@jUiU@NbBlxS7KabI&)xXG8U-aP?d`RaVqrdICO$!kPNh+WnZ
zK6z>Y?5yvuJOvkSt`owM`*h3_m9a1M*pE)UMjU}7HwFI`DVcX4oc58hArAzk*t}#1
zi=H-*t}<O8frud$j{IhSdTE(6(tYy``=FNp?mOi!Ju8+=%^%{*{Qc)Y0#oOA5j$uj
zg#dK9zm_p-+R}vEeUqiQ=U7VM{6BXCzJ|OMcn8;5W}(BI4Pbv#@ZoR%_Lb=q)-3^&
zgJAyRi@t9|f7BW+as~1G!Q**r)g>Qo`WTG9pdtJozu@vef7CVi5{{a^*Dnre8u~;>
za`{lS_?A-Uth0hfP63Lvuk?$zEPvGMnXp8X3N-eISYKm;#2;uS+Qi@RTI2^k3hJ<C
z2`@;86CEuJa@t=3@Wbbt`IoA^=KjmUMe7U^@U18{r7>1jQB!|+TDdtR!J|VlHC<>v
zzonmCTD>r2e#qM4k5uxu@{2JqD?!s{D*e54zJ<Nbt#0j?J~H|e(@Is}-qM86gM{Oz
z_KJ`RXUM0_^~ZwqBK;)NaHq642z?Q|Pb9kW!c-_SB>_L{)^W)0RgwNtZhjlTq(F1G
zBy0a)`u^|QX5p&!^rV(*Q`>*$)$l!H0(GyG(>eYQ%&6pq=$5K+d;bD=S$jW#TuroJ
zC$<SzLv9G6*cjZE<3s3+oNxMZWcdCCmYxJ@i#;s+VJmomLO0^W=#O~oZzvD3Sm3T7
zQ1SIP<aft$=Dpcs-i2O2+IE`l7i}vJF`yM5z2pDhUFYNN!9S8GL9**V-@S^9@qdMU
z6_`fri;8ppD3!2?-6YY5hDovhIl<?G;A`kAa^x~neM+pKZ^6g;bJa(&e$AYqjq;g~
zqB#FycX+&>i3C@)dk;L1&m8)2x28@aVA^_Wu}v(l0aU`JbY#k@i4BA4Xia_6|D)@@
z!>g#exa|w26H*Y;$?4~av?M?hY65ly609IC*p(I@yR`5qib@HVYzvT}B7&4)VWh{7
z)Sx1Yl%QAufuLfeefL^3llXk^`~H&)&dluDv-jGouix@~XYIe(qt+;W4(%;%T)$OI
zbLAzT^;T?KzT5e@2ok1mTThZHX=jrx{&f8=Sf{r8+GUOJ;1TD$5JO#a_53&EX$4}~
zy-%AXla(Uaz0T$b6F<h<kY2ZWn!lrrSo=6F-j5%>pcDRvE4`jBCiPsxXdy}2w$(tn
z2ReE1Z|eVD-KVMPxCBL`YiEzxZEVxXHA&iQBy0}1B>d1T6IHUEhrteCm^j)>&+_0k
z8kz0EkeZU?u>}}U;p5CPp$l5IFr_~;1=)(yZjjruZth%(RY|sFw{h4*DLw3?&gyA~
zW5Gre7HEOar}nJ9q9)8w_a-KZ-nhn!%@um;k;lT@6D6((>GX!4#`dYDC;UK~g@tkA
zz?KKhh%0ff^}B+toZLVVU`c?}mR5SyT^#sC)ADkU*j_Zg)LzPi@Re|}P3_~a*sn#Z
zQSQ{#)A0GiB$^&x={#ghHky*h)OJMp)XKQpBL+Br@$!2~8!YPUIbjbnXE-_cCD(ZH
zHz`7nWO7vX=b(XhOrw^5o_DNy{XK}&Wdl5T(Rbv_zYi4De*3?%6XQ+)YlXVhZxDA2
z#eta8zgfB0L+`rTYK%EegupWZ1o&=3PnUV+I5tjE?GU=e5i3>Fz8F){!PCkd>B5oL
zLr{IAXAuTXS2YS9tL2lMJV&kdgZMg8*G9HZW6>W>q}1VNPFlSo?%@F8>11kWbJa7+
zEzHAysHx^sNHbw-8ae*eiT0c6Ni@Ji>_reFhYS-Y4x6;&qT&&lHv+%-^x>YZR^bR;
zOyah-Tp8(!P!5Zty{FJa*p1LaLB6CvjPx9|mfhmf><K6{y@>L(OJ>>|+0-E7GR*K>
zVNfS-gJJ7)1K%PSgx!cWZ5sIKcqPlT<a$Vc$sH2fCJJ11AIjL|yI2>H7d44YEuIWi
z)tgCj10be>DZa}?WDHYLo%#wAvHl*khnN#d@n+-Qo_DR{dpx2it2rsCDj@FAn`Shl
zR*&+CO(~6u9Mi+TV)G?6ZnI2QSdPwE56Q=ZN~Ou9+Iy{g5tP$@oJSQ<PVg>5r|yL>
zby#vZYK>svU0`qHJ<FUcDnng>m#?h+dp)Qcqwn+J5}ABIORl%6=9y#0{*X-7%&jon
z=$UYPUCb^IvY5*s)K8OyJ32Yj2IV0Lq2}Sb$JJD3QejhkEtHivo5#ma@Tj^W57lCq
z^qXkw1_YE*nvw3(4F{m1udKYuGP7Y*>P~@HFWiFjwfhF<m70WxR$?VLG`By56sp*e
zJjR+mRfz^+hKZSO&OgdZ6~2b!q3NRz(Nyf__j8YWzOeQ^hNN|Nf%H42Njlx{_Tzq;
zhG-d8#GJ=H?s-WLEym_Y_$DV!hdloY5$NdB4^?Er6P{<Syy^N*2=d^Mv>{TAoPQEg
zH+0SJdI$nszK^*TJ>{Mgb)GwF1|T<W>^uK?+Vh&tE;Q>O$J0duYIBh}JHxY%uuW+^
zbuT0!Nyq7=b|y5-Loo_8B!ylmocsth!fX!?3~4umWqGk7Kjc>{ZBE^`)G6|Rzr#^#
zI+#ORy&7u%^f|;$(Ys7@z_Tu!uLFu|PU9G|UspWm5%0Kw8>xi=)Dvd(^Bzeq$ts;e
z7zc!%cr&jkxw)BLl$>HtmU_tH-~lsrIObN})#6u?8oGC$7d)?7J6`Ze9*x{ctkKCu
zZ}XBPy;O^II1wN#yDi^bkq!Ol)l!BYK}}_9{YolERR!wtj^2?b=B~&2tj1+f?9?*&
zqbA*`2k+Pd#Pt2QLD|2Td+;fBAyi=d_PC<TD*snuMf5(}OlS;CyK6Sdg?VowAazp*
zzhT=;-01o(f&AJK2;x-nyy*<7j@{by_|goV<6LcKuC7c=H_t6(V$EM?d*s_QP38S`
z%24S}?mGZuZ-^M^zu0r3&9_#1fS{bc#G_^gny;kqXxx)BfJC#T0A;eOccinqa{;c0
zqNScDO5O5Z!VGlW%4Li@Z@II>Tq1xQfM=rAtse*OR7{2E4QJ*`DzLQ!&i^%5tb=T*
z#z|NHHkokk-?9mURBu)_LrOqEmVaAlP_c17#QMYXsc(k83)chmfuxCdJjzRXM9m9D
z+{%5~L&5C39`XTX9eg)|nxZvv+yCZ~sBAdMi9Qh;Uaay^aLz4!z2F!VNBf363Ca!X
zbmfL7c2<O1-}gK_tfyCdTH1@CupZ>iukp|d5qloKeR3jsQ_|VS9AE39UlPNj5ekNN
zbrvd8v-KVc7BL-#I8j96>Q=;vFhg6I!rkbdgW^+1StmAlE~>XEx>8DbxVz5pLU+{K
zSnjCzJs;pPA&*s~S!xjv`JLcv*#`)pr#|qg=fZX~WShai1HYwLtPfE!i$8KiJJ*%3
zs>8DN=UCe6VyoJVls*5kM-6`NQF976W!Ur`5W!*cHO|E5pL!PP{0MA`%TOV+D!;-W
zZN5n)Oa>_)1E)iN>6^(BEbfFCF7Gpsc;Cqow?k;LpTSJO-38N~G@GOK&<1a3^VDZh
za2h$O!0B%F*rqg@;DTvS=1IgX+1xz3bQ%WBnvzJ4d1RR+b}%9yH=#Qeq^4%X<E-iW
z?LsqBUQY43gPE~zheLa8c3TLT&2A2gnkV7;Auc_nS9ypo$sQ@}vyu!60^7uXk`hw3
zxUB(Y@Dk(s!t>gq9bYKOiy(C@_?y(8=DR!;#>wN-_^x!9Cuo`uhjpaK6KN@`L<gAp
zmHPs~EPT?o46L3n?EQbuiv1czR8<P!Jqb<_zAi#P;Tu_48U26qWSk_7sFT=fJNB{w
z51xld{kVsP9PzD4;qiMtbb^_=&qL5;{(kwT;(+H0o4W9mJQnF=u0H5F=4_4TZcYA<
zV?E@1PZkwuha6VQYXxyz<2mPl@azJQ+jBx6QUwu*+ka_PHLe0GO8?pOp>_UeN2|`X
zePf!*)^-YBn=wZ`>o{ff5A7o522%yAqRM*V7tdw(q|nf6!Q{xSBct`WXQTb)nk($)
z%h4Pn2I?uChAZT`x1gRUrs3{Nt5H=#)=A}_`T<FgYhz|NCQ-Beq-T-NT4O+6&AD6g
zn)N*d1?c6fdZhL|GLUh`{HEeSGT;>fhDNF_rAcuUv-5Y)9(y|4i=^&Cy+1r3Sv&vm
z+@uD#WQBppG0Gfk+_;HZ{+CC>V$3SzMp%MI8t}8LHzm_lyh=t72~y<I$Ss=cU%rM(
zjkp-~!F$HxqE7cdH$(9vvu9)TXj8HZZdZH+IdbtPw*G;$Z2gI|?iv4gGMAf!2r%Ip
zgvOfj-cDxtW0IiCTRAM`h7B`!xA4Y4KhG=SNPe^{Q@`2nt{)5ZnpJ#(7YLh|F7$%N
zR#o3C8O^9G6@!SefjiK$^hcn{N*a4{v(AZhH;1219%aQg@<N5}8hZtwfq_Y*FCUR`
zy(w$r#XW=-L#)8X5!l|0lD&;hy%Hni&e~>?4GdRE^59(~J;^!Jk(yJ|#@oxBuTHqf
zx%q#PY~%5ucvo3FqP;EaEjkh7t+(iOETX<q3vXXk!Hc{Qcv(xP#0(@=TC2gq{-<Ct
z-WzQ$Y2P~8q{K78zIZRE=XipbI7_`G{>sb959EP%(m@KK{$%gFmM6s>%PIRWZ%v)u
z)2UvmVZ%rwCxZqLt-W7ZlheG-bRjySqm0a_l*(<Iv)R6t7=9KB4BjuyMxXb*zE0!W
zUCh}JlbQ&M3k?qgUNt%KwF^o;>?&m12bst5pjV0&bnz5Ev>@#L-0BeFBNpXeEQJ9q
zVZp=D90)SHgm37k5FB?AWRQ4mI4&2o^}cS?B+yS;=6GALI^@|c#U?u2&g;lnMR!t`
z8r#9U%~>9WKG@t8lcz^VcdBy=>?R8F(vFJ~t#tQ7oIsGNSfu|JnLinPNLr>YsIE1=
zgW8)ZpYriNf5p66Tm;*!=;G~Z23#clRAhZmUeDN+a#P)2$tLdG#0lD%MQmbkXRiu+
z_E_t{K@tv|`CZ&stAYSCrio4q6wc*Y-gnKoY_EF#81>$N;WH(gtvO6=W>+DF@@`(+
zz#-|-hFWmo2@=iTf6xVMy7KORJ)Czt>9%wmNHn8nQ~zCc6ztuOJ-x43`+9nb-Tl&w
zW2H-{Stj(0E+Hx1(>$dGc+H@d)cle}rpq8WT}ks4I9+eA?FZBDEqGnNhC{_1L9?9E
z$E&_jirQ3oD_rV`Uy@syvP-?{{3HTr%k9e`jLDbR4y2HwC7Z~0-f@L@hgou^_cwcK
zse}cV@)Sz`xQF?&;#<8<O~TdQ1&|UJyc0vJaqbNua|tPhOkqF!-tOk9YrHC}3ALiy
zfp@u)p$7ExuC`gn`XC|v{@(Ab4g*+Hdzh8Gv5jlmlBKmTkBYvUJH0*3fqbvJ=FnWE
zsg@Gl#UTzE>Z<C2?1aJ-(GY}clYw4f@SqGrOF-^sn6=k>S6ju`!Lf9i9h6%4djZ(L
z-s_w{P5Y))nT0q8DK)*(yT+=z(TfFn>?YZ(GlS~(iu%nQ)AcBnGwL?-2ntV9K=oQ5
z*6Y2Sso%^PQu{@2FIE7;Pw@HkhI%)WUx8b<0}gg=cu9A^_Ga@iuVu{~t`s&x7|+T=
zHptpK(tDY+G^!D)L>+vqSM7G(D>tGgVG@PSxhw2d?_qBIFnP4q?{=@?2XN$9yb7S-
z^xIjk5#2Z%vZAGTxC@Hi-_i8@1QYDQoeq&?)%qtAOwC=jKe}%7IP=Th&RKV=U8o&P
zGO?rNT#4*ZEP~k4Ucf@w1dUU57i{XFDU>3!abu7rp0V<U>EqZFXWP3nj~$CiGn!fC
zRn@B#IZf0~WSaTo9lBO~l%n~Cty@R|Zma}jR$Ei<^`bb=zRznrZ^+1-PQ>-x)$p+$
z_hHRcuR|HDUWc_2cz{E<^8t9U&Wu#-VtmzFP_*$u5{dH0u!4GL_Xjy{k3Ymdo_~lP
zx2H%PAV(_2$!vZO)phzK-uaqU+MBqeo&G$*`>lPe#0AL=Bf;xa=;O>HW}s(hQ6I+r
zYod3I89&K;(i%HirapO!7xk>97=qFLI@k?05IdAa&6Nbe@$cKmx-NgEiK)C0W;n_)
zuC8g-Wc=&5KI(3&26{C8+O1_)Ed+@%n6$3+X`KG($KkQ|WC`koq&oQ!P6#3L{3qq_
z@TZhLNQv{#&tYgoG7-;PpY}=?Hdfcd)?K9rW~a4&rci9vEU47-mLTr+I?2K;(`NQ)
z*+h~YDi^~zmdx=ku-|A~+I0vLPol-@E#U{enP&D7u{@vU^|DRiO29hQr9+~q{$Hbf
zKtgEJkc|yp`T~IU7aFfR#CSwfiup~=PX3D-npKMip$Y~+YPxgIOWu8y*E<}Yj7A;2
zSq`SljJe)*IP&m}w8b~3MO#bflf*WEp7R<tK)khA>~WFT$MBk~UJNuM$?u1K?9!{=
zMkZzfO3S|MZ1aUz;V-JI(<bTqYhfeKjcWRn*Xn*d?ySqG<%r2kp)zEF?7Q4}$t&JP
z*1lJ~0_DfjsAs&riGGy?`)^CQDfV;L{jV#1-OcjXY);HQnr^LiQ9~Dc)nw#Hb&qNl
z)wtKa>Oqv3I}WV|X38S(=VsU&-ruaDi)+OOz5{AsCgB22dyL~%@v<NHr0n#*B^>dY
zZ#q(3mRhXEmxn{mV>UCb{1>@t|FfKhE0%G_HZF5mGk4+y$uZs)&J?uTx`&xGEr3V9
z!uzI>57w__G9x!ynpqDA12S4O^Y8|=+WvP!IT>%sq3Zp%Xr9B~ajA%CLpzM^{huLx
zsYTmlm8{~_Ijg1s(zy8=n0|xNu#Q^Z^-9GfvRk7uQH55z+EyBn!Ck~(;uN7N52mWL
zCz`Krc=TE?o&n~FmRNBmyWky3TKpyJ>=R5Xil&i{*nzLCd?j@b)lzy^elw=bu=U;r
zIvY))AZJqwAkPGt&CMIU8=Wg^x9iSz3}aFiZS<-qjd4}rt6Oj4#at<_bgtmh5PxX;
ztBAC+HWECSpjXLPtpC#Y*`%Q#2p=Bvp~DP1i|4zWS@E9$HT|8i_-j7$F0kf(?C?M*
z+^Go<T7tRt2AWyvjrVUr@(upf=0F&j6o8a&f~C}K@)Grl-Yk2Pw#D5I2l2x#Iwl}}
zKhw(niD{K>^{Rgtm;L`#8k5_#%~?h=BLw<g6O3qL5HRBo^PuvM`a7VfNjunkSu*@H
z8O^{i*-_;sL;&0BeU#>n6oy9$z$y@GJG~!R+dlW&u{V?>DMgX)Qi6XAe!85Vve#ir
z#a}q5M*&%!-H8d|_(<*@9c>B*5r;S-Ns^OyA!6EnrLtdg9;nTCYGa;!k6Nu4cYDbt
zV<K^Xqxz`O;P*E6h8+Fc`-WBaP3>CS@t$VHoloqs#XajUsNsc_*qS#B+>K1%%O369
ztMBZJGOt;59rv^No&%0dDQ!ztu^RC`y71jkS9{l(fd{?+=v=hANxeZ&edi^UkLl%g
z1Z08f)zyxJE&09o6KmEXZx9^XA5e*uCbcXDN03t}zQy?wCQ5g<M$lV9G3Q-3R?XBG
zerA8-4$IkWf5c0aD*vcZ#)w~pN+unH4_FJ1D}#}4lZuh5jYl529=B0UjcrmvrP4~-
zy@0p;0$-k)b<%s6PClb8kr{1fcXTw2f{Q)Pj3&~qor9@hj~obTM;7jc8Kjr@H%nAw
zqO)!F)Bfb3)$^3gR<T8;3tGxo2!#!Qc-7I%Kw25016BTsAe{G??m*|xc)A3#HTFKv
z#`$#ds{QTVqc11Hby|Q%wa@q(*;hKA_I_lYKkYKgY@6h9jbbaDMYl;m=e?Ae>3R3u
zAd5~Ac;DP0G4c6hKGo^vi=_K39~?IMok<Abi`4zfm4UDM2&-J+BirUepRM-rYwv|g
z=@PZlTprG<Akpe~(De!kqw#nb(pv&>KI?aQvGl*Pyp4QzToAQ2V^E-%nb_E8@3mHF
z(A?%xjFc1aki9;?F%7?}UMFL8e-qy{Yg|*Gt#*@qsD@#BA}E6=`jUjQ=O=7AZYTXV
zf?ARl<&!uo1;CY*3To%9BT@Do(c{HT)K)$-m*HV9PWR=Sm+zGBHeCP@vAbKxv;qra
z*`FK>y*wet=U%3OA*=M!6yCcYd7)RW_+;I2s)EFP)Fw0Zdi%mkYvHraF=nE$Y9)`;
zY6c|jDywfxU%*yx=G+Gkcl8qDwi8p)Yfp6XH8oA%gHdeRsKp5MHL#P7HPu5S^TkU^
zTHhD%``B8Z;Il0_0)b9Ay1r?Y<g<?+=;=9zE?xj&Cp(Ky)f;D8b&4p;p6M+*IMw%!
z)vI;wIGQ0v968pk`-v9lOVWImA}X=ben@j_MUzhwz-qpc)3_mx*}gXvex2&|sTZgV
z5+tKV;y^R$R`+@%pKqZqE?iM6FGj59wd*e;yN(v!wmiZca6_<%Bw0JD)bkqq0D+dR
zA0A-qPXv7M3Qx#qGh;}{hVc&j4qE*qKIG2ui`}&*vp?0JWAg7pUEb2h#}T6imqMH7
zm>rk+ey}Rr>aBQ?oZc_GW6j(9ep=PR*HE1*68OQX($Tb^<&wzylhR$0g{boYM3=rG
z=4`r8^Sjsr2@`-27i(s$#8fWM@U0cCe(FsL=w?Z&Vbi8FWLnb&GM#%7WV$&i)gF>_
zCkerX8i9f<NQyDZ{qd7mBw*sK@8nx#6?JBN^yQi&;-vjR3sGiQ7vBfY6*n`c3D~ae
zoO+I9+L3q@o9&x#t;zNYaxovExCoj<LyO$U;x96rr(oN}X0R&*y82$T&UIyd>^;{+
z%fcVy<4sKaU?Y=$tYrgpXLpw(u+Fkg?0<PKr%|hD^VP=Ym`Kt~uQCnTBNd`Q{z$?|
zzn(tz#1pjCn)C8rzEjqMTsG5MpT~+@J9_(Un;lQEnEtW-$U4DQ8f~&K^}UaU+u0PZ
zVK*qSi87T<fp)&)G9Q)2N|xf=*J6nKFXvzlyu#Pk{!FqiivVL+Wh!?zzQpDwi5HoD
zSNcA*AJje>`@Ty+c3<Vg*)M}pYU>QP>^D5&F@1fXSO@$1@c1?FSGy>hm{--2(E65@
z2`wZsZ;h2VfXm8qMhF;M^;&GI`492F<@q*mrEpeD2B^MhXiD<ALMm4aQ<?8;V$54K
zp}1(EZ;Y8S(D$b``&yr!$;C4o^wNCRW7qk1TUFQBE)?}W=_c=c0&PbYq4||O#F7uV
z(N`uqqo8hSs#Zz!=me8@lkbp~KFCMK-LSz*`rLs5Tx-aj`H*9``DP!sA-Qz0Wl@P#
zYdkv?&9coS9QU(BeD7H6hw^%*Aq~ZLHqpa<>h1uVK-z_9Ka-vhVWlbU=8u4y&X156
zw;KrsE0hPlEwT+z9%wMP_*CoVgh((}%RVEIC$%s~E`c7?i+#P!nOl6Lt=YFZ$DYI)
zP2W3kJ5p%<9X>kK@4OTGarQHw0`A3ygi$-(EvKH3<bILv3WNXjL}6cd10hm)k8g=w
zrkt0)RJ=G5m&cYnMQgm9qsir5z#(m(PLj5Wi^|9230{c{O>cR5v`-2GWQ4d*DOqOi
zO>9G~!6V{c&NfHK*fN8Av}t+j$K11QtWO=Tgq1{8xUI)pnGuJ1eRUC^+`Pzn&fzoK
zbd$z;@n%Pn`>@MswDF^}hPeE5%;*Ps$<zN}B^LFAGp`un%QRQs>l<TL-doGyEAAyB
zW&eGUVe0)pb+kffTD?$x9W4;kuV;v+u`ntnDev{Z9JBoTM9t&k#+`yQIp9H`8hcQY
zB0J%cY;49p<lAKLgcdQ>yh7?++INYq%*=<K?QonfZjut!yIT<8Wsmqivc^q7K-o{L
z&xP0?X|dx-tV|8zPB}IaE?7RvhkjQvx%Nvmn^G-^sA3;Y6l6otS)~nL%2eNBE0%VE
zHo1avB$=ATAd$a~K+~D>s88)3NJRavE_f(dQIE+vu!*M`S;tRL^J&&Gcj`WZZ~lcf
z@d+Oa=lto8RArA9Z~XKVlG*VT{GjS75lRQ2=C6DeahE&M<J{JWn(D?{ii^JJb(D$9
zSd<CfetIsdG65>D6tfMV?bDDB3aoVQpo?MHG`W*QSv1Sn!?Zb-G|K8f$5}ddQCylR
zi-5EnRD_CWd>>j<o>j&rrQ6yRPPH?NSJF+Fa;RhL6wvj@minBRN-G9ifphCyT9^?F
zP{RsJeNQUM6Ac#))@yvbta>j94{!aVPmoyo%76F2Xm?$sCg7ov%sulZ5g5{KkhZ2e
zdaSwgWAZHkNOM-At^wNqQ)G>7E$1lda<rM}8)cQx(~X~Rb71mwr+$l?S=|b~doihZ
zreis$I=S5UrM=YS!(u4?@72Bwe459b_54)Cg|0#VD||uvtMUc?UgNKb>LS6wj7<O{
ztMx#_&hD3|nW)#DQ;BvXfqq(Fe`n2K<g-&6i1sh|T^6Z~l1ZAUB2wP)Y5a>T8ZRjL
zh2+Ae4cX<`#lGIA=q#G>z9laCpyo>()2H+KqTHpv53J_P<cnJ`cW-c7qvYKZh<!c{
zQ>fWsOvR!%Q?UI%_obPMJNQ$z!rerzq|G~p{x$4?7u&Ndv@mlgFF0JmY8I{(hCK7F
zTB-qZwuAZhbqqlbiPYVm_m1<?a6w^nQQa~4Hhc%C+VQ2Y4>=UIm(hy581E~A`b0}O
z@s+<J+N!?fLmye?8)Z(e@|{xpz~-p&_W}Ce_n8&Fnl+b9Cdyr<1BTl!NMZj~97E4l
zP@{X{BC~9*v#3sEBJcfZ>D_;0KI0O|maSgrTWHN$FB`gSg9wNBH_E^FRU)*MIpk0}
zEWIPJ8xl>s4}2O8N5)Ds28@KTxqGE3Lf^svw>-cG#eC$j8bIcyqY-4Il&k4D5c|Nf
zZtLpePoSldpUUedZGtHDb-3lG9;BzU+l(1!)@Qb=2x8+j1W(~K#!G3Qf-6Nt3zX5=
z#BT8|pud~D@zkvV6b?9g*i3v&CRe+cMcaII#Ng1OkWT$E@p7|fH5(q&HNLUzH7SQb
zC2B;ITDbAg26D_*mm@;1*#U2gt8$bGn2#Xv583IXxqvV!1%B81da?%M&CJhz?^y%C
za8w4uy9z8_uoM`h6$wPWH+<>ap!<p!r7>P(&zm63jIGDnRr)A<Q#v=uxZ2@YJ2wnE
z$JbsH<QCns*xf#j4$=$YH$V!`?Dl<S?f;r(bjU^VvrpVhOyEol_Zhain;Cl_`xE`G
zdne}Uc?k54(GcjQy$+Q)_PGks3H#h{)L1-6JY<&cuf0*Hzv2L!SW?ZN>)VMZ`%|;b
zOT{D*oI7X>1<Izh^Jmhz0BNp=U^~Abfe(-Q-gl4vrGQy?Fs%;xH0=?59xa+q{{fK^
z^P@vd6xY5)6H~X7?YF8mj?4+$kmpAairxIPt<=i^?_tZh&R<e?WI45oPUW0PW3&B;
zPu<i4Q77K1y+>V+s^L`4EWnIwVn!TAOMkHsKyNzh5kIho!;blsLU;@2w4UEarfdoM
zi^<1*o2{DTK7v)vYnZl9alx(56zQ_t#^fGCRhs=1N9D$=ZQGe)XxPmukxsl@rm||~
zzrxDK{^rwKKGFhJ=i$3AGOKQ&d_$eoRSzaNDvkH&n!HoOP3V`T61lxOe9CuH_JOto
z!a)@e{+CmzjW^dI{^$>MnHl#7?5y5jOwdaG+aU!aJpd1MHF+PyaM6U+Gy@(?Wx`a{
z?#&PL=kV{0;jKrFUble1wfXI|%{t*vhx}Aooe>d#RxFcQ=j3nsd0X_zH*DbGsvJ+c
zAHQCCDpMa;Px?(WRh*~7Cuz6vg?0P_zpX1%HbLu;4(5@IAx^xhaixAgXY^tqMat_t
z4?0q!{6{2D{|0`I_EVd3haZ{JFF7Ro*uNh8x}WF>bSbynBx^IPlE(N1C;v)h_~l0a
zRo1Y^e)NyAP5cB@rZ)B4P6B*F+mf=)o`(@oCz|<{{qdICrp@&62CVRBkn+6g{zhhh
zJ4jC&dF!`fPBlw)di&71l%7w~eqtJMpS-02&z5f@7C-hm1~}a^6jvJM&oh%AO&PT+
z)}N)vDck9>qqg?_aemdQ_))bljwtN!W+X>h3%|2t3WL8jpQ%oKf%>+JEPpR^RY9`y
zyll+#mF)=v7j=f?5S}23=P%#oCbgAcIS%=}fV-Q@R{kRn3E^HqXPL_(_%q(W&8kZ9
zi|}E~oTem?Vrpw|-hyewz=bHyx-WdGr7ek{&wMG8Y)(ID>t(Fh1i%PlK0?#Owxg%C
zP{7k4#oMc-!Q(75EXA)Zm9*tJwCx8|o$n<KDQ%VLr2Zv{6tYEAJ$^fOAjBi>h>Nzf
zkej@I)r{yMkU%4Byj8Rs@zwrz%G*ZaQpnhgH=FNOlJW{EPq(%Q{C0v&Hsa@C+eA9I
zO=ewR8q6A1eu}zX*_i47INA1LLYvYJz$|-+b-pI-M>s_MXdb?c8O2^7)wL>{`C6I@
zZTzZaXS3(@+~{P^Kabs5eu-c8WsrK@>=&};+xpcb2(Ocd&FpVWy94~y^&%~mI9>?A
zz-P9HGL?q3369&_tA$C8qG?MV5%%jS-JjSkyzrXqa%KU`ADu3=B58H1D#vE{wW<l_
z;A&w*nSQ`3JF&V}$IkM%cNhNZD6o{cZYh_W`B^Tpsq`t!W>==<$gY%h<zD;y@egNH
zmyX5&GzyaKQVwr)cYnE#L=uwDXT@0n)F=H)jPlA}_yzQ)v>tv+HfX3V`5yp&d<5~;
ztR<e8-P5m0$k3kT7FN800&{#VC#ruhzuK+YIE4GAc<r9$`4dq@^R9;am*+Z15z9gP
zG8X2+W^#MWw+-y$w_P^i^M%57Eqb&v&mPm!nJO>ip|Z<sw|C_R8epU!qz_Ha6)xXV
zC?P%20Efn#)>qX{OIW}ocj4=1MvLtQQlD?ZY+u~-J>(m%#q87Rn!bKS^fj`ao_@Sf
z_c`V*j2hrV8k)3UKz{mffB*Yd{s5>zms2n=M<?E39{C)<anY+3A?1#ubIrbdKQX`p
zKPugVf&A5xe4A;tp&hPY7{=xty%E&Lih2mI1LNsobn|t*eCKtXa_iXj@?gCi<=?Gu
z5{8&Q$S+;*x{x-msW}zWaeZG;1TU4oai(KqvMmoh;!iR~(YXJQ4YrvIE=1{pr3f`s
zhTvAqzYoEB*b8av6FY8ZmQ#i}ycR%25jp>Ex4lJp5x8>-G3D6{9c@2^uQ0U~E^=-t
zdhxK~?wc|?p?MTvM+OQGx+bRe2>-{{@ezE14gqr6Sqc{2_Rsk0pG;|F%Kz){W<FV9
zvnjqz1XXbp<eX;J4!gy_-U{F97a(<J(aG%Jk}}Bby^VM4(^ZdR6@Px4{~4?3c0Y1|
z<{f@%&nIg%vN2*PzYN>tpPyOj<9GV)kml4mVai<|k4Nitup^wEf8xCDDit~wz0mD!
z?a=W(_pmny?}0FsIXik5y}H!z;Ed6BMT+ghkNbeumTvQN^>v`^Mexa}$v*FO7(vf>
z+4}<xh#NmW)~_WCAXL7CiKyg3e^AxNa!{s3Vb>q$o*`)Fl1n#pw#cul5cgyZg<%&?
zf*(q*Fz$fF2Bp`+;`dKVzQ>yVA81KPH3tclQ7`!lbK+i`{lN*8{V}U(bL2k%E^EvE
z{)<8Wc);J@A#QD<*U^l5$S?StBm*B#^c%OgPNGTu^8cj0VU1H&pz+CbP`ZFEJ7~?E
z!2Z}fgK+6;%HF|&uzw9D4*yK_zwgi(?YLClH871P`?p&MCkyqTox)%HN$eSt@s<<8
zuDpPVa~%O~m})Z_C<K|=U2rVjEKyd%6y3s7XkV{^kNN}Pt34*fGH)8hqHiWh+?Uo!
zN-ZxXqK%w;+)vvJA)|qxBFV6WW6Uo#QkHT8epo#)(#@0~NgQSEoel@1?z1z#l%4HF
zSih6d*lb$~fKA?0e!(EhAlp}CUg=M9G?Tu^=~;aPk?p+a{K=-xGyYVw?5W!GlZL{T
z_ZYQ%<g3M*%2}|_b&uJBIe;QBMLuX>_1umevDq{Io1O9PsKN|?w0U8cUlSE`NIII1
zs#Y-@zB#+3_E7kiV^4EJ8<`*G__x?!sIfZiZi=c-;4-g%lUIA6^)Ions-DGxblNYQ
z!629wJ(^fwKHydB#B->N_Kj+f&$z)(gmNa|_(u0!Yb&SfCir;V#GN%(#tR4m{R9fF
zen0~)TguJ?p$8oL1DuWGmh@q%o{c*9RBq}hYuHPEJAjviq9g%7CBoFlfJh<nLUT{J
z0`^+A*)*IJzkjYRCs{cWE=7-FDnC*JwdOsE*&RFIPko;3u$t>N^Zh?q2h02y)myc|
zZ`U(nce}6AuB;IgDf3@yp2$lXW%YQqmSL*cDcOuPT>dO6IOCpT@cj#6YG+<^_w`_<
zoPve^@2%OdI}#7VdKlag`r9W;c9cVGxD>MKakR@ixLE0m>D7f7>zkw9#JlsRe<{JC
zObiz&4%|cOFxPV&`ExgX?jK;PmO3W^n=cUxa4Sd2e%OjbW&3h}cXMo+%{RJYLJ5`3
zU(PG1tZ-h*ufEOvn*0i)g&H9B2=U{<nfzF@l3RDaCCBIZ+x%6QP}Q4=igs?wf7h?6
zYh5KO@$ZJ0QD(#{zna~k*fNr1aK-L~5l*)JY9cb@(Ht=>v52Yq8Y--4hDcleo_~oo
zZnfwOQ`f+Kg^vk7xA*6ibaV7~_H))A(nk)g^}j+(!P@2ZbrMf?L-G22%&HaUGL+I%
z-lcZ<iX)=+5GqF9*r3Ms<Vs^N-ZBxeFFg(^k+E1uHa#$h{5F?Ac?YdI^|s^FxsB8k
z0%dba0?OTp@EQ9g93uJye+b0(4{PaV<sj9b7<&Ir60ZHoZ@(04?{tzw)cfm07DUrp
zn2XEMfPenj|FSjv6NuAV{;B-kw#k2~z4XNk63G^NDpB)_5OCDq#C_|#1lJ2usH4=g
z(TtS#=9|$+(msnPP`kw;4+v29lY5A?OZsLV;r{C$C7}VQP<;BYBp2eZsiYi1fW+#y
zar)<PujS0NJNEHX;{B^>@}akQs<>r)mEMvm8TC;C>0A|O?kTc~RbAN-xK8BGA{KDW
z7eZ~^j5WOwACFt2Nz~;_|7yT7kz>Lzphk?-jN0PoI^ynTVs<;5Gq7HgpDD$fwYzOQ
zhNqOx<lf9T1Nh<+wj|)&y_FAt<KN|sk5d2@;4%7NHU8GGVFL))bvQIMXLrQYV`oT^
z?mzGPdz+zE@!0hH<XEKb=dW-UV39hZHXdt%hA``Ze}f*CntS7Ik4fVazIR!*U&El}
ztiWnI7@E+1Zq4}4A!1-XQO49{%H4y>l(H1^n!Sf4o7h8s+--+MN!|W~oQ&!p`D?$F
z3Y(6m=xtuw^Jl*%NHDre2r~R*&5`%Sx4IBZ@s7j(SM5gt3RPF)MaG&zVD-p6v1{d)
z;v;@_bP+@lPok)W;9gVT<6iA<zCMatl>du-`RHRV2k9iLJ~<J`F-^)(h!9^_<B$q|
z)5iV|rs=P?sY!@q86TeVoBLlR6rD7O5cTpVk!CUXcbkdA1|_8gF{PzOXkXa>O64!D
z<=z8-Bj9)Z;jlF-f1M_$ac07wep+3!8)Qgpj0Hs|+RT^|p<UZ_!qs(Ovbr?hIn_Zg
zxjzdL7u)~#Yv7C5(TWh_B^m7)LEcM7(*mfXF=D(VEkNJewuq;tr`Zm({*3=ur65Gw
zaFmrEE67=NF{PZbv=bo>=oRBFY)ZaNZ1j8q!xX*>zc_ZDVctC#unk#WT!mtHWCPe-
zU<@Hv+p{REF9?jX(k~3K{k`kg-ib|w%_>^J%mx7szi^5^O{CzYVW7%PY!o=J6T_P<
zMO%55B>Qb>9MIqw`#TObM+?8){&_7-yPFZhv#vlv&F>r_v!fkfIhQUv_7P;~(t*c&
zYEfc}08*l`cMas3s5khAZBc<1a#N;2s{IA@n6k*xS!6KfMh7IKLCK^RL{u~b6{TlP
z;48}$8&FsTc}53*?{)hBQBRLczCBZj=^5y5S~g3zx2R?V88X`I(*<hNI0+w&lfk|)
z=2>>@y^8{s`qj888YLu{@|J<GZJK|-6j39+C`-pe)Ln0Y&DMxYdZJZep(&3K{B7T+
z9&ch(Z2T=S+2jK3L<rMs+9U>^a7Nk!#r~NXQ2#pNB0Xyo^8ojVM?kUT6lO{jcNjcv
z)&~HTpPCY&TV|^4AStl?ZJ#E8dwJw<zE}Ph`f7J}&N_6O<qP4$W#0gf2C?@tTenHm
zVCWhz{|!{M><9$Z&Cyl*<(*COnC-y;H7e4%340yaPb82iCD*Da@erKd;ct_tBOiqb
zP4Ojo+=qt)_b96x`FJAw?tM70+g=>dh$}T=zSgwx<P#d0bwhzW&2JNMh#Ik$B}q^K
z>|gz_@m{eyv<=w$6i;jG+|~2ZE9SS8Rbl!#FQuobuGfq0166ufF-vG$nQq?f5Fitm
z#_*(Ii>_1IG4O-6GCg4HoKUSa(FNBD)|4JVxoOD!n;%V4qljnfYN9432QN0gIt5-e
z$2vLZpsOia?a36J<4x9uSpnO^1Vq7A3L<7tDV9{;m4vI5w0kYKy-#wFs0Z{C1s|m=
zWXp18ni22dPgFvW?}&Wa(#<7w^_%O3ymT(CTM7wPE+kt_NqS?t`k{sFb-GnO81?<0
z?qR@<%mFGLOl3-k+X+In%?*eaC6)9Vq0=nCaSJh7^73>mI9bHmfezf4)ZFyA8iTu_
zcVLYb-zRXX2na5#^B}zhRiA_#pkFQxNR^?SNE`*qQfrFgY-=tHh?8D`Hrys|4b7Mf
zTQxP&t#QaT>J+Bx=E?xgD<2GWG@Y-I#>O&=IuO)M`T2@~SibzGrN6qxeP2zAGTmQI
zVw9@_5-;N_ZUek4!#EbhZbf-0emKzB6!gUsJoctmIB`q8&&3}%gDm+T{r+{!0vdkE
zS&8lkNtkf|z&R^@KtOc_fvi;yJS9J{%PK5zf8~5WgWj`ZAitJeTlcH>yWD>roT&2p
z03BGXZwP2DJug?ugIBhNNqdx2qK!d|x8g7>85C$@?!PJUrn7$Hl4fCBnlXdq?8&#y
zc?;%n-~)_C+U^D93EEo>3#6Ic$J}qzX13nPlaeHZgw*8PTgo0MPCj{v&2S|fRA+vE
z5k?X%9qR^@2)AAq8;W&AK_3q9&|f)T^0_YhsT@{jWfyRc3><LoQE|!sR9o$Cb)ST9
zNbB#-<pRWWn@d|NWN`S?UH*0zGK_|h>0sXMhfjM?BiQx1ez4J*B?z=ge+{L{3$cJy
zd;;H2e%qZ;<ea+@64r{lW&bMg38-l&WbOI@8k=!%0_77K&ArD)+ecm&RFef-ro@*H
zL)<}tJ<ZdPpnSC+7tkbTZqaN2HCcy`Lt~m-6j*JI93Q|zJpMnm<Dm0on-j}9IO+RX
zb(iR9j(1-`_=iFsx5gfCJREQn_i~n*Sy8)h2}vBY8;A?hHA)k>*TB3uFP#kiZgWl4
zLy=6=?ZLpBRSyNwfKngkuf6=p9(y&q7y1AO8Hu`8GYP`j_(;IsOUJ)Gdjfk|G_mfv
zEm-e;zoy*at4V>6?6G{~Y?FzGNWWrB{WCcr=0qmYdw3ljD~pE27uOPNp1C_l-7~C|
zHb&Pp-6^ff=$ic-Ub~)C0}{)SO~c_(8eoRe#VmClU5=ZUG|G4%4g79-AFG|4$|z+V
z1#t+}+0z1|UJF^Oq*<{Xug05?2i~*BJ>gQAN|W|x&Gdjo9b`HpLk<k$Bmf{CX9moG
zr%%2GLK-qyU2~ZvQNSeImrg;<v>%d$3v)KiwC=uZo(>=sGrN#Fua?W%rvpD)CuZ<M
z-5JCRG3WNuol}H$CJ1cEvvdOtsc87}fBZlhrm#fBj{YBN>`I)3eEDf}0`EIN>KBzi
zLmc%g4`DfVfmJ*lAr`YfkZQhpCh&wc`dN;xvyAa{I-_ZBwCUFxa@%r0Q{J8i{~!87
zpoiJonnOPS`2bek`qDt8o>gPy-!U)B>1h8F=R!uI2%~2j?(2am(Wdz2fRs=3Tjk{_
zZAEEhUY;F*zQ1B_V559z2424L8zJ50^8&lAIrCw1`uP|zXu!E<#KV#J(sFx$xK(32
z8|N_nv!}3@k{1Ldb(Z0A-r>-C#eJJbkb1oehxEP{h||QAsdKR~$1MzeY308j(4^r^
zsq_}_X~Ez4h&Jvghy&PDT<Lardj3wfGU^RmP$0j=>L83D3O#RA3qwPc-z*M@6DyO-
zR&rv2hA&JDmo5q9n!#_P_g1|bP*aCTH0f7cg?X3RJ4S5`<sOO+tZij!7W^PF$R+UU
z(_fQ#{z(z_F)=HctIBMJK2q!tx)Y0|JCgwv(ADj3<OFr-Zq&pKdNJ796x;#Q;DEQ7
zgH`x;K)R92<n0zDPE(?I3FZT=b|65l=tVpe|84+Gop<G#1*_n9&hkp?TgkIQe1Sdi
zR(5>_9Xh=m)?HaOY7G6l##lSv3#dDrH)#HwXHDR9>+BkL`U@r{bptjoDPAhIaF;kF
z*v+h4=SpMoD2e=`m%D?3Q+MA&D}Mv$SBV-!qnJ)3N~UES+2g5|LV#uO3o&l^z+um1
zW5vCNkW)H*DLoB1l(~UR&BTx7*s%`j{~BeGv`otV*k(suS#X>Lw_cw>k-kse;T$E#
zZ5+MZ%Kr>vwU>wH2w7&{W~MS_3$rvYZw;KX=5B-X?CWl9JkA`w7YwcW&mfwc?g*^4
zcJ5$(?0e{w4sPZ-A6TsCHJk`7IF$H`b#|w0NX!@RY99PO1%95N6m5on8IVA)5FpXx
z4rc7Gz!z5kujKX-y8{3L&iq>Wp7?g_dQaxW5w>i#Cm{8>LPrWI@w4<PP)eA*0vl@B
z9w?#aTRy@x-^cev?{_p1{ADDGb}$o1k<diSq>|4Y_E)$aNt-YbPOYl%pvBiOKpoy)
z&1eM&Yd;t8a0jWv&3RHD%-C9JS6veTK=k_n?J&B+3$)IUDj7O9UPa&C<A-d0k4z1P
zoO7>)>=#}&6=>`JKk&l+Kk`ETMuOwg^0M2dqzDjzU#n+I`-qe@YaNm7P}T6X|1z<S
zBM@(|qk$k1{$Fah(e8qMEI^x~E~aAw=r=1aVhIS-6ZuWTv3LGBTKn=7fpa?gz-NKQ
zrY^^6TZd16m$mJr!)sw#PLn#?cD?OwL?2FCG5@CWj6n53!E&OLG@vk-ppXs!9TV;K
z$;ruP%<q9!R>xDdqX>AC_Dh=lhb<VSHH_d6A3dI`1r}nuNN*0{o5=Ss!_dTxV4?mB
zEU+g1&6b)u{{+s-O-MBg7~7j|r$t+mRxO$;uBE91`ct8M>`dT0=SC$M{jv2qo1O7A
zD_q;UM~pBTv9@OfZLX4mae3SM9c-a?<XWMe4Xzgy4*=dkfC(L%a9dd64y+e!V%F4$
zf~0$u_Cbs5mY8Oa<hN*Qrd$}@E8;?^Upu$`oZo`wypS#)W%YwfP_QHYa)9pzdRk)H
zbS=HoY-ku1M>cO&q(B&}c4U*h5PoyhJX=!#j<V75orEUlm&QSf^Ja2cgCscI8krGW
zP;S%PlXY15lb2SaO@q^{9ZiGK&G}|Qn_qFiZ8kO!9!B7U3@uW}VN6@ECEw=B=%4_{
zg1Tc@k;MeRx2D7fHMu2IXk1{sCpLw0kH!U8TNN#Ww%H)L6$0%E3j9~r!Ir$woNX1<
zz2uU@8Picy)d&8s1rT-Q82vhdnZ@IQBKZ46AcYj|Aog!k&^a!|6X-Z?ijsr7tbr+v
zY>i2EzK1Zx|8FQdz<z1XOAF#tTJ8y+lTRUbCs<Y0*WyDx?hT41FVvv$-8FCHAl!ch
zzOmyk#7?$9_==vF^5vWt?{eJW6EjKt(Tn{8!7}$*0nXO;v~G%<vw@2HMjI$_-$Fr2
zxnafa4kFUaw)+g;Rz8Qf6+TUk<gP0PIBo_4t9L{`YuLp>Tlpbs?8id)KEsJ784XAv
zsmD0fCb-ZZQE^7~EaZMg41DHuRD1s2GK3tI`)+uVfLeCj;25i-EyLQ6Xf#`mtmf^5
z_JM#F#KuwObKF}Xy>;#2(qWx3O3aMXrgZkg9%tttXz$3ekZF<tt0^Cd(K4lZ5HI4u
zlu>42X7D$wpcCXG8B0Q(cygD=kuN@OIKChnU8`kFU5h9&s)9jvZA{rfLfSga@6kau
zh_$_jbBkMYiMzV?z6RIXHWKf!^JC&o;RNiSOLBseppuC-q59O04^WFK_a{fb8?)^9
zp<;3Zc2<f*#`~Txrt~B90Pqb|dFQm<fvC_V!Xe#*s!nkfG|wx2IB64SKTB$6CJn%y
zf8rK~`=&>5lvU7^)oIB03apn4&hnF0k{i@8T_!;n^*NC16E?^4oRizdtUT?{FiUrm
zMsdD(5DPPtOcn9WlwKPA(b=@ONH=V7DN<(2!-N_}+(qNO375JHWE;Q}(HG0gf<(|R
z4@&i(@K;cp+M1G<(Jjr9X^{xNNOxcDaN<I|B2hn+dA;Py;2Nvws-QYeq11}gxR}>o
z9aOu5m3^DwuDTy~^mR9G<V&oN8nXMY2};%vkFD%OBb1r@P|}<C4@z``D4SFe=9riP
zLCI|59@})5;>m33$KESH2y7qjpOPx^mL;G-&wZO25!M0sI-l=+y&x!AmU4csl*rHP
zKI+%!fWlckFu2%xhw?IY<#eAwt~pnFnH|>#RjC39XyjfnTgxv+g`Rh^CCKU51wXP1
zujfeUo52LaeIkt0tw<J^XC}{SU?p!X&z%ndl13eMOM=hA-lpeGwPUNDbmAshQq>^#
z*`6u=_Ruq=7uen2!~}5!zinU8PMeieNH%i=Ao?zfz0qDAwY%3)o8I_Qpy^8cg2Fa-
zv@dK9Ob9kLUtgJq;c|E47^~fIhcQB!c$l#Kx+jy*a}2-LPtEYID4ic30bv#v)*f39
zB8}xXLF(y`aTb(#Ti+5CuW+U*_%tb<J@C@JehY4<Z*K{zuZ;0^fzj=#q`K8%oD~0@
zPXW$i8)F@PB|<6s$Y4)%^X<HE=k2wW#0PXRsdomy&=*u+nrw&GvhK1)07pWHhLFh2
z%)%Ei;_jeo2L!w{wpw^k5UpnveB8<(Eq@EgI6{a!+<k9u3ioon0fwabq(9U6cCT&l
zLVuNwP%A+dl=|&VQ}i2IOj-!g^dRJSv<SjqIiBgdlqA)$R|!0T5>ei}&N%8o)!d54
zhC<93)AtQ2a=jA6AiX-Nf$4u=@Kx)~eYJesPNrH&Qovsy;>0E%?+6BsWfwje{NCh0
z6#Uid|1e~z??$s(oJL#YN9^@w_qE8T$37BaswV{1M}`;vgS2+i-!;nE`A-vV;lc%J
zwF#hKj4ABQS^`!`+PDu_SNSvq^&L5hW6X}p!BeJciY*LLPOc$SiB9gc9Qz>&C-qdD
zAqfJv^fm@1AZ&X6*FMJrawWBjuBZ-}0gu|c4D;0T&b3)MD5wA+HS$ujq;?mO@VNG|
z;28Nf?r~MCfTZ&~_o!{Rds=XeDR|u05O|Gh)lqklr=zp~_=(^G5czVPQXT~;*l;yz
z5FPiheV1=yPTbeToShzgT3=NMsS#_qk<K}fqO6UZjrN`Lq%$4#T&aQs5RQsjR7$N9
zazBm9B_>^B(q;tTa|Wza{*OORhtUo*oiE2y7fk(O)0xSzj(pXKM>(LwXW7~T@iH5@
zGmDPAP&LV_&P)J($uu$FlZ#IKMAR=92zeu_F#pGYJ16+ImHSN4wp>Ach|sN1n=aEz
zINr{muKb(mV&${Jh1U4zf+XaWKko>5syqdPpmIJQm-RP6dDN#VCkE3A*p7ClO-f3N
zIW|y4b}K}7*B644I)#)}gz3D$$Uo`%qAdggOWH?!<?7uaXU^WzkZuWO5Prc+4xLcG
zA}GYyyezB8(VBWWVLz0SmgdZ<L^>DD4XR%pZ{CMqyQ^$@J>IQ&2YPTS1jV9aUhrjm
z0(98`tU8%K2{YygKeI-b1#RCA6PN1H%BfU*yLCdV&71`e$xxy!O?|h&0-sp=YS1=s
z!N3q$qBF1AY(_f%4e(HFB^De?<}T~R>p?|hlV*T6xo^O($$G;Uc^r;M66}5ohgV^S
z7cLIIWu-0Q5tH$zdw%N0gDzFLG<ek6L8vIx%vu&y*Ox>~H)FT-$Yw!R?NH*_u{=26
zS?(^>Vio2P(4ag-NhjJIS`mEN=94{fc~w*dtF5^!9sa=nY44AcZR94qbr=Lfgb;#n
z2c^_HlY8oHG!o#*lyvquo0uNZUnk!|OSj)o6)&YIe<w%mn4C*c_06IS@VFfLJ6Y<w
zGdqz^JnMAw06Ugbw`;Sk;G6nJ$4sZ)D>-Fb@WH0nhpH;xgEB|1cI06vqeZuXmL%Hx
zOHDnry!~r}3!EW1U>(ecwT{?ROCBhvb!_Oe^++yVlDHM5id4xao!$_Xk}pVB?R7e9
z#G2}du^Bp63f*P^ECwg-Y&yIjtkxHxc1dfJ^n_qDQ?-~bF8h!ALT21@H0FXu!TKg=
za4^%n^FeU5)$T))Fg-tFqpgCEYp0))0O+Q^d-uI8YUL-vCG}|j@+=gkLVjXpQil2F
z)8H~^X{GOldx8DkWJ`Z&vWN>>A({IvIu6DgHu@*9r{pcLrx}}41*44b+IbSsbKZj_
zah8t>hH7t_PoZvx^xPiZ+BRv=YzZE8UO6;mA2EJPF+H{g-_}JN`IH>VYS4Zsy^PV*
ze|vDFxCx3Ew(dZ)5TZmo9ATqf#@d;J0hr>2uVIRpR5=?AW|UZZMbq%JRaJ9BH+}+>
z!#=|J{luNH7H^h)9^7drei4)~c_v{~pxy0hZu~N+CM*ju1@w0;!$xMnOT6jmuAn;G
zrGsk;LCrC930WWi%3-hiq1k3#Q<j|RsQ-}mYF`JPRf_vUl&lT7D0bWnc5B)<K`Bhg
zG}T92=a>OE;a%Q8o%t4SceSR+_h1U0-=myTa$(_1aLW4<K<ytxrre0V!M!?l@<!$-
zP_6tFa=pU>vR(HdfN~PA33W2t_cFxD{c6{UZH)IS$Gm&MCP>;IZ3*R2+C_1B|K;fE
z`ka{ua!TieLHq<1v;*6MHvCek5fQp@WAo?1pd>kF3c``%|NjU{c)kyAaeiFzPAJ=W
z*3ww9=e}^jRK}1PS=lgD-wd*tO;TKf%2z=>64yoEiD0x@?Fol#Z){+`Z4t^eL;s*2
zzr&B>0vP_2et&ijX?+QyuI8Ev;dry{=b$?91yX8@{UeZDwJ+=YeXx^BKWr~N^_&wB
zNCgik#F*4iNep!FYiN!hfQ;`t$`Tzs3ZoGQ(iy9JY6Y1CkM<AK&N?>K%&e$kw28;u
z(P#vuyU^ThTNDod>y|CQC*W&7A(PInak!w1GgW*N1!~-{!QZWMzuEgq0;xJpD*i(a
zLHlLlR_4I(w#`A6&6A;Srrok|#CZR(6{*g2Tj*d4?qTnTJt$$}KW&lM*_6M-7P8`a
z<a$$`SH6xFAO2VHH7ojWcMkZ-Kjc_ecTGUr|04!bW>=L$`dgG4dph`|Rd|NmDJSBu
zQYCn19Zlhn(Bd5{!qIjY*`wz~D-=i>J@Hjf!xYl$g`&-#-6<`fPYk_hA8x?Tz^{HZ
z)ZCmK=ThTU^+M$iu>xX`*Xko^<XG1PD!ncUso@JzynjDrob)Jr1SLkBUnYl03Aiw%
z=Lb^!00~e~1)aX$D?vds9E$ze2W@$BS^c~QA=__&1<<y2*u-|{lS>+gC}U|9vi&`f
z3=sqUa$uwf{EPM=+$Qe3z;w<rl|Qqpzcg{ChpH#-s?(Pw&;q7u$krhW-+^H%X$`f)
zBu7Wp-u!+Tx=j0tJ!~HpiZVwZgRGxu9vZVMIz+VD8xzvB8tBc8Ea%R`?Z8D$iVdlg
zhadGsSNy>Qw4_i8F(-=eZ2M<|vmStOk*O?XeeN#^c0&v2-NeD~PiR-V8`zD!(+u$K
zMIklXfINZ4Wt*qBvcM3Q!y?YCat<Z($rDO7#h--0fU**r+4T)ot60Lg_|U6XWqj@8
zsxa2AC|Ji<q$fJBX4xB(9#pb{*QO_h)|tPOLVxJ7f|YQraE7&R3UIhD1%KpU=-wMn
z!&{45he$a}38|*R5P8^+5G#$kQ$tl&RBLw5@}}`})58;zY^%)9RErABD?SAkO+Fcl
zF;9C#l5j`a_ZD_UDRX~S0!b8ihDj{m#-VuM7kbSa?{~=n4NDedY2Ty-v*udPV9k?^
zRTJQ*@}RtHT`2UswJsdes$5{%fg<@JA=5-%?7XPp^45{kHlck&^POqAh1|<ch&J9!
zLOZRqmoNg@&-f{+EovVkoYyY2!?bN5`c)^X093kl9k#Jl_oS0_qm!K3f%o_9$kX;A
z{K4DNKJ_Pdvd+uWL%8MyZygwg4no~g=IxA-paf=0!;hIT--DS@`}>_jjTk}lcSIRa
z&kEs83Gt@fE+MrNxLf%*9HqG#Fq2bo;z`zs&u?I+-v+5Z)g?5>c(OzP$nHrWzH>>T
z)@H4jJB#K*&yVDUuyZo7SBX~WRGQkmQGAdEpU^d=?h|<Le~72(G1R@{YT#e5+SDzi
zo=H&D_3W?c9{R$X)q}}f3wm-wtaZIYwga!T88}K@m(8Kett%nm^0^6(N(-58*C?jD
z@p<=D&;W~qyMYO@=HXIcPlkPfcd=()sEJ8B0vkVG3YUoP!}{u)p+?A=hS;J^;iaMN
zqHOpEpy=w1C(dKVW?km2n983lleU(1y5?TN|7a%0qdkpmlV8rrW3O;WRwGTh1yC?o
zhCa9EUj^mqQ6L!$k^m5Y5yKz8Iz(sBz7ACa?8G|YjJ_tc%c}0jVAh%b4yWK6G@oVG
z^u%x-l`oXQ&WIhIZN?UGfBryd)&5c0*NbZ)?c)V(NBSssta2P=*yOs9N?__biYs`1
z*>xdlGML#V<N1S(v*CJ(XZ{VmQK?$cGga!unr$iYnWi^|B<&78LR+ON0XH5L`W#B@
zVrWJKRDE&+4(h?SB;Y6y#YYPDfqkD0tB<)|B$T~k^^G+Fb~bl#NT6foOZyLH{?4{2
zaUw#ZOzUN#HueUtABtkKX)en=X?We8wxKR$QCL6J*i5;P=y<os$R=>!^O{vr7{cN_
zFtToI&>6DL#xLPIJ#P)Es)tAF38ugAb=G9^MrK)fEAKA21=3n`n=2I5OQs)v=j|bN
zHDXd86SJfMp;WyB>vcwBY$Kj+Zoc)i+=D9;Vb+~FK1!B|(<oDZXGp!I8cNJI+wNlP
zmf!76j!ky;s;1`Y9;6JXjk0+wS5&z=+KV5%jg}ufcfnJw^uqo(GHKy(6Vrc8=o{To
z*M*UXX{%QzjSYQl4H)OXNHr%o=*O(WwzZJ+h9c)h<l=ck$>xOt&7(}aJ&8@t+VL*2
zssA30<$J5_UUwj!0uIUZghCE<WT2S)-P@HUVrJrQX#0ROI3Dx?EPlraA+(r>7{ex5
zkd;CC6KzA4$Fe_Q6D1Fa)Mf(-N~Ox!QU;pxNXXWj>vi*iv?TH!#?rvd&p{XCiDp7p
zs%h|;e#e0qd2B~I$DsN#B-^Tqp)zaaBnU`3?40`&x|_QvimG)#4<DW!qGU278<)5_
zQyiLNl8X^Re-wv$+qd@~$nANv(0fjQ1eMs&9DuP{vy#SG!ym0(6g^JIA7^o^zPG=n
znK|-UsNDWs;mV~m$!95i9v9`2Y0fu+gx1mI^?`cI4X==LYWth6_!>e?cp(X$T!Ooz
znyG#jH9ho$en!0%RzrX4@nlH7+g(&+)Fu6NdpO42_EbnSh{zL?l-bH><D<>Er)@Tk
zYxFDf?TTiE4qng{o+yo~V)NmNdGCej?mLqum@z9<pog;y0k-S$qsF|9AGLc)NW%|Z
z%)up`^x|Jbu_kv80x<O%__op^C+qg4EaUQ0+^+j5&{{r&)Ar4?A%YOkg)m`9KJVVI
zl0D0eokObP`cnIJGQa6*?a^pjn0>qW^NX=H8lr$o{=L4APcl(2IwYo&o$~gVI9N3=
zx!e=%2H~FbpW)UKb8BzKrpPj85`LoNlSzi!;wOO&0oTl62F<l{=kvI^xh(XDHMCrb
zHM?`VZY|uSf$5e>e($Nc1j^qlIe^8tK!}GgOK5F6yyCD~@|Q$Uaqqs!oPNbU94gOB
z?nPx-(t*teKqyXzX=Xed;EO%)gwGv#E!3*ss@EN6*Cog14S9d#a_TW0NnExQf?mHk
z)Y+_E6dG-l79dr~gEu%{0~WjA4x8%D9{d#!;b9qxkCo-mHfM(=jaKQ7YBTaM)=t4c
z&3c;st2rsVqOeDjmLi&}mpTHNJ$RXzm}@L*6c^8hZ$y~1;(3%Lz5FRk#)##ip2p)z
z8Eti_2$4RKw~|$}hQ1{_@5Hy|@7#An7)V>+bx(?;h$x|sn?puh56jscIuOnb<(qrf
z1)POhKA(kI^d17kyBdLcK~qwp7jhJk_EBa_7vkP!YeMhoc_<vrd2oM^FMX1;s%yKo
zoFR^^VTdW~WF9NlGY@^Da;Oizu?D^2z|*Wy^hW0x*`|)luwnNg!*VM__P49UpjOQW
zEo~I)#*p_z8+1)+l&NOqCu0&)L<w<@30P1aO!*a@@X6W#+Ccgq7bT1_xgUl8)<Xku
zpqN51=P%5NPeLcHp`Sto_6BQA7<;mXd2^FHN0mYqUm|B4PiBsLKeLI9tT?gvt2c9i
z*KKjX^x%7`RD=lU%xeu1SLG&LB#q&zWZw-r<!uX<Tfb~`ZwAnggshpY$ovK5q7B*+
zQV$3)Q)~{+c<)Cog$sc6^Z`273-j>hj(xy3D7Z%j?TCjt787=cG<eI8c#i1?Bk!O7
zc}P8DK&y$#2<MA3-%Mo0bzis(rbv8z84_ogqm}>wQ)>yX{x5e&@3tuhlNxs-brtnt
zyR&a(JHYN(Yn}X>kFlEX;jgS9S?l++C?{4YG${QqLSxpqA&pgl8zV;F*EJ}Y{N_mT
zpZ7v5BlkgW_OmJhl}w(x23=wEetSI#pu$Ng{^`$;y{_X3#rDUX821kgTyh%beb)fa
z^U7+O$+m<16(Y%EE~*J0X@jO#*`BAW&anmEzYi_2ujiQ9rXoG|z@NN_LL054heG-G
zvp8%IUWYw0`Nz=v=9-^E|5yWm4qXTE*kSn_bJV?0QX>zA+CP6F+}~7nVolEc64KBP
z_QDk0)P>)~N6eb}sIrxR!*U0lU>oPgg)_{FZ{n4ufJ&_3t|vl=R@H>!S%*$!ih#kB
zZD#$7cz9qtpFHzq$O((S#W6w-9I}dj3sEC9^LJR7wft1=;ulT}cQj}J2z_N8_%l?$
zo^|3cNB7OLRnXjjU|pWm+|RLOj?$SFoh!~vO2P3n>x?b2fEAdD1euURb$!*@&=T|b
zIs52jVH-);Wxxm<nDysF-@m&we2cT%)En9>F~TgpAWUWpMM8kVewBcZE3D6ZBt))C
z-=<W&pT}<zs2_e$w}B{+JotaPsi~RNAiUnb2>^vdsC;FY^JrPa@b}iNM&Vx0Ua`;G
zl6FkQV<Jt$yG_%k;XkeB&BEOgk{LO;K57nea@<)oH+j)v(!-;|Qe2sth0o%DCZN~9
zFrJw3pZ4`GX2v;8_fx%)$v4M_-xns5rOa7;=1BV0Z(}3>CocS{b7kZ^@ze#k2n(za
zE4C@+lG1co-_UzFPH;Fd3Qlr{Ack%xs%02DkUb}R82QjL+}!LKoseXXwhR-CY!yaA
zZjBG0vbH6J+o;UXf@DT;iqez9KiQ{7p)LxN!vOB5gvo^)mKy%u3~S9Akm{+}8c_4s
zP!9LBH0wO!Dg(Uz-)5dKd`4$XHR0_P#eeP(|D<0`G3<%6@tJZc(Ca+mMrL{Ia5Hn+
zAvjUzV0gOy+LPyr`J>gunzO<1m-?x3tA#%I5w@Sy2Yo#~99BEZ0r9FzMI3Lw4}#u%
z7rNI0Pq??47YPfhU?!IQ`?rO=nwjH5k<x)&SbMQ^0mp9##Ov5L;oa82OTr4;AmQK(
zQHgZKwtW~eZ+oZ(&-F3U?ZN^Rl9`nQ$n35ZJ;HLOq1n|gyx6{ihpi2<ZFs^4^Hc{`
zVs^*yS-pg%HLwq{<NkNqYOO}RF)+Y;>jD@ZiPA}lh=5-*!Wzx8%P{R}bU%-HMa_?U
zz7iWYuXDJ&8P>`E2G)~r==yvSj|wumd&eSuC&QCS3@MF@c!hpx{^?=5MP0(0v4{^q
zvL1C+Tjzl-mv;pPBi4V&J}4d$&NG{`!lSLc>@fMI!*k^C#IF36EdqGv&LnD;PKO(q
z{J(=iEO8bnue(s3Tm>H|+brt9m#TVHayM6p_i(06RCFxM{^oB%;Kb$1#GYYQXtGJv
zT2RIs#oR<J3_lcFv|OKcQ;Kt)8q_{X9y8(?{IGp)SVeX=ZWW$NHFGau5jy1A>xTjt
zMr~wa8<{QR=um@~m4)rZ-s#lay&Os~clQZvf*9r)+mL1WktUKwymCh$XG&ye%xaHj
zn35c#(Nz(y^mi`{YuXEmigRYcU5Z;FeTLn@yEXi#_td*0teI29GwvtGTYW`X!>>G|
z+Z}UN_$%w=RkEZpeZ#g-Bbx}<9br1iIHnj4zpe={x0h3ubfw6RE!n^PJ)wYH?PE^#
zbJi4Xy*?#G#q|(gPxcQBB1L8nF3M>L1e~P+&*XD{?UO{=vCvhVnY#u{21kReOSV?u
zXPHTNvtZE!xZ3PmdzdVe??qXxyVCQzFq!9_$R5(<rJ5hm(sHj4|7d005VnKKD0mB?
zyVw(K;hO)lG>CdRD!t7wH`)uEMWh|&HC^~_XS4mL@aJafpztZPY%m;V+0C$}<wKO%
zgn`+`eKHv8GmRC8g~6O2Cd-#P!d*Txo(11XCo{H?FCH*bZWw(_I1H5Lt@7`6xA9jF
zMz*9m3!$BO5CT4Td-!u}?;TvT*`>nC>1wC`#D0&vJ4_p>yLe^0ySYbJmM>R&Ih_Z8
zn0Jp$aayp&H@7rPdO@ITM};-bKbzb?ecNYaxPAR-_jb**#GY$uHhhb5^z9fCZ43@y
zpA8|@+>Jy(J~sS`RXHwf8)ZVLZJ}!9cSCVHQ=%lqT0Gt*R$bF}=nV9aSdI68$K~Os
zCU-oIqY#{!y+XgQ{>P<F&51*gXeHKJ6H|6?Sc*(Jz9YXwJR^Tvn!R&*_UnuIBz?B}
zzVH%VK-wfJH>-0tY`H&7vmk`h$qR_16}I7Z0}9yre+I_4C{2Yd^R5b~nyP+bkC}3F
z0xjveb!UKES?RE>3W%`RKp?|fCpb(*s&8z2H@81}?9h$)D3%nEOr)g$(8DmNnuldy
zqbJDUb`y06b^f9tDO(%&Ho{`wq_ApE3Q)$7L#XJ@$rN9}E5c$XvV>7nT-HUsG8hT>
zz`8K+ovR&3B{_4VOiX11)<$u7msL4c-n{?6^7qW6;p;J(rXfdk8xf|@pz5r6ocl_i
z;PhF`rt{ZcVU=*uYOFc`B(!?qDd*t8I<F)Vv*QdNik&ILc9>QBS&HYRpVjwDKC5iD
zLog1WQ;82vU|tDNPM*VXI*A-JwJXF>-IK3XxctH#Bu&)<Y9-G;6JBIhJS$>-+jHT+
ztewxx9FLc}k5aYSHJoL7y#TNBz8Kb?MUtx~;5fXBh7!L7gQc$$VPEzVBNe_Zvz<KG
z5u-UKy=_8v=_jzOb(iAWyZC`nOTGF0ys$Jl%mfQ(K|vUOem)bfDwBtgmvfkvFsAM&
z>64d4n-iC_6U{rb69o$(-m$NQ7h0ZIb&li=K=0GS#H<z)!<q6L$9UL6F6j^@6a1nZ
zQAP1OM|bujmrvl_yc~;j{~HMX_ZKr;rDvQ@9MKFD{ib_56<JJoD0(R~Jh4<}*nByE
zo!zaskJ;a~BCHh%*(kP$h1Xt=+FxD~{=u5FQXW|G7HX37fG+0?<+w$w!sITDU4<MU
z_l`?<%5_SPb8P-u$7YeHANQ~OX63jPs35n>opM*PGd?REa%f5cEA-0D_qZ}{HS}n9
ztO@_+P=YEu(d+o`lj~$|F&kJDN5Ba136I8^)2}BG#NQ|kUQf~_^v%LCxC!>%fB>xd
z5RL8JGvRLLcxBi=!*SP8#HzX);Yb>hJ%uB+?zZ5?DbC4J6jl`oOQu4npM4NkgA|lO
zwvdMDA(CCUei+saSbkLgI%pPp@joBATcV(oMGHs;9<l?1;4Qt)KMU|#9Q=guG3P%G
zpIY^qd|BFNXSapOjsqH@`#5e3`&h75ZWy~w{?6F$-sbT0zk0DbE}eBX{i|&0N;#U2
zqF?z>Rak9b2d|4oi!~4J#D!A#Tt(Xy)jScv<L^hU*gX-xk7-;-!(GkXFYJxSH>8-z
zFR<|kI>0a0ZPKwLieAMr2xLgd1a~Z0e-|@)7h5~vD~_WcB2BNSsB<^FI_vA&vj+pG
zn&_Lb#t6tjP=#yz5VR^>3^=;?ag<{Bu#NqPvV7IwI)ni1`oDQ@qRHPE-e{8dhyOBZ
z2f|Wm4+8+Puczrh7vU81JW>O6e|+eFqApH(K7O>7OBjj7^6y0I&i-Ehz3dQw?MK0b
zB`@U%PRGF?<<j||!UgrLA&0}a)w8x7;or_TDdUVy$EG2224b4C8a>Rc^aM@T&QY9Y
zrS;-t;oY{}86o)_$FWt4PY5TQSHmlGKu7Dc&IV(Qr$JgH)9lx<MpjvwsegvEN}rE!
zY?6NqZ)++a*g3t)WtaCc^`?fdGX=kg)#s0Lq<&JdKc<|5pA7#)=0EYz+J#e_yy$N7
z8>ckjps*msOwS<fdj0Kgv|XMo{#)c(W7GfMBv3vi7FBoi(0|;URScnDqbHuO-BuE?
z+o-*_Zx`=~eGpY`_Bn`T(lGm!L6g7ZDy%BTZ(N;9V7ho9dI+$~z-Kr&!+SerrNab^
zz?N_whtX!^`S4NQqteI1#kIDyn#s<yi+{#`9A7W;qVP*;K&>jx`Uhao`1YNfZoeS1
z$V$90Qoo+LxPIg}aZ1Myqmgx^U<Aay29dq^!O6k7GZHWrJ)#?!VY!j8S==zP)tcHU
zl1^o1<48x?H!9!G&fKFJ<psBqQ9ih7MAF^TG3LhKAy=Hv1JPz$R8)*9X%?X|HkYw@
zd^bgCviY9~o#GC}*Edf_MUjma71>MFlMZQd!y;LRA%PMMMJ_S#bfxE1aks?AW^i<*
zgj*nqmE9siQ!yse#UwWYedL~)$ZD%&EYlN|hPn~zo27SfV|o(z{16veZ!K>TX@fLj
zaVVx`7FovAGC~}-6VX<(D`i^cmttU5U&h>C%;T}yts-w({o^B@;6(|M&bU_-BVFrR
zamkTX2I`dEm70E@8)4?BM0Q(KQ+0fPhON~NH*pZ_(=;veIZt%WvM*(s{`r6sZEF;1
zZ*KKO=xg1ntElS<k!-mVFi$2xsioe?2H-2?^=1Bu^kB>(E;)?O)$G?{>r9X-u^DW&
zY*^lO5P|n~i!?LWBuCQCjW4zKm=)6LZEH9(-71VkE@94{(>oLJs+%0&+T2uK964lF
zw&4b1YOGC30<Ty+IMT)pX&d>*%4?@rGN>tsSm0YX^Fb#PA}!4??IT$Eox0+-8WtID
z;yXq#*D?fUqIY&AuqZV>!icg+<9oAPd#+(gAI^w;W(~-U^yKK%e;n+s#E4%E;25*5
zQ{*>mYiAbGs+R?wSv|7(D^x|iT?YK$PsB->6M2V2fw54K$xgEXO-%FuLdjFwMdHnY
zu8|L{W!)k+G#w?$12Y+dIdza?a!&P{cv_nDh%6%Y7ayfugyzwMdqMN;SCSdfGa{Kc
zj6be7i;>$a@`IJ08<7YXi>^=9E&4+f<D$&WyvXO)sNNAg^ppBT;@P)LBbpu~ZHPzS
z7*GAOLt)?YT^WSu*>dN{Z(FdeOd1#G1>~%Cx*{Szi;T{o4(WcyTp1Ccjg)BVtN+g<
z20OSaLTha95z*G0k$EV^Ousr(Ex%?-+c=^7ioR@k`85$$t}=3f%+Q}3Cq*tcRd+B0
zMN`b|A8{}~#}9@eT#9XF+TOw~MPq<bxn)4)RVyw(k|J6fXY>Dgx|^DL1@_c(q+h8s
ziB{&yrVRDcGP00eKtM3uuZ>U|y79UQ4$kW9BQ~C`v?J5U&a~llM(rS+REMZD<&ubq
z9n?)`+SLrYDRR`x9~40Xj2WzCPZ3Ox!x^C7pP4LGF-o<>vxY`$tY*U^0To7)b(si}
zZ%SY{<_(X$uX`=r&MFxZA)>aRkgsJQGRYTLqO2Ji`P2D-9aAi901@ddN!f2=if)a(
z;M~Jm%@ziS%kK6Fon=Pf5fKCU&PX>|L(-6)d3x`T9Fs=~n6lkC-y1|?&6^Pjdw-t@
zdBSfn>|dLLZB6Ap5lzwU;;uf2>36GewDKr%a>9~@6yTV@Su4gyvUv}CF8Nyj_MOI?
zn~EY|a;Zx;Q_xE;g+<Kq|8R8IkB_`(P5n<K7e07z<SKH9?&mK&B`b$IKz*X%{s>)G
zgPw+_!$Z`;pL-zE&>Vh1SfAWP2ogL83p|Glc#MwOkg{7ykNXi%0-x|d4zYM+JtC9p
zMBgP;Me&tY+!GyVc29`>W9^%${5B&ayNfenS7tRcWusCXnCQYZGLOorP8~BjLUvvT
zvhCo+NQRj-CGw~B{}px}U{xGl``Nvh-aClkm8h4UU6G;`3)qMiMATTK6iW<BQxrSm
zXNx5QUgcORCeaw95;d&RSYpg)jE!iFi5kT;V@DHP67hd$FD?G&{~vhX=giDGXU@!=
zDLZ#|Ha}mpJ_L^`b>j5{2!1O<x5Fvb1;&AR=MM*k3kvaGOa6Rgl{#{Pk#9cZtR8k_
z&9zkbTGeCq&LX3ipgO;0^Z^G(t@?UwG|O)ex?|xI<9>5`{q}X;RI8coYd#)UGqJf1
zl`X~>uud&CYPSssV@}sHtT(e2+2<N?2<rkqvhiS<aWkw6i{jS?XwBN7Gxva%BRRZn
zw57k7^Oop<YQT!Cj>(doR~WCU&sG>^ZgdDg0%k5&-3*TR<i5hSQQ7n1e)!fAPMj2A
zm_1Nv+@ww{Lg!M;R~kcc48&yY0FPL$H3<eF{G6?+d6`FiRcz!NFJP+63rxMqVU3aR
z_=oUcZ_v_R$Y-tbJde=!XLv-Hb;k3m|9U>IcHLmM7x#1Et>_|SH#)e{++VQUm|bM-
zPPHY*pVT|0##eD_w46_&d7J7)+VgF`&A3?P&v%ShP-)@(y<0?#rvC34&#CfeBQ9=D
z-h#66{)ZnN%hK^mTD{*H$?skCKdcF@X~)Ahz7)LGxC~nGC5uq<@9Q~=*az?vOLSH4
zCx{NA!g$YKwCF?Q88vmgQ75R`JB;|fYWYsg6I4=R{FCOLvYv~#JN0v{vC$V2G&Xe#
zxvbQWq_KtiHf~`N_zS`GYX}a;ms#6K7_gVNQa@G|iuBJ#E)n*BOLTzb3lib~k3{?b
zB@y}mNQA#A5f$7-;;5a!ZwGYn5Cgtw`p@!&H(GbjSSnC$uoP@DGTvrnJiQ(w1<=-S
zjAfK~-nfyToCj6@EuilOV+q~A0BYTLfF9o?^~U$0R$er2pomMLsyQsV3<&)JaEZf$
zD-e^f8cS(Wh!kwEWrBQcA~7*evJ7-9KC8E;b63GRyBg5?8sIdCX+HuCKSA)zpFmCe
z8Tonr0_re_v|kZ)x(;gZb!0#4H&BkDQb=7X(nC=S%NvN?$zj+{fN%>UTR6nsHm<{$
z*%7z)4xsy8z%34|?itG|x(3vB4u$uPYbfLasEZut{|-?80G#KL_Yh!w1gPRbp$&C7
zucNg$*@sE~G~+Q+0-hMR(Ag)TW<3QZ{|V|F4s-s3F|Yg$>LiD$&j9|lh&x&fD&x7a
zY_(@#+3G`qW%Q;1a1jCfIE>K&?Dc?;IV4#GZX~@WsO=nHvkEMsXI6-N#~Q)@Hh_m5
zN^Fr3YX|Bs2OI$1K%E^x{lZ~|BOt;FP|ab9Ga%FjaLEO#=DC7mZh&(fX1fDgdjL**
z1eQ`R45b!cppJQg%Jv5M_yCUhK=#dMpj><di9Yg0aA<RwQQI7GTl@eC{(z_ckS%Wk
zs;>d?yCHB5t!fFXO8}UE4gmG`E1=r90`&ujMXdqt+5o=eFwY2Jfq-*?;F~FddW8W_
za+oRu{1w144%ux1K0$yZ9459y=5E2DKIJej1odJY3N0UnA~+%pplc8Kki(D;fLab)
z!T|{pfTtWbMM9!a6sQLr)^`N-?1Z>moj|SX4CvAY@GFOcXh38P;2MXeT>)X;0GGQ#
zVt#i}N)N#K9;mgjum;~M41;G+?FoDRVv+pcSR}vkDk!I3fW5sSoZK6!R(%kx=mTn4
z-@wx1eh6*lkk}vaSAWF669=k)Jm6tG%DZj=H0^K9NOR)g_Hg2k3E=rDA+Ulr3<MRM
z2=1GS2);8Ya5p6n2IV~j@bwU+&U_72*igW24(|;EBn?M`)d)ZZhvBaycVQ$F_HoD=
zg`jT|5{`1nNCtSOAdmeiP(LjdEWx7@_dSQ9?Hg)BGw>ug5L)%LXbeQ;u_(leu~3*Z
z4&2S(0Cn^YP#NQq>iQ<A{T#-o0URa(Dks1pe}6&in;q)4rc8vKMLHM@IyB^by93(5
zE4(4BS+YDFGP_@h42(eJfQSap4<jI{nY$|;iZ3*#Xgc~wf_-QPjDF5xOD6KoiENP8
zcz)wNPEk!GeQ05n<VOivX#8zaQZGsh_rNFaJ6hxCjgC?%J?04|*-+MN64bulv8k{(
zRds~Mdy|m7W-_2#4tO5Fz?0qyJf==f1%1e-GjhF=1Lf^HH%;-TcRPc<a0;}Ycp;^0
z7o<c@MHbhl2AXJ2E*i{l8rtCVX^5LR9U|^C00(BE-E(IKZlN}_0N>66^W@o}0_FhD
za`;ak;{4}=I?W+39}3#c1Du`*1=Icms>OW3vH1vQF97Ae5Y%T2Vep%aFuvF<27JJw
z-&=@#@D`e6e3yTg<TAHc7u^t<5{(w5B~Z4kF_Je-aSRxZF{u5l+(1haKdKIN4D_Oa
z1Z#I5V?m$CNPYRt$0t90$_kU8Cl&Z2q0g7LxEpY3U^)G|6na-I1B5R}+0Jsvd>df9
z0&%-Ij3@wzg($~14ugwOb$=FtdS@kSvWE%fxM>2*%2kN#v>Nd9Y9uTuMk!kpf~N@*
zQ`Ug;TMND~)`H4h2QiQJpx*2%1q&l7eVv6Lo$e~Nq=P(m{04yYM!+W=MwbBWN&$N~
zj4Fe)z8utc4zFzjJm>KKJAi@j0{-Oi&U=9Vn*k3wlxzX?dLK~3VeM9!8TA27y2fG2
zHpGQ~2)M*y!FI$cJ3yV^0cy@pP;DvzXDU#fsULyz-vu+i*oD-L-Jsm}AYtDgB#ikO
zU|)&2-Ibt5sz?y`g4)Jm@F#$095(L*4A>8NvLDQ)pMvUr0Mxw$pw=7&6>|vi>mdXS
z4ns?a&p=(_u=ofPf<8y)-+qqZ+@pZNF92VEfrRP*1=aEx;42O}U!pPGkAphE;f=2V
zPA8!6;}f8gP6Dh>0V+5QKMkeA8Axn8gJ8cZ=zCCwxOHEH>UI|J+gT(Oodb0I2JjPy
z<>vt%z6D(2u=oNX_&dP&-yx&9--8Og2>ALURL!^qD&R6y9lwl>Cj0=(<qG2VT|w&T
ztDx+v0eh;E@cK1S`X2$?e}t+*KY``1pAdZaXF%L9i2MB)P#b;)#9oKQ?dzac{|1P@
zf#5GUK&`k5h`0r)=CI^8+&}CNR9)gQ|1N@U?*T5{L+X>RQizDf>8OF$IDyy=Zh81A
zhWrIJ$cx<v*EjdUHRk~+<L?kZ^E;>+e;_X4A*hoaavves;xVY>kHIqO34+a@LIG5j
z(}X_(?tdZf0EajJ1~@%~v6at2CD#J1p94O69$311xKu`>0NBQ1uqYAzAxfpRK_`_^
z4?U<`dL*o}0Cceg{K}!g3J_@xxW-|r4Is=G5*KYj&9?(6_K^L?9@HEMKpRKE84lB(
z04<#XUpa$ivWv8lyj>CejKc&sfSWtuQx4-i0FIu}{IMsfBrix<dV|`@VVDm<Xa@M8
z84?nGq3Q{TlIDo(<p=7HAE?FM%yoXYo79Dh{Sgz>0{quofGRWqqFMreY>Bv~0f5j~
z5WK`;K`TJp)`&Zg-;QW%8wCB0fMXo81Cih@f%=TY1csoi3~E1zu?oz#YYS=*hfzV&
za(WOX6;n|=X*b0MOYf`27i}g8MTQ=D3X2MD^1Sns=e8zKVSS{0U2|;2;zL$1J`Z&W
zi)eiIij#g393u^ZJ;#ksOU*Qdgat*?AMsL<A>0r+Wc1X`DN`XH6y7#?sul<i3Jnbk
zZXXmPsd)n>{McQTAPo{}`e3PC&3H{ZDwsB2uv6O(mq<_I5Xnp3oFv^9$TSG#rzuir
zooRDGGj-!QX||v~880!>l%Qa$7$o&H?PNa|j}`T%eR49L8zp&>MTX==iNlbT($?AJ
z*fw14mw`5-wrd1iH9lK%5ve*?I&M1r7}q9Emn=+~CtOX3I`vhTPnYHjl#(ymQJNL&
zw)<X>;ex5^bt^LT6$atLXy!>3bERSQ!$}F7j7+gN#r4Kld2LuPDwrqXoP#g3pc+w#
zBj;S007U_6!aV6#gAzuOvjo}H?i60o&Jld@SS?xY?%dB^q)v|{N7ZAI<fb!~t+ypg
z7h0MQ4V*$%?t&d&Gm&uCx=32K`*h+ykq&<(;l_lwrE*T;*P2z*DoS1<#hQXs@v}`H
zbEJgvvaNb`g~S?i9%RZKKH^_gt56*+nobYir>QpW9Wq_htU~ibo$9<@`b1B0`6x5j
zO9S>O5@l?b`kA)pdDsn#?H}7?uwhJ4+E`Q8yrC5Kse~VNu1JnF>53F&l`}OXFm-ee
z-Ty>t<}4Xr?bCm7Y@#7>Xz$p>SObN8Dj7@z7UAcXBAuS{evq)p+KsXv8YNoNp54fC
z;s)8#v~!8Co@YP_2PF&}l4MJ@Nn#tCut)mJp;zL7Aqj@=!!;8qWW0=@36CKAj6>2~
zDw70!aPORiD>hP?&u-thn+y0xg5;z69g(hEG`4N_my)-Ngo9#ZTzv~!(><B_l5rkm
z>W-7rPuMc;#c-f7Qotn#y;0k?U1Wt)zK|kKhV9Kwr?#b1^%1m-9gnU#CB-1R56%1z
zHVt^6S*R1%NLfwVrDDt#n&=_4Qe)OjA`ZAqbmlh+*Dib^MVJO08pB=5QN8+`G)GwZ
zfxF32K8Eg%LZ*jrNw}mNOe>E&P|Y^M%9MT7N=?2coffoaKA0!j@AmkwjX>~fyy+M%
z<1C-Xp026nF^roRz4CZ7+UU((O$W|esZ}-78o@3%b&4S^bIQ2!<0g~CQ>mM&dbHJ+
z4<1N5`XPehK7d=2m74HK`dn<vse&`x%%M8#*jfC7k*YYVm)+U0#^Ul`)JBc*Vk^<n
z-eoRoOmo&=|3al#3xW;KqX|}2<;OfsT{~N<cP#{eLF*;hR8|}){|<AYxjk5W^|Y0M
zAMgvOqk6RzzgQ8!f45?|Bml*w=dGBB+O`$z(a^HYbSlQvlz+mPUUd*&sqf6pi{fkQ
zbW+BCbj}Xbq!x62vc%|)kzK7faWFlfC%BSds^qVxNvuDdXzXFUa>?8%;eF<yR<vUd
zxPGU>Ij%-C7y7cgUh}@WimQ4tP%sH*-$8PqYKUf;4dx9}|LlsO>Kw~5P@8<HDec4X
zgKIqNfvZ$S8;nK_KA6Q)R3v=aMDSdH<|CLzoMIV%^64XctC0Ivq!ImOy!z|};FU&E
zF0wPVm?3yj&0;BrmXBavcpIz9Ls*SST?Yy9sT_D2#9Eu{u{ut`M}d$jkHcvWI1XuX
zE#{&+s^SIr;(X?)UK`Fz8d|%Y3WJ!f+G8a1){!zv#LZ71DL#Dc=t={2Deg3Jq!{Kq
zB`BarR(krlF;miV$MqQ-VCXi;5YSBv(cD_eXfn)oG9}%&G)2sfpfqQOYvy)K%%p$d
zPi>P#gQ?2|rh^X7>qUb;#u&0=r07C<A0wEOBF>?E`y^L2`wj7!;1V!+a%yHyDwJns
z<^=E|rB8;KMERMbn<-_g6+IX)HmA#P$li1^Lv**1Yz>A1i9KTzsc^XLPMN8qE#3bR
z9`UvZSSr4f+LLn<254tr(NR5|%u+BprLo5X)wC2^tL-MSpoY3&G%SOCZXUZAW(wzc
z{km6Xu~E8u&tj@|rhqdINJtlG{|tr?mT(VlHWOVg$r3eRGo9gTz$vV&>N}HF>Y8|2
z%3N00P6y`*Z&KBKh>V&EH;K;^a161Z>{7gdb;tWoh)099*_@9Vv~Fh8Ji0Yal#mu|
z!o=Y;pG_6$$zrC~vuKlFbBdWM_^1g>*fya_)-X!1e!7f}5Y%%;Y@ulOzcOFNjy9}j
zADO4q%FV1VJ>MvdqU0@g^ApWlEZL}+h@G-iF%sOtn}ocpj4x+>)vOQM6SL2%(G|=n
zQdJgnQk6Yyl0a1nvb~y7$z}+2XfNADTMwbDzw#-oq}`91KTZ5W$Rf9InTsBWOmV;U
z0mOZBi2Y5wZi2F}7Iu4J8cG}xXE3&EmC$W)?^dnaffHxZ4=_LV=4b4rNRHP93??_B
zH|8t&Z_QCQNsF{{{D%yVdqajGW2^2w#=aEj>gQ|#t^QS5tVyeoUeXwu|4(VWw#}uT
z&oC>(Y-GbHEC+IKBZtuIS+WaVx-L}E_ovuZdQzp821h~bC4S@ytxXBVddj{b6g6<*
z9562h`<i_#p#1zmI?rSFHy8{`J1I75_&L^E&>@AYQ86kK-sg<C{7PedoFjXvBfe!`
zTBNy7s7(p_b=d`mZwo-MF7j|S%pMSp@uc8Jz1b(fXUTNX7Q?SrcL=6&-E~H25@$-`
zlg+H<XtIAGED&>3)wdrAo`SjQ{ux!*hWHs?GffjOEyDt9#}#&v3ZJ1hZ(m{goWiYm
zwaga93e$>3;4RZ(4pWn^G4DF%@-rPy9bIDsn<Ug{QP=pDKeKXPM!Y_wWjXy<b`GD(
zLPq<GL}!Y3!lLBrQ(=<(OB|@Zxk8WMV7s^q9Aw}s)D5>-r53KsBIgdnxjCfcz9HT+
zkqa=FVXcYF;q1`x_wKTZW=G}J%N!LyOKFNDYB0`nMP^&oNB7wsK@(MHiDJ3%G8^%(
z0PhXs)=2oU%`Fx}y&s`phz}X=2>69r)5M4HUagzFB;jSogtb=(K4l|xu!A2uc*+dw
znZH>Yw<{d)W%2OHS{9{+aWWZUvYU=^VMaI#oa~PR?+a%xtJlgsDCGiLajs{*?=+3)
zJsJBzT75m~f*}I4X*At-5R1)z2C9JUYnUzPGxq?p?vAxORvvZP%(0L&sM@YxJA%_V
zb6q=oSjwB=JUH>stLM!nGA`TM&TLfp>1=_#tI$zoS1}qxqPZjDppa$^I34J}Kf@R#
z+p96|qL-PyX}C@XCup>GTj?Y}5|KAQvd<l4tE;?M3!7~z_LA*XOfHGM&Ty2G^Hh4t
z!$j)gDNCmO>3a3FkNjMq9KGx!;zZHa1FVIbYmg6eB{*!TDIM~PoUet=wWgYka-Kj(
z+Q==`t429gcv)LwACAkCUY7qRpZlnY7)9PgNAEKi)D2!J<m1J=L2`GqBI*(>*S<_o
zR9%1lvIrCP^Dy}twd^3@^nFQ}F+Y?VJMpy}Zg7i~W68gmxmhWO@Tds1#=Hp3vHTgz
zoYt`ftCjrjvM-%q#5Zvx<(|~>5C-bp_M#IljgTGHgeW;l6mZL1gzQCCRT36WoNGsv
zXpfJhV&#<ZwPa2E;^gLPc4t|}mz?5cAHv$YrJ1p0D|1!lXj#>X{CFSN5@gE)&57GL
zp+LxA)z+=lwI{r3<2QKNDeMW$gL~q6#6MDgVG*jOjx^_!%@{8B;07Ic5n5<w@CO1c
z9Aae!(?m4G0aBiv-$yi>b;T`|J=Lzg<=LW&Rabj>U>eq`75(LbR5b<@`>aGPbXbDy
zM9*`WMR69x@_^Ul5ApKnd<D^xf(OX4YH5NzR-oC-Q2-vMg72}u8#>%vZBBGG7qgFV
zy8NMeu8xxwM|ypx98ZUK=-ScF8KMO#bNFM`B*jVXl_@{4Gd~D!tHqFddyu?=*OD`p
z6^Nc{@=O_v7tH6b>WbO&Nb{s#yh-#T;}p3swTsY4QP~1nugVMM69Qq8>rPj<h`#ja
z3c0Tu^Ok%Y?_Tq@>f-I9n-)pgJ4GBj-!8sNJEo(4E0@XJu}*=Ft21C@VT!(;TCqZ2
zD^T!z7{qe-qF7p9T|MxN>7l(Me0Lh;QYx|VIPi(+%C+{RTY1c04PGf97jXDgc2Tdd
zl5Yvrd^?J`kK`eGadH+FeIR$DlJ&Bq#pJB?aX7JL)Zt|2Nn}v{jch>=*30{;MLPvw
zJ=mi-(~fevw`o&eGt1<(vG}KoO|rM?!#o_K{8%<n@NrbK?MB&6J+?tkMsxoLSG=}X
z?rhsLD>Id^NBfMW@*z42n`p8P#ZJZo9o1;ryy@Dw?LPwb7K*iko7;;?b@s-oo+a`a
zf$TTP-N>gDp3?oK7)1R_WoJvpFl9#eI0{)W`x74W?aWJb6yseUw6{#|H92c)wq~Sz
z({-~s-fV6Z4LBh>kar2XU*aaYrAVdQFn+Gzf+nocD^XOiMNT8Ht@38I_f9!Lprl>0
z9sPA5<7M1#xl*9*du40-<B8aeo~iOqwd#O;UPrGVk&n^P6Y>{y!cXT)XST{w>ebWo
zRe?5tEgw)nJ1<v>bY!diDjmKg<2}I3ayCg<WHYBZ4#64f$!a-XsJt$B7O|NsU!nNh
zFzaA{ou|6)mb?nf^hYq}S%S_@%YwSr!1US#-2{66hwP))-jyvxYW`6Ej7Exzi|QdN
z3q`fSN~wm=*kc}3@^s$nQ(J|JYF`(n23K7ADmaO%^H=<EmryAzAMvUZM>QonJGH8%
zaz)fSn2HWIRi`a~DSI)tje3+TqbV4-;Ze;BJYd|NA>)G@JjhqbJQW`x%vGkCJDnD%
ziA^4?jQMvlq<T_KD*Uo^iw^5|MG0t<Wp<^`n`)N9xPQ$TELg^7p`U5HJ~eIeEMKK4
zMLP3pb=EBOB+u14oTcY#D%N6RPS3)VA>y)&Bb63S*jAoE4VQ!{gQ>+PTuP|1xrQpM
zny~aNS5liOK@gV%YlV(NN6<1m7lvwTR4^t%8UI2)VTs^qw8V5s_n*2F)GM(VlFbjW
z6pd1bG-0ehs>?JpqL<=g;Yh_+O%GPyvrt*2au5|&gLbH$2LD11X}D=h45miqd^e;C
zOU~eW7EpM;u4{sD8ahPrYQi_=vCfOuj^cH9Lx-IXu2hSA-d*oZj!$&s%qG2{{?;}n
zxrxO6JbeytTo^e_aixoQb;y!8$l=>MBbD6K!3pl_(#@(ki<&e@@kcLxsB@;|oO;Gn
zk96*8%upo|SL$HwCXC&#>h>|pV_S0a*Vn1cz6d*0{PiVVTXXBgac_*9JUKO;s<V`N
zjiI6teapts*YlO}+O`+1&&2b`^K505^_G&E=K0PA6N4KCh3o5_NShrH#I*zg`Xnk_
zh6>{kg&JFz$a*`#wvWoD!ZR^H2B{VK3XXR<%~#&V2P62rFfmbYr(P~lo>{8SYm`+w
z%!}Ag+JmXG(O(UfSj-O?gf+p^6(YWpHc^i^_Y1JQ$=#Qn%avxuQ<%O{5)L_r3eRH8
z?`1-b?#drj&3S3g_^;V$?o+s4ac|7Ru~eDxQte3aqOKG4Y4i^Pac~;Vi&0*qf6Zi9
znKE51Td%x@3!pJKs^d2)u{u88S*tfUD>#CR=`Kgtu&cYS$t-}4nmM#N9=oE(N+nkR
EKMFlx1poj5


From 8130b8bc86ccc7b02430ba58e24471cbfaa76e47 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Mon, 9 Dec 2024 15:32:55 +0100
Subject: [PATCH 120/129] fix: Dev dump for pg 14 (#10531)

---
 test/dbdumps/opencollective_dvl.pgsql | Bin 2931712 -> 2930688 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/test/dbdumps/opencollective_dvl.pgsql b/test/dbdumps/opencollective_dvl.pgsql
index 6343acb2bdf007412b5f3697eb6896995c3613a5..cd2f59adde531effc042ff6a20152b0cddfa0e23 100644
GIT binary patch
delta 45391
zcmc(|2b2`W^EiIpGhEIAF6@OB3AcN2n|Fshj;NA3L;(R66hu(q2qGZS_%V@IXaf>V
zC>c&|0f9p?07?)Q5hW-ppuk~3L4jXQ&&=*@v+d{ezVH9u|DNkIy;arK)z#hARn<K+
z{#uV_)UQW#9?ExlJ^m7>$M5ob)sL^l;c$99es_t3WXzL?)FPCQlCFt?Kd1V?l%NHd
zmz1cFo|aB;N%M|F?-)LK6i|St7S5J6!-foVx`M-T3*0axh~{SpSK{%wk@ioY^dQdF
z{<&M4XUWS@DXM=me4H+yE2aVb!>f3m-r#ikoaI$X{ZakX06cyM;B&eIzS`LhnxLZB
zg%FA>rYJbKL1A!hoLqZ8RzlVlB3O^Z5z`PV39gNA7#x<E7Hl8C!@61w?Tg7*p=Zv@
z53Wv53-(JmXjvzO24Peuo-KM)3=oJZ4$e)^3vNwH2rf)Z3(ieCVxdBCm#21ia(`sq
zD1`7hVp^#D4Nh%Q+bXpgvTPQDdL6+TX%{VZVgO(5bLs7o^?f0P-xX7!*48ewAef(d
z(fXkfGT?}@sE`k2S%Qt4rv>lK`m1P%5L$7>lmt^7H41)vJ~_BJ`*_hOVo*<vm4Plg
zpHlmAP7`F=BZBohe6`7qGLhvoA%xRa+d6kJvV0+ga64)@=iQ1dUkM>RzFMW=BC;M5
zLihtQjX)S=t<%=1c2r?5vK|(~f++G-*jaa$<^}(>rUgF)wLV+)k@c7e#RnSAP`VBQ
zl+!KJYH`VWWIZl~ce`SW)xKGJO>ym?)>LHuNeJrk#57mA*?d=NbLg0~;Go7oSWk(;
z0~#my4g*g5m8R9sy*3tEPYdCFj+jD~{G6_+FnFP9TJWbP2QBqta9{99(_byW2?6}B
z+WKbAkoCL}0`!vAm@%TX5I8(%y&wh+XcI-oI}L;9W7BHq+2XPF9}&3U<%r3Kwk#M~
znjQSC?7M<1V#wOhT6~VISe@tCA2;FoK`bgMGIxe8J9xPKLu&&us7LF|na<+iPmash
zcp)T=U3DfS+k&?IU}M*J*0xBi-I#E_UVXy#`~5M^RM4X}rOj%q-BVHUwZ2&i>U8aM
z`uzd2=Mc&#KTSkwwK?7kxIl5cW7NimzJY)3*%!>1Sd^qA2D~u^WZxmwDA-ep3o0*V
z)jk$TL&4%7QgFVuPHa$)lD2Q+l%VygP<1f*f6yus2M5d!6)DczGnF}ryfFo*-~xt9
zW;=1iU}e?H;G(%D@p^?yZC0BeIJhzx##Cx&w7V9OY4s>Rj<wzrLT^Auxo}4C+x9ET
zY#;FO`+Nf};BeHw)uB+riaWUX*<xJ~0f)c#%Jl_^j68+n$=Rv60WQ>twRPj%;HAq2
z!J1C<gD0Oa2_Xb(ot<aN!S`Rx(pd~RYrpLthl0tAQ*e=nT;KsF4k`sfch5Pba{w60
zS`uQ!>90N8lg0%vEDaU80<|CX{W2kV(<`BRJg(Z02KSSLzr7ZM@;Ym)?rN6kbh3_d
zfv&0@<Z>C$#y4N?2$sB2Wbp3|)YjEBizAL@DE^ud2?OP-@1So*2-WAUt(f>_gJ9jW
zvDoPkzBsrjRqLdHUteI?ttqIzW7;3dD#&!FU+2&BU%vTDMeqik==aF-3YW_$FcA4~
z<M*q+gU7anS{-oLwteafp4VAUQamo!6!;Eat_!t3pv2@tN09pGY`LU57i9&P&%PM^
zr!EB-XOJ;|oKNaKxKXhD`-0$=Ig82BL@6cs{d=KqRUEZD=YEHR*L@H!a+BR&To_z+
zA~Sd~_*XFSK?*KWRqMy#(H$wlXFd)?dTO&4tkSvj>fCvQ2X_|f+Nn6mS|1Fn^ye;;
z<*i|?Su=wBj^>iLeK;M)NkMSn^G}mCPl1Z=-)m4+98R+66lzpk_5#7d#{0wNzF^D6
zMe7$Oqcpb*g{GdEYgjv-!ETE;lG9HEt!IuHqXSy!T=Frp{LDtG`af-=^eXy9r8u3z
znwPI3zw}0#wcTFAK-yy>-B=q@_Xe;vcygsb`0cVJa&#t6Al3Uyy}^xj?SrSjHwKLY
zmcWcx#^GS%k6F5EDxigI8m_6dgJpXnD_FJc*We|XuCC1>>k?5exmCeA>Od#eMW}%M
z@_A{i;5V<gC!fxNW{f$JrB8f{GZ2$Q>Rv~=wL{+c76niI5fX~aT{~#Sb%<PP2hwfA
z*bRQX@_SM~4=DWgSBMi(N2Vr6zADYF{e9Iu6nyha_{Ttu6=W0Kz1dp3Yt4{U?DCMh
zR#GFxzH-UlR#M#btMpVKSX#e_^<4z_zn8N<a)d^(mvso~(MgUa!!Qap-R%yxscXp8
z)V=j*VtW`T<EEMf+Sa{GmdhyAHEs`CQx7Xn>{wWFdTpDB$oM!ElCE2UWo2DGEGsqJ
z<AbeU%6!@TKFshNK%&hw1-Mv&OJGX%&D)Ve>Q|sR0E{Dr6JW4y{w$8vtVF57A**h{
z9uMi7fQ-SbcpSAuJ}8u6@RloHvs#@Osv~S!m?1Xv37kdN)|bYrt6cE-$N!KyNhk$3
z&mj9Mv5O6z%AGHeuiBy%@<$5F%F*UR#S@502jbUFtQk6L+)%Qv6UwV?zUz?&?O~Io
zkIz8lx7TUX_rHXUd40jE&x&f(_a!4T<vEZ{DI0aU!9Vxr>61&ryd805?~^zo*kfM;
zDV~lpK{~e(cUHI`y#Ctu`)4;OP>l86t4-62@$GYvq};FseZFABgATmDL2&xC#w7J=
zIi0?Esnmw!+TD0#yITe{C%dnd<|UT4YBhf7#PMY%%}Fn8%Qrud#J1w#%DWTEgDXpm
z-s)jHhW>A;^LyB`$PR2%f=3VE@AN2|?u)*!TG>dCd{k`ok>4GY7Ve{<^QD5|*GEo}
zBhQ0WZR-5EmsBjoDdb&CSl9iY+E0&Ni-J8~PQi9fCm(Nv3qbOl$WKLK0sFndc0XjP
zIvlJxemu?PFm-O3hBvY;&LmgvM?O*=YfB|%lWm#7S>GoH-~6F7xs-_GNu?F#8WRt!
zt?Bb;%2~BlKQ_UV;`5Q)n}@pxjE^}de25e$W8D~Pq1KTbJbiL6X;TKe`I9Z&hJdT~
z<f$%+(|M_dR?7c<hR{rp{~LT+c&g%;WbIj1PGbrp6)jB7RchnT?*ePpudj7r5Hl;)
zc=jozQ+XI(@e*r$=p^V3QrsR{f`cx6MOHXq9Jgd$5gc%FH#yJ+x_X-vWu@ywSn<Uq
zfO>Qr9o*WXQSG?DGcozfV@T2EaJUzAfE86;oIkmAfvib4L|?AaY+EM>f4RJg)MY_e
zrhSAOkc$Chssn6KOa@sR#M!kcuhc+?f+>D$1=0;{_}L$m%YG(pJK{LDVlAI-Azl7K
z8EQ#<aP+d?q)I|#$$$!IhC`bJ$k!ck9;uhmMl!p*ltNx;gY*R$DAF%vv>229?ZQoP
zdT1~Xy@ezt;3U&JA>Ed7IrI$>Nxu$f(^&~98<EGl!>Dkw)$$1TdC946hI|3sN#9LE
z3MTHJ;TF1Jr%c8y!1>gXil##o10J%rceshL(<oxUlcO0Zj$TPe%@H|z6ST&qjgKyw
z=p=djW@Ajb9BvQ2JquB}AT?xjL|PFphlfnggZ*dvzRcj?$1G%eF8Vsnr<lf`TcbTC
z5A7qnZ-gG7Gc+s@kCRTyM_!dzKY4O^SRSw%F!Q0;^<X}z3qjQ~3#oD2hLI-<(P;9`
z2;kbITM{Kj=p(ZK9;EMGfG3(+3|mB-qL?RvOko?mZaT<{K0{<4tZSOV?s9m2v{z%a
zK{fFtMRAkm6T{;7xyY<$h^aRn-V{lQygm^a@@h?;-3;v}Yny`-_L_=v4SGH|eY`oU
zhNdb$^7wQUF&`ORhKkg&LVb3W06jk)i1~C4vv&p!n_dPQwq+)0nEX(<!+rjkhGbtr
z&Z9G0pbtQ)6onjoJlx@a*srtS$&4<b(;!CDLqQhO!vWRxc&;}&q=01rPq&gYeL>m$
z8DwxPFwN4t;387*K-<amZO~!Kv%*sGJIPTe`jO-=FqL`e4=(f@BEIXxg#i~imVpb%
zrcNl0TD|C?WVHx8AP~?T3)arILT1TR;8TX>wi5^<z__|dwloBZ&ba|KC@2&YBK27?
zfS#{FNG7hvNVoG`4n@)QX=dk;Icg!d_q62%TRzj9JXr{GU{8m)wjnq41X(D$a$RW)
z%GGlTh~Yz5h@2C=MmaE35tSTGYLDU(xwSd)+Dg-a9o=B_QQZO6lC>GY^!4LIYT$G@
zX?aI<5n+dm>=+YLc&Ee193}+yzzu25^(YUK+iwQ5u0o@@;s*2?sh=t(lW~uQgzR+q
z>Fb?Ph0L~w4lil>NSL70t+9Bl2hL$KWfL(u+8s3{HKT1el7E_l-3^a7lY{-B!IfG?
zPxiq1%&M7lk^S0`nKNW>57cMDL$HAw+|C#wPMFMY?1}p7wFiQys`Sl|%ju#Ad!sl+
z3f(}twMKbFPi=EfX3U0)t8cTV1b1%FR4L13<jtrvd2u2b?vGqD`pgNdqv~uX>-wOE
z^wQ1f52Us;39Ms%jdBL<e;X6H)8&uJB6Dv8&<_33b65o}b(&4j<|3_ex?N;Y2`;3z
z0qA;(WX}l;80M$hx1lbG%;}F)ah2APOShvFWKT=5_8b9Ycso5nV-L!uw!x?=N_Q!m
z=??6}UmFe2)(aP_-U+h$4)hYa$B9!5>_VPAbjqE`f)-SO0NZN#;2M$1)*&z~6DEM9
z{`@M`6CMv;GZg(K1(()@%DgU8e<SQ=)tUKX(6V3zIz&dLNU6A;N-dZCaU(cd)V*=Z
zsRH;hSMBF4GUXoB$L4mJE#sC#9%0_Rau3=j1$UkbRqJ!oBco9gB9EQ}iM7`_PaT8a
zA@^S+rCJ<9Vm=rBZ4By%txhqBz9?+FA6$Ddn=M-~9)d1zhq;$KWRSTx;TBBJY-f4u
z5RBdG`@qdqGy&a3n%Cph;5)0r{08W{2`C4p`P`;OtE0yE$@|e3$?fow6N6BZW~I2C
zJ|!jvI`!spWKAbjK+jJ^gJhE2FFZMb<;W(7cGHk~<ZYRX4v^|QQ7XPpqduUIX{f=k
zY^V(*)pwxOCSIWsz`vNtsvkO*+}0S>{j=#PS5np8<#OvI!{sxz#U~^caMQ*Qp~i^B
z_JY2;UgK)S!)O~BI6+DcHlC*M6J5@LCnlTJjF%e)J9bW|Gao^}qTr)zLPAtrBprH=
z8Q+fuEM(DRHVe7*82Xa5`U5E6pi%zwKj?_$hA_`XmnBJeL%5uZn@Ufh1liI`#HS19
zO#3X<00o~PoQgYX#Qy0Qo=qMtb4QHy3Na-YOcK4O$PH=NIjEcDaVdtx%qB~v5Z~#D
z$!GYaXs#`e{v1Tbpny*EVDGH)*K$7k#^!dKJEFCitdsf|AQ$UJdxVEaPE{um^-rDi
zTt2X3nXwGsM;};w>&D|;`sQ=0Ava^F6i=2>FcB8|rPS02P(RIm0p&wKzl?G$@nVtz
zde=e~ZpaFNOA^B=^xYTHHHdV31?3cF3gN)0Z4^A$vmv!DMomznSKBi{my;PeQeFg$
zV9-9a1QtD~S96Dhm(`@g<>D$_bnjB+L)hgf`zpY5;C=&VB!z_Ja?@5XqfCU|&fvbC
zS!Ab;6OGG5XS@RVWKN!xK<0Fp^3%<db9rG`FnT7=qYYj|b_9k1iZ6}ulljH0`RI^k
zuoyVqx<l4&R)&BW&ri3!j;;qheXs2fm_*?e;{|A7IVwY>=ocy8?lL1OVkAY~GyEv!
zl2`YmY_j_RDkOCi>^WrGO4#_+)WPGN#WowMUWuN7Xt%!kH&2zVg|yucnz~Ar?XgXu
zPOZdnPC9Y5s=}*mQUdalr(eXDhM_KmfLju%zUJ2<>z+f6$iSC@t-ZfXiKK8X+L5UH
zcU&HY6x<-?MRXwSd9q*^pG_U>U^PvIFb&&4d%?Z86kEcI0y~`<>yZtSnI8bJUB$e5
z>ET+`5IJ=>j>~JFIJ$}PeAMw4$RZI!_lyIdlf1Ajf&)K&{%uGhaKU<`gP6r!EhZhH
zM=0o-x<{PZ9cNj3i$N8tY*0Z1KGLoyjFvvDa7Ic<)DREPS2u_SbnQmuL}cJ6D5q&3
zAvKRPCKGz5=hz{z6j>LeVlrqsbWF|HQUfyRUG%*I`wy+HW*IdT({r)yKhPuSH84oX
zW^@|tDvgHAY?5S%X}IY-TaXozw_k;R>?elv(3Com1hISuaQ($_UOH?W=!Fv&b=DTY
zd9EKI#`Don-&5x$a5KyV!>VYY7!(|z>MkvxOjwAr>9FnU41DD!DIWV_qTGNj>ERC2
zL&UI8%AtEcKn_#|D>LIOU{;o4;>r}}CGCCR9pmmCJG_RBS%&hL_5TPVXF#8&0_FzZ
zEhOZ1&{-d&a^%n_sepOD86ie<(!X|qJh9>=`yK~_^Qmn(BQw-MSR&#<rEVIoX+Z0P
zsy?m3aiqsOTPO0yL6k=>?m~Bv884zlQqY`RM8F=M^9ig=ZrJTHp}5SJVU3t6*k};c
zQ*K1Be2O5#dFXkR*xW3J`^2bT3TA(IL`wc6B{nxt@RP(iK6+{|j4!Y(on&r?lx3MJ
zhV|3x&rpgA>n1bL!H^xe#Js?H19aYgSX>piLz~(nt>Kws!b*&qR0LM+l^v*xw0*}W
zlQYw738d}|=#^V{g5Z^2_C{pwDwIkV??kx^rounE?nIen(@UsJTem~=rn?<})9Un)
zus)bCHLH2(*qcV*GjtT0xfu-J$`_y>sJj7~L2WlJcoF46H8MFn9nAH`U!rs}h@viJ
z)n1fD5_;hza&ii{e#3TS$pO?3W=*FyQMjGviQ-8yKQ3By5NygMFddn)xSej|oQEyp
z>Coo}wE$zW5qV}k49rKqhS|9sOgbIhtRTzO&;v8?)c-j`xc~tQ;r=o;P9NV?Rcw#T
z=WaP<@c5WFq9X)+wCr2d43R%ipcK2y=Vibvq60(Xmbw#YH*D<Cp#-JjYsvb<urr1D
zd`eT7&(Ba-MMZ_6d`vQ+l6HR~JN^5Jx(9$re2UfOQyAL1=x9zq?Rg9pNZ^b&+T+*S
zvpzb4D?nd34o<X|hB>DR!S7+Uyb~QM;10HZsv&*hCo~X2I5)nfh7@oxq<5nuDIPX+
zbQnES6U7t1gZ*;oORy0J?Xi7GW)$E+OSf)Q>hv@wwnU`|p;!u`*Z^u_nBzK<k1<gv
zKngmSSjc=kxX;@Df@)hDmZFXuV7Tu^#|59swWnb_0YTFE<{E;cwRpP#!HA5KS!d8L
zH4JL>iQ-}vZH$T+fXMU{XVLF14GU3cPQ&>qDvqK>5q~1nE~`qSXll7DI;<x^KRSo*
zz-q7z{O}kz01Qp7b_g&WwEyp@GZ^7XDBh*FUDMxBqhmnOOa(K7edls;$=l~q99Ba~
zy7XXjWm5PoIt3%VL%aW_dhZ~PlVSzSi=liG9VMX9M=!u0rKMM&@))OXht{?O(UBA%
z-Fs2>5JR{kr7_G-tcHWpfK4$9n*R?>HZ6SmT&7jz)P~w20WR%-2^O!Gh95)6(YorJ
z=r~RY4qrz5Tlw^LQpeGxa5y>+q`jyUd5_WKhu<~)PU1L?nvmmH(0+$cU;T6<nzA1e
z5DA4UWQ0LD5QWf{*X`8Ac`Q02*y#a`+hg)hf!bj%O`NsSfWc|uqAO&48nrNs(dE}f
zvL-r?BM@|U&ZghQ;xE<IB4bGTwTixvh6DizC;dJiBc#S9;+tp!aB02ug8+kMC*qSW
z{kqkrqiCG{7#+pyCJ?2_CeIv3MPyJC-rCY1(QPiR+kO&Y`v`<HvgwdyoPk;zR;*sH
zHr7r?$ArMeYbiJzIs6f7@6!6|X91ECnjp_zfQ><uG`v}jF&Lff*2H-_Ix++qveNOw
zmH~6Wx!syT&j@fl<Y+qHM<zRPveoU@=JvDEVFNA-v56xrzF>5hTa*1c0S1M*!e-{=
z4>ds(+V4>jz|Bv<&7Y%nRz^d-TJ`3~X*Ph{qs{B*1*m>{wjuryd5!3m)=3_1g8nNy
z5*RV6UkD86xpsUFP0PcRnfE>3u48KgxfmVW>}e;lX}FmDo{zV;R3h}tqv_Y%(MUK0
zJ}*64fDdDESR2ciUz-B{j)njsf{?#Hy%-mv@{r41XIK;OKhcrhE(#v|fy^(TU`SP~
zj+wQ*Ddqy-1pya%4gss8h+40~_aoICZs2+~;bPS!z8V+y6+0W_$51P`L(jg_c=T#Q
zm7`<9PM=x4HTRAlJcMkkM@`9_P4EG*LL$WK)x;VnAVS}5iXpTHe&Z0Y+Q3VQj^Ovx
zW6kj`;5~BayKaqFpElx>qGN^pyW|lY-Va7@#K_Za)|BYD;J|&tj^BnFoe{H{ZoH;N
z#exvF;fZ~s1-?$Tt95%?XIJa~jOfTtCq?DZg}H8L#GIsCuU(i6Hn>44A^DZKa)A@y
z%Ti-;SIsvI`K}alT~lzk&@)S5UBi-Bad)j0!Y%JW25JiKp*=%#=}MMVihHuqEK4tZ
zm!%crY8Avme)i&5)J#F#E0pZFk|p`!8yU(|C_whL#ofr6ry;c0TcZmpb~_=NE(PBd
z&WwAT<-y^b83bgtS=EL#BqLklAj@yVeY9WN*5#;`HY7bN@Z)OUR|@W{QH8v%kJCK5
zrh!(+#PnksR0mn+6uw1^E~`0AB&9cQxS$HpP4k%d@cq>$G}r1qT!sI`GIQ_%jXGrD
zY*VvuQt&{n08(q#upAmKGx%1uR85A-B?H>wS6D_2zKwxG>PJ3l*#&ss)B`sqJ1)Ss
zGQAchklF2VPnHvcZ`S~|e2xsQfn^==W8usWJV=j@L;l4UmU@8)GwHR^7#`&Y(vV9r
zB+X~urrp5^6UcLDOg3JJSETvOExuFx6*3hHRGCzgBiG}*S<V6;5>7S9(Q07KZ@mHE
zmF72RWDeD6Kng&<#y5jo)Cu3kG6FQ|+@&)Qq5Ul^s*i_-Bkv!vpgX>smH1fa5LZ|H
zOgR3HhlgX+totiTad(_eE_b$PlCRt1_AFkFM`)}-EP4wILu+;4qm@EDxj<{kq3(DV
zi!9@NwVxmY{H_}6#Ur(6h}*7Yu~|GyD}eZCV=}NBFK0nejqGUcCkSzVz#^NtMk_F4
zmf6I9BYv3$F7X)kCl-L*1i?FfreP{NRzretVV1_+rQY~q7C6M?SX^%=`K6;hQEg;9
z7RkfoH4F&UH6+v9f>N!z89xD3&7PS1G#CiCZDPSSJV7gH)fd;YNEg0eD}Vr%He-;{
zH`;Ba#E;uSaL3%e6E#2xKCOUX%%f|P_6vl4ipi;4@M{q0@{t=>N=8WB1u>KUxFISv
zcEYT|Rcx_Q|H<Xmz>bMrc?>c;8V$s97UXZpvC|=SSNCfD|MEQ`ocSI-d(8a19-%k;
zhT4eQ3JW5=G#Xzglk#OKVKA3M=!Ohnwb}o}x5*JTmv{X5^tc)HCtWih_h)A(tj~zS
zJlctmjC<|*gggm36cw9rA*o*^C6O8T+5_Z;O=^<NBB?o9a<9Ds88HQSvn&;p^U>+|
zgPFrlPc&tH|B4tm5K{yoq+MxQK0PrJLo_{fPQvn<5Y6SF#glOXI}t(d`a?3pvu>A*
z-t_?PpgL1hEWe2HJ@ktyI1{ma^`diPIA2V2lK!#Oj8;y=#SmL_k-8k&NW^eM8rpSg
z%&eRoodKy!_q~gA=#SHJZ!i#aU$x;DVPg18SP#UHM$W{8paKs$oENSDB0?qP%08)>
z=0Akt5Da9MlZsN=2v&pfALCF{#`9>+!(dvl1aWe)S`Nv>?W4yY!Rd%4P7~V&DU2G3
zxrVGeELmxr$8Z)>4*(FUJWLuQBrVl&Sqr-AKN#YHYNm9Nq~^4;KRrep(lrQPTubgh
zAvLC@PvAz(zmY;34l&X5#K1bW3U+l@?uVe;p65VTE1y(%#A>E7SvkxE3JF5w+&L+S
z1fK-4COwV6V~MlmnrFlOLlSf|HR4L9OtNP)a-{4fP+LbWIKt{@;Y4y~lD#$gcorsV
zLTyojkae#krYQu@nvkQD?K1ggA~3dVHpW`UE3r(I^+Z{h8+`WHklC@amCSer%d})J
z^a;!LB<s6{+4n*gKA9O0&Qwt7Jo5BB{3FZYByF#kjU*a3<lHR|;!cR=SX#@(%mrdf
zK;WcqM45$p=BpK|*^(Bw5X0x7qZi=&w0uX4R}AN(>CfVOb+~{S&O={+4*QWkBG<8%
z7~TguJH3fqOv_$S*;Nx5i>k!nffx%JSSlCLhZkbVqx!i9{BG@p;1Fn24<3^llgo<e
z*Dr$Rl8?qf1s%m0YNt(If~~Z2u?nu{FIuh_gL~)$OJD|Ja7CTPaO%{s=RMeG?e)l+
zWXZ#JnKpU}<|LNWSkzUF7>IGHK`<v%A_7X3LzlmdArhu$CR(}+5d#id{|a^iXSV=c
zPcfW}_IM3fB64Y_9Onz@QN@6HalcWF3^R%<Ulw;evJBtATn8ydEyWmWe{Zdli^-pl
zfVy{|4}&m$IZh?jt>wn#>o@T0EX~kzvzS7Fu3nDaT4JH4pAb%Q(3F+9wU#cJH$VhO
z$F9O2#8Un8ZW99SS*^}JYSv!S5D}0Y(zHElrd>XnaXnZl?zLFWpMV6pqQPREKunn$
zVzU$Zee5HS-6(s(?6OkgTaRn8OCi?HQn8kK?@|w$7m?BZ<w8w%v$uon<_wa{$=X@=
zTrzYLth;+_agCZ9XSrKcqsQT*_r9rixSI549Vv!`)F!oWm&}G4^UPcLSC+YE87)Te
z(G-fy5v0kP4Zvn%ga94>4$eWPhHDn8i-{R8gm*gV@(tL*HvOsA31T??P^u$nZ%D?^
z12qE^<s?hyvP=|Xd1$Y9)d8a>eOac8;e2%MW^g316t1F~VmLJnF{Tc~5xlMVS2ab;
z@{kZ1Oq9`e>YA;BJt78kkrmtU6&0%JX)%-sbPD2gb_zPx6hRW0d9OD|jOPRWay%>-
z(h1vfA}S3z5m>)GCdQ*HKfuY1_kzcTP;PqsLl}-K?*-E%pq!8_qFbRJH|hQ{{(=F0
z7-0ZK0MQ;ha9b3(`k08x(j6$SgYMV~PH88^3E93uF;8|MiEH(c%e(Nogix)-@r#t7
z6~UO7T~I*Ki*^fnd^b)fH+_naktJ(TeDJ`|6!Q3QQfefEkKKJhw!UaDP!Z0AVFRln
zq#HrpPgd-~zeR48Hi+2`kez$+_nIx&ZvkJi64L~_m6YtqO~~QBIGtvGhQ~o7*A<*N
ze}`0H=`9qW$3b`OhhgZ3v)4?15t$Kl#duE0qCx+W8<I0$K;}ZXFYw7yr`gZ2PS_Sm
zA|CuDJ{H;Z;o_RybkqTCRg(i;EIFWPgc#NXStd0HV3?L1gf!yszQVtR(5&}}(Y#t_
z{?1qIg|x}n*aiV}aNV&DnO>=-MvU#FPaRTMhq2>f(thVX9NE(zKfUq|?g+^fqrozL
zgGx!(`C{4Vxi7Pq+2K4yJ?Px4hw&bEj=f-k7>h1G0%l*Pad<oYO<E?0Hs>BM>3Ixh
ze)Uj1nUW$IXLvkbdhd4-FVTMZEHz|kd%);zLPmdwtz^%S*z@*rSX<#ht)?g8Z__Y+
zUdSSNmur4dcO$HJUp+SVDITwfuKW={`Clk66jS!naVNlhbVlXqMKPX_u0DxdMU~pR
zGgv?6>GF8}<l3L{4~%ikVllY@@&1CpU|`ml#9#`$jfL!8Yj2@-a8;U=L?1ehEnsfN
zN||LQan2L!93+~QsUv>OI(r!-LoH`<3c`?ey0uQqi<p*tPHlF$ZN0q-1)YN11Pb3s
zwXPTP2tIvw8A<&)+=%WuhyO<GK!0b>XJPh)u&E=$>GPeKyqgyNt~U4Vqd3)CD~8i9
zt{~R8?T~b5mC{M;Zy`J8)HxUx=@d4SZQr){CAYPZ8j&q$VQ5|X6Z{ud-{UrnTjU~N
zuj6KPpI5u9M5Rd2p2s7#hACG!%+v{|#SHrBlE2gqvauvs&WK@Q7Px@#&|tCKp(g5D
z&WgbU<i)@7l@MhzAYG1}R(uNG`wtF)zd>L4j1&&GzW*kq?03-0%di=8N5%VHjOT=1
ze${2rh=o_6%~fG^Z9a&o{%<iEm$s-@Z-zycO>iqqr3`W%lD;Pkm!f#=_K|J1kn(0;
zEd6dW5KG^O@@rTVFN^E&#Msoqv2P3bH_I-9x-i9gOOpN}-PWUo1kKmxa>G3(7x}8Z
z^t3F^M(x1Cqbc=O-zMESA?CqH>tdy+P}~2BPJ(ct`^oHh>2hNDOf8x1kvZuE=(Yr@
zSo716d)vyXDG|b>Nl8*3@_F<H-ea~O8wx9iYj8?bAr6N1fYc;Qmr1vL2x5@sob3_N
zXBU8LqK(ooQlzsQ@UGXSNL~W8K2@5Il3d_;Vbb+FNV^*#n>SC)hnuWSmrgN))<iLw
zNAo7m{K#HJf6S1QP-a+WT3wJiy`qMbUBF9QWJwleI`VDm-ehrgJ~B01x?t{?iU~Yz
zKV6<9<$~mOm$t{8A)G3v9nhSzJ$HgrwrNW#oi=GCS);Zm?Lj$mu7}$~*lDurU9ekX
z!)sNp^nG*=(uEu-j+n-3-;e&p-kAQ9Ck;aR;Wik;G``8MN4SP7PCBPRTJ`Tp4j#!x
zXBI*;6GAnSO)fb<Vjh44s$UjKUoelL)gor!qb+!gN(`0ED3Q*wQ|wk~R!mHx7}ZN#
zS|v!*3ba6}))Fxs?5<P^UD{_a(&W4ZOepoSA8FfI8qZvVmd0XyKRw!5%0WIO+!2vs
z-&~9r(6$)onn(p?b5mFoZ)qa^N^akX;(d_G$;MQ~2E0^EN?}*{k-5zzCk0Yqp{it*
zFqtUiY$9@Ahl5<#T>692i1Y!Ji*cNERH@Vk&I=fa0kn*Lt3!<9it(y~Pd{MyGQm@~
zU229h!xVI`HA)trn39_=DwDj3?A!%*!}6Qth|QcA&LFYNu)h6D8-<rhDVDOWn?y6d
z7gCeeJJZPOgJ4`tE|>bFJmb!!tG>y-{UX&LE~2B2oWM<+t6;VEM4SxREM|hva!CQ?
zzlw@!R@)-Re%m8KnxNWH%T_UzvaG@j4m1W<Cj<ir&nTY+zD)+VO$_IxoBYyU2o@4;
z!3}+zcz#ce?xF(~=^oS}gl3R2p}#LiceDJJ(dzMzapXt_7?YbPLG-J<LfWixzFmy#
zA;p!j)~O97$<Igb@Zr)*+OD+(CzW6qo@04KOvOi+R!L*SyLIbwF|0qPRMoMJ<MvY0
zEen>0`E6l^(W+P>Mhnnm?Ic-;s}K$er$X~OfYH*<(4VWnO+u{{(g6q9$&M1-B%=lZ
zEN#SaPGY@Y`inXKE$zi%E_&S!>PWq9KV(pRJO(9OZV&^z$?8thZ_I~Je%Zox3Y>)d
zw6oL{DIvd)9<7TwL{TlK?xp2jr3R>(*~`>N3{G$BCczma_1JuY^IyO=c9$xzo(69b
zV+3N<rHstz2~oU$J*5H!w+pc06aF@J)h?lGK*WA^wbT-+=g_s`XLk4AE@S}0mgzT2
z1L25^C%E)V7WwcCPSS2Tv(OtR!OSpWqXIJXJvhK-vQfRTnYf13^^q(j<(xf%-g>jt
zBr0P42a)Ew*X^cT`heBo4%cF8_8wugA$r<Gt+0rs4UrOQ>weNSR1v0OaB8BpS4_(b
z;ZjDc_;-62`DZ8$%U1oR(*L4l`@{qxKsW$y=Td$D1)qt*=&^y)eJKBGwhi{lu|1K#
z0Ixd`bFHd3_2=!^lKF?hQ@H;&sUPfiLcMR`8s8=nd@g21p`!<ZHbm>}J^Q)NhVXI;
z88ZlCyi2T7D%&&A$~$0C{(A>}DXbli=-D)ab${C%(p`5-Z~d!ON)GZIxnkTQ0#*t=
zc*B3`ysyN}xass^(tv+uV9z(48pG8FMZ+c7RbSl?Ci#CYu2i=@rrskJvvq-d+7x!x
zSNec_>n__f$ey-vsYdm!uueI8!3pZFi=iyN9sH}%4TJ9bd!+gQF8o8{s?|8dx{;8l
z5V%*W_%CAnMoh*}*Nl{&{Vx*uR*VnVCaa3w1D6$(Wuv8Y>fo^+7Q-uAu(L!ebC5aT
z!9YkDBc-z;NBW$I+~ay-x5^x1)^T7S+;a>Z3b5=l@ura3W2F=S-fedXCs8=l+gN4#
z+yod5m*uilZ7cEfIO*qbrZ51+#0(YFaA{^d&~Q@aKB=)5rL^89#&E|}=(SeR9TTJ>
zsFe$%oox0Gf1C8~s8EV<!g$0)=|c3y<CqxDOUNYYTw++;$-1|=A>s9rcPC4`nJ+Ig
zR4_)|GB{NJfK<o_Eys!x0wjK_^dlGKoFs-<Xu&k8s~R5A_Vn;gP%oS<+$nm&Q_F7r
zvnH42k!{nZAGDC<1HwAs%=G>l;P6l*m)2=wFvt&5dvWQ5QVB_WP^xDkOv@8u1UD^v
zNUA~YA%mH9c9d^Zr#~qs<e|qNmhS#v3C$7{^3qw4O7kG&+^HYy41b$A$rcmv(Odr`
z`J=i<F5S!RuzY^H_i^aEs*r;rnp<Y6nu^c<v@|Ek%hT^|gH-+!_<^W5Y|`;hO0M|n
zPF)EE->$HJ8>{L6r{9%uj7aZEqbcV5B!Urgg9{&wj4dx*?oy%Ns?mZ>$uG-T&{fW*
z8=sLLK*1#|V-vN@@!Wo|LY7h~tLPaa8NWw$3BN4mkxENhDqXTbx*aXpfMVfbvMM}x
z01~y>tYReEGr7(e(^F`>XTfjO3jFbm0PqlnzycuwxC-v*i&6o-{&{H}YGuTOOw>$T
zMZ{DT0&EnJlH#%)CY!2--~oed4jijEImRMF9?uF%Djo`qO^5qSAjMVj87^gg%Nik`
z=fp%5x^%Jh5{O4P)}Vo!m?C1f&x;7awJLPRQq|B^M?S+;;I7K6d*}r*1%+0=ECoZt
zP;u3%P$T9w$A1?JiNK9o8LvtUQKhM4bS})t`(G3jP-5(4=KYWgGI^QAx`+(QheVpa
z_hUPSA`7YvYfiMARu&0KgJ??`X?o^$=}|~d`A%w3Y22;qGA7Q5l$gb0VoHov<Fj%F
zxD;;t1TG-?@jXdnlt9^^(R#uxgC#=Ra71v-O6d)7rH97~IW`q%S(l1&l$e(43<epu
z1?22%@awnT3oP~ADizYLtEKi@bCV3E04-q@i(V2^gu7Boh;=f~rMIpH7Y-XE723^Z
zZW9^PuzOWZOMyg})3q@0_Lh}pGuCL2^=#xVLve1i&YI}GCZq>(<)3S%S}nw<#wv{|
z#e}^~jIGc^Z%La_8xx|Yq!B}Yvygz#quF--9c7KxS%hrbBwa^-rr@%zA6zz^TrQF!
zKj$5|k7vodV1lzB(qrYe<_={+!Y$$|U_#g+J&)Q1LOI8JSS8{To~=RxFoCOC+GMe-
ztf?k&VDcu^%IG?{rG>Q_WN#8$otU0NyKR=HYI@WvH2v#T;OZI^m2E;Q0S`^u3iAV-
zEUSzqz#tMK{`bU06fM+y#aq^#?AjpZ(w5t#wkQcQbeSFme10a~_k|Q-&R+4JGzsz&
zw0;K$G!2S4PP1K%uh2o;rHP<_U*gybBS@<gQ6gmVp@@hdywDDog-$kqC?(ULA4(7E
z3JorkC<^_Nn36(MKbF>MlRumD4GPfPrhfTYNCD>UOFN_!h{b6=pmLfZBl6sLh_RIz
ze<)!-j+C@6lPS!IGjwG!R8Ae{8h2(t)J`E;aOjonmR4&*@wk1_gtAMF4ZA=s$-Zo_
z^b8oHI=+b;lW0B>(t+9d(mrV;GoUI$V=x*opNeU~?96x}KesE(q-CE=Q($Dn^rMNx
z_%@&U`9MevCgy9^k&QZ(T}xBHl&Y8-Hb^op{7n7d5K~a-tOH=ORKihsL(w!=B1YhH
zApsa^O~{-BQZ^lQP<jj{`Hh&b%Sn1&!C6Hs#Hb1wmJGGkA?YDhp^rdFQDdAaE^`Qb
zrH~9v!4{27+PBhengm)I`eigLQu{ZGi79l=VQGmmxAFaA+%o|}kBQkNq~iC`xksg~
z5sCsC0)~K1%J#09h5|N<dVGUS>sppX>%NovKriV;qHFGMAu%`;TgA?Lki$QKcStn|
z=<4Ip@2VkBR_DlZuIME9h)IGo@JDF}Y8BdO>DDGJ2&M+^6%v4%_r4QS9cmq#3?O$w
z>-mVOYM+>bI+oNUDJ1=8aDl<jB$sYE1ztJLpbM=`p_~Zw%Ji9tYyf6syLLL|r(a;#
z)7k<Xr<Z?GV>dIZ<OJA^Y5nLjQ`;}5rjWDez@hZ@8Qq9g4KY&pi`0xPIx97#^=BlA
zvZ=39ft53wihM344O6wFUR{XUe#2NojsA!jz+Z@oC=~dEBjhTPihm{YrH}|1)J>Vl
z=+@t)hc#M>#!LVi8EhsvAV!DGRt<gOAG%Uj=zBtlO)+r?6th-+B_st4R;ku`yZV+j
zBC|SzP1f}@Fn#O(l)Ax=!7y8m2_j;JJ}4%u!1dGWi6uJd0(ihHjnSg^8QUI3*iK&y
z>8LZdMkoDmX)+srdP^a5Ti5=8c}+YdCS?eXlnp4$B6qI^?N7Y~jnua@`lc^Dy3G3e
zx{xeP=r*zyj(3u713`dn@33%&T=@1Csh!EJFbw9%iS-*XS>>(ia-C_*W=yRSuhjTf
zh!3;856*Bkg$wH83@Mwy_F#FOi6g`2i{$9An4&^w$nsv)%0LY5CL>195g`GX<)4m~
z-vR=9&qXJ2R7^mj)8pm2kTcu~Y)4(;4Z#92(=>WaNCc*KuX@>kGqUPV&C5fQys%BK
z9$MCltiH31ZA5M-OB%?D<dFKq+BDh6U<qtQDk6tHB#|;ZBtin;iR)Hk0<7)@DYCYz
zu(77rT}vjX$S*Th3~w}a@{t>j?}g-Hg}6OcK4>hX#`3ALXxt~nmg3`L8cIyLCLT+M
zoJ3cr%QZ0D_CT=<K0>hQ>E<<D3S|=Z4<c#`_*MpG%8R%e*HGn%l$;;ML=@UKTONtp
zKn{+!-WeOah*J$GgaqJ%6n2CQjtn}~q2ML0?<reBO7=mZv#^moGg%$;8fD0-RPWI&
z`dLg&iD|E1l<6if=E5;Iwu!39mFJ*JaMNlcHynIE^AYG@gcM;hs9+Rn>wI~h$nuXM
zwn|J)p&1q#EdT0QIo{=mOO7=KH6OKKEyM<k{hva40c3ycO)=ItmxHu;QYuIec}o?y
zLU$L-kh-fngW7;X7!_&X5nc1LutJ#M%RwVa{g|?H=2hHcm4|@BfmgBWUuTI|#3W&m
z=_HHDk#S}DWX&Hi)o*AltD8h1oERePU<<9~w2&5fOQtrF-+&qCU6^sM7K&*QoDmaI
zw^MNbvxM9_0Tv#nfJc|xQt8oVazG<(cu<XHGIGS96_WOOX#Z0A8I4Gyp~UbufNgM%
zf~8)Jr%;DoeiO9<Uq|FL5iygU6B2;A+}c9k&XP~!)mJzgR7?{2Rg4X`y4po>X0?=7
zm&<p<I;S%dQltn4`b|g*rt@-kn3Z&&qEF|{>sj)!9nM)zDVszRUGnphv$p=?8t{IZ
zxcyyRg}Sp)&&!gjQ_D1mB`tHyT|t|^#0@G<bBCt-#syn!ru{=m7H%!{vh%VO&daV*
zcY?-Pb!gYdo)@DkF^cJ^ZR>!n`Fp|YE~Mpt`A)b9`b#j7qxZ|70=jN^PY&G^kn6eW
z+8^S}B(A^2L=+0Ir2vOK9JDpGLZ2JV@;)gf0A~8pN_h!t1=)-LLg18`fI>G{$xmrh
zQ-tGIz4+L2L5K)$lPBB4g4f2>7g46Oi(&#wOr@&W?6noW+sm84@-;j{#;OouL0=Y<
zf(f<CbkcT4M-ZvH`vkj(2_>{!Q_Q}PD`I-U8ly+y<nB5+<i1OaSJ>JB(QQr45iUG-
zS1?my^~Z3W3{Jj!VmgO8BO{-H5H7Q(4|bB5AyR*>lp69Fxy?)9-$LeKR{#-XI3i5X
zc9CC&X~`H1ik_YyF;xE%(t-JUUpM(2_-b`L!<!d~aE@FO6Hw@t9`ZMkbORKaRE#i3
z<cZ(4LJB?)aSnpB-}l@oCo!?GNP>2V8OoC3@}aU(#4%XzqJnfyg4JJ>J|z9KZQnXE
zX>}rEhof8HB&TVnhtgZ_q3=aQ0kqIkY#OiYg;ZhYZLU!*m<PEQ%qx(3vwSo2R4~>;
zsuqzBSSzNe&?SB34KP2#F5MGupxHowQ-}>SdQ**`NzareleGsR7_)c^7~*r(bKtCO
zdTV(EY4eI2Gpfa9T3OpFxos#07=7Y<OI)Wyfa7AaXucNQB(PU1T(F>Q9og6yI;wm@
zS;GZbZly+oD?<GhZCZR=SOv@jEwpA`7zjHuW|OQMC=Z9F&)7s5GeyMKor)<caBl)r
zhxBL5a>?$+AgC=%K`5%A=$YH(SQZr3w97ci8qtOCh-f=uB>*iBnw(8WH%4w3H;5@H
zF>N&Ns-G`w!fd<S?vUrR%}G_*UeH$t^L7Gp$p(ha2{+SuVpx9Xq8G}nEP7ORm)wEW
z43#rT$u;tD;utE=QI!tjVsKDZA690q!(!43y)@KVGeSGC(0SJgcZDRR0t?8lVPHQq
zd&3CQ7(^oN4OvV?(cU6`c~Mz2&7S~Hx<XR&Hf};oN5~Bkw_kyq!7UAh)WD>ldJpWL
zD)pn_A<0DU;bO%ERP!~B!o`q}k1}?x%*5J7aVlLrQdR_8mdF|NC!wZ5nqU5Cc^W%t
z5f?D;#Z2>8oRB|QJDRI&Zq3VjOp8E#G<>soEUACFY#}*3Mh>!=Q=;KC^aQlXaJ-N*
zI69cRu}c=#zM|WHTCm!<xSWwMA<8)U&&Y0p{HH8Sf|#~KM~#O$vaPwjY%qi_U}TGL
zqL2c3c-R}+55HDc$OglVwb1Mt3+z_<?F4n~hbV_u(}-0xNlclROq6%Ck*dGOK}|)9
zGMtiyBxuXY@^MIe<OX`=H4Q03bU*De1-2(js0rbXkvYhbDkMOwrpcch2D*_(71d#w
zCZqwU#_a5_2(n_PtmOlNV-LLLX3wwchP>JZlrAI+%RsqCbm2pq)jod@tZg+9$tiTr
zgK~S5?E}J7DMwyWks+q6(3TI&k7$E2<Zw0k14)`jQ>KUt+-D3)zv=}Uq-tGR9&Pcc
zOc0Do!x++!qeSwQsovDd{t*0MzX9K+Ut>qhAz4h-9gjOAOpz583FZs}_rY07!sGI5
z0X=pAn3^7OB;E|Q!c?y_;B^M8?#d_f6Y?U5%cZRY9OhdB%s{ZNCYPLkLS9JL%930b
zg>M=i)eni8Ps-cLoMJgD+U}@m>Z@gIpORNQ)T5tKD*HS-R=^cJd8&}Cds<$a>hfyl
zyVgRIF;89!HkWp7tNJvM44EU_;HFBi*H_|jz)Mwp-V%rU3%sFdt}MmrZyL~HpNW8l
z#UcbdUrqv8b~kHux_)N}R-?-<s};byBVn~y3Fxq|NATeChhg7PdC=Y<pu@fy0Sj8L
z)1~Mw`OELf-P>Y6rw2%bCI$4V2Vy56Qu$u&Mf%VB2Km`^<LL&AW!mtg2Cp`y($v@^
zh_>4rdo!Z9{Mw*TE?v?k)}KY!B*va?L=W5=+ZWOArp1;?bkQ}jxH%m@DYh{t3+iG&
zqb+Zbt;nY-n`3W4H0{CIUyDiaEwN`PdMP%!fcoB#9r`JK=KZ+)5q)7!+yxh{_%qIi
zXz~Yf<t{qpueb$vdQV0CrxLx`IDSkc8fX*$Q-J2qieKA+7Eg@7kV8KX#w(UMm-YsP
z=)&}QB83@XcN0g4^*cCNb_KBx`%ZjuK3r|-C~<mJeKF~bA9P0r8bZ;A_|!NVE>(7u
zCA;Fw=)s-wZ(x#E7vH2|`Q3N-Ywx*Z>@erJ`)az4bx*i)h<k8X(xoomp5%tOC#*;<
zJ&pjGQ5R1{z%90Mz;|woUnm03d5;6``d<9AdC}QOcwj2o_9fgwm-T*pMg%+M@5e6@
z)$qgnTnz==;}?m5_iX2Y8+;J|x(N9F4>;fpAH=^b0xtMC-cG*#F#g)aupA-BIjIr3
z=A-!U{{^e(RR~Xh9DnRz5L%M8JL0X;u+j+H8NUMg)NZ%8EB8+B+_inX-lKZ<>Y;e<
zy!V!_UD{ngYUF*RCtr7$Z$zM5r}j#R>YMxCGB)78qu<y`uJ+@{-{bDsQ|WtsP5T?i
z+~2Pqso5A`L~NhLH*0FN$>(v~9gYOJAKKHx>1yFnN}S=JJOpixFF<~+dc`xOQ-==i
zyWKZ(w9nOdXkgUD@k2-T8Kn&E(PezEuI)#<ed9oZNB5u9Wn_2n5M|WZ!ClKc_wClL
z#@k`k$eNlFox|0)57psy39HwB8rUNN{(~ebkNVC2ON5aSAo4~KiBf%+=MMjM-Md}a
zR~e!7>C*RZ*SPV$y5CeYw(A{t2KtQfyL&sj4!OBwzdI-Q88-Nq?!zWKocH$W;T?9%
zsJ`vT1=?Sy@>EGGK8;TZi^S^{^W-BVK8;^MOXkVV)O~h<U4kwc_S_Vqy<Q|bEWbWz
zuN2W?zl@JqOZ@)ObaEg*1*R!>nYw_kF^A~uj`k{%=&=6qy2I8I?Ij`tSe~wVjjE5}
z7YvyYzvtpd$LTK$(diCKh-_OJc5uQ20BfEq`8Cy8ceJ)a_OJS`kLdjRBKZY--voP{
z;~~7J{*aIs2kV;&mggZ1tI7=8YJ&YMf-cml%i%F}Az>N1khm4#&Fy<9$t(+a164?F
z8<JGoW?g$X0v3W!A=u3f_TOX?)*r^R_EHaBZrda1g8V}~e~`2ceUN-V*aGG@R;EPo
z9I^!-L#<Pmq1LI_0lZn(52i-In{1tjQp@RA>r>m6lZo9k-g_+XyHxn3(Y)`{7Y%@G
zYRFuYR!+B8WxSh8TldI-EdTAdXO!j<v_7?`X=(A10qawz652YWS43%6RmKBk_`r-v
z*!Kr!?1}(;?$(S?BMQdcmhnkML8sd@rjXMUIYKu~;=qa~bA--M<{&<OfGc=qO2&?e
zswPh5XjD(*P?}BW_`furL-}Gx#?A<$%V%;ZGak&?9RYF6Lm7J`3Oo;I(1?Qb4|6Dc
z9^p`yKgtz6@)$?M+A=eX^#4!ByAhPFk7w+ODEON%7~Cu+hn#vM<DCewRZnuQdgv)m
zn0=q-AX?1g3Z&Uw!9l)Y%^VKmk-407`_JQg$Qk4c;-BGq=qO+C&U_AK_5!ZpF2d2M
zdX|I8d5(iP%@=&|JcqLI1+Fb)7IF}sUgU_DEaD*kT*N`_S<DqITf!AgU&_(w^AcCk
z;$;q{!7E(Bw|v1{uW}Gizs3~|UB=Z?`8o%Y{RUU?%Ntzpzqg!&czy*}Fm@$Z&}9`@
zt#vgAabY#r4ZGKHD6g*NASSQlXxzA-Ln*E01}uJ)D>%d#y!jRf@$}nVEkh|+(E1$?
zrQrsS)1Uc*x{Vx-XE$*uBj4qSUcZ@}B1*P!1sC~(&$n_kR@HF@k8a~6cI$gwf#-d$
zmelQ>Ivn55L2UVeD|q%pu3+p(93Ndj<_fOe!J%B<!9g6@$w92!#j*aMPdJD>KILds
z?B*bH_HYGf`GOsLIf$3{aq^h-83)mOKUdJ=bFLun3y!g)UvLl`zvLi-2RMk4UvUuE
zALQgw_%#P{o-f#Qh(mep8xCdqw_LTi9Oeq#M>0N+SfgT(ax{({<xn;p<3u?7J8pOk
z`<^RkbDX1*_XEdzJrtPtmV?J7W|OL^sd41kkKCI4@=qMGsVBICz9+dhI8Jd8i9d4%
z$N7RSzi<%Gp5_Y1p5f%s=`2@JRL{xbd_6~F?>Vku`L7&}8NYE5{eR~QJb!SlO*zjA
z_xO1ZWy_x&3i*qJ7;}Lu=z5VWX!18#aD^{8_zzdh`b%8Flb5-IAy*=a&acXhw6t;&
zSMV!e@CnY0v=o^Q_l}eqX~RvIIYPHI;P70rTtQMChw=kour;28crJk}7?;Qq?Uuwr
zG);~ySdhYD988G>AhoGn!P9A6!LW3WM%xSyB0rNW_?<7<oyE~umd&Be%;5?KG~^1r
zjktoeT#o38+|0<G%+@>(<+*&WU|a!L(A~lnG%Jj(WkFHoGdWnqVbm6LY&=oI6%4j=
zC>7Um1v!nmg0p<Vj%zuhOPX+uO=`-~=-rGfXwjTQi7n+Ij`9T?Z5&F_&Y_Gf;|gwQ
z!4<%uiX51K^95g&XGZQ?S2!{wcdZXOIX(uuI0%oMD@gWm68ql6L2UAJ1wkK&GQ!VQ
z+abUeSQM_{558b`E3TH;D!77al^l(}tvQHter`)>!=Ze~7i?<FwPjvAj_8Q?9E}bg
zIEaFdT)}T0Ih0SX<NEfs>$!p%H*f|0J8=b`&Rjui7p~w0U+`X64q{<9j<Nf?a}ZW<
zGsrOOkr`>iRP^NVva30~Gu51KZtukjW#Nrn!T8=BjUG2~wKTh#gFt<_f<t`4TYWh`
zp6r(y=`uJMpPWaA-IDocgpt;?Kc@$m`e#OZW%doojP$6yHjqP^dMj6O(`{Un%Wmfi
z<Ut(Dp+Ou(?O?7!kKe&T48D`25g5W1qz&Z?ejJ+lSw!>Szl#&>i^I5r`|svDr+PRC
zVH?2}$oFsshwtHN(0e(Exg)uPdq#069Y=HW$gklF>T9^xel&(7x^yg8@W42(mYc?N
z1ugF5q~2fxN8`u@4&|Nuxq`V9xq=asIM&-v<_a1<z*T#OFZgf@$H$VXT*2gNT(!NY
za|LBHIF#6#9K?~C9K?nPImYHb#EqAs4|8p)c!VRG{U}#(nlJe9F|OJr|KU(3Jst@`
zdq0uc2yRCTg+P7ez9%!EigRo4iPpW{Pi30D(JoVD<>|~r0BiPi^Pd06=#E=^9kd|&
z5RPhS9(QxJgr{qG-1Vr2_TJ~{bh*GX+)QDLKJavn=z~sId%d$xcS@F74sJ&{LNGOJ
zBxLrPgWIPfVM8AOW$5QDkeT*k=ji-$Q7*UJEQg)h5j>cpM!T|G$LTL|7SQF|roFpa
z02_{~u)gq^+m@aa!Gj}AHzP*@9?a1iUcO<OsdQc1+n9A8dPLH78FU{*J#*mG5I&9I
zlMA0b_~gT<06rG@6vC$nKE?1UfsYkF*TAPSe6EF06ZkY;hI%%;6ZkXBljD!q6^}WZ
z#KRi=>AIr5u2~>YZX9SYX%@h8x~;v7S%-bE*)@%vS7kv!v@jIedJFE2McbQwXo^t#
zgppd0U;Rmo7kkKGfY!{I41E6*-vuNx=j()mc#qrrFEKPzehkwh?RC$BR&x^i*E}Ik
zLfT86b-JH5i_p%{$a@U!Z?+8WZ$2i@{ja$~;TWOD^S`yv;F+S%r4LDYPM4eS8n4G?
z5TvMk>G!C>(-H=4^NvIB7(RFuK*LiDXUm#lLx#aSKri(u-MKcd-HkW4yJbLgvinMD
zUSeshR^x|G9A8$_ob<xBeDm{2Y%30~ygQLRxU#h9tsb^x=>LW~zlSZ0?!Y!>g9PbW
z<k)6g5pDdgZ4-h=FNH^{{>!iZuwkn$1H+@DJ{Hnb+iWj1kRTI^Jra0Kq-#F1eIY}c
zM=ML;V~Zn&@0BKyky}esNP1JdlMEOQ7g`?r2^}YOr)=q=$8X7%y|yF?a*8zSfO-+?
zhI_(TWww2`1L~tsBRu7ETQXT(QI<e``)y4Tb_K{$m3JtA1HcrG2>ElIJ%{%H(w3{1
zxir+Ki{O;ok^{DmDmlHZ?kMotv&s&4M4mMG{N$kRcCsZA-k8MrgvSv;#H$fu2zwUW
z5=ef$y^1FPihe+(e5Wm4{pVpso;<F$1>TvfGEW%v;w82QboF7|uPQH0qHv!5sO?J$
zUVG$ZaP;ltwwKhGCuxnO6MwWVR3CMDdrsKygGZ+hyyK*;R(;gOPZ$2I_7%j}HB#eF
z+cMNgU0#8Q%TmbjI9m!Clw^0(vuAA05pt6wn{CC^UvFEig6h?rKWBs64BT+_2jhL{
zv!z*N?awwR?R4H2D?#6SX|D^m0TOokN%aMrmG1e+HUjWnZUW^cbl_!MEA`RK9!b(f
zNKu~TgPLzIg5KZgvt`VG&VCy?nq){;FB%RwJ{1Qv5ZP;0_Rj6L6_dYO+cL<<M{QN)
zmlV7}>kRnUY?53LGIqne`WT<_?QIRoH`zu#QybVvn(BbZi4rXT8f;Fi{bhL4CHGaV
zJp~wc>pFY)<Mw2-XO%61Lf0mPB;0zR!w)Is!{fk+JrgI>HreWnq?m57=d;OnwcT#L
zYdfdfOX1O@tMj}x`=1ydHHD*ZWZE~Vk6N7z8rhTR(>eCuDuUKyZ#S|xZ=i};RcrV?
znUoB+WvepmNLO0yqg6<)CgaCAQe6$NJH4^UE@Sl#wQM|0D6wyadc1nIH#fG=R3G)G
zHeU)_k$VtY1ZneWw7RLiG0=tUJlT*7HnaDF=ELQJ>`}JcuK`@R^ODK?^;gTXY5x{>
z8(?TNM<IQsrTv%+q6=);23r;>dK$XqirZdE_P$Y;Kz6slJ2j!T@!FF@W$%+kC)M86
zrkX<X@myOT1*{G@!R=$yaI*@MKB2S~sSen$qdR@}<1)Ovex~2vi0s{4+CnYvNLDL2
vnH-&o6G-*G(s;75yWK)-D(!2t)VFl!lKP1@D>(}Ik1eXU(?!)~9q;*nkf@9Z

delta 45968
zcmcJ233wDm({Q?HlWY=l-{jZ?0wKE#?7cHw35OtZ<AL0wAS!aBC<*~l@c;owX+-4E
zS5Z+wgEn#o@BrlW!~+Br59Czw<r4my>Dk@sO=kSQ?|FV6*G=zKRaaM6S9e!c_e?+g
zE}DMfT{LfI!+_iGDslUQ9=|`}^}1XoE|=TqgWp^v{VB`v8idkNk{AR3S}6Z(AQ$46
z#l`TK+uI^o(yY^n+wUGWrbH<;cefZfa`;HMTONg*<I*&F*u^Y)6`q6}u|M|<v2t5s
zDsCJqK5HvWQ)nvxEbwuA0-hMF_D8_&5#?!?b7fbt@?81HV0^(aj1-i7F^%DgjDn5j
zn%IAAgA^F`UtM6o<gVEr*A&^Tf+0}QFG+HW^-o(T6GA?ZR8y1?k8JHtfxL26;+e7}
zlga`vUyKcSkq_+7A=CR-B*<fvPM4*aVYpo}4H-s5xlKZ9&58z2Wb1Fjhd<z{Ig{KU
zm8F}J^#o#afh-wwb49K^J@v3H%M9A<shN`20hQ&N0r|w30)<msMuB`G{gSPr8L&T4
zlakpCl@^%+1p+Z8@{yce`C6j_`SGkTOH0h4gRYoT1-fQlwg=gMGSQ-d<gYoLlYwlF
z&FG1)ng)5pP+3zmAW39$Opiyoa=*mXnzi{JR90bv5_EfF8Yyz>UC^keqTq8><}`!$
z`P2&Jvqg-4$D#yO*3t~aABf3Ux^~{sihTL;;y=q8nP`hUATj73w^iiV)Y!Hno5zfJ
zAW$=}6vXQ{0}6^YhZ~imvV4<@U6O}Ye4vLtzeXy{MrEQIP0<rmq_nEf@QNaNc9UOi
ztxcgtd0x{$Z0*coBwx*v@^WN5XQC-VZ=mLAvrHKICX_^%rzXwr!Nr}-fV}cx=asT9
zrXXTWw$jG=(@}QK+~yykvK!36LE*C$aQCQ+EO~0nk8RhR$lK?WYKFQRq0%0vBz-Xr
z<zcQ&xtAwV-snD7CLyRn{io1&!=w>5#z8SC#gxOZ^3kCU$(4I6l52kUOhv?UJIZVj
zvg(rGCDl~>8VQ9#7|kjTw>uD{@Syylev2ZRKNJ<~ae`z%%qViVZ5cH=Vk#mVd*Ni<
zB#jK4h4SR?()Z+WPn>Mqr81`cPh(EfF$cr9Ppd?1`_vRDAg^khD?iibYO2eF!flOd
z%BHN<ZMQjGUfu6a!XR~Ol)S;37uxm2<U|jYnG<fm7kVijSZF_T!iW)apM^HEe+DX)
z*LO&ikF>YS1KRH)cin`Nae1i5Sh-h+O=L+fww9@!?>6OMtnqg&5}F5t0Uein%upmh
zY3{=La<9!9q}%PNkZgFk;!d*Xc2uDJl|`yCs!VnHbmW?;tdSNjoJX!=R3M+~^1RdK
z*Fo$xtuR=#^7>~i&Gwl9Nv=Rl19;wX*o5J7diw&hrY{I7wP!L(ysx4!aoh;CruOWf
z>e4r}B8@D+5#^C&H%^x4_FU<71$8{_H?2-2`wyf1numKWiI?y2Mf5c&d0aJteqSY!
z+D$<9$*KBBl2qd#cB{qK!bA%KezE3_5#@>bepR_WE-Ct39=0hL`HAB$y~+oCesXB0
zC9kGxTxxv7x=0}+q|LXuK>j4CXUprWSvL8rSh+;9G#9;kbq$&@D*8NR>!X&EnvbTQ
zZ$Q?#aa^^F)dEWnWn6l+Zy*_}{eSlzMJGhh@Z0c#F(J88tEOSQ0gFSiX8F_CFe&+2
zuq3;cDMlTp@Q2*HO>uf?PzEKxFD4I~NZcOK=`nYqOu6m;LV443@nrfaN5X<F6;^Wg
zCi{)@oVgRpxbMLB*wYB=46xt3VdzxNTQ84qSE8#JmNSj#A4BplRr-$cOEsl(IU-Z;
z0}2i{iZ*$0Asa=5cNRd6)8z&o^^^kcnmeC=n>8Wmc8QYK1X0rI_CYh<4g|?kFV2>S
zEWAYa+z&N7S<TD5I7^=U!t3%Q*K-w0HMcEVg=MKnrcOXXKNHZo9Tj<Uw+pI#Nbj8$
zqd+7@^3|7aA*W-pmB0)ei<>jq$PX>~TyE8?Bqbu|U@#_|wD=FotC_#_Z6r7Br>{bE
z#}q1kP%1fd<l5zNH4iP%Msne?WZZ%=Jiw1j$=&HN^v}G!g7p3z#$*04y?jM)&6Zat
zVtLL8?pLX%=WE4?tey#NZ^=m2Rw4`O7Qor6=t)%(5Iwx&VKV3x5N$9{k1n~%k>624
z&63x@NAjbSxko|ypOuZ&S!vgs=_u8sA8RhPCi&{hAIZ`+IGHrQ4@Ful1!2LhYTVH;
zD)MT|-+mU6zaG;Ah<<lWDTqV9y0Nt8@~Yt})y7)S4bT7Ws0j~ejlS3IR_WFGuJc0_
zU_BMfQ=X1Y<D$zIBxxeffvM&nl5`F?z-}g^F<Ul1J1<#Y|4e3BR{&Uw$&zPm&#k$)
z_GKi;&yNURbh$lp_4d*lSPmfh(!6BsVJiW0QpAPwvhB4b<uT~TSee7|)jauOk)YZF
zi`(t?%9YO-Cxvtq)@<Z}giBzQWXQ2QuE=elPsU!xUfIqs<Xc}zw*6u}$^hL{Q@ZQT
z*n%J|Ox0BkEQYvm(IZQXiggY2x?=K3=@U4UxY{_ZA**wV^!9<C`ZW8prIl)50`d?0
z^U1g^6&Z5%k$5t1B}ych^U(FA;$c|#{AR`&?9~Q*HdkRxWDJRHCJKhXMbd1ze(v#m
zeX`@A3onQzrK54<n&}5y;rM3l`}S?$f1tee+kC6Dq`Xt#_MLAcTNhPiVP}av?T{^L
za7C+DlSVu+Y2e@r;(n(hM{YYYp{Cb&N74TcRqpj&rhM?w8gls+lu-IFGmh6w+<u%X
z4_vD6ai6>9=;2f(_gtEc{cPNW&9lh4N7l*nUQV|CZYDOLS8jK#kc_<xWsv^4u=tpF
zESJpN42zG$xnL}mQd*v}G7@!mIKUL9^4M4Mf>%m(%H^wR`(q*^CnrGH1{o^@+u{r|
z=YA9bTCwuA9~0!-pGJ_=(?M}PuW`)?*7Q8y3JWlu$%9_kk0-yEINRZ(nti|IBYD8<
z$yj8ho43>E6!Q7q!0X`O9+AIWnM?+Z(Hoe6$aazo;_bOLWhYuBR)<y@q4_=Z{r}1E
zMB58T^bgT%rH}@L#gfOq8JWIC7wke(pfgE#Cn~P#a{hIEUC_rCEnr8O)=NS5?Q`k+
z>#Uguz|8BuP>RUuAat6fNcNbM!!9>jP5E5jntLy~FuCt0{qD!-a+A}QstL@Hk6gJ(
zmW&mWaVyqsXDYS%NOoSGi=nqyt<v{)z+3av)yHvjk=ud%VcLWMIf7BKvbI+iG~@_E
zhf{rSodjBIc4kKv&R6Eb^|HNIuebqvL_kZioU%=?l0iRxF%G?lfEWD&{Ja@2qK8hg
zqUK1x?Zaf;hP7CohW93*Pq5D~zx|26wW5!1PDB!xV|VFmmOP~SRa8V>$!HoDM3*H0
zyiadb!T(ZBT3$sB$+8aEO0T3MSZ~cfhpcktfmqx&jg0SrgUTY}V^ZB3hFZJNbkyB0
z7riwDQH$-8NlV-?jg8NPjZ(-q{4JmTAsM%0O}f7$tjDY7!Km9=K#H7pFcZz~<?@*W
z9mtSGAzA+DFjt{O@6AVkXbDVd2af0j0J~!PX#pxm^1dU<xKbytv?BBg5!(Xujeg9G
z*ci8)UMoVS3Ms!_eq2w=<0HeYIExM`L7Ne|qn%zOJ)n`(6X0R@M(9<x%(S>&ewY(l
z>E{HuB$4q=VNbYu2Fjq_n;-#^r>kI}TBUH7M_OHnbI9zbXe}1~^3%WQy2R}X#-x)f
z2g;(=<p}JU=oaOpzv-r4x0keaAe*v|qM3G-faD*3OUCV0&2*DN4z!;9QUs#2p4W@c
z>!FoSbOZ^a$1Nvb(AVho#}twFPLxm9v_SFl;DwoVS_@=Bq{IfJtwS1_-x6ISyDLG2
zy)SVzgJi7>{Y(~CaU${t==*N;Cz2Om(XCM2U}CaKdkN*yAH3){LEdpyPs<l1l@e;q
zv;?XzB()+cW>ZLFOOPZK2g@6-CgYAOLwV$67hJ5U4w)*UH^^p;lF0)I>AToRd$vN^
z7V?px<4<%4T(r8KqAC}5CgV<FRr!?czKpC*RaLec+bY2KKtpD<L%DQM6|y3-PJoWR
zj&<yn_Gl;Ba|Kz+>I4)^b_8`bOQ0z9bO&?^VV^{ncsYe}d1?A}$cIw&u7l2uxrI02
z0(B)%Uh0e%lVS-quqBvs=%d5Bpw<>;PYWIHBP3B*ndlC>NlFipsWK$xAr}hC&>kp<
z$@+&T@Vi=s`MN4a@22R&nmDx^7-VJ0zIjoFoJOww1MRI|2krfD16_Ne9xsjSiTZ{3
z2$FYFkzSKU`gC6uk4W`%FlSt^`XfFeEi+JLgC)8p7oC3-O2bN9l0;YqD$7Ke)5up3
zp@<esL7z7!leF(_$)V?NK`*G_LJ+3>=`%R6fIlWz1tYx&BMbeqKk6co!f7a?sZucD
z1*@o%0vM076+$Vvt7;7Mh@%I#k)1=(M`X_jIE8ea%%S?+F%22&{-LNTA}P}V^#<0B
z%VgL^6%RuPNzqi4Qk-JegA%oYa|w|FEpQ5A=tJ&6J4nZTUO0Z*YdHEvu%($0^SFHE
za4%d$p}P|h*}V{_;O>m(54~Uqpo}3{`79=1fk6!K%0-VWKwr2AZ53=8X2jiovb8sC
zjlmp|#beNMlD`P(_kck<7VRbvya+Nn-$|zxk|*e+v&NxYG5M?m|GS4?o`9T)1iOIH
zdNK~xIj`3wn1J4Y14tD%(xHGU3)0H_5bS#gZ%@X(7{=JXU|V6O_&Vv?6r~WMiQXo7
z+;qrfG}B_sHfxh7K&qzd$H&tTfpsaVu_x#TN#r+WWlO5c!3y+NSjZziZqyBt2%NGZ
zA=9VZEhOb(dzw1Q6*_?MCly?yJR%jRp`f5?Jlhy4{-!)wuj%^7>m#Qg0V@P^Oanx|
z>I`D<6BdD$xNZV@!5mW{A888%^>G-U)2r>tWXyDXBQj<tYEP1qaRRe<jg6%td0~FY
zT5vPYrGLys7?bO|=(vTaUYhneYLCeGJ)qb6s$0uHN!m)BV#_n8Dtcg+nDzupu#kl=
zl$jacSb890qqs6}o+yuBUZgrQ$>2F4q_eZpI`WhY>bOyJT<)KPR*@wyD_SvFKL~yP
zAee&XGRmQ~&!FytU(#IXE=j-qYG%xx<n#N<QW=%dA<x1@L7o{3)!xKp3#0gZQZimh
zA&cBPL4cJF(AS<r9<|$Aiax#NT$~(QASn(tj}pfWHCXaPKr2_C;mf5Z3sD7X14}a1
zeJE+3Pf72&$}=V;di=0td;v8?u$X2fIG_A{V^r|H`{_rE0JV*zp@Q#^aiRCo6d03$
z+CdK%qef7B$aSlq$(ov?`sf`mp|;2enx@vu?Gjs<qWbB9B`6;e+sA^{>C($eGQ|tf
zf@LUx$a9NOc6l39&|pjw^jgQUqscyy5&6$@be4EtLfN*qrf4Gl=w+pbLz@7!(iBvp
z&i|m!NbWV+>U8VdP-TV&>zG$wg-Hf`Jfx3H$SiGd3hj=`ldrAJqggA!#>zuCB{=kb
z+sYKzL&v|aSmqyIMA@ZXOhLVhHgC_Rzq|q3?DJ^a?9s;-dYTgO(e^79xlOx*6J&8w
z1Kahc;C}l0Tc{Z#gDzmJ)1w#Ojiz`3idLZvgu#j`&Jf#8rqDs!X*Dbbo*ybCIP^`q
z*%V8pE7l-8YNPG0JzhO~&l#giJ}scree4}%^{X%wHF+2PNnF=ktgz7~=WauprTvW2
zMGu6fvq(#;C7a$>gKWs>(}pv*neA^zA?TuO)<Q0e-vhpEbx`{B>N3z2*G>O;4-^yf
zVl-5}DHvjk>Y-h!vT)jew<W$g*i_x-d#EX*mo8g}dLlCUEf{XYOhJ9rwjQ-WkhP<+
zr|*_drl@{8Z39XMy=K8zk4JCjZKkLJx^W{a1^dWcE3mxMwe1d5)F4gStO#Y<5@dDy
z^$v+y#&{5l^U)DoK>x_tb;#<|9GD(aU+-{Ze9;pWX>BbG#Q@|)s4C#sw|0anD&$45
zJ>~i}D4X`%29pap@D5myk!EP3OF>iih#R*f7dVrWELLYg?}Hj`iteUGAAt+Q7w|EL
z1Nx}+<Ho44H52K5AETD2wKf5QyH9Phs8`*w#uP*kcx=A-1f=cL0`s1LURsk(QN6U~
zP80|2{Q#6VXbS41ckY5|mh{+wtS#Jn(JV2>gY8iuCP&$r<dTltP!=gVh>FOORrXP2
z%x?4q+4(t2Vh#3kbMI0!k^wQa*Qwfr{HU!r6cW)qqfpjq_yfkIKz4q*VlQ$d;@yIB
zY!91)2591b7=mD!v@Qzj4byC6T-bR8Y1ad&2_jRw35i~9fyIRetBuit%OG9$8O&;=
z#A8WtaybJtOz}i|`EyvL2%exs4s^zurE`qIVMPr|QR;eo=$A0Dwe?7vnUYwf$s_3v
zz+=XgfMJP#@D+*$SwXarsk6RIh%v6@gVn{^uVGQv%A@&$J+O>cX-N7BFjGlMR9Di<
z|6ICtEjSyieGTdT-@q)ZWT03plr^u<?e@1AK5SCVyQ%dfg4^0f-~Sdyu`9HGRq<SI
zQN>F(s?ZyxiQl7K<d!sjVAZ)K6>Y6?bt3I`2;GR>p{xy7oyVo(tuw-tz+ylWM1cUN
zgQ>ZO=Tq@MFvRn?X#O$u0an5rRx<Bf6kF!<Fqv#HMDmI9@~3l1!z^4(eaBHdq{P)V
ziMl*NwaP7q*a0_P_A|N;DFN*elGm*wZ8b)c<l7eIQv0tkX({3A<fbmKSH;<Gh!c)j
z6Ztpv8APM4ekK(!Yv4zQn4&jE(Z-Hr$J{?+!bGzCJZeHdJb_Ltap*A1teu}25@EsT
z<L*#oS*x3Az$Qa9e}MdX68+_M>lMf4VQ8NkphZHiq{V5p7yPz*E$}f(?K4F7c;wPu
zIkf5w>W-BdW~hxm*2X=Ch;AQUe-3p;5ONLUFyS6B!~y58`%mP>5Zepmu-1KPh~o>&
zJ&)(m*Uy84&h6zI=Vy)k+7Q?8r-%Mlc4ZI@vbtC=_!*O_M#ERxwI+ZDbRSEWokvYc
zp9|<KCElYk3?XP$_r5W#G~lH-UxZbXE40Yf>SY4`&KQrrehHN+E~Job{7g3A8=?gL
z<kDsIImBi{C;?_I4jZCCfadZQaH_jQOIpTVz@xV62SYr`Lm`4=Q=>A;Wv&1d{ZS)$
zB_=cF8tQ-{$P(s_Nq(mRPEe90dII57D3p}OSo1M~zi)&lN<nI|;1ggtwG}19^ROoU
zXn-d|Vi7Hj!$=9$Set2LV4ZZ_5XVh!h{wOV{oDu*uzvd45Q{}}&XLuBBamH?^--LW
z210CyLTslA@`jekDsyfZYtS#o)r3Me<hMk86~Zwg$p@JTe>24NdI&^i3W@gu#5#I4
zz?+nqOBkE=_3y^mLDDK2FDB&|)#kBojyG(cH$W^Y_yA|9+%8thNyADaVVlBK{1I}6
zR^zPWf&o>3PaC7tlytlaLC{2R9)oNyw;1sXkrHw-10Ut4WYBH3vU7%&1t4+<-bu2j
zF-((U7JeS;)fVB5U6FOjpN145VsSYezoLdDLj52z5uG<gl3WBr6ous1Tzri5%0pp9
z)+6f;5QCD}M=#{z!#KQBW?XuhPz#Ktql<ME7Gm&ELX;uF!Iag*m@P8IjS7G~R)nk6
z2uFgpJkypU|21G50y2IAF^6on7Ad#k$%quj<CHR&$OiF6BTOZru%`siLLN_O$*%PZ
z8^;MoJS!1{nT@a&!5J5AtIithVgkNmSfiVM&=~)TNM$+F+6T#usuEo_!~ysFcTI4A
z*y9Jeg`LC}c1cEDhW+H^;d1=B;tmgq)Wrl7V}Qwg;mz>-in~l(pEJQoOcBxz5W!6y
z_H;jF$FRNwM|G%DIAWwMv#|lL>aRZIfZof4ovVIqN^ET298MQ6Bn{mVQYn^jQ*ydF
zzE{m2$G52NaCvoGSd}V|U+fEy_qD(yQn`eSejzX=F*}`%Zi$zu+1c?h)yKr#%6#gO
z8@(<yH2bIz`bUzJUr*%{lLu%i7?4W3In}M--w$NOAVstmvO<&bAXbJXrZuT<z0+eb
zBLNwg`DC6C4}^5$@x5?2$i7U*Ll_byPwrB4Ch<`AgBpi|6v+40q(^+4`YWU>ma^6l
z3}RVLT*SlJlQCOhgeY=pBjP6^T@T+LNxJ(`O}N8%Fvzl<#fn&R$mv$NxjcPaoZMnZ
zGU?I^_fgX5@NliYklI$O=C9!qj3X^MD~(mNyET47Nz=l2GOCrw3drSNK=t)DcwVYk
z?}`}7@FAmWwVFVM?_xhd9#pN8`GoIQ$}JdERh4*lDwoG|4}*sEn|D(sy?11k#wjGn
zY=*p;WPC4!R7D4AE1EzCxj<2_w#UO$xfsc4HNJXG%`?Gc7$#(gY*F(-@K_xw$mqx>
zwws}Cz+6-E%w~vPpYGsDAyazc4r;0g9;bk-X%_2JMSa`Ht2}<CW=P-(Y9>K|H57WV
zDOumi;b3HxbO$^!l4`I+%`m`|!hGbDv)AMQs5t{nm+xbBLIyw%dAB)mcg6!0lW)Lx
zMG^w={R|%>`didEKAz05AgI1B5=X}msOsN@T)r8%Axn2c7_+83?xTdplktO*Ks2Np
zKnxmBVMIgm<pQP=piWK6rml_(vgSJ6UX3~9hZrP;lJgi)%U*a+YEbVKc$k4eWO$1b
z5Kh5U)lhD^0^f$reFsvxlUm?j<iQs~K+_no+QSf}%_eX4!8aj~I-Cf710bpy1O#Q@
zSL3mGy7Ge>BBi9j0rY2tA=H@VN;NFWMEZz2W_(I#uTVpZcxEK_m#j!<ks1KRk1`q{
z0h`wNTkt$JN>{uo+Q|_J`zS;&xSjgp9F}QFMvc?O^Q555Mbc(i^69l(u_Y5?vGLW+
z{SnIhi~5dE46c)&XOb7FL<PNmx8@i&0&HaTAo9C<zM;%*64?wwWI;J+NM_6u3aBs|
zH?fcp58|}U==4D-lPw1!XMf*8$hqzJEl$aVz-2^u5V#D+v`_+<q`_Pvhje}dQsSx~
z!$qXsJRzI>Fw)V1^qc_JUO9YJ`l?wkc;MI++54=JPhAtSfLet7KI%*`TS-+^|7o#P
z9SdH_8g592E(grXlK@ja3sm~9X<Y%x?WlcSC?bPq1H*5x28OFv2rY^09!DOjydOUk
z_5-Pvt~DhlvO{>a<<4xHHW~Ib&d^>+MLuSR>~+yr58#ffCnwo<!W7g)UwaUP8%;To
zU^`<9>Z3=e;OkY74Le{^_LnJqAm%#YmAn&lI>~;?8Bd&J92s=+!}u;FxiuFl7nA(k
zl$;1YK#d%|a~f``9!aoWFvIb==;mq+-hSoCLFr{vP*03Y31SlaI7b2PJ_9?DGvw@1
zC4SWu+eeo@g42+iO<(qtDQG}FWlENhcQm5cW@0!*ryN5mZD6d8q8E<v!hnF-XYa>w
zdo|U*G}R0q;!kB{#xbEW{o!$(t9W!^-hT<Dr$kg7Oq7S(o>0_8NpvsGGNtDOAOEnQ
zVe~Cn0=m87NqkJn=C*AxYpFj#KYj{#hEb<a&2DT~Prwz^lnlKpG@&qt3e;Tc;-;nu
zbm<%%RNX<z<cqJl7D_(1mtK1Y=OHz_*H&Rl$VaQ@fp$AXJ|4BxU8X1j`p$gNE+vtc
z%z722r|G2&F$|F<z#hp2TVE+FyP;45Y^h{M7)~boBB*5l^VmY3sKMFv@8^^~S%`?O
zjVTciZMy(OqvXVvwljtF#gvfrQj3jlCZLW=o@;3bQ-nZF;ey7N0`lByPzL7<_%umu
z2PbQeza1rmpcvDLY;9^OrFSmEnJ^6hhWy{Nzs8n6Y)l@4ixObXwFA~iFDh6{daG@k
z83v@>qL&m+RzS(qYogeI*k3a>@s+Hc?#QK!mME$Psja0q7!wt}aDK$21{&$brMMf*
zS+#XH#qiP5%drQ^-~5wI9{r5tLV}2MOd*-=vlP(dFJl`@*XCp~{7s%*iwZd%5(6<V
zHE2mL%ybkG+xw80-g`UDD`&RDQt+u!j%-r(8g4*(y^2%G-UUk5`hW0JC6|@lxg4cu
z>h%#$os=l{vw5|%5auOpp})V1lhjmITOYGlL7Jp(1@^LRRPyv*evHBS9s1DgxGh3H
z^58mDn53(d9(n`&P({d5qK>G3CRNekN@c25ayCm}F@}@iP%R7)C5@6md@z<ye+xr+
zUdg2_U1o*`C%K#onu9i3g|!sQ(j8_d3<6Wd1ogHQkzZbAbNU}j;$$-Ex`h*i=#@me
zV-0S@k|0Zm8nYq#;3PyAnK9UsNgk~MqDMC3VshJUmUz<p1!oai@-BW+&2+RqYD`2@
zV#0USz$B=qG};`-pirNOZd{95DkFJ(JI}ZeLiv~8Q|3tUWTcedVM-_fYoeFd;e0xl
zV$2c)Z6i!EMEc@77!hg?Vd;~`py06b$FxvmlWFS}OR41im5nk+5Ph&VRS)H#od?6<
zxefRaHHXhO+7!n_*KAa#TqWI)WbTZTh1*Ad+k~&FPfMRQCIm4|5mZS@1SDf7LM}|@
z7Db<wWWM6b#%RDZeWn&e+C-NwLQ3&?bI7AxF(h9qj22HcgY?jx?J)ir<lP)3Tni96
zd9UPoKKvp6k^z3iseLpco$?WMLi@<_pKVaMu=~xXRe57_6l>%91h%UwpWx%fULj<c
zeQa8*Up<gd=6{4s$(c{#R2E<-le>4|w;+q69u9snrX~gaUUrJr_JX63ys-<Xk;yyp
zQ4D7?=6A`o{c4KpqfhRF?C22iW@BK{=XH}EpW;8&BV}dROd&lniffQ0?u9&W>mJwz
zD`zil?-}Dr9xy9s_TaZsC)gjUA@aK4%)_P{*Ive5B8jjZJG4(3=+$c>S=&QK9mkQJ
zU)YrTX}bg92_>@|L-5!&3B}sB7;^^g4v?{*;iGE1O9vWP43I%sU+nz?HhjImz)57u
z=lDtz_-R>tg5Cw&P=0!p0(wQd`wN^1DFP8VT{{OGS0^dEW%WXm`O6$d)czF=x3)Se
zp;~p+9y6r|L-uPN02*-On<YAgzjZVgn9%Thy!7fp+zCNAjFI3nZ(lQ&vUUs158uH|
zv9C}7C&jmT9|Vqcb+0fc0I38LoA!Y~38_7X)9Bvsa3yN(((?8q-#Ut~8&ed0K62e5
z{D*^M;SFO1C7WUBVVn-ZJU!EInqr7CO_Y&RdjvO8m~Kwb{s1e9HW6l-965?BO(}Zl
z;G?iX<2?XxnV~>(OcOHnDA=NF$8bCaHirER2XC8@^ZC4Vz)v_Hvh>1|*GYVpDXNb?
zdmOj=m)chwlYmZhlh|MIaVICSHKrIIlKCtClE;{1qUNx!q3OTjyHQ3s)jO2(?InkQ
z#*uTPQqb*-aVi}=_icw$Rcrd!37m{b_r758ryRq&1Nsn7V9IcGm7@t80&jK^@<{bN
zjwEt&m16+8SRmw*&41!V^7|@SC09QpRFYOT;LfNuZJ(Dub_(a>f4kFze0x7m;q4RH
zQWrgS2E!?u-Wwo3wbi&D$?b8gH;a+VcO5n|9dwYi`39`ugmd^D>F_PiF56~;9RTy!
zOc9idedte|K)3#Zhoi)Zi;y|yem5fmr*g{_B5VG_WpwUeuyoUAwz88ZXrkA{>Q4I`
zH=}3HV?RoCYiYOIEPBcW-49;Q!T-hALX+rO6Ih78(K#2e2zjWIkX?Gt1T+ANKzU^D
z1)NJ#FX2lJ;SW;;ANWF4gqByp{M~UGc7F<5B3ZQ$XO>+w!F78iwuqSV4;<uH&2K^z
zA)So*z%icO^ADat(pmzY>2@K>w%wQx3_m|fzKVZji-aqtkbxMx(pP8JJM8rOYv8<T
z<I#pu<XdMrj++t-zPC`A3l63eu$X%E1hn>NQ*bfHr_?<|5PWnw7H-sG7H69bebGaF
z7U8OTMF0`~xItO6F*Ha6Huy?CrEx+d;usB++M-zDSLFhU;xuDC33mB!#tD%7^U@oz
zfRTvp5Y`>j^TY9;64Jf__^38p;S7!1TRkU2Z;eYA;>ne5U@pegI=YhQt-^g|NeNCM
zm4|U&_#Ozjdd3R|UnOAM=E!7YbxeYAMg?Z4nO-nq&kw2aVi><E{V-8zk22vRM|G~!
zeUrdZ{mRP^%2C-sIH6Wk0dk3n$uX%W5cI?-w?2}k+a1O9{$wEusd7i`>IGY_39c8?
zwbrKyV7HXZ9Mqn&<(a^{;V@);ns8AEo^J*Y3mtd50RFZx`Lc$l@E-LJMKV59Xh{C)
zB&5+dG6cv8RM55dloc2gfTK_@w#}%_f;fTN<1Mm;A9d9i8e_u^Xnyt1O5)z(XiTbd
zq53J=LT^@mf;Q+t0?HwdvLaJLKIWSqmMgd@5PG0~8pXympeb$^J*mwX3RqKq@57Wg
zf$Yo|GRT&r;OQwzg{iOQ5!{f>&4O9)-oDUoz!(r|vdv~%i-&Y;D150nZ_CO|0bwvG
zT9#HQG+{$wW`S@{x!l6G*ceX=KvvmHg+f<28PEsL>6IIULW_Mgtylo3xpJ{X**s%V
zaO6ttlAalRA(W!_^ZhpASM}Hm`R{Gu9(0;u!)2;;Zi&zcwTBU|F5x5JI!oHzl!QCR
zt%#$2Bf(8e8VQ|H!w8XRqNH+H^p-~QdL;5{W8u6MLDSXkHLe@v<d0Fz0%`x5qk>*6
z6Vl-f%iAa+LE91f0uZT0`8iQrC^%W+SFoze1-~jXI;W`scQ7cZ>0wlj^#GaiRy`zw
zZ0XXznP8*&&7fioxts0-nKt#751?Mp1%HwoHg5wfz{rHo+;Jyaka0^TxB!=~unW_W
zeAlKldE6$eLmyzrW|)xgG{PzP!<cqGreKEYq2DwYL=_RTHI5LJpB61idVNd5T7Pq5
zO-PIW;EL%kp?<_TV?^k2iLP-A4eQ5@H^!8LAcspH;m%NVmMp5Hh(S13yU-_$Qb9NY
zCm0hJA!(nq4hSde?bAe4L^ruPD4YqM5#p5LedE;#ESz0zo|}ExQLHF%DS^Kxk>nJx
zdmG!rqG9o2$jq=M3YE&4HqAMr8&lMbIK<}<NWuivHG&!<5&G7VT4zQI4s5BzbN&%X
zi1;Q27;8Nm3^y<fw{08&dv&F?aJYUJKQN;k2+*Xqf(15=^|h|jSmsh77@$?{gxRPQ
zOe(5i>VE55S7l5J`rSj5tAqw>RH&?@DWsR#=;`fYiW=Hp_>KjInyp4D(Y6T=QI#vU
zX-x;AoX+haBp~efk@0ijuw=Dy6_N*zqwee|{K+ChJB@`0Z2Rf)PD0avabZ4UR+-<!
zCgdYO!=_T5b0&2bzO?I)sPr|)2NvkKE&?1pQZDf*^P55j*<8E4E6la)Zh>`(rK^CL
zsrH6VwXVme7*m5)vX8dA0hXTR)Q8Ag?_slDrjmn;dz8MJa{`84WWVYd2|B&-gkuyN
zfcu9FNlGzO9f0+_XKyv;5~L%=v{b4||J~7&-q1s6hG6Z$lr^9~H2J9+uMj9zZz>#e
z5`4Vs`tggNLIr9U@fI_RoZou4F-0i=JT!tECWS)cIORy7gL}gz59Z|dn302%U<C>}
z)qtfDSkaveM3~d{=w34_kSN_mq0*GB86srRE;kBeP@4#udfK?pj9fsZr*9JO{g<(^
z-<X8x3%Z$Cv0Fc(giNUbn+H3sVsdLgA(I@sUw~^%&pBEuJFQ#-nvz2L_Y?Z4fwQs$
z#$+XTAjov@)H&GN{0%s$Yu#qn)7;NYh<d>3s(L?C{&bX)pH6@aU~7NjR@C`_MEP?Q
z$^lTnrsUip*l~U^P{<;nENS%lfv|xw@0>5pXu{&@%phSPYF(E-ow|H!N`lO|3)tE8
zw-)%I+lC0Q{14mvl^J31>v@&-HYT=VLMA<Yo6zN7n)<Z~IXA5ThujWL{h#&mK@(B|
zxEx0fH-WO{(Cp!`sW9(?Z%m1K=#UY@E&oE|TN4s)w@6RjDGd4-)A5}d36DR<PR`sZ
z*vRR-gcSPDUBcb}GGf0sCI=(d!`AZmUIjPg<a>m3>Tt9jGR5)I`J;rJ)w_a{ZHG-k
zeKd8n;Q1F0mmALra5s{N?Z)33CuBcg>(o3r?~W0ESMNF^v+l!D3ki7Zgoka*0LM-L
z87nkqX#i!fnp6Z)*qGMJ)T1IzAFmkG@Bw3O)P;{t09;JW52h_AeI|j`Yc)~$MF~l(
z%PnrcIbw<(AblqZ=jzA&&=fOBCfz6OWj^G`P1@^+fP?C8b4><!+oJo0ztx-pV*e6F
z`?bMIMb=Lier8DpcN!A~eG=)e2ZU}2B6-?H96?bzft+RP<OoW%*AxMAJd`_yNdJ$c
zIS_rKi#+@gIKvbG+f&9INRZV^=RGWBvs3}wBok0K+z7O9sxS@`BDbT23`hr3dnxiw
z(4IQ`BsiH!XH*M!F{CyT;1IIT9Lpw^`{1awV}|goa@<-=^@)7zXp|V!0I9g?e;*Mb
z&rRnUvz3}+c<9JSp?~xkWJJCtEz2#2)0E-%V=X+W+<r{Pr8=!}<&t2xLTDEyR5NG4
zSG#t{==*<@j;xK2&?qtg4y}~DT;^+u5<^%2)y>-VL)%)bHy%Oa@Ontu`dNsr3}-)w
zVkTVlbp<CxE)N;R?uF2Snm$}IUl`5kB`J3-sqKK9iWS!&dGje8xo=Q%1>JP_v%=db
z6ULpwVkG?<@}7H$LO!4E47Dg(a%wGmpA#mcw&4IFyJB3y*XhYBV}_yb0D-y-NV@`O
zHkpnsaEE$<rHCF`Aapd61{V>0%ZxbOKB4hBb)hgEk+hvSu8kHD3b!?M;z#YFH;l=N
zKFLc<76~uw<P^Hn#|@FA)<S-IRBu2o#FZDpJEV@{V5mlTXN*odD@|(j!#Q9$AMzq(
zXx~ucY(S5^q>OG=M*`5(YM+LT87Gx|6P5Eqn7CX`6estTI@495(@&Se0y8tLZ{DyT
zklPZY+a-D7ii*L@g||>WnySBlqM<1l;3H(|>O)=;9!JEr3neFMchq}>?f^+nh*mtP
z*cDUCklMW}+>Ww5p};LXP&F51OJ?-bMOh&5DaJUIEcas4W`Hw|>Dbu4LJ@^jceso%
zJT@Y_OO}6%qx;eiS%aHj7v4mqwhNB0(#Df7T&u1}-!bb^81E&ZX#~>bOUT%%pzo&+
zK=(Fp=6sRNSqDtQU#Vp0N@0lF&l%7ltuAd_Es}fxzzw5Dq#y3daFTATU?81t=FB2#
zcUbc1>bHd3P+Og3G(!5#>U(CqLIOb7RYFZfFF-#+_JQ=cFS>g~KO}v(WL)fC0~;xI
zI6o8zxrl343C$_|)&y)tghoC5d~C*#=%tQ#!AYb_CNpd$Lm^%;R{wm0qm7jxj8zlT
z{9PfJrmhucpd>%!Vlu1lC(2b}wjE}5!kFLno<LAixFbZDl8;6Duh!X6(GNrYMJm8M
zYmWSa;xe?c37j#lgj**!cZwcIVgN2W?e~GO7%3-eG?faW@Fw&lV-_X2T9ie-i#*O|
zbm#_UAcsT(iA;<Ew?tBVM>8P#BtJd3QFst#grnqI2Sa>xUbkp?U|6KDY*vCriVaE%
zXcyH(vXUZ_(!Iu9iUGG5GJ|_;6UxaywL$|rw^n!r96rSst3TY4+?93vOo@rK+cx1H
z)v#Ku;gO%-PRK0VZ-xjF=}Kkz!4Z#2QnD8Oe*LRqx>@s~FcxJ(;saCfu!czF-dlwH
z9Nw%4!0HDzBI-GjB(nQWpae#xf}9=gXhXi8YUxKxUId5Jq)&w9s>MjxbWYQL#ZJA|
zug(a9*XYGGC$-g(Zg+AAxUZBEM3?M<xhrg&!%Vt^WLW=tD8Q)`l>!~SOLz|EJctAY
zbw)sEsJ<|h6hwX8jFZ7_LsPRlmTOx%-2{Gngmm2_EM~J&xC?<hw$jiWnJ-Q2frBEf
zo=tlpW_a<SkViq1!(pJp{z@eVw=^pwZdOkrC2EF+oJpFzUl<uu$dIwr#^}f)^<ap!
z=73PG3Y7JB=&YH?PpWULtMhP|#=V~lFQKl=Ou`zc84xZqaL}xgkbGMP8q;gSaJbN=
zgdFYQETZ>*3F~`UjWF$nqv$H_(A@w49TW478BI8zpZ&EkNwbDJ^P~w44)Xfy>Mkr7
z)I26Q%u`Hk-@-l}Bt90YZ|!LxWwxLLblS4rj2T#sc!6Q^&UH?>W>{IqrIuTY7AU2C
z*Ma(+{Z+UFUL)sBAV<nA#qfJ7x%v$RNYsaEK1)?nScTxOq|y$VL<$Ni(E|@mxf-}o
znLm68#+Nei=<nYPa4|XPxGF&~G)$y0#GLok9U!n|Xs4V^B5*PZ4$J-kjwf}x+<X|c
zf~j*|Vd~ejhs^{5SC)zq>dlXWE3uY>aoB%MC?h3rLJs%Y!-Ac{gFGe6ld%k=p0OOd
z<3a8HA57{A!qicHOsGX<F{G9x>Bcuf6YI1&2%6i1ovvE?6U>3?LYORh1H~ssswTxd
zal<su)JbsQYRJ#R29z1f0}X*gOpZ7v)vXAgm#fFF=smv*PoYXEvmq0i^>r$B%&dj5
zq$y@6xE}81Y(QYb$fI|k5IV3aww)>AAI%7ZWn(;&hJ7^4Mq8W|yy`UEitiDA8a`o6
zR)Tw_mY#ySTwMSFcWQ^~Oop!6KN*t|gRq8b!kXRnMrS7JSp;JVR&qrPP78L@{YK|h
zGX1Oo=Xuo$7*6P@;`O`P#hu5^D1)u+bxv3fhBah#;Ib!mKe%xwj@<bz2K^#jg0G&P
zE4kUJjj;)T3KF*nQZb)@Scp0bD=IgJmoXK%@|Q3LE$D2C%Yc21%4bL&V0qCV*VP^{
zldSD@_um5CrJ*dfTZb`2qgp3PYSvybkdIstUJdQOA~Ua!!0)C6MDQLfXZuL&0oq21
zEPV);3;QlXrdebG3aczl$w~Et`n^XG%wm91*!NG!&aA!yTjnfJ2uVM5EB~sq?|>`d
z=-{iu{(9ysZ;-rr9!IZE;3gFor|LP_*^-%JWk>zqeoJ?hQD^b(CCRg~Es|2^gFM$J
z1kJ^{bS$=L3%$rTFEqb$E44FbG6Z|*S8iV|r@bteh3XJ%tBsA&yvv<mJZnM>USFb|
zP*jP<S(Y;W&=ywUA`R&WSwBUWtp-=<iL|-Z@{MNO!}APaXuYP>hd<1!hnb}%tA0$P
z<)P5T3y~$24upc#Z%AC;cd<^lz^f}*1bNkPXE|Hf-P^!2K)>_{yTptJ=RNt$j3Zdi
zst4G=8{sS<OY>o|*fz!DN0}i~fe3TN@h~S9NML;{)v{I_9gvC`5}!^Q7tQL1vD_hY
z=9BJEx2%VXLqkEM=XV7NyazIp^(ewI#hBJA9))A3E1?rb9G9V?=?BBWyQ0@(k{=uo
zyRt2-PzRWgRDNL|Vp8YUV&9ta4YFyhELBd9ayDk;quCv>MJ+i9IhQR*!BNBNdtq%`
zQ3HE%_${COo@W^xb{f??jeTcU9a!BN`S2oBGA|J}hN1mfs9#{sIpkDbWdRGU#+p;c
zXk(bd7zPKHV)Y|-C*-aH88<jr$8w0Ua7{0=d>z7yUcCa=yeoCK%Ocp|=E~VxID28U
zXzmi&ffUhaY!;Y%6%N{l$54m^?jGJNX5s*&oLXvG6B;}rgA!W2!9;d;I;W@Lw!hlQ
z0vj1N<G~>*b(F!|EY$3aYi5;!!{9&}=y+RrNu!FTvwu1@ziLbaGE*eFrK#mZF!yz7
zkhI4*)mGN0?DX)FW|oQQ`R1^@)eS*il^G_kF^}6r=h!W)A)TT<ifhL%>{ooMp*HB~
zWSY_m0z1mFWRmuvHjfjb!UAVEU&0>t+u^B}!DNH>8w9W%A>f_|h1N{nB8%aW2g*g-
z#MYU-MVNQ|;WNvbq_(9co!n-z_{nCMMN*0x<cP)cm{QCjJ(l7!<+nbOxh1SidhaMU
zZl5T^+#=~}-0ik#F60$IgT6vNcYuddTkF&>KEZ^%1hY*?c5gErr_Q6#cr2S#bDbVG
z)0!#<$^J*`*eZ`NNT2dqUPc{sO2-gH{chsF#>ywcNhIdlfg{k()D<w<?*m)a@-c^-
ztPfg}$&qU3U1UtqvM}r)fF)sQ7J(?FekehnBdroG;6GDLZhH+b(!KhdZ!BhlfvHS=
z0p<7^PB_@0tjnufSz4nGVHt;}LT;H5Yeo_#vNm9p<#XjZbbo8hhRDtV@>|%<#O;mB
zjEPCgdlcJ64qFpAY@J6hwS}(GY>4Lag^(#*{+7+tEq?($7}F*iJ*^5BFDiPaUwchs
zC<4phd*0NHF*pg*HHtD>*3pvBydFI|SXQXZ<#sR|E9NRx1Ah;7saXw>0wyUnG$+?)
z!5&-PiI=pqxX73%oUf2U*IC{OPai-vWKhV#XLO1J2NM0Xva{tJQVyNOCn<nTr2?eX
zCPew3r663q)>^64K?=KCGU=PwTNb0NFcP@(HLaJ(gOBK{5#dNUopFQZC0Le*bT-72
zn{3=&$H@)1L4!S0&$gfFZb>EJKmq4icMF`PR{}fjLL*)4ABghl4CQ*WVFpW*W{mL0
zo))%Yr{j8BZbnHE9}j6C)0L;~bzDl2AWg6JvU~t;SIq^X8}X!_vyQ2RmkUE!M{UTg
zfTfH;@TG{Ho#*@y`Sg8QbsV_?2KIh<IW(!d(bB!H!<=i^CbM?IBngb!$dH>tmJv1|
zMM?!NDf|YfDwIjJt_kL9*lJt@*eAtbskS7)A6yTh?pDFoQAA5_f&B(hW_=$PW9Y_L
z)xojZn6e0KJ-Ez5rQG5<XC6J&&vFlH8xnAc9$e<F>*FnE^k6kKqrXLFF5_0LQ$wo{
zuD!LURN#W_fy&6Je<cPM<-#mZ$006IJ=pRzstiqUa6XO=CT^7<Z!)M|FcHDsID;)&
zbih!{{oJ-VL=CLCP7qd8Y9dV?W?2A(I}sM%b=@c=#S*Qtk_)yz<?IFs=Znr<3Jx>4
zAWS)=%nMQ^j^sK90&XjZoI>UL2)ci`1)>w7=^=~`?_jHXv`(cSP%al4Q3KBKf9|w|
zf?9Vf>tMw(&^BaN!aV3CaNf8RB^OLK#bonZ@czwP67p}%xy#ZKRfhLXA<YQgL8<C%
zl9^Z`D9}v3YJ&711q&RA!{pIk_gMOcR3(%X9gf%f$dS}KZH8;bA;PKLSn>Y7%BBI*
zKN1r(^Ba)J?)W;=^}>YjSFWKTa1BKcIlCNMq{bE1mBRipF!GnpbJ*Dfb-6dXB`hJ}
z!Q*OJ+7DOhhdNOwz+|(wLdxI#v6gULyWUMvu?Ybm1dgQ0WfbJo39wdFV;#%JTfpzb
zTcuF)3AdUkG9~YeY0F-E1$SNSg5$l~wky0qagovjA==pq`Oo9;({{v`w2(}gmPtYK
z;2d0>sN6;B_5?f<WCBjMe4$R)ZD4$=yNl4o!@U$B#e`88%pBt%w7kMr`Wc~P))9G<
z?=$PFh#F;`UkjJ&{Qi(;*D1KA?u95`Xpa!$#6=or*U=ak?4g<vg#aBs)p94RoHP$u
z;)C@s2GdQN;Dc-euS$#zdfTb3WFV$ijatKvFCpPE4GVhpGjg7C8>{*c!T)t{OVDl`
zq(NAxDZSu>!?rrj%s0l<UFSz~9<i)w4T(S+1vZaIk;*Y56@a&xo`1x$4h~|ml$a>Q
zY(qpi8hL1@Wi24GVHJf~Y=o%Xb+YwQ%ZFa&UFr3-I?D(VUb#))d(5&5UI$rk8*_~i
z^>1+|s~@+#oZ<yVj#N$4pRz22cjag=sUT1sM20_Mv8O_m(&Z{~x!gW@LtTkWc`|$j
zdeS1qYcHnIU}y8N0e2X7jwLA`?mky;<u#xi48y8)*&8V8hxJCos+SXMu*-NJ{J^*J
z1o&MJJZLYQ&|u%<VS^!9ir%(-b&Rf@7u%$OR;`L{m_;vs9Q$fhI&fR;5)1w8Z0s$0
zbZBARnOu56jDw@+%@X2*nY5=bt{<X1?ucvMkhJ`dr3-C1Ebe<m_pgk-AJLai#U4TQ
zRezjQpk1ru{<Km1vbY9t3+1%9E{L>U8h46LJrfI=tbgAg_Zj(mZtNGN^V_kPXkbI!
zh&?ppsrZW?`r;GulM(f8hGx*DP4RX_N1Tm+-a$XHS;yznO9j?F0u_VSUqrg^KI_G7
zY8z)=6H9kIZIucEMZJi*eu?@5VJWH7XYa=_fQ|GjgH`WZ)?n9IZ4KQ4SFpql>AZfw
zPI3HxtqO|Xv8Ke6U)Nik<VZJlm^|SA-naG}-sgtlUHgo?ee9h*#F3=&2CIYIHaadY
zHqZhtPbd91ScwsA+(sU@%|`2DBiPeXuw|R93-jyeA>pB^Wb0mdW6;S>R&Z-Xc(HD_
zF3U5*A@6LpW|Gf0TXXa%e{HrdF{`F`Tn?P;b5BUh)!KV_i}iJ*HY~2?+xuCq^%W!7
zr?*;rsf<_@Ig)ptOUfmew_1NRf*<&ywFPOk-C7!r^y!DzR5Ee9^)nO9IyC{(dYZA$
z`V}SvcUY%c;UyR9mE{I%719sQuz1bXHOc^Z^@im$D`&8DM(A^EG7JMfY?N`+84Fdl
z*^5jJ_>D4z?A;~x!`7jzm&3^@ej{x=WgQ#u^6B{<l)$wu7#WI#6CR3(dEUgpM#-1G
zlB9lqeGwiMIcTpR(O{48Jor6f({VH*6?ib|H-Cg*Rle+9BO2YmIJz*MYIJ9z^9d`^
z`NS>p@cIQ^`_?9LvIs=@crOViCiZd>jrKYoR>#K&Dy*5@qD*5z-*>e<-CziI7TTJ$
z0&Q(D8TwCs>w?CIn9TDW>XTVWN?w7al<Po0)hqfn_-QE|yg$+})hR8>Ph->Bpi|9;
zo3tC3J{4Z<n9{!GEX&~(_@q+H;j|?K$%b+1eIf?QO>)PlKSW=a(odzpMM)`J=<Ms$
zTc(g_$MfV)j!*wokF{+=`W}6G(ZuxK`ttZm=?~Klx1?9(lT(v;QeE!jL5uI_N&S64
z|9sD6zWkpD(s$~sdf-7GzxNa#zWgDc^?x4X;lF%1eV3lzn^SrC>C@8p>Yw+oPT#LD
z`=+N;efjU{8ay+!?H46BB)`t!VcvX%r}5ZK{&}fABa;kxG<~C<aOq>|`}F0@QRQKc
zle5W*$J5v8f!?0Qw`S%Oy!84#$v<!Y6kise=F8til~>Q^pFcK-m*#+H_}*~O<;&K2
zd~Y0yDzBT*!_R$|FW)Ki`0bwKpJzYMKR*>!{%8RYznJj+k6*|?zy1ZDUdbZ<`F|Jj
z&-cB^msc$2%hfOO__r+K%gvYa@UhGI@}a2md&~Lfb6)1lBVOU@xA_nMJnL1yeDYPk
zf49BHKVP(hFHd-#FW>M6Utj5){PT-%^77uhl81lwE&lnGw|V@&t9bZ|)%<A1Yxwea
zQRTJo@XzPG%hMlG!<XBx<>7PQ<N5nNs$Ba%kH3)e@T1r9^g4gQ5Au@reECvT`HKxa
z{@WY*^5dI$`3&C7mwj7!`YE-1fB#g=Ki|BSFE8B2mnUrJ>+kj<UoQKIhrjv}|NQHZ
z`RDI^!t?vY4*vP=J9+%pyZGnXpYr81QRSVx`RA|f;oJY<UjF%w`}lJ6{d_t80ME~n
z1N`&#pYhM-&-v%0zu=#D{*rHh(O3NQzoW|gzUJXyJIKRVf5X?;|69K7{Vsine*TF2
zp2z>;dmjFSL%h7^9_ICZ<PUtg@(7Qgf0XC<Y*cyv`0^Zb=vev&JyWmz$P=0R6JPFk
zoM+ngGygpC7ry*cRC)8S{PTss@#P68_(os<J6|q7$v67%lRW<ZQ+)Z&(>(t4GyL-b
zXZf=49N)g=KX@Vj^al^W`A;66{KY>Xf1WRQ`<pK}`7d9-7FGV{0#E<li+uU%OMH3w
zWu9KUD||WcAHMuYRC)JRo}Ri~T6c|GE<InJ!L641qYQ2t=fQkAN#Nm+N0ql&_~$Rg
z^5uzfJiYGm{PU((uDl?D2mdC4drWE)`SP43zC5x4k6)F{KW~`Am;Z_??@i_LSETXq
zGt&9;zzn|Z&*aOgSv<X8vog31!Io?u{)HUAJTaFq_sHYR<@p@_1r50(`KBQcUQ@tV
z|5PDg9#+J|w=U+(**3m>CaS!%gr~Qxl;`KcMm+wFjrnr(G9Esz3IF^^RC#?<9$qfz
z;YT;)%Uvq?GK>&zG+d4<f9c5J_IE3t8QlJEW^=y&K`r>_zLtEsfs2>Vk1qcC1~*@p
zJv{t9UcSDLKE7P&=ga4#%6kJm{nvtgd78-M_mlYNEnD&ON@&f)AB!q)Xv6dWY+Ih*
zJ?(h>j+OlLf-1iJXB7{>yFJg(YaRIV^p1RaKqtQJyN)lXbmq&yMwPd9;h!(Qp6BPj
zuKe>-cX>X!>xK+&?a;a#kCfG&M>^e|SGo^-@IqMJlP^!|#pCzv&C@UM!#_uT`SN#B
z<@avn>wo&D3~ujy&e9;CjJ!Ext$yv%^cKFS|G6cDb4MKLm%+IcUb~ftpW2@<-!y=4
zq;nu&whZFozZ=9quNllY;>jWW^I=1IeDOBEoH~pz|2!<?Gktrv-_8s1r91fY<l%fL
z^d7-Kx8KQ^EhG8z;gLK(y^DW7|8BlK>K-1x(<r|E4e#a4XYb|P_sM9U-tsYg`Ju5q
z{hP+|<>upg`NmG*@qd`W!>^mjm*-F7%lF*J^ILU4U(T7#*LOOq{P6>P{mUNY%TuQC
z_1*XoUv@ss!^chKpZ_qGfBwNVo}c;Ey#9}v&hy`T22U^R5x#sXs{HXxzP@FT^6(En
z#yzJuKAw?_^a^|5tc=;<^5tC58Jz1h5OJM8neiRK>fP$mVSp&tK6`hv=8}zqjf#hA
z?@Km-4aFC=5C?lhvH@(!H5`I9b5ZNsro?1}dKdKrnVcMg5xNg%j)s`5p6<_4un~TL
z$po3P_Z`>IuPzLry7t*ijy2eiv-CVbh&>!K_#~?>@Su0=N6FV4a;a-_U@tMQpNHru
zCVO|W2HPN8&x0or>Eq;VDc&XOWfsLlblcb~iZ!}7@N|RTaM+?-_AJyb2R^y*$%9Wm
zd>X>106vBADS}Tid~EP3fln!X8o{SAe9GX{1U^kypl;=N#Jkz6jSbozs*}kG?grI`
zNut`~i}b(RPwc(L_0#o7WW-?2#th$2@D6Jo51Y#y<$CK035Ref`rL{T!L{Wdk-g*M
z;=qgUgH&Azh^8rj1spC{!l0h;U!sRxs4f3k2lURMq+F{4Bmoea_f<kZ#2MLZjtv?W
zQEIhO?9Ijoun|R7VBPFp#`VKS3zogUScBbL&M99oG+<|;edR0AzGmYg#-<;L(VfQg
z;bLzouAdKoM5xzQ%oOrn0e`gQ{g9)gX(>frD}F@z-WI`<W}Qade)q63CBR6qxx2-<
zk;6y2-SpZG6}#5NH*4RwZ~OiO<*nc5Tb(84o%*)#d=uHas3HqHOXO*XY)OMFTD6)q
z;(<v62UigHI~6%{+ldJ^y}mn&{%@#qukSMDgNLLQCD$rG5FjCiq<?BJqE+kc8<7Ax
zC#+bw-o6M4kXFKqUv02wU<_B@q<v~Hp^2OAFT@Hik574MBi}q#kwexLI^1;d$M#m3
zR9v>_Dt}&w0Y)WXMr@la63EyM70C=RZKwSz)aD6NppXl2@E#q77QJB)TucQ;FC)Ep
zzdezh4Z>ZFH|?`GRUWAHY!n`>P>MkXu9$rDSw$A<c0eOf>?hG3#B~{7DGPrMA{&p}
zlK@sCTfYa`*SAzOBxg3*-So=m_Be$L^+6eFcd{amw*1oG1b*{*72q;*>P343DcEdp
zM~0k6@nqggltgzPwC_eMmL0T%M0}+7dwUb|<gXPODoqA9=52sY_ycWYOsJ@#-!_o0
zUn%VP{1j^VQ-HsikjZ4h4)1mY#>msFQ3hFZ2#B0Lk7h9<+;7v#++P$TkdzGVFQN;M
z*%t%Xeyub6{$#%ode5y2wTS+5++L$RRfSbV*Z*RtN>S_E`M=rWYG*jX1btgfK6%-m
zO!u9z-w6<q9->me`J{a*LXhXT4tl#^xxIjO;%%qxF9Z7lRw)_zTty~ndD<SJqyDfX
zrCnO}v(MYxK@qNRRjHl0U>~gz*SMK{$=+5eYC>o_3GRL)9$@0kWxE^r3aWh3s(<Wj
z6@_F(NKPwzI{Eo~=$F<@;Swfi5}wJ#q!gbobj%XqCMLB$a(yR94!M+OPiC@x5jjSa
zxmWDD1payez?cY$7du{ok|x2wu_IZjPLpqAi=$Lfcq!cnG9ul9*u2gfMY=lPu@F=k
zZa`DpH!{&tp`f}5%7l9X9_-?1KsO~hP5_ALR)3>AQXK1)qE{(4ldqH~(f89G*Mk_~
zP#*krU92MQe?Z#H(&5Dg)1Poy>4SNWS|ICDaVkj3W6mTxuA#$%;Ww=Z@<!QH$=s13
zI~a|xC>3Zjo@jH-P>Pz2N6vO6lfakuc64YXhezR6BQW`XdqbsfJ@lW(j#vShnE$!m
zMjMqo8Uebbj`t$+@p5MteW1btoeXB1HF}%faTJDw#02!%d-hDy=E;!Ad%BcHY=L(!
zY_Y@Z&((p+{kEMAQ83i3%YL3?&u2pvz%sB^v&!Y9_n3;t@@-N)={de4jZ}FZUC7zy
zxEYx)!e!9QCRLPD_-(cYQhuu1IC9DKT@~46`a*mB`=X;=7QFRJ`E|isyM=szAN1q?
VfTPo_jolq|V|Qn#QS(cR{~wL)lzjjI


From 8fa855e4d13218a90eb79372cba8114f9416b594 Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Mon, 9 Dec 2024 16:04:01 +0100
Subject: [PATCH 121/129] feat(CreateProject): ability to disable expenses
 (#10532)

---
 server/graphql/schemaV2.graphql               | 60 +++++++++++++++++++
 .../v2/mutation/CreateProjectMutation.js      |  9 +++
 2 files changed, 69 insertions(+)

diff --git a/server/graphql/schemaV2.graphql b/server/graphql/schemaV2.graphql
index 36ab86998df..f74158a1f6f 100644
--- a/server/graphql/schemaV2.graphql
+++ b/server/graphql/schemaV2.graphql
@@ -416,6 +416,11 @@ interface Account {
     """
     searchTerm: String
 
+    """
+    If true, return transactions with debt attached, if false transactions without debt attached.
+    """
+    hasDebt: Boolean
+
     """
     Only return transactions with an Expense attached
     """
@@ -2926,6 +2931,11 @@ type Host implements Account & AccountWithContributions {
     """
     searchTerm: String
 
+    """
+    If true, return transactions with debt attached, if false transactions without debt attached.
+    """
+    hasDebt: Boolean
+
     """
     Only return transactions with an Expense attached
     """
@@ -8077,6 +8087,11 @@ type Bot implements Account {
     """
     searchTerm: String
 
+    """
+    If true, return transactions with debt attached, if false transactions without debt attached.
+    """
+    hasDebt: Boolean
+
     """
     Only return transactions with an Expense attached
     """
@@ -8944,6 +8959,11 @@ type Collective implements Account & AccountWithHost & AccountWithContributions
     """
     searchTerm: String
 
+    """
+    If true, return transactions with debt attached, if false transactions without debt attached.
+    """
+    hasDebt: Boolean
+
     """
     Only return transactions with an Expense attached
     """
@@ -10360,6 +10380,11 @@ type Event implements Account & AccountWithHost & AccountWithContributions & Acc
     """
     searchTerm: String
 
+    """
+    If true, return transactions with debt attached, if false transactions without debt attached.
+    """
+    hasDebt: Boolean
+
     """
     Only return transactions with an Expense attached
     """
@@ -11496,6 +11521,11 @@ type Individual implements Account {
     """
     searchTerm: String
 
+    """
+    If true, return transactions with debt attached, if false transactions without debt attached.
+    """
+    hasDebt: Boolean
+
     """
     Only return transactions with an Expense attached
     """
@@ -12569,6 +12599,11 @@ type Organization implements Account & AccountWithContributions {
     """
     searchTerm: String
 
+    """
+    If true, return transactions with debt attached, if false transactions without debt attached.
+    """
+    hasDebt: Boolean
+
     """
     Only return transactions with an Expense attached
     """
@@ -13549,6 +13584,11 @@ type Vendor implements Account & AccountWithContributions {
     """
     searchTerm: String
 
+    """
+    If true, return transactions with debt attached, if false transactions without debt attached.
+    """
+    hasDebt: Boolean
+
     """
     Only return transactions with an Expense attached
     """
@@ -15188,6 +15228,11 @@ type Query {
     """
     searchTerm: String
 
+    """
+    If true, return transactions with debt attached, if false transactions without debt attached.
+    """
+    hasDebt: Boolean
+
     """
     Only return transactions with an Expense attached
     """
@@ -17168,6 +17213,11 @@ type Fund implements Account & AccountWithHost & AccountWithContributions {
     """
     searchTerm: String
 
+    """
+    If true, return transactions with debt attached, if false transactions without debt attached.
+    """
+    hasDebt: Boolean
+
     """
     Only return transactions with an Expense attached
     """
@@ -18182,6 +18232,11 @@ type Project implements Account & AccountWithHost & AccountWithContributions & A
     """
     searchTerm: String
 
+    """
+    If true, return transactions with debt attached, if false transactions without debt attached.
+    """
+    hasDebt: Boolean
+
     """
     Only return transactions with an Expense attached
     """
@@ -19207,6 +19262,11 @@ type Mutation {
     Set to true to disable contributions to this project. Host admins will still be able to add funds.
     """
     disableContributions: Boolean! = false
+
+    """
+    Set to true to disable expenses for this project.
+    """
+    disableExpenses: Boolean! = false
   ): Project
 
   """
diff --git a/server/graphql/v2/mutation/CreateProjectMutation.js b/server/graphql/v2/mutation/CreateProjectMutation.js
index 9aa20c5bce7..65cb8c94b3c 100644
--- a/server/graphql/v2/mutation/CreateProjectMutation.js
+++ b/server/graphql/v2/mutation/CreateProjectMutation.js
@@ -58,6 +58,10 @@ async function createProject(_, args, req) {
     set(projectData.data, `features.${FEATURE.RECEIVE_FINANCIAL_CONTRIBUTIONS}`, false);
   }
 
+  if (args.disableExpenses) {
+    set(projectData.data, `features.${FEATURE.RECEIVE_EXPENSES}`, false);
+  }
+
   if (!canUseSlug(projectData.slug, req.remoteUser)) {
     throw new Error(`The slug '${projectData.slug}' is not allowed.`);
   }
@@ -115,6 +119,11 @@ const createProjectMutation = {
       type: new GraphQLNonNull(GraphQLBoolean),
       defaultValue: false,
     },
+    disableExpenses: {
+      description: 'Set to true to disable expenses for this project.',
+      type: new GraphQLNonNull(GraphQLBoolean),
+      defaultValue: false,
+    },
   },
   resolve: (_, args, req) => {
     return createProject(_, args, req);

From 20ef10ea200b05c728c8d5930725b116cffaf26b Mon Sep 17 00:00:00 2001
From: Leo Kewitz <leo@opencollective.com>
Date: Mon, 9 Dec 2024 13:01:49 -0300
Subject: [PATCH 122/129] Add Expense.transferReference resolver (#10533)

* feat: add Expense.transferReference resolver

* fix: lint
---
 server/graphql/v2/object/Expense.ts | 16 ++++++++++++++++
 server/models/Expense.ts            |  5 +++++
 2 files changed, 21 insertions(+)

diff --git a/server/graphql/v2/object/Expense.ts b/server/graphql/v2/object/Expense.ts
index ef71231b246..f607f496b55 100644
--- a/server/graphql/v2/object/Expense.ts
+++ b/server/graphql/v2/object/Expense.ts
@@ -669,6 +669,22 @@ export const GraphQLExpense = new GraphQLObjectType<ExpenseModel, express.Reques
           }
         },
       },
+      transferReference: {
+        type: GraphQLString,
+        description: 'The reference text used in the payment transfer',
+        async resolve(expense, _, req) {
+          if (await ExpenseLib.canSeeExpenseCustomData(req, expense)) {
+            return (
+              toString(
+                // Wise
+                expense.data?.transfer?.details?.reference ||
+                  // PayPal Payouts
+                  expense.data?.payout_item?.note,
+              ) || null
+            );
+          }
+        },
+      },
       lockedFields: {
         type: new GraphQLList(GraphQLExpenseLockableFields),
         description: 'Fields that cannot be edited on this expense',
diff --git a/server/models/Expense.ts b/server/models/Expense.ts
index 729870e6436..d456178e0f1 100644
--- a/server/models/Expense.ts
+++ b/server/models/Expense.ts
@@ -110,6 +110,11 @@ class Expense extends Model<InferAttributes<Expense>, InferCreationAttributes<Ex
     draftKey?: string;
     taxes?: ExpenseTaxDefinition[];
     lockedFields?: ExpenseLockableFields[];
+    payout_item?: {
+      note?: string;
+      receiver?: string;
+      purpose?: string;
+    };
   };
 
   declare public currency: SupportedCurrency;

From 33fb431b3507b60573a27bf2382939ecbe5d529d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Hodierne?= <francois@hodierne.net>
Date: Mon, 9 Dec 2024 20:09:11 +0100
Subject: [PATCH 123/129] handle merchant_id for host fee share (#10535)

---
 server/graphql/v2/interface/Transaction.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/graphql/v2/interface/Transaction.js b/server/graphql/v2/interface/Transaction.js
index 7ec8f6f26fc..2e72a615024 100644
--- a/server/graphql/v2/interface/Transaction.js
+++ b/server/graphql/v2/interface/Transaction.js
@@ -34,7 +34,7 @@ import { GraphQLTaxInfo } from '../object/TaxInfo';
 
 import { GraphQLAccount } from './Account';
 
-const { EXPENSE, PLATFORM_TIP } = TransactionKind;
+const { EXPENSE, PLATFORM_TIP, HOST_FEE_SHARE } = TransactionKind;
 
 /**
  * @typedef {import("../../../models/PaymentMethod")} PaymentMethod
@@ -750,7 +750,7 @@ export const TransactionFields = () => {
           }
           return expense?.data?.transactionId;
         } else if (
-          transaction.kind === PLATFORM_TIP &&
+          [PLATFORM_TIP, HOST_FEE_SHARE].includes(transaction.kind) &&
           req.remoteUser.hasRole(allowedRoles, PlatformConstants.PlatformCollectiveId)
         ) {
           // For Stripe platform tips collected directly, we have to get the merchant ID from the related contribution transaction

From 38da99e5035706b09eb13d54a3aa3a2e643c845f Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Tue, 10 Dec 2024 11:00:30 +0100
Subject: [PATCH 124/129] deps: Upgrade to PG 15 (#10534)

---
 .github/workflows/ci.yml              |  16 +++++-----
 .github/workflows/e2e.yml             |  25 +++++++--------
 docs/postgres.md                      |   4 +--
 scripts/db_restore.sh                 |  42 +++++++++++++++-----------
 test/dbdumps/opencollective_dvl.pgsql | Bin 2930688 -> 2931712 bytes
 5 files changed, 48 insertions(+), 39 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index cd12b1df881..a10bf7d1a34 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -198,7 +198,7 @@ jobs:
         run: npm run build
 
   test:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
 
     timeout-minutes: 30
 
@@ -209,7 +209,7 @@ jobs:
           - 6379:6379
         options: --entrypoint redis-server
       postgres:
-        image: postgres:14.15
+        image: postgres:15.10
         env:
           POSTGRES_USER: postgres
           POSTGRES_DB: postgres
@@ -242,7 +242,9 @@ jobs:
       - run: npm run db:restore
       - run: npm run db:migrate
 
-      - run: npm run test -- --ignore "test/server/graphql/**"
+      # We have to specify OPENSSL_CONF=/dev/null for html-pdf to work
+      # We can remove it once we tackle https://github.com/opencollective/opencollective/issues/7622
+      - run: OPENSSL_CONF=/dev/null npm run test -- --ignore "test/server/graphql/**"
 
       - name: Report coverage
         uses: codecov/codecov-action@v4
@@ -251,7 +253,7 @@ jobs:
           flags: Unit
 
   test-graphql:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     timeout-minutes: 30
 
     services:
@@ -261,7 +263,7 @@ jobs:
           - 6379:6379
         options: --entrypoint redis-server
       postgres:
-        image: postgres:14.15
+        image: postgres:15.10
         env:
           POSTGRES_USER: postgres
           POSTGRES_DB: postgres
@@ -324,7 +326,7 @@ jobs:
           - 6379:6379
         options: --entrypoint redis-server
       postgres:
-        image: postgres:14.15
+        image: postgres:15.10
         env:
           POSTGRES_USER: postgres
           POSTGRES_DB: postgres
@@ -366,7 +368,7 @@ jobs:
           - 6379:6379
         options: --entrypoint redis-server
       postgres:
-        image: postgres:14.15
+        image: postgres:15.10
         env:
           POSTGRES_USER: postgres
           POSTGRES_DB: postgres
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index 9f0d99562e7..71a5fe413a0 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -15,7 +15,7 @@ env:
 
   E2E_TEST: 1
   PGHOST: localhost
-  PGUSER: postgres
+  PGUSER: opencollective
   CYPRESS_RECORD: false
   CYPRESS_VIDEO: false
   CYPRESS_VIDEO_UPLOAD_ON_PASSES: false
@@ -34,7 +34,7 @@ env:
 
 jobs:
   e2e:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     timeout-minutes: 30
 
     strategy:
@@ -48,7 +48,7 @@ jobs:
           - 6379:6379
         options: --entrypoint redis-server
       postgres:
-        image: postgres:14.15
+        image: postgres:15.10
         env:
           POSTGRES_USER: postgres
           POSTGRES_DB: postgres
@@ -62,14 +62,15 @@ jobs:
       - name: Update apt
         run: sudo apt-get update || exit 0
 
-      - name: Install Cypress dependencies
-        run: sudo apt-get install --no-install-recommends -y libgtk2.0-0 libgtk-3-0 libnotify-dev libgconf-2-4 libnss3 libxss1 libasound2 libxtst6 xauth xvfb fonts-arphic-bkai00mp fonts-arphic-bsmi00lp fonts-arphic-gbsn00lp fonts-arphic-gkai00mp fonts-arphic-ukai fonts-arphic-uming ttf-wqy-zenhei ttf-wqy-microhei xfonts-wqy
-
-      - name: Install postgresql-client
-        run: sudo apt-get install -y postgresql-client
-
-      - name: Install graphicsmagick
-        run: sudo apt-get install -y graphicsmagick
+      - name: Install dependencies
+        run: |
+          sudo apt-get install \
+          `# Cypress dependencies - see https://docs.cypress.io/app/get-started/install-cypress#UbuntuDebian` \
+          libgtk2.0-0t64 libgtk-3-0t64 libgbm-dev libnotify-dev libnss3 libxss1 libasound2t64 libxtst6 xauth xvfb \
+          `# Postgres client` \
+          postgresql-client-16 \
+          `# GraphicsMagick (not sure if needed)` \
+          graphicsmagick
 
       - name: Install stripe-cli
         run: |
@@ -228,7 +229,7 @@ jobs:
 
       - name: Build (pdf)
         working-directory: opencollective-pdf
-        run: npm run build
+        run: OPENSSL_CONF=/dev/null npm run build
 
       # Setup Cypress
 
diff --git a/docs/postgres.md b/docs/postgres.md
index 6261daaada9..99095cf8909 100644
--- a/docs/postgres.md
+++ b/docs/postgres.md
@@ -1,6 +1,6 @@
 # PostgreSQL Database
 
-You need to have PostgreSQL > 14.x.
+You need to have PostgreSQL > 15.x.
 
 In production, we're currently running 16.4.
 
@@ -57,7 +57,7 @@ If you don't want to run a local instance of PostgreSQL in your computer, you ca
 Create and run the container:
 
 ```
-docker run -p 5432:5432 -e POSTGRES_HOST_AUTH_METHOD=trust -d --name opencollective-postgres --shm-size=1g --memory=4g --cpus=2  postgres:14
+docker run -p 5432:5432 -e POSTGRES_HOST_AUTH_METHOD=trust -d --name opencollective-postgres --shm-size=1g --memory=4g --cpus=2  postgres:15
 ```
 
 Set the necessary environment variables:
diff --git a/scripts/db_restore.sh b/scripts/db_restore.sh
index 62a3ebe6996..c37603a0ad1 100755
--- a/scripts/db_restore.sh
+++ b/scripts/db_restore.sh
@@ -1,37 +1,36 @@
 #!/bin/bash
 
 usage() {
-  echo "Usage: db_restore.sh -d DBNAME -U DBUSER --use-postgis -f DBDUMP_FILE";
-  echo "e.g.";
+  echo "Usage: db_restore.sh -d DBNAME -U DBUSER --use-postgis -f DBDUMP_FILE"
+  echo "e.g."
   echo "> db_restore.sh -d opencollective_dvl -U opencollective -f test/dbdumps/opencollective_dvl.pgsql"
-  exit 0;
+  exit 0
 }
 
-while [[ $# -gt 0 ]]
-do
-key="$1"
+while [[ $# -gt 0 ]]; do
+  key="$1"
 
-case $key in
-    -d|--dbname)
+  case $key in
+  -d | --dbname)
     LOCALDBNAME="$2"
     shift # past argument
     ;;
-    -U|--username)
+  -U | --username)
     LOCALDBUSER="$2"
     shift # past argument
     ;;
-    --use-postgis)
+  --use-postgis)
     USE_POSTGIS=1
     ;;
-    -f|--file)
+  -f | --file)
     DBDUMP_FILE="$2"
     shift # past argument
     ;;
-    *)
-            # unknown option
+  *)
+    # unknown option
     ;;
-esac
-shift # past argument or value
+  esac
+  shift # past argument or value
 done
 
 LOCALDBUSER=${LOCALDBUSER:-"opencollective"}
@@ -42,7 +41,7 @@ echo "LOCALDBUSER=$LOCALDBUSER"
 echo "LOCALDBNAME=$LOCALDBNAME"
 echo "DBDUMP_FILE=$DBDUMP_FILE"
 
-if [ -z "$LOCALDBNAME" ]; then usage; fi;
+if [ -z "$LOCALDBNAME" ]; then usage; fi
 
 # kill all connections to the postgres server
 # echo "Killing all connections to database '$LOCALDBNAME'"
@@ -53,8 +52,11 @@ if [ -z "$LOCALDBNAME" ]; then usage; fi;
 # where pg_stat_activity.datname = '$LOCALDBNAME'
 # EOF
 
-dropdb -U postgres -h localhost --if-exists $LOCALDBNAME;
-createdb -U postgres -h localhost $LOCALDBNAME 2> /dev/null
+echo "Dropping '$LOCALDBNAME'"
+dropdb -U postgres -h localhost --if-exists $LOCALDBNAME
+
+echo "Creating '$LOCALDBNAME'"
+createdb -U postgres -h localhost $LOCALDBNAME 2>/dev/null
 
 # When restoring old backups, you may need to enable Postgis
 if [ "$USE_POSTGIS" = "1" ]; then
@@ -72,6 +74,10 @@ fi
   set -e
 } | tee >/dev/null
 
+# Update table permissions
+echo "Updating table permissions"
+psql -U postgres -h localhost $LOCALDBNAME -c "GRANT ALL ON SCHEMA public TO ${LOCALDBUSER};"
+
 # The first time we run it, we will trigger FK constraints errors
 set +e
 pg_restore -U postgres -h localhost --no-acl --no-owner --role=${LOCALDBUSER} -n public -O -c -d "${LOCALDBNAME}" "${DBDUMP_FILE}" 2>/dev/null
diff --git a/test/dbdumps/opencollective_dvl.pgsql b/test/dbdumps/opencollective_dvl.pgsql
index cd2f59adde531effc042ff6a20152b0cddfa0e23..45e292a2301dc077dabb0bf957b95e99cdf781eb 100644
GIT binary patch
delta 35858
zcmcJ22Y6LQ({T2jOL7y^dvBDGdjq-s-a`$&1%ebQN^jCT2nY%ADi#p%D1)FB%ZrL4
z8ucJGfC>mw><vUzKvar~BK4o$J?EAM{QmEMo}cFl$=x$EJ3Bi&J3BLbZq<c1N!8^y
z$<hUxPMgD(Z+CeeZja6D^t$qGHoME^_U79l;Zf7DYC>v}#JDh%Sq=-U6Ndll)Bobt
zY^k(SF8*bAH}d8;Xfu4ssKMj&>4%2)MiWO48)<jgtoGtC69w@!a)xb?)B&qA)Q!?q
zQU~k_Bt<<U*HW9wbJUsZQ}OR7vg;*K%Jd&Ya(EnJweW+}?({j-xh9Kg4t|2`<;A_?
z2X^aTad*cyZM)|;%O5*x$WZl)X`0$+XX;%s2-2f<hqhf>=1-h9WbCM+VaRq^%hu&#
z1b>G$!k_ltTXyZ4-?F?szoKh?2yA}Oiu?%^hmRjRVeHu9L#K|KKD<ekx=c=1*UI5`
z%G|_}1BVTsI(W$7DZ>X&m@$6%WX9l#!DFWkXY}2K^+J0JdrN&IJT;0k?_zROiMNhg
zUF*8qKRT@zHY>L3gW>gw`biA`=u>0Of2bYe=qH!WRh<(VLDT{9?4#YLmPMUcw<V+@
zL6_YVmWLgvM-Qe#RrlgZbwcfP>hFo{nZps5$)9DaO(Wx~*GHES)sxJqIDOUUWBL;H
zo)iY^@`a@#D2(q_oTgUA9and!GBCHRdRBZZqFzX2U|w5T7NwY%n5AA$xT22BU{GFP
zb!<`tqMpi3i$I=yzOa1tL~5FPvoK42DETw>S~hD}9AO2ty?SYigQ(@X6xWTTJD!?I
z)R}qgquo{=oj#bTQwwN^ZimiSLIg=udq>4pzm<Wgy9?Pvmn*E0a?>rVu(~+w6QbU%
z!`i(bHW>9n4##Po6G_yr_1H7yErSkp>A>O)^`YE9)T#AZyP~&u8C0B6U7fd!sPl^`
zLmsECdT9an`F;cT(dDQ<URXfXKZ_}v$K~PVj&`wRR4a8;h}x=zJ#hQNa%ewy4J*!3
z7u7qX_HD@UJuY=={omCNrR<Z}R=v8Yh^Vb?{G+e>`vyrwoo8nseV*!gi$juXo773Q
zQji(1-KP#Hxhlo72JGMK@Pwt%ZkAP%l<Fl7-z8Fl{~5B7OrP1u6ep{5N<Wa2{d7Ez
z>VdXGBBikwoHH-ZY^FNcmZVlVqSS5nlccS>#z9rq>ve|}AsO}ifthe^Y;jEWDaRb5
zo-U&-dcB_NN>?3O{q%5r6av!qrMT^CZ0kb$)aQg{4W$CL^X|mzR9_rXqg%(QqxWR0
z<;pQQG+l~T2eo5le6H%d8b?XwD|K+YREDXj8=Ix6k2k#;;|W?v4Y;v*z1bc(UrUOB
zyyj>&lrD@0uA!C9yGUyLinKWFTk(d`RoZgo<l)2ByH@1Ek$EIr-O?&bJ<-yv_G@`a
zZBh}fwmF)rzTT{sTG48UnsYK*&Fsx-`KsNmb7ghI-WWAwFm3YL+|bY_WvCT95~1@D
zk_}rQC>{YH4Ix?duVko{NDJupi4;RDj7ex@lhWaaM6%T1+CK%aFTf|q_2Kz!p6U%9
z9yh7c6Vqamw%rvLjl8xVJb9R!&@u})bw^g?y2e1%wBqhy?SVAnx|YMezezD_@yS$m
zZr5#+!>P`kL8a`oyWz-jl2QFY#p($4kvWW8ho{=p`-@28R%boNfLyj}_uxJzb<5-I
zxl5^jd3aHjdf)bVb>en&hKEg^1J#L6VbE{&+ERw^_Q0_Pru6EviSZEz7R97L*vpkC
z7?j6Zy>`a8wct3A7`4+=tShezcKyecU;X}^OVJR&UkZoSFB5Z=!VSC4=}-r6PorcM
zMeqE7{oA0>?0=0Jq+6$r$?@5%*F9#EqugFypS`NGvJjVo&*u$GNAZB&fm1vFK9Zz1
zJCdz#e=-89##kel?<_XMg`Sok>f$9+pqmRPtLKlY@TFbKQOlNYf#L^H1%CGT;;XK+
z>?9iCHB3s1y}Cd}OVD*qjC$!zraIxtL+aA!V#qHByyB=H@zk4Al*h)o^4QcB&oiMb
zK3L<FQq%z}uEqp!I*qs<u60Vu>XN5lhVxap;2i(u-6_?BR&JEkkuOnerPy42U>Ell
zr>mVWvvEPU{l#N&C^_nlXM3ynycDgTx}K`eSpB8??S^P|)+^McD>ipn3N(6wq*pIn
z^BN%+D7TED5|&LRRiKolsx|Avt7orEC2-y=MZ*D!q(VQpQ~;wAP_fTHw_bAD)QubI
zSQIq>JD;B-k>B-UD|UBv*Z<}c$z_L^BS}5z?2%H~s)Di{#6G_M0o77dm!W###4jYP
zdi6`+5;b-=9j4;2tJgOaGW+x4D+xsHzb6K42_#j$vEc`G(0g?$tGG+DN&WuQ;`HjG
z*PbBi=DkcPxEKm>4C;+-1=UwK4v(dJ8_~+i<?nF(uXWAPZpi%`)u++lQh4T_iBO=_
zEb%#Z&fFooYOd^O5_8%i-Y2D^UAhi)XQF)XO~>(#-?<$YUnCJ~i=(yFi-*}<IUQli
z>byN^)njX(Bjg`L!cMPRxu>AI^X?=9RZWn<U)e~YYR~tu`cWyGT=B#Csvmi;P?kK3
zy5%@s4vNdoHb1psUxwO$MUq-;-!&KzCC9+M^^ro|{hz9bPq3+Rd8!LO+)yji!_AB0
zaq2qk|E#9{P)PO3jfw~b4@*g4YiczcYwQa6nn^KGY$chnvoRXsvZWsNyCWGeac6O&
zT6rP@mTn+Xa5bHDfT-rU?i@d{>36%U`+dB$mU`jubjj;bA3Mz?=5bY9zw95LfqgM!
zcgt^e(Droo#Lso826^q(-ye@7@cLiGtX?=%i+KI3%A}^9co)v($kD3#66+89Xnryq
zCfr97p>G=6@TDiyVCfFD;m6ZZS?Q<vblfJ^Y{Jo46ckd6lV1?88g-d5=5<y#{~?M%
z?Ta`Iue88ra!)fU5f)D;9>lGs-uxj_t@#l*off!|yItX3x~jYW)I^eec6He`PDO!|
z=2A}e;nSH!{rY+|oNS4d8a9`*`MUXJ6tdF)=lSZ^8%+OwHs&oYkFcaw*FD=PN*%d9
zftusW|7Qg^6#f70w=o?__=lnFTwT0w7)J<GJ+#EJ)V`FLklgC_mtK}K72PfxzY&6Y
zBR&^wkqMKG;;gn`E+DX3CNXeVJCsU%3n^1w^3Pjv@G3EfBf+pRvwGJR>VhbWt9tAe
zn?xdcg9DF3aIOVgX^HBIYyZGU*N7Qjk0iC=pK_#izJ+d?)RG%ZVR;lm{Xry0^^Z3e
zN|NG)U!y4-*yM&263L~W1l>R21R>uozd<6Pax)&UnsNPluT09J^R*SKo<wcf7DsTp
z5!a)AFO$_0G)?3Uc89hqoV-I|OEHNdu?DYppEk=(8WHH0PNGS3PP3*3F~OlovKLxs
z5L}oJn_ba%L=i<I@dl#90}XGG9L*L(DkaEogp&F(hoJp%*qrvTTqwPPYjABV$*f(A
zBSi$h$Uz9xU>twD1oAUvuEaeq(IDn@XnhiiW`gWO&aKl2lhV<5GFHf6Fmn|yg$_dz
ze|l>v3l}!(=Kd_mDY4*MX=o`@&mV0C74@+bxt>l#(Z*&FJ2H1lHo>VjBo2>{Y|b1u
zms>lKMe+#o!0b_^0N9A*bI3l(v65)mTg*wgJn!U^Y@Nc|&Lj@%l<+5RI}A2U$=ZN?
zvV)LxgRa{JRgu_SUPxZ#XePVO=7YsHQfNZacwl0E9M+C`BvC7`M`Qwz*>E~qK|x!o
z6c*JdZ^4@9aG)#gT$CPrSOSz;NwQX1L_B_qb~~(gawYM&pt%*51YKt>$wDFtbZC#3
z)jbs@)xt`?fE)#7vd_!e_PDhcCFEPeW%77m9FeoJ-W481pk)ckfK82XKR`RJ&22<X
zM8bt}_jHs|nSxqzqn(tC3n2^UDCp2$FC|Ne8~QZYc~Rgk8#x6l%6M;HhxU%0{6XO3
zR=f{1At}&OA?ez8PV%!1m)dYZp9fkfc*1AXjlE_=jgRDVix^dk9pT3Tu=!<FaO)f#
z7_xF2l=gh(_`F(0W0Gtlb&Oe1yjo>*l1t#D6)4Lu=OYGA@Buj1h18`Aif6bKnAe=7
zX&;plGlHc^`l4=6Cn5u`wIustb(+yy&rev<&b1;}i2A^s7?{?RF>klIw1l?AN#MSo
zDCu_=V{a=uNm<NmfoI#1Rk4aI$bBr*iP>##ZE$<i(iH2k1wC$HJjOYW?Sez6GEoOy
z&W3?qkTTmOzN?4r>?7MHR!_hQe^kY%Xr@dsr!(3fx;|dPX+o$<IPw|_F1tTx7Y#vp
zSJK~v2Lo6(kWHN3Vb>OQClLfsyJ!VEaVyZLTuR`BxV#wq8{f}@y$mKvklmAXf$zE^
zP16ug)8WvT^(3iMZFC*DDMs_qU>L!z+F^IN!;+w7J5#E5@out4k{k+H@8gfqO-W;q
zpj&@p(mv};+RLO7l>kL_DriR-B0hBxm@t~e!pKHaDin2*>cIX1<b6=8rC8`Uo~ai`
zK*BOP!jXZbK7rNwQY17j#kp9kqVDDnCSSsYyAWZ_M9#O%uI1wqji}9^iiUKXlnM2Q
zkYwX9mIXHlpfR}cA)4=+p=3BLogv2(yD>p7hgLC+oR*=^G?Ipk8;@7VDx_QuC#*Js
zF5OW+f7p=O?<%BhIv;==>T2-LU|MT;+qI`hlU*`=Kb!O7R$x~*^uTc;!!zSizw_o`
z=ezAl;l&AL3&hXmh#s4^a3bj=!DI6{BChGHlc@<m{4RF6-hl|roK;Lk1HNeiGvIcQ
zM{6;SplfYQM5>QE5okhp{11JGm!Vq&$qeToB-v={?H;c-a0Z!gf*}uc`gkrYn-i>v
zkIhCs&#$&b25DoU4OOx^e9%jZCEfXA>e3@f9|LgIC4;IeiwR;Mu*9SJZV5ZL<J>G<
zq<8Dqd~-=Nxwg}%>lC{7^B(64>$Age^Kt#6A&ntW`8YDv#?8lM23t=ggSIqFJ<$wT
zz(ct4R#l?%j<2#5!uSQGHOy5}2!&5@t?{9|yS$f_rv1KvND@5yB=29bY4Hz{*68c@
zMzPvGIEbn}CYZU99D^;pu<64-65VR?ETYYQm_(Xj?^r1<nl>oxl-_HKI%!=FJEKGY
z#mM1>MPy5iFKDgz;tTEIV)9mu64YL%uK?V}ap|nXm95o0PRivp3}o@;<qEbaEp?4_
z;6}4XCHdNbCva<1qX);pRWAw!mH$|*!yeQ@D?f&!{r5@YlVe@ppvN(g@B*Pr(18Jm
zG<BXUP0L?FEF^^oZm=~7IGzEcAaDU_vz{hd1mc^^=8$kqLIB32y}uG+Qgo-$9xRXK
z0GL;ce})tysZu#oy?;hD>L2Bab>q{9K1-UD6z;e=9KqZa2EY{U=xUNlQhd658GPjR
z`N14EEo&|D5SV*Sid20oqe&C?ECvVUu!q$~Pp|caad3Dgx-&1VBNrk60~rGukhy_r
zA_8geKS#XesX;jAU?DaSbm7!WULfd3qJ3fq31`S;2jE=V^Dm;^N_9CnoGW<FS~55~
zDQHmB)tejAwdD1r1Vyxgq`;zAnbu-JMw|2!wn|PH*xgbRx)#P<I=pl)_oQj3U&gtF
z(*NK%e30|HJ`SJOas$dC)y>ab4!0v{l3NFuRJ4~~B@GbH&Y5%v?_Qn!a88>>Hj*Uj
zVNF_$d{hLU*tIsVQ+u9Xjf{W(HfJ1N!1bFbUq?onBH}QNAJltyhD&F}>10c*e8Nz8
z{YBJ?dT)|HAwwg{q!)vs;&HmdlA+XWO3?;YlYD{)u}Pbek=_9Y+}ftMNCJtn>qGGP
z;PiGb2B$~+{cXB;blHl`b=;{l=hZrDwDrb5Vvh9&PfPy*S)aCcGwDhsuM>{uV2=X=
zj}$F$3n?YAuC6JWl=$0SHf`=!5*twE;236F0L-p!+eQjVszaX}N3e7T1>hW7><)Cc
zjg{dICO0Gi=G2DoL{X>u^zr+Gr*K#R&ZX7VP?hlM-TH#N9nRpW!0GXxdyZQ+krb`>
zZfXN!k4om4;FUQl0FSY7?geh!L+k`z*o*TwCeW={%XuG1k&0;mwp^58_9g}3eA=`R
zaNkQ+^z*sm4APm&0XRkbbT6?IxG-5Z!{tHf;Y{^EblbGj{pk5b>Q+MWLZ_FwD&P)1
z;zN{rZ6`*(7$fMpR2^cT3$Bi^RO)J^LF?V<G30zna^S>9%NQ7ckUX5`v~h_!ZNaS1
zV!cv{;TqE&m9meBn?PQTY>so<g7vC0z@kfAe+d1{6dnX|+JX()f&iFXi#md5960a^
zGGzITYp&a)bv#NnH{~;uLLLr4d$qM6)8$rHDM!M-UKqf6Eb!2$UHybk;?DVK)Pg5*
zF@s@4P{PvKt~u~CBooPPF(x`-%p?pT#IGgc)K;Uj^6uwUyxiPlXcWr7Mh83h1ro`g
z+qDZ{pe;{EQ%gmR&Us)C;RumfHpA;tD_xn|^sh)FO%0f1%?Rppc-@UKu@?3=kdq_{
zPvTymOMB;Qv`s0x-s@mq2B!JJaA&XmElI<jf%m0@DGco00GLm!I7WKl(fAX|=+b9r
zK-&!<jHzoFQ_qrVsKyM(v!rmdkF&MI4}&&2<0RQ4rRWpK`}27isrUR~7@1l3SSn;D
zqYvr&357yK!$!x7gF)}}Ln{t#?J3+;LWwGz=!XF?MIE#<O|zWA%``>do_PO?k5N3x
zKtn>bp#Drgp)uG9E@;$Z26~8rCSb_JZVRJ1)7BHlPai&c3aq<?0oV7=l5?rXj>Wpb
zBr(G~VsN9NdSK}FCk(IZ<HDuIKt3=)d_Eui@hkZg<J<nBbC6H`j2iJtXmpMorlCkb
zpM0jjFo-EGk6Q3ys#bQMluPl(hQ@ir<JHc;NCpkyIDOidi=-o=F-bpPTpPaflXAN?
z`ya$9(EwkpWOu@`YaH9_QoH_?s=aiHo+KOmgGZFu8zdYC-z3SDIG#?AVLv3!*wJ|R
z4!B-R%8X{=qp(PnW%&eHdx_MCyDpQ@X~ZZNtPxTct`Uq3X}$hIdx)W*7_);b*J+(E
z7U+5T3aQH+dqWNmE{8LIAiD#uTqU2<Ader0Pyg8fjG|q=hUb0AiI8H=PCn(o_#dMZ
zW4tF1cQ*&b#z;k!Gu*Rh-6XA~RIhF$_}H9IHm5svT)PjqxwAz24SlSc##}jkoX4$x
zAdFa<Oww6GvscE{`#7cZelDDfmK`oh)T{U*o-^U{K<5bQ=a9whbaLvy`w@A(=68sR
zkzynG(EkWLbZHp1sfQb#ZhiD|a2>eB;LzsT{LvWrIZC>bYHWub+Qm)7-+rndH(;zK
z8=RLhlu;2aZBO-uh{?qV_fG&pfyOb?vvI-J%jt5%#xx1_)L}!(n_{J-A<Nk5;w%2D
zpUFUsB|A>~fWX&DIASi2>;A4#E8`NRZ7lQ=m&eD+(x9vqf&ORXWfT}JQQ)6M=>!c-
zuFGd4$H)a><RS?^s)MG=mn<zOux5fB0sRZ50%X*VA%?3d(hDq{5K*6t$IbZ+r@7W!
zI<Y$(fB}STIFly*0NX1JEpfW}RPELoxBEO!?Q**GorEX$2s5MXP;Br_9Vr7RC@9pB
zoh@Pf2Lk}{1$=bo+jlHPARf$-%2=QwQfJ%4*Fp5{v0V<p5I_pI*+qHMOm^-!hV0>n
zEB5xd=w5u3FFk^r{~Y4S;6jSOJqB*33kszucF>Q2W<^p&9v4s29pJs%mO9cOq>)|s
z+xSd)xuT}r9?9$0zNshmV~1*U1092FYTE5FjPo-*P$YduPs_$=^!+*G_Gt9j+(6n)
zN`rS{r<ZGL)@^Zu&cm}UQagIYHS6=_<+Ge~2RubPZ<X#xHzPz6d^d-qJ`5<AE7_1q
zgDts=R3FYYl*X~b1JZ|`(J}XrJ2QQ}syjYD+(;S`C@g>%8)I;QR|h1(xKe2iEfIi4
zO%NQD`<q!#9|ku?pt)TWD4A6>_|~`?rZzF@yPG9^A+0&47$!WK&bvA9kRGRbUAWSm
zp5UF*8!RmgU(v+EjMX`?)Ft(k(5g+UkUFd1Y=|L)crXDIrXOOS6drCVu_Wj_nD&ez
zL-;6eY$)L5@9|11<~3u;Q2t>2PE=w#yrw?sQGY@ZTD4(Ok9>IbE_{ZPQF*R!ILE5H
zKbH<S70xx58md*h!_`LnVxWCv=`Kv@#gGx4qpgjl_gJ<Ker(6bLK9-~yuX7@q(@k4
z3_fm;eYH551y?H&>ZPXAGCaAx(*b3K$*oN+mj&xO;v>vZ)nHC42IhCdPZ;vt#<DUn
zpfd*gFu78Vr*m&P;$doJ56_AubU{cK6vM2BKGJ(_IFUD6O2Z_t4gT(e@R*pW1D(1^
zO=0E@l17sk5fIr(x{D<%;FqpQ19J~G(5*g3kM>h88A(hVq(ELT{8-ikNj|;<1F`2?
zSz}>Vh13eNtr+=vwHrQV!P&-bQ6FfCpG@J>!5DoG7e#FcVvlbpjp8BuzBD{%#N7Ac
zm>Tpz9<ia2ODMmC^c0POM?+#y&PoPc=pem7quep@Gi_r%Vk|oq-fV~;QK#xdOeg6+
z7TSixy-;2lsop^pfV-tafAsiW7BD8WID;4levL(Y$!u6Q03!w{p;uVkl{~;9jNob(
z9|tN!ec0a7S`3@oN-bHymCWIg1BMb^ze_8mMLeE5mp{TN>8_BNQ6+E3*k=-@+Z2|(
zVTp&@jijy+I~UK)Rs1=d0t|JgP#x`wegWw&b*5p@7&4DTV4PE9Ax@sRo9~ZGZibre
zI1vl{U@Ua_8jB8+|FBjg<d;n+_+=LNBM)+TjM^o@)n3vwA)&j6_(K#)o-U2MrDc-C
z4m0OVG^yvn4eX`f5(Z*v@|LtV0&$qeiJxc6&~EmTOi8Tz1=FfD*5~wki~yD%G81$C
z|DQgqBeo|Rg*)_js#}jeI)kGCZRh}^=(rSC@dxu3%2}E`PO4|B<J7|y|MFWe$O(@_
zn83j=Y$dduDzN~h*BjP|1|T7NiHxbkhw<!K`5<OIn=h49;JcC5R?u~_w3^n7!StUn
z?Avv!6iJV#UIkCshn|o#G}{!(ME%A7P2>#!V~l)c!oYR-c*azGOiR4rl}9C-zI0%;
zBNu93l5^nRMcCbIuVZ&*>*Z3gjkcyki|Nwitb7X=^_H;w1L1jf1Jo3iq-gOo&^cuV
zSkUQDogX^w=x{Z@Uuw<HbTQ--8y{=O0PIW*kKy{p$}pxOxG{b|OX`RfKQBd-n+%e6
zqd3FbqCUVI-jWhHqLf5H$#`p`_RIs)C}P%C!wF4l$(dMZBSkV4H@a~;iZ)`dWaE`J
zM23PFBo<4>Oxcb~Y^P;2mlsMjU*o{=wT*@s!7|aBrIpW<tgIe}>@t|fK!vt;z7)^=
z`Dk+9V39^WXq_djn`AB2ZZ43pkPpk0Aj2fbGM<n+Mla}uVidC5gHkKKkmQ%RU;uAe
zU6^-LuA_bTkd(#_WifC%Nryn0Ic*qCdzi|S7JJ|#q=TWPF`SnQgHNGiEMJWixAhU}
zq`w>k`b<L#R68gIyHoq%QFI_!fd#1>px_Rx4+C$=^)#G%ObcOE1ZiLh3j++=+Qkxv
zifLT{u?E@|?dIcBIy%$-ME@%<vfKc=q*~choJ)V&9u_^RKXGbrER!($g=ey8($voa
z26uftd43`Z?LiBbI;1Rl{`Cr`pH7V9x&jbz<SESgJzOoNXn#FPeO?Azv{LUy(V8un
zyo9CCG4WxD%4rYFhlB!Cp0)#UB0~%>=0J6UVzf1Tc^y+0Jo!4xv*c;%Jbc*>tyZT1
zggdMdcGWi(Xd_li$%G!SBA|SoluhTu>BWajEco#KRjA@D)eWyc$2r539C?;bB29op
z{tJ9;E_+x5mhXlQRn|0Z<!T9|P&A=UdiwixIl~+*+^GGtM(RvrjZ+nBURc=O42;e(
zrufILlQ1p2s0;<%CxGq^%Z5cRQ<nDAb5b5j(6b1783-;^c=u(t5S%Vt2rNzsmls&G
zAnzTl+vv6jt-<*{xTQWi#+m|U|HVX5#fwrL99mARI$n_0vNSciE>wuP2%Q)w&qv0f
zVP#1++7Zd5{qmxO2|}8i#t<<DqwKn!THbofE=@+m7q3Y)8Rx{P!|a!&rh0C<{i|Gd
zZm)LYWeFqbc<PEKBLg%Pt?>qGe`p#P65r%9#Z#+`Cs{GrSWByVRqD!fsbsWYC|GD!
zLSd|0y^Rt^3t8s$&E9g7VKJQ^H(Eu~&6ESDU*uNt50*9UJw0e;V(xI?CJ7@~Ec@xx
zbOsa*$j|GK``Ul15%t72DHjF}GDSeQr%Q5R^_$YOEZ0fy_YcHt*M?Tp#lcdVMfHQa
z@H(|^Z_)jeB{IKxmrDdsEmz*A2zz^>R4e`C!tEmyp4}{EXcII^=9xnD3k;!q6>ZgK
zDs-AbBoFz~aC>OPf}8PMn32K^AbFHMr89~f1goXKuoN}m$*t0#AxXVOe(FBVGi;L*
zNXX;I1CPDh&)adf(4|`Rq)bh()2HAx(0m_^pMv>|7CR-Z^rU$_(@L4<8lAW|EUA$!
zM8X5}eKl;qa4Jsi<SraFrE?bLORYbHb!%yRa56%=e;D5Qlq;O#fjRF<pCi_(?lRqY
zoVXdxexI5fT6e2QY;ik)wG(8lrNZaFuvDtaw!P>~#_p9)=}}(?2F>^O)L|4BMu27S
zO9gQL09K_TbPSBzhfX9Vi@xTF%MvB$!sI3^{mgsXnhh_1D8<8!{nE)uJ;&&D!{L9}
z0A0A<Jn|uKCP9z3AJiW?VBZ1hPhJW4fJ>$uvJ1DNILc?#At?{cA4xlTz2mC~n6BV8
z3GMtx(rY9W3p#mN|CZly@B^K`TRV0b_s3MdS`32?A#RE;Ocw^Pnq$I)#D%yqTVmB^
z9Wa88EO}wV$G9Car*ATw1DtP{4KF~zp--{Ov)iXqZCL$@bVJYGIBmhX#3{zCxp410
z_$g}RZNa88Fe(BJ(6U<v%hp<RG|T5w3CYnT^fv$Rpn=Tv)3@8T$G?z#1kz^7*)Z!Q
z7a0b0ZhR@VA@JQQtT1xH@l$*X?M{BH;k$28?+$0n@v!b|=?FSozn<0sT-^8}Kt9x*
zl;X8R-=K!&@>B*E8}J#h2Pdl5`lW^y7442mzsCkYT^D%j(FPsI<%QjyJ)?K$4Xa0I
zzUBlTezCiT+J)~V_rG`de1M=&>;F9`_`ozQ9(}e0btPSPC9EC{{2ulB=1D0+L$X8u
zo#KmrikMvP_amxBq<@@ncsi#{wF13^Cw`KekOco@LmaU0Bd&nB&TE~PPT?54_}D6S
zVdNm`jP!YkP&Nd5#A2kMrO^bAZ^t#PpBymj^7ymp{qFdb`Gqd@F-oYImb_*yVbiAl
zc@_;wTu3JU5Ti+z3G17gRKMS7t;c8imG*KvRK8)Y4Zm)*_Je=2<TTjvhZF_BY@{1y
zl-xqSvNQ%BvoNcLnHufE-=uU&ybll?oXPqnFb1FY+j%L6sC}M}fsQ47QR69x-d}<i
zZ(8%9>U*>nO~1k=Gx?(QJDyDVIu0hc-OoOT_!{^zkNqJ<YP)`yh7*Gs^t`PP@HwG_
zMbD@%h2He1R99Q_CvF-Bd1o;BzXRkQoP7LWQUmS$CG-yy{3eX^g{CZaZeZ4(&h`EO
z#&S_V6fC{QC)?@L7GIXI+*kKWoWVBW8taiNq!aW1u;j9o260!UtA-JFdf`G<Kx>^I
zbfXzi=`~z-L$9JgtJ?qvI%Z5@A@ogt<AINvVV-v#GkI)PN7j=QVEnt*Nih1lG&vHz
zG=}ejf>N1Quez{aGv<c$Be!o60ZK}kg$nch7OO?;a1-76JoMf;uK#zC9lGGx0hjIV
z74i}SSDz=5kvgc;$x0fei+<T7BQ8pRo-Dhxb&}lUwg^~cZP;lH*t$*fbqVV<X;lJv
zW4Lx9SM20c5H1&jbsQS9m9^xbd6|1k0@q@fOWP1GW6``@FXITQe8^*c(CNW+cs{g@
z#$(71GdeCzfL*7c04FA3jQrYeTs7lstR3MgvpfT<$D`rT9GM<GU3f>V9!JdEZB61z
zK0Z>uNP$Q}fW8+`2#h|0)z{vOl3SA;U76he-$7C>3=H1~Eu!UL8NnphN>v{HTzV%H
z*6gw7YSUxn+9b-Ttv2NJ&3rBcOqXwom9vRofSv!NKd?hYy!?;9{mTfw-J#hNP-y-K
z>5*LGGzCsOos@(J*6VHLc<tpxx!~5G$3*GyF7AA^NX9q-lWC)5`3FDQI?+0qo86lP
z`#x(OC`&`Kvr^=4Brz}`u73K!u&9Ts29<)_!w<`Y(`1{5nD^fi2{IPp$=)!gZZ8jf
z)MUt6oUvc-;*%W-`!nQ3*!ex45%S~EVwRr33d1GIXe`He$59{#hH$wiV(!DxQMV5|
zXUd=XkFJ<o_49~Z5fxf|wp@?v$AT>RcXmvz@5je9!L!+NCjvVpbZUzO?RG6bSH@F2
zJHD3qiQ<h}cCTgLAq;OY$xhFc&qx@NS{I3x1O{6exLT4g*TE3NyToi1Re6HTw;TbI
zt}r|0vt^--6_$l^TaJ~Z??*;ND+Jpa=*bN)){*~W9fdfrzCZ__uwvH1$JS!)pSp4a
zfrBmN#ONTcR|3G^FgFD*E0WQvL@z~KTwlhLbi}9!^;>eqL7v$D(z1b^r)4xiiZs(n
z>v*I+eyikBw0nwC{f+$`t6Up-`L^t}Y3nWWTvA`(%Wu6Q7sT89eu{X~8D1j0|L@Q~
z2%tH%uN%r<zvmF>4X*Fyn+YD2I+n^2B-PJQ5Ci)Hlw9kpY;y33y5eD<`aaaI<GE^+
zUCs=CyrYdiV2^giA&<Bn3rjoeAYN^SOCEDOkO#WzAU<f~k<SJRG_ITeM1fvj`Fzlm
z4j*$b4>O$1UM)Iq&872M0QlEbh>698wXGT2?q`l;^qqPk^q6$_Z<2)$#b?)!D)Qui
zb^D_)>ODBPdM!JFQS7f`kz|u`xTdiitj0fq%j8-U`FK>|`~c&A=R)^6wc5>O6A6Ac
zdlfpz)LJkuTv}Okc`+W*Ylt~VpBlV}%=W~Pdabtp^?>Kdm@*83ghXjN_|@Cz;p?}m
zC7PIlE#+@{kfw70z{@V?!lqVok+!6j9A%W_V3ZVc+HrAX-NpXa@*g}LGqx|c-abY9
zsSRB!!ig}g6Fcp>@Ki*vdBcfQ==L$wF}0oi83sSjmvgFkUY*ol#<*jk#J;hgFRbrk
z)@)rzT!)+Q#&v1xC}Z?OT**WHlE9;G^G<RZ$-`hMlUU$)kaB;@l$+XgtPEqCviK}&
zO2BEfj>O4aan?G9>&%g1a&7uCiRlbH`!b$!6j--OpEgFw9ac&Qn(&LYRO{45F7}HM
z)8qT@)urL#e$#+o@j%PAv`@RrmRp2(?*Mk#cj3k3Lc9iw$1Lk_)<~^?H<<=rLXX~+
zgLGJ5SQdq4`W_Fs!~AX>r@cdT5PD2OkovG`fSjnc?;%g%<Wl{4gCH4wWf%ar&8D5}
zDUZ9QYwvJ2Dz{CKUv=&+=fkXGTnp&T<U$`B96B~#j)qMat)<kNNdpvQEcERycW05I
zqa&DQb=w?#5`Mdg?!{mDly{ZjXNylI1{&_UPw&#neel>ntaahXv*^C=>MQrXBU;I5
zCINgy07h>w-iwacyZ6Y+fC7!zp1McIDq=yZqsK7qbmI+-^Y_a4-tzp+Se>9J%t8s)
zfx~}UqgaeW+dV+W!Ujt4HUl72bVP5MlOyI0mXoyOgX9jkbYh*VGvU()3^ACv4b2bE
zGn?eLDck`<A*X67!|0Yrxw!4@{@|ZoyG<J~T<-lZus;T1?b>f6<o^Ex`xApjU)61Q
zplHsIkn`Z&eR8b!#(grLIR!DlvA}<<a$}@`ZLec*;PGw7Xmnce%EeO;Ff-$}yR>Cv
z<h%JbjB-hDbZc?rWQ@%TRKNd>%L8Kvb?B0OW1^h$R85KQXummL{)I&^d9rW3VQk!X
zFLy~0+^$`pKph!&pQJs#K%)C{Zo4n6iB8k5RZWt|lO#-bF#Qbr4SD;SwRhVUXfQ>-
z!Z?f#uIWDOm#M=B-KPc?YhN3mbW8|NohBbP&VUZg?#|-6kDCfRiP&b~No3`8`7)1z
z4w}uSf~Ws2GvqU@k<2#?qub%qKD=Kp$BNA_NMs5xSH%}>1TFXl0a&+IF$?!79`yWA
zpxpxx%tq<4+Y}${(#3+CmK)FSOL407s}Ns2j;mbX&+xq)+Tl64t3s<uXfCn#vo`#^
zH2Arq&8wuk;eSrR-y_zDTj$9tNp$cN71lU$S)<gZXLCt8?b_e-(bEx+Bv@0Wd!}wI
zLmT-Yx$~_cufdTAWpwWG?lzvu=)}^y+b}V%#Ef@4WQ)1d;jip9j8MpL+(LAQ{&#Q&
z-v4y@JLwhxEcY6;h8q#AV{gLlUSR5TCkwrqYvVYKq%e5a>2M03^jWGie;Kvoc-=AF
zcqaiy*!V%W=y|R`c!)jtguD^YHhiGCiu?qxy}$|Ld9aWZJoKbImBzXZ5M4OIfsnOE
zJll;Y86=$r&9h2Uph_~~n-8)~IogTkX#A3pakgOx_XjWW{@nil=B$v15!hsx!V~>o
ztKPZS3stXhmGHQ<{FU;vWO+MNc%o7KZDhf5z*jR(G@k87Z~fXTc@|zN7=(aWrbIcw
z5@drDIGb&vVRyHeZX7pOVaB&peo3@;;#qkto}RuS=4cwBWP?{cUTE<u=NEI!MJ#y?
zqYFwB*if|tYjA_gH3rFVEYZ|`&<gyoUs717+<%?Co{cmj;TGva+$P=;rUQz3mU_VR
z@<W*Nz>=>7oqN3t#bbkeE^}}cMF9tI{-QkKPQ%75!BHJv3A55fcP=#TR}#;sY{DTq
zN5gD)3ntxM<D{l9OsrfF8qh1ofIJvd-|>?C3hLgUQZyE|8qE0|ko_66YaZOb*b2lf
zc|J^-gWB=iQ51N?1|_Rt@n+-!|B8eC8{{F$!T5Z%=*B;m#^%a{H<C)A^G4LOa}7$8
zA%3VSU3>jic_6tRnj89MFkSHA1?G+$<+uELAH0zIb>gIPv6phv2RETN!&G>7IA**y
zZIl~o*jC>^!$Igl0{Or%5Qm~!-;@`H3K8RWYz>46aWBI`E%e}euLlj^l+(1hx8w&1
zoH$LwjZh*6x|kZ`UEH|$Sjf$T3DghYmY=``^1~!NS66E6f~%`hn~EAA7PjBd7cT!*
zn!EtTpoajBxCq858}4Jv%i~hC-tWrK;Kd?*2aBQ72H{YZKEMd0gX}>%EXbPUC~2S#
z+)5*H%nlhx8>FAG6qCRQ{j9hZ?cz3hCc%}?%?sx0n0OHM`bV4<T<Op6z(aMeS05I>
zsz`?k68mAl2(bvo23>Z`MR2`Fj>c4(JRf&(9XU`)gEy8>@(#Q%t@CcVn)u~sbQB`L
zqyAyy(r<wRr9~JmApb2qaP_T38@K5_c_K;F3wC_|5T_k{r?~dx>%6==9xL9c4F_LA
zWL#~<aABOaDSSQ0)En|w;X!2TUU?mxdxM@5uv}1bhAmwWT84&DQ;GSlU-#izhN`Nz
zdY?Spuiu8k;GiMmEJs57U}H#H{||B3&A)Y>8Rh#_X~I79ixn$E?7X-B%?#Vl7Di3u
z5<6hqeCYU*ye=uIQ$y2X=5MTXFFNOqIF0RxFevuVmvXv>!^il6QM;nA4y;6JdYsLU
z7n5BvM=*YnkBM-<UNg$bdXNIVX(*K!J;~~$a+O~U4nw(63}03-Q{Y8YF!mF94S{pD
zOc7BC!55_i4%}rbOu+IAv;%c<{1uaj;pK*W_`X$1jyCo)>cp^(1lK9Y&@mMotm(l?
z<FZfr0=LYN9S3Wp44&b`ZA>4$NP}fyuu>)$^1en78U->vAPXbn?S=<-=om_v6PbcH
z+Lk!EX^JZ{<t(S44!6Zgxo}1vih2K%NH|es%Ek6LxbYQ+M%cr6m#Jl<Vau_qgY)l(
zQ-?WmyjRM?X^frY$50EYdTPIXD>vh6!WW&>KM6s?|H4ocFZvD5X=x8&X%Ch_eurl;
zW}bH(mmeevfjvQ&1{7VC>!9KDqV4bn@EU%P?qiLHtK-N?xh~|tf>$9f9G5K`K1e6@
zWgm<gd=VYDh;A<={K54FO-kiSd7B`9JzS3}13UiY%IKlW$ZCw%{3tI($I-BcHtsDw
z{TK6=yy!s;JSD%)Jq^5v%z8FBu)Cni6;2Nwh$2>bq>Vm<W2KIXf9o{BL#+NWztGU4
z<np4W2P#UU0ZmrAHtH<8O#b-_5CG2&-XEG1-XCP%r7uXW(XX;{JEW(|xNc%BXYFtD
zDx${!5dKsnQvz{7sl+xuFB*n=oQIA*O0eW32X|-OQ*)M|lPyr*qht<LU67x8s-ekT
zTha5!4zCAp%AB&IXcZUb*GZCYs2s>K--U4BzFCX);luTx!~4kZRif+H<Ui!b#Bj_g
z7L_lZr*N~5L|t22(WPDcQ?4YO13l)0m1>Y1#o^E?-~-SO{w2>LQ9%}yrFoi`n`rrj
z510P@%jkF|>QiZK<7i@mL~~lW`kkx>44U-Qy*pSl8;$(oD{{{u0UO~9Hyn@AF_kb6
z$2@%9(EZo1$<zGZp`**?g56o~W5V-c&aeLs`3T7~JY)kXbf-PT6b5%%AHEfVg`&Fl
zFDd1QfV$alA2F4aBn;)V4uZG379P$WuJL+6mPl#Z1j%$iS82l};Cf)Hjpxt|pAN2s
zx#=z1BCWz?S`q3D;Om);Zh{QKFNRM0a3-;ajp2ryUJT5z{#qwG!_Ox1;p38RXf}O^
zOVCe}UDt)$c_x|^^C4@coYwd#(`<cd8#}B{kQShv$v4re5+Aw%^eu$2aac(a-xtS5
zn+65u%@{Hc^@~D|f~%KBF~1pJk_Brra4T&VYjTq$4A3#DAPS#0mlIah=X_)3(5rE#
zO`M-xL-Db5U4?_>@~2-exNKVmD)+P_38pOswpC+5*2`}UUkZRKVNDpQhGl?nglIIo
zTl@}#q&ltO(LcrXa;S~M1;HoO1C_n`C~*_7Lk08en36hNZyF3m-!}hCOiGrH!P>OS
zvAB;HSEDPAZ5i-Ox~YF+V50pB(yuR*0KN)No0owv0AX$-0<!*4WPVYd`<!hq3VQxb
zVPnVZ3ag>Qjv}yefhi(AsJuD&Xz`jcJOy|3gdEeiesEkKd}P5@$bT7fQ|#0+!oo(Z
zHpw&TXBu>ja<s?uOc;a1sCz`3vFbxt*x&vxF_;opAkHl+E$=uaNPjtiq-Zw^O)IG<
z$t7S+fj2lX^p77N*ZtADrnmiGWAKuFya^XEy7)Wmo8DumXJf(XOehfDhAmWu?%liu
z^F#yFR7&rbnMiNP>7i%8*kXE}KuvooB1e~FVBrPn>~+6DaV;0KB2I{(soQOki%nR;
z_pIdLZO7-B`omVe4dZZDQvrX_^-H-)s4Il28_FHE0IQpE{&7Ox{*uoms3|oiz#x;!
z4LfWmg?>zg6DHGx^kX7)StHe@ZRH_{6I_0Vc!I`o(?15ZAxcme2koX5z5>>tLd`(J
z147NAVT#dA*R<qZ;>vE#@3>>pX}b2f!?c}iKAzBwzPUhs(7V5h7DXs{xOmiMdY&Ze
zb|gseV0i<!Diz%R*|`a;LmRNoAC9<iRhB+zwZj&#DF#kdmfQ#9y(X1KI|9~=cjmRj
z2n(NF3@ViQOpDMW<(pz^2Ok=82J*h}(7+PCljfCR{Rnk5${L%R227(dY-&vhaTN3n
zn&Nz^7mHH0BTY>22+<`>e$f3@iin3vk4PzKuN5>i%>&h@fYqky+LdOe=Rz?tn#w(`
z{bQ(^#~a4jk%$&wW_kvX^?Cr7y3t(H7z&y`j!p}rDPbK2G+5i(l)=vzU0Rto1PCCs
zzBKX5==LF;0IpJn5@-lF7oy9|&iwh!O*R<+aLMy<Z(Gv~Ow;m&Sw>nxnpTSszZNot
z9!86HrVAvI_Qn>Xas2dwGQxzfpQ5kMM%zw{Z6Uj(DM@>!1KnTQ(L#S`Csw%gWn!~I
zgL~-oA`%8tJDFAo>_xy3!n!Z1TZrZNbgi-)-LvJUIKVRto(juNSnf-Y@`jDZNSR-b
zRbT6vsD>PKTUQfzzqN^7O}z-shM8*{4xJC3?YZAlXB#hWyR@4XxPj#w<N~@GB%1B|
zB1CuvgKUhsg&tE~z<^l}Tv%H20vvb;x11B5P}h(2G37y74^tQ8=o@Sl4_EVkG0cel
z=D~oT#wtc13tzs_$yBOgTVWtZ6JRWep`Ct)P=F0NLm9oXHko<7c;v{@^6xga*Ee><
z+eMkN$qX_6HGWcPV9<f2#nFwPEJ@dn^)_MB+vpzG5W_`(`&}BkaoX@$F|V&lrPmR4
zpy1_Ndn+F(nvaTmOc!r&nlM{7dIHxBbVVxrn;s<vPUJS!7KNNSY8#8xX+uW@?^yIV
zC2Rc#nx<n2sSwq}*t&z9=h7*>3p_i-4K^+3fLJjv^a7oxneZfsYD>>0tkSz=RY{tL
zr@u)g$>1t@jLHnY{LortF$C?%FjHS@DH&-+ckpmT&}k+E#n-H1^kR55hCHs1Fd2cr
z5hjcm2g0Islja1_biYzpN2DjL9au9COII5wkHz<y+EBOL0OrdLccqfq90~1016DW=
zeaGOwgAuKCtzxvPH=T_L<IaGQuE3LE?i?LY!5AzpIDcm>?ka3m=lKQdKi~xEW1@dn
z>}VI<wCWtN>O2)LtV3p5pp@+hN5-SNuU%@j@CR(q9aoAPhYudk<Gu;Le#1Yape~a9
z=E;s$WZ4AMTv9+^A`~)<D7qk&<N#M_R4^HC)TG0K$+$nWc+=WRra9ym!x;PmkFb;=
zGD=u8{wgahZ9nio;H3ue(7nNn=SKJ1nrWto2@W@O;zBx23k(+>o<TEAUtj=95B}qf
zam<i+#iR!?+%9d>O!TJn0@jS{hH-Nkcf+u-i~xUVMM_~=4c-d*WwvgRG(0YjWO3PA
zwBrylhepsd19Z@Y)MIqCVRK9)cvRPzR)YwxprAR*3PQ%<5NG1v*Glxw4+E3NaY-*;
z#}l(Y7Mt3?YgS|}90|7ZtA`pE7Bg0{mNVEB&!ac0**}8+8*c>&x$Xz4^G)l0sJ(Qg
zh|Y&B(5Z>%RKnQpf1M7#8bX0f^G#bC@r5to?7BS;f5rGajkp#FID2l7gD<hemy5q&
zip9V>m%)Sl`nE_4O6KhcO`G)KqtMZb+vA{zOTQq2z9ko4f5`NF3|_wp^r+#tW1J_;
z@@p;k#mvjL(SPn+zDEP2>G}M7H1LX)Ns?=^JMr|3HSUFBi%iAwLEpK7j)5O`v5C|U
z=NI91;D<wj9bUU1_+>K^W^V$x1FR=Nn8C6akLa*#MY>Ku-F3(WNSn-+*<P>9=62jN
zI=p<R11}`6nee9;{)B7fwFq(*q>s(>GVdT1{E`vc{V<IjpuDqJCES5`uPqdoy(U42
z-DJ+obh%IxcH!$wa9{Rgy<t8bsm*`i{FMY}wwUXs`bG^MJn^ocohFYd9X-5*b@2GX
zJ-R!4LY=K<Yi)O9r?0Wo-3Y(q0s3w=!<~S`w+X;ax0#>06Yx0^xbAlIij3Q{5jlGf
z>^g+6qWX2aIU$4{^A7Xc^gAKJ8@tR&@W~EyY6#AsJIt&9t)p(?sX1=9)n<!ypeNhV
z?r3OJ@GD$`gm8SP`K3FJ>zNus2p`v&pT86EW4p{1Q31;E{fOFWaCMjYhdUwM^Pag8
z6z(w>+=6xBJ#!pP*<=3rUr=xD3$eCfDOiqXww5XF+D+)w?yk1V*fwJ(^cywV?wvT~
z{*m3M_v!4I?rJky8F9aJYUiP2@3)Pf*ly%_Wr}Z_b6npsL+%<nZpfsWy%aZ0de_{p
zzA+lb=Dd>#@evTsoGH0&yywzZw!6I}J9O{fzM}W6wjPJi(Yu{%`jmbnCk<}ZYqahD
zPM$9A4)>M!Y(JroZ*ZqkJ$tlqxhlr@DeW|CREL>^yWbBN-w*EDZogyC_)?^9duh*h
z7`xYOZRwlXdW^Mq=@?(T?)Uc?)3#F|_t+^@T6S=BX>-@mG3DLI&2oD0^Ua#ltJB@i
zo{paV%H89XHp9jb9o^a2PZ`~IaED$n@lA8n(p$6yqdIry!3{^YnA72&eddE^7apVN
z%Y^Q*&e6OWHsPyCv<d8eQ+I+5*bfHFUe2P!eryggst!-U5`1DNG2u!uuxM0+fEnRn
zYkdoBzyKeMoG;(O)VYIMohN5`JT~{O+XNn|{G<QPOeTPIA+jpVi~IPkU(JL`7C&tN
zNPLrnw7K^DjN5NMhI!V=_S#kQ9XBcD$dLW^+L8?N!-;bd*n^irZZWOF8_)NVBo3ru
zNsk3@V-8P1Fr$*NSEtj1Um9}@A-v<Q_qvc=iqy!ZD6%u$5p3SysvR<wcqsO>`F3q0
zhw~R(>GQrh6gZfRcM%w*sREnsfMQIeY|>;Q&i|dal7(bfZH?@TCNskM8?W@9eKDbI
z25pK;j7F4L(l(sG{Ypoe8ykw?-}e`i%2@n~(@15!<6@90cSG}u35P-&(k3N*7}D_T
zq=W+@4Z9~Nd=%2Ka!SI%kcLT91(f#F1c=<}0*$|>3lJa85E@>%KVg4JFZa(BXmpz;
zpcKs(__#h>K>6$eVYIKz5m2h;3Igg|nQ$b84_8%!7Sixnm4I@1o`CYoe4*jN1p<u%
zOJWlA`%l8Q5XuD)CL9iFxGFXbt`n02XCF$~90K;*LSa-39u|bz`w;=6;iE!>{Fu=2
zmDuq5A_3yT#e#JEJub|UeTmRuUMkGc39(`GG67}D6GFoXRiM%QNdY3|DFNa)vElvY
z0?IQWjAhaa0iwgx0@3`H0>s}d1&G6|gogFc2o06b3N-FsEi^P-BcRk;D>NJv8{S?g
zKrDVvXc+#y&`Z-71c>Apg@#{W6lQ<-e+7t@>xG8NF9{8uUKYA7ctwEt=M`ZZ4s8%n
zUVK%6nDv@Kqx(hyrTBGW!AhHihHu1%x84vS7QZR<GQ3)7X!e$XlKQs5=`UhK%{u~(
z6`FuDZnHqN-MfN`$loF~ToD^S-73&{ZJW^W&~`y${dWiruAM?Ju{DA^{8%GE?ARqV
ztk^9yOx`2#(fK{0q3-(v%8mC0h%Y`6Al}$3u>SBq0b<C0fku-L1&EXbLc@8nVgEq^
z;`xsRdCWW{K=e2)G&DRSG(;Q~7&~!PfY|b}0HJ;&K#coTfN1xbAdj5S1&F`IhQnV7
zDF6LZK&kvn=(g|ILWA?0gnc1<RQR_7jqkn{P~JTzh;YeqVR?-FPH1RxLZFfHy}<ef
zv0>SyqEt9`GGS{7chCPI5SsI&(9ruQfq&a60V3+O(D0+!u;YvXvEpZ;Ve(l)1|5D8
z8ghRXWboIo0*xcT2@S8D6KGVO7a;mw5E@(;h0(_RE(rF=-vyK%e+Ve>rvNeOlF-ok
zFQK8{-$KJpvEi%BLN9OrBQ!jAMQ9jyRUq2@n$VDbU1<1SY&dvBAj%xL%{N0GxTh);
zL;W|*XN0=n4oPUJEej|=i48kV0>sm`goY{M0@3ma0iwP+v|)LqfbmsiC;(JP2@Q*D
z3k@Tq1sY{B0z_u4(D0|&a41fou|8fvnU^3m+><CYxRZp2xMYFondHRK1I*480p;mb
zp<zmz(9k7aXei1E?PYmp=x6vUQ^2Us64-b&TWA=ZBcL?N6&h0Vgog8C!~T4M=-L8-
zv6+PejUIJ`hK6+ol<;~2#0jxsOML-FEfP@1H4qxw7Yhxzrb3s`Rk7hSYhvhObwf#F
z=wWq1LxGQb8wn7uQlTN*CP?fDn*g!ZE;OhP0cEsP=(e>>XvlU84VT1*Lmr`*|9XXn
zxjunLZ$*G8Z7hf|vWb9lQf%1TR2a(>%><&On+r5rw-6w*%7lhL$^?{yEd|E@+e&Dt
zYArPMYa=wc+6oP^?SzIiV#DtC0>m>N1jeRyOgtPMD_-U-N`v8@1U+lgSwKrJ7YLs#
z7f{~oBFN;Ku0q4q3V}w~ZbC0bcL@-ryU_5B*zk4_fse;}CT<o6m;obtCB7Zv0M)-+
z(1PoCCx*sjj`mIrjU4^AkAO0#uh7u5pD^N*dxQqly#mTN_X-fz{e|&7GC+VBJW!zF
z8zeNu4Hg<s4Nm+xWcYiA2y%UPsL(KDm@qfph6@mu5kiA$q|k7Dq(DQvPk>l9N@y4}
zT0m(tMvzD5SfSy<SYfn##|cE&jTahbPY`<PIZ<e6I7yItt;qt7?<NZ<o2Lj3%ccqq
zqo)b1mrWNMQfCO=o)a5BxL@F7?M$Iz)-0jh9<zmpk_QBo@Hqm+cXI@YcjpR>EvppP
z%kU~;EKTMKM3d(W4Zn#EA1n~MUHcyaW#)sS5L%Ci64OYCZckg7xEQ3}$(7l5x6AFg
zHSOuZFuM`Re<YE71JVb{Ratk+Ob1d9laesu5*&HICD##15HMKwhIT!geG6<Lu3jtU
ze@INb1N<^r_Hz0=(KXTq8ey=(N$mTRgot{8?#v`I4y1M|OlV%$?eY+Tw8H5mDzuG7
zLP8@jde(FB=s!pf?b#lH-J6VG>?*w@5(^AND_SInW=;Z}Y%RiM5x#cSWxGvAB0wT0
zg(%_tn-%UPwty%Om@8$d>XZ@_+^N%UB-j^{&MEklia%-ila4<b_>+l0S@@HUKRNi5
zi$8hzlaD_I_)~~Kb?~Py{?x;t`Woq6gfF9)b_*j9%H;1ULdE#EY@o+rN+S&RUz2tL
zMP{)7R!tC;;A61CO24D1FzwcSS0L-85^@vYFh^>NKJe$r@ypQfnEm9B?(G_RZ`UXf
zTt>9wK+0ITGa7vaOFxgyz?3Qff`>azZE(sI^I_h9T|NOReHBT8gV)c$tYHouoCrNs
zB&fWhwF}ANB8?nwKqmbUr7Hs8`gb?*qL^D)F{o>#ZSev*!{NOpCF;i48v5;C$KoGI
zyt|P%zd@VfLq-iAkM#_Vyzp12;u6`@$f;FzDeg%?Eic{~Kd@W(in}|uY1=)&S^n5j
zLxwKw+@)CS+{N<wXc%|NlBbnzwrnR7RwySNu;ggjTP&;alfplJzSWXMzkr*5%G08D
zSXS1Oe0VPwKfzaz7N^3dY^z=C|AD2k1jSb^Y4p!__?^FpEd^jZV5tRpJBlM=!q(y#
z4jI4Sa+AQaPmoxn1D2}<D-{Y5R_pu`e*2fC;CCES%Fi6JM8O3wzG0^4VM~4dVn7?j
zAF$+W*uI{~SU*I;a^b6wi<6=AQJpqee#O;jyNYkz$G`4{Z9iF}B^%aIeT$$k?JUlO
z^II);?b;`n2<(Zq*M;W47Kdx4pIPd$PHMij)Pvtv;kSfl?XWb50p|$&_VwD@{x2;D
z$@;ZlS|r%}6EafswdDo@$B!1gv+=bhLi_1k%Mlq?okreg$QFFtGWG<Iy^e43TYU^^
zT)0FQa?V29s$j`!{EkoWua;bG`AN&O1mxdQFx`K&V0~+!EBNQ>pDb??c>5~;x#hHF
zGl5Gt@XuvGTN3egx=dI(u=hDjjCS~}Wh5a^DyCem*RPhf1d=6uZAtGUOBR>>pmUbz
zW%z<Nj(oB>2};jdJldGwEs`wZ`=e2wIohI2mKONQ$v>UFY#C3WZG<&Xn{ma0FG%hX
zg}C*n;%iI5fnA=zYH^^{I2T&kb<5lMiK`8yHnt?dsc%t+P1fKm3rlKC3;6iy$EUKb
z57U>o(>|d?8*3_DiAOOonXMw$aj@hX7NX%_GbOye#Gss#^#uvvGr`#WOR~lixS5EI
z)iGHMWoVp<j6pflSlUh}q`e+teOi*RRF9#IjIvq?^vpw)O|`9;CAd_8DEOyII}mGq
zM}jBn;G?w()`9reKc7aDtnF$+n~!liv8^^#J!~~=Gt;fRaE6Ky(P)g;CT3b|N%*Ey
zDtAa9V~K+$BT+WEDqfK2>*!eTQ}V3yDG+LUE{t4cjRDVRmgd^PLaUQVc*~a!amI8@
zCY>pVcD;@@T$b>f1Vb(?veuF4_cJo657w0=Yxfsht++&WaqPBOPa*)HLwN9QOA<7F
z#E@rK8)bhdey8wGi}WF%gOIj8e4Xg)9ZoH_Wbk!@P<Tm#o2(+}HomxyI!K9tu9J%6
zq0DJ*4;LCr4WP=0uPs|UwYWgTw#Q7g3a6~86<<W~VQ~snt*}JA<FhtThNDfb>C4~3
z@6G*o8j9eE$J%D$wsNbst-Peg-~l~acWB$CW&XrzL&lC8+9bc{%!$Jr=eKNK-Xy=r
z(EEmu8{9a*VUzrd8RLgf#=oK(HjIjD-@Rqmp7|}y%kwL`=7*r?_pHdDFmd?!p%ccA
c9X@pGsOk6($Q|%SU)#n=W-WGO$s>{f2l%HVZ2$lO

delta 33760
zcmc(IcbF7K)A;qwaJQFp&g9!Yj?IC1paK#PF`@`4iXzB?VkU`-N@j#oKs{cRD9KeC
zkSwSuQSn7k;lKbW5)6o-@T=~g+3h{R@B8C>o}Z7)UQJh5cUM<cS66k<jyeA>8FS`c
zGId;@)8qD)INUy`$HP9}61&~ucKci<c1WG54G0oak7Ol9X%;n#|5u;=>tO#R>N!gD
z?j;O#S2#Q+O|QT2o(KCsjKmOX=BTJ1IAEZ|X}3AbqKX7k1dgYfQ=mBPHfLGXVg+%s
z^wb`i`efx%lFk2Gq1Mw2)sZB}fTkDZrXm{uPs4v5POmen9{%A8cpM(Rxsszlrlo23
z;}bYiRd$PhUVE6lt)ETKit{>Les5F*EYZ(IH_-2l{)a3y3j$8wLoCP(>M=2dEHO&l
zc6(G7BR2HrvMjxkJz1}{Y$wY?rQWDKR+@TCSspK~XjZ7F#H}MM8Ad&?!|ibD$Ky`x
z+0oh90k^{+Rm?gtH=$T>nv$$HPB^UJ9+S-wo$g?1VsE0)vT#hdJ*pY+YErY{_M|36
zUlhyHJa#=H<$}H=PC(vZ{nYkE-yhFGpEEcnEsyB+5;+aOJ*t59uBXLX5Zs?0L-ePU
zvSYBVfIX^2FU`t^J(<=7y*TrG{Y)|^5O4>Jv$_yHI+fvh?B1w+j#qVeS&TkE`&WHH
z8l&uSIHU5B@{H3YKe#Wa9rik%)%UpUK}TL6q94lOpxYZ<oPUAnY8D55{@|uUH_-=W
zb1+~JrWB_V{nZ=>dhPaL>ypDn&&*>@cwJ7;Dj3_^S{%HqeiG3q=ko%$JE|!g)yQU~
zDfT^C-_qa*{jEY#=8wu{WvK(pa@l+Y&oqoC`tL=&&})w>WQAu2mKEym#>e&267k#{
zm5I;wJxwz8o0@#37u4tdL1uPnii{uBfMX#udF{EklR|w-*;#!-L-E`%1Z3|0N|p{W
z$-$#mi=v-v#Ax`Oc0Ib;MZKVjfc(M2iZ6(6ZOTC}PNn^@KBSD%@p;{1ykxSqShqPY
z>2s|7xz8y?%u$UZHo$ol0#it8iiZn5R`dCyny}7Ka~HwI>ay72WY<VS_UipV$-)`*
z`TS8C`q@Bsu+kH!Hg>t9m=XufZ{&!8y@cR%@!#jHF6+GCqn{3x2H)|Qk|cXT!pP&w
zcqVWp(JnpxB2>>C{HsNrLiU*t0*+vD>nxJ!kg)R^4X`#xrVVMcG|?#)eaY%2V+T+x
z<FHTd1`faPJ|N9VX0U(T3Pq3iaP|cP`q}o``s`2AVC1u;KtI#2Hqj-KDc~(=c5I>5
zoB6O~9LYzVG`;G&`}AFb1hU`go*xD8+v|$dB$qtKuR^6hy?>|NVC#+w(f71S#K~tJ
z|Jsh0X7`DFXfpuGuITg>)IO>t>S}A&HNV{tD>Wq}IPk`&G`(?K{><SG{?iSGF}H0Z
zyfs!!(Mx)4(Ra5`Bww2?IeakkFv$%zta>9x-+Udf<@5&+-L^j#hL$Ta@a9;po^I*L
z3*64&xBYL|bl;5}^f-b&?{5+ZwXc)d96qT|r=!ld9S*#XojuY`)bI!QR5y(&6(Znt
zUh^A{yiU?dt=UVjC)nwUZ|W%ypH6S9&qnL>!o$yNCBY%1{z!m+RuVJXXSD48AHM6h
zc`bYs?^@+`p0{wC56p^nzs>S1zV%i8`I!8!;EfYCHO}qiLkPH?y7hih5(ti(VkL0b
zb4nt-{4AfyXejY0(J;ZOWb4JBd-bZRxq6T9GGO$FWtn=vY3(8Q6bi?C)tvDGJJkF_
zGJ=Pv?IL>l6HLkd0asKuN;=dm!ga4z$8@N85GA^5YK&g<N~&J|%GM;OUlQ#SE`x(y
zN`c;d#wzH#5~({z3F_`((#&_2EVsw#xJRmYj7_5Ebp-5s>8vcKI{J#kydBsz%Nh&c
zWLt02D{Avu%lwJ{!C!5Go>dY_DQ~iyTghPBr2ix%jhuBalpG^5`iiOb^n0eTegy0e
z*mRs^2a9KeLQWXM6R>-s*rOB$&%B;Upp#2UAoV$2WM3iD{Q%ZIkI#Mzq5FcxH6IiG
z*BNX%3OF251$t>s4wQHm3v}s4(t_Uqs03_oB|%rzEd9=T-%X#DsDJq??}Eb_9Qf8F
zihgny<8i>@i^^a;PTg0Q5lmiCkLZUHcb1w3l{YDx-g4o``rmIP>Z@KCZTX`z^~xnV
z!5bERiwjr{r|5LS9-mS_*l$S#lH`(Sq>(=Do%6bXUZVcvT;3XrU=C~T^b2ZEaQD*b
zMDOyJpy3aWTs|R*xb<Px+5F$)(N~C}p*La<ogs0)7T*8<Iro|D$O>lnolYSfaOp8M
zT0c0S_s``D9@&siblZ&y`u+8?V1r-DWR_0vuxS!3_aUc~7x59g+?=0!>4zE6VHimX
zHr$M(tiMDQ2DpQOh52xYLehivJ|u*=^xc6*dimCGVU8aO&0NY`bfeR-t-h*X?2xGU
zUoIZ`U~~(mI5_*0Bm$35Q4{rcZL(lY3#EwL@~T|4V<n%CQQTgA?FOcn0k=Q6{nI7&
z8heD*L)egi<J%)IKIcsV^LTagc@dn>CTaSzDX0nCW5E8B5(^c7mRY7By;&c!cevvA
z>3iFkG8NZga7!f@ReUWpkHJo@+QNJ5@dcGHQ1mywYDx15)&|UPT;$`n@g91;!7sk*
z6AkN^kl50Im;iU3@30l-R#)%$32(sX3chqWnLwWwsOVigWkHWtsE5027wL09ZNNtF
za|dgVG$gRvjtD6|vh-s|_v^KL6ZF^i2m&5G^@numt>8H0zyCq6?3AFtKQ#+1ZIm=<
z@i_77y?=NVnzh17`SEj6!wYTCk*r|CkBt<?>($@+sy<UezauIe+MOfmuqW0U!%S81
zrQ;R?yYkfp(v0i!!8T}?cAr=c@$tx_A%{6RzcaYvr_OPF@S}}E{~wCAkmmoT8Z-!V
z*-!(qJOt1kGWA1$@(7<ae;~Nyj~$9W{i__s8_+j?$Dal~dclQ!?s`maM+%@O$C|~B
zC)_!b<O}djbJA8{|6L-ffYh!iG^H0l)p!2TFaenu@J7X=`gI)&!{X6IIxnUvMAKLP
zfnJx>Zg&Oy{ZmTxsV5Tk*f+CaPNkuL`z}p|*==!#Uik@Giiqyu#LMFq#pl=G{sX&(
zPkd0_4ppReM=s5fq>@~HbjMyO#d!?4gE;gS^9)Izq>_EGs~D#(Ce*Z_zNC>i6#e`K
z-h#tTuZtn8h~jtXfq&|2*n|_R<48Vj6-zP*8n3K{ji7gXB@-sZk$0hcJCwfa%e=1B
zLGO<z0fodf>M^XUA4TVMD#@e!6Ui7Q$?uj{rUbJOE*ChiQyOwnh5WmbxkFM(vA$%<
zJ+S(2lE<LCp`S()iIYp)sZ??TMy<lNxJeA*ExX*S(h1cdI+kR!F1w-hdZmz}j-#CR
zh{KvLUNbM3d=4qsDGAUSXMyq0?VuTX#G&Z5GqmJ@-zW7ih4n9v;TWq(f44P*PAVYL
z1eRVRF|fNa?o`vZip2!h6p~M%*$kvTAjP2Vr;Cb60jI47&<8k>M);(8T=e%6@;L#T
zEigS^dbB=SV`94Cmt2AAbwWWC6t9P#C291}Mg&*BpK}RXq3u~v*o5qYr(Q!g++HBa
zcwI0iUdg7mro_W(!FdZwB3UM*y<XVd0fps_!)bJ*mBbPlQ-s7$qNtp<kuRXuf@|#V
zSxP<ls)V3TciO!^vC}F25UCvgBZX!)BP$7G7TlUblHjBIg5f@>vXh2PJE*NW(Fk0Q
zRV;c<Z9XjMsMO~Me2SechKr3!0t%=h_dW;ocaR_9d=t@spPSz6B)<`O#3~;6ov=Jv
z$)}Ut<hY97kx|d@r_=nT1zTJ`I$8?91jsS4+erc(tT5^Y=-(|!h6Xn{#DhS9mbWEE
zgqgLo-<R^`A6~o>)y%djAIe8C4eoBugiHI%(%{V=)^u3Zgj@&R=HYa9baEOFyPfuL
zM@k9!9Vk#OxQfG~_GG)__dypopD>5rL1$k_E)eKaKoVhu->B-P8*U&j0+UmbEy{&_
zxS@-Z56wH0Rq#a%(hw!lVfWFbPNba%pOql_28QrC94@|7h0R?_CY;JfE6mN$iaV@X
zGXta-+%*z4gh6`E-nMXgA^L5tSl624l9dk)M&Zb?v=w(r{q00ksN})!q>q+lkMw5*
zdmT;}4fG-y5plu;Dk+6}-IP@QnR)pz`DXGWaRJ;Q#_Dv_Hn)&0B_4eX!-zWISVyDK
z2P+GdT>9p1XkB1u1#;uAu3V@bxXtID@5=UCHhs1?>8Jv97e#Id56ZyY`>jRXiJ)i?
zG6=lX9fj?#IFbeXx+x9xr#j)JrQy)}4zead<xW(_%B3i_XS$(FUi^U74j1~8cF^W#
zlzywpN%ZS^;AZ86);x&QNpq>TJ!rMSu72c8T&<KO_$n1!`nW&&23B-Ku>LJ#8r?3s
z^Bz(_VC_Vd3oRFsmi53*Ve=V$Q}_xr?x7~ZpxX>=H_R<oGHL34<Z~4|_ZCk*PI~zP
z(v(2gYP7@cxLKN5h07<Kt}%ni8?bwrngHATknBX13Xdx)2G@;Sst4%p7G=<T9wKk6
zaAQ9~%j<xi)g(h0&KrlK7PRh%S`gC&J2teZlFs=wrkYHIi9N8xEAKI?IjMUXxn04f
z!I*Kc58B?O<OxFEW6=Vic?9)xP!-nt(uUN~UCtF;A3*@RmZF_F^Z+Sfa_jZelOsqL
z(NA7TfL3-yF6gCXF%M%A6h0&b&KsZ!PmpIdh#4xnfcwW^*s{sIFhigpBN{AisKm}3
zNj`(-)hI9f14!)DNVIZ=H=&iw8Ah^`ut5xeun@s5kK8vLPS+<{R2xl-)Oe@M5JIOH
z#y%p1(C?x*KTFU_s(c>_+*T<%XMt~TR+6~pV}xKjT(}8`xo3pvncod5O_e-a^Bf@x
z@tYh9IHB}KQc4fKK<Y<EH9E2>)XxMoSaFL|0J{otSbbh3^I^wGv~__H0T;EsL}E4A
zK8iQwL`zXM3AGH?k3zgoNF^6WP9`g$WDR!5|Ez)KgcKX9(Zf?n7aU{29Ag0bK1a|!
z!!5r(Di1bqM3&b~v&K*q>=N`EpF{r5?}p>;_6qqHE{{iW?hAsX!$Et^AbwR}y&(~K
zzH%*LYc)<JbMuBPIds>nq>N-5`{#%#Pz=Y$S;twRO=gjNk|{RJPKWGkTR2)eL-R)^
z;#~1?&XD^aeiZu8$3E@YM+#x+f7E!e&mpNWW*vejXOp>b=AdGU2<XIz8w}9(bCCD2
z>wEOoEzNPym=-E@+G)xgq)oUta#$xfjOL)D-XwXrZioO!^Kglieo{lcL~;7`xz*`t
z`50T+K+zaB{|^R3hyzxhRnm!@moSE*FPj0S9wmdmI1iTvB-+k}2%a#4Cn^WXNSwXj
z-y${wZO$pNiLwWTCem!hORMIS#<;KjM~Nj~m|G(z*XfJOVOvrdw;9d9<!w>~<<Fw;
z6}ympALlZhYL_2Qe#!;j>Gad0MWmd-nGtGiqHNs*ye(YQohU@y{Pus$hJ-#R8FbNN
zl1bpyLNq0}&J#l7veQ#bkRfr#rpoE|!Ji97BQ6KMWht64+={`lDQY^oAv6w`lP+6^
z+=5ZdNQ~kRz{g9BIxc#4IdKxj<AEdfuui8?e{fUD;`?x93u!=~S&3Sg<q<nLr$_e3
zx`bQt(B<!vYyu5e;^NSiKW8)I^5Tq~o{Ba%@jcW6Q#QS_Y<3S*@zFl-lT;FiA#c8!
zK=-NHN~61e`sOM&AKQY+nqJ{L0eX(&^DIm&h&pl@_2v+s+fKW!A>9ewT_5K`9>uL;
z90%R8mNX~u5yeq72|ssI+d5phVhz=DI-tvJ(Jfqn9$b&I7KeJpo5%R!6RV6eH~nA(
zX~I_R&5hM`I7mr$8Zrf=LX5pt_YHq!=)?U7!^(YVppea|f#Yn+P`k<0z@Z&&*-%TZ
ziEv>h$%Uc@Bn5UYv8F)PTGBPs7_U!`E#1lc%sB66oS$YzSwcZAAz2uM=Kb@@L%)lo
zGZ93On#b&!TS-rEA$9_%%e9y!pRBk2!yNI`9$QHll4<Pr{Bq29U>GexKi!5LfE90{
zqRAb7AcW(w)A}Ei3IeZf!-*Xfe(s=SKVeE*xQ4_e1>_+2&@hsdezTpK?DDRvB_e)Z
z!EsV?Xt-b}BfD=N-v8l8`riv=1-fT}&&Wk6>Y>IaIc4>)=9L)xJnkr5={lf0G<pXv
zSJ}>h!M}h!iV+;2@z3KiTp9GB;GX$t8b+<b30<*+q|Y2+jfP!8Yi~$ei?g_?uQeVv
z1<{+rS?mHepK$Zib_c1S!svLT(y_DXUG#tSKIpfV6w^_=*}mZQM{s~L6Gn!a;G=X8
zNhX;hvEZ`Har{wXG(SDJmuZS!M6_IXdFW%qcmdk&3xdJbZF_MTv-b$|<F(U;D5p3b
zU!YMsxR+pn&gt~BNW?~5#%RKSv5KJ}E{6lg?j!XR7=|;-!UpsRoOz4nz{TyzmF~l|
z7_hFfc7lPQGLAfD)gb9B($|nCmqV7ODZFF6F&EAWuB+K})mNku$-?!KiL}chPssu}
zdw`_NSr_;yLn(%K2g&bQ=F-V}<aT;p70BhNMZ5+EaD09*z4vQ0qnU<zGSEC6ZAl0%
z;H0a+L1UL`bkjidakQl-8fG-;-`|p6EMZ|uGH?PMXJrTn7j4Wo<f~Z@L(c@BPxS2F
z5FV}~9~~uY6{tE)5-mPAC$l<Kj9%5!AINYX4>#NL+d0y@5K_QRyB#AP(2o#XYSENm
z(Ar?4Va%9f%ow}lgt0&1!m%k_;?s+3a0hb`*Sx+zk@qqU`7sFjd3#$z=nf~X{FxN9
z2(QH=aB#;x<p+|>!^lQx7Z#i(pDDOtmL9{#)|$2bB0&FpmKkz48gcSQKIUjFo-D^d
zzdl8FN6tw=Ox<TDRSZbd{in%27@0TBpwTZeFWbX-b~^A^awEYAzRawEnB$!xJdcka
z`i;0078EoX@3K31A3qNv`MeaPctt!u7b7IWW%qKVFGEQF0DbvSl1ngJ6(S^hwLgRt
z@Y22KG2(z>DTAX-(>DD^a?vlsP!v@zps|gRUeqPt(ANeLMDx>IFQQ3{;1uc*NBbs(
z=5WJ;zsbI2d5&EUFO;4Wtzl?s;Xf>{(DWinvN*)#ALi9jSEV@9xl1fYg2AFtmjf^u
zN6NbFa?eaB8Sl4LDijtJvLx{7a5*^#;q(ELiE8P0J1Hp2FOdUt`b3YHo7};CAH{s%
zPiPk+=GG^s<GawvFu=4uT2Xk&C=rhSMe<o!+<rJ8qnwE3ic_@lW2mmj1xc~WuP{ha
z5-m<KhsVODUfL{9LCa*W$;NPm)SL+6d0iBvLb!>>V2{ZaX8_h+BDr-#Jn(IT@(qjK
zB+sxYd90%%M3W8|5|x*srh{TiluJzXsZc9Ebc~afy_v>pAo}7G>V7(e<#$pH=+rW2
zc}I-WgtdU8xGq&$hc1;Y{4SRm#_wiTjI6-?bfuPsP?BSWwK>NN(e7jLgzqzMesD%}
z#Y%t3P-c>ui!gmUCS8e%5n6mcL<z$m3$v8B&_9&4&E*z-y%0ikx&gx*1@Or?Xn}$`
z%C-m#<Z_GoSY_Zl{9X@zJ6AcZz-vcIB8F&TTC&3A&f)Y?425`cr?*6jH8j#KhW9tG
zjnfbr6mb?QmCOq;oJ+w>w~+cM=%1scGrDd!#Q?)Q1WpuUkYYv#pD~OW(5Fh3mk5gm
z#K5yzN-4wjI;p*Z5{E97JZ6s=LkuU$_~;FAKHl;O=i{pll`Vwr#Z4RG5jG+=)CHf9
zzSvml%{SO4l2@oed<aQwsZT{(3S&7;3}FRugIuPp=KEn&%Dh4&l1(Jkbc);IyZHt;
z)Sh5vY6uB8xO2*tC+euC%PTtH+1Rg_K;H^wQG}Dzg-2uXfWm5Aj^_8r&=(#hc%Pjd
zfIsd<Kkl$yd5<Uk!8HiCv8x=)J1m_Kt*Q|+)4}U_<`<4Wiq9}zyNRc2Nl#81bEzvs
zX;b)Wq^S0|g67~zOQnl`=9NTvejJ8c@5GRO9v)+W!yT2zP}Rz2gPN{Nd(3n~!i!kT
zNMB}R>;#cI^%6)4aH$pg@C=jXHR0aLNNWB&GN}r`GKA$U!S@Q1!9?HtJi$k9Gq|E*
zs;)pZ{aHZKdD0Ft@W=+s#BED*%iEnh_?XNb*(RPJgKezWn5zm#9R0YHlRtJeA1b?I
z`7N!LX)ISo?&2gcCAETQqTps1MxhS1QP%NH68PMRyuPin4$~-!5a&S%b0a~X6M?e~
z<gH^~BbRYvzDRELhj#6iT|6}bANUXn69x^$m=e1qr>5RuYsQ%*k_Zd^h=Q2`qi-9k
z5asehYYuepU`v9U>y_(x%76@DWOE_*24%H~^ABo)6)_5*2mjol{6~c1Z)%AHz+ieV
z9PXgJEk)D=tq>W5;X6bO`~g02j9k|j9NF1PnIU4>zqUq1Hoq)By#~6@!^qXvHu&uA
z_Sn*>&dOUX-aMzRQp$qJ8x(&4o~}e-T{kR7?#_ciI}8He$pix<w@V}9DG&2zF^0O6
z2S=gcI>f?2XR%<<?3Ot8k{-$+9`_{G92-NNYk6do4C63HD>w5XB^l0Pj5ID60mgSa
zh^`NT58EqUpi3!6Y9@BXKsQDNDGLTBk`ZvEm$H`!^vGkpI+pQ(+)^HgBagF(W;kt|
z2%<fK&v<YwQFL>|t;!2LOh%rBp0_Dqi}=>~#}&Ryz`av8IR3&U|B&02ODyk6+89wd
zXCMIU$7;FsojVjQ9ZGVv=+U14zo|+0zZ}C6duS<jX{IWnY!ct}<EDyE9irTzrC)^#
zOdG3~z~#}Zh5eHbo%iETzuy=o8rK6Cy31{cqv1|AHz~MBiHdq933`rEGSQ`SIoudl
zOnptwh04J;4YEgL)T#9dr3mb^RV%c4RGF6~hgIf^nz)jo+a@-rhX>p87Bn59u*JUM
zJJg&$W0Y9lwx3o#rdaveDrJ7SA`X;C1$sVg%M}g&_i^PoJ3Xa*FR)l`r;{FgLb*<y
z#!*g&dyMh8EI9IknhArRQvQb3XEBWWmx2L#)-D^8(;L;42kc;KwJn=|@U()Ve0CxQ
z{`?&mP_uiu`?>s#5=3uY@ZTkGT+fHwbJ?TpEWFp8rjJ%Ig29fY!0@LPmN;`^j-vz_
z3hmmI7to1glw^MN1U|cHG{pLYy9qlB?$JYIl@5gMN-AzwSc1^y^3rbOloWm<L-{ex
zA(uaj9mR!Hoy&{p!sjsB7<ou23Rb?Tu$-j}&yrR!Obqf>(CinKrX<1+s2q`X0<$6w
zq2fEW0i8Hr!H^m|c>xQ@a#cc~D5^1>S%O>eoF_0?_~rx*ttGsqs3ghU(O?@<Q5f&V
zW;r!4&Owh;I0rpmRxa|x3*dgtAm)#10;3OO#Am_;1tT!*-~zmyixafrMKM7hJ2sbk
zQEddZlN606PEvA=V+O^%1;!f8pLCmy&J@qH*AG8-(|4vII?JKM!F+=#ui&M>OjT}V
z0o>iiD9)@g{@hRRp01z_yTR7bc+Q4^Cj$J?V+}3`ZAaNk=<mAX=NpPdXg^&H1cMCj
z5JnDtd4}RMFz#w3HSBfMpJuWmmVkykZ<Ge=^+uJzhElB<YRA|#I`mbHW`}di5SU>!
z<c}(Vr46)vy6H6qGudCIVWyy6Xv{u4Ju{0na6Sj0Umt$%q&?;^f0Lz(NeBL%jm+o9
z3FtWo*NV1ppk*GsMsczjpo@X;3gjEZ$V^#yM9==F;uM);3?P~Eg#kV%lP?y*gJ+(%
z6#!~_Cf#47<cZ`jRLoIWe#qsw)4cyEnES-tLjp{HUFe73Db6V;jmN6YxX>l@lxR|D
z#5}Q>#}EB-aOtK{=lrNS&~q!vrP|v{M`mC?nyRpD2s`dw0;m1R*{o@3a+c0l&Lw$e
zr{xw-gm=tOcPwBXWBFXTW1hke1h@ir+H{f9N~CI|xp-rk6UCbsI_adv$PL_EB;c8Z
z&|^0}wgl}QdX4ul78;D3=ai+&Lq_H@VUd_nT$;*RoX-XgM_^ju=Vh3!<rzn1d&sV^
z<L5;%_a?0nP{VVf_X_1Vk#Jnl%@83}aJL=xmQBFv$+m`EG2!&<N+Il7seH#%i}3q9
zd_ZnoBEEi?wZn6RUk?jQsN0U6d=FKCC;C_fT4=G`&Q?(Jpq2$_*>Yjl`^pbIyZ73E
z(RvyB<968Tf>o?C%hi#`OlIKecS=?(7=Pe7x8H-J7r5u@w1zR8Kb^3O^TUlxMTH3H
ztzWCOXDV8{hR-8AHJ=H6*DE>j=ww`ZZe6Dw7KyTPp@uN&(`UVsY9!E}4?lO(nHz96
z1pcJ(b2r_%QMuVjjy<wPbO9HIA}D!EE2MXBR^myLxt-@TKR#U9Pp53*v&FJ?FY)JW
z8gLO{r~9G!HCr(~{vnfop3fT%dlOV<iQO(oR06{ovjek(UACda%@E+B3Y9GsZd@q1
zNgwu+QlIwtNXaFISDa}QTQ=UKyEt8xMYqdEYd*$dnrQ;eQ0{K7vgO0=a>L$FlwV^*
zgkaetYJJ|CN2p!i>!^0Oex{^A!%vl?#LjbD@ZF;-(*ZXwKi<!9$uggh*(D~?<%1DB
zl;4?41$XQ)p5Z=sr}7;;I|wt68P5WA&MsvsX>1-kyz*NbQm@dEFl+Mi9=4PgZ6%Qb
z{AnBq72J&{1oB|xSd>lmbL9+N-iC`vy@2Sq8&Au8p&aEd--DqEaJ$4(ymy{0lUDA-
z0Js@A#-mN6mZ5+jN>F1NcW}Am4hUlA0(_~Q3M0-ODj0~_6n-UO;#;;t=(0~qp~wD<
zZiHdCFc>a^#1TR9>hJ))wB=X0o)}Y%?wf%wyBO19>@L2D<BgoCGA26Ypi)K;98j__
znr?Wj5pLTIUW3gXZX`>-RxU;Cy=I2#1q3JhevN}(UW@UO>RKGZ)8AmUq0l%wjt6c<
zW=Zz$AVdO}Xnr@Q`5|=mlMX5SBbs_O)De$^CLTuRj3|DM7qeOPIHMXt@?l(xST`tk
z<DP%-!K^T47mYhwm-6f|Wj9hzIBHO418fF|-?6QMTaPFWApa;He&i#c^1V{|uVbFW
zNiwm(Yzsd{-0lY@14@2SPRE9L1hXGOR!-i<T?#iI<7)e((vqZx%1vIvUk4SgfOtlf
zWn5tHa$7oldQ91cHm~>_zGk>Remp;|{FgncHJ$|Mh7-ylk}7g77$q_Yy5RK>4Z&s8
zj_HzqKP#ASET4i)*|~C|4qgY{f0EhUjZfgpdru2taL{|<>EEHJlx*7ll=3(EU)~3R
z2?GqeE;{RsQb_dE-zP$5E90S?)}CeVl%40+VNPq~xres<O_@$o>z>Cq@IHG2*A&J;
z#%c76_@dThwXGp-^#?kdh6y64Li6wS(V^#*dx?JghE!N{R*8oPpEF2sR`?ghokz21
zn6&-dxxeAYz*Z^a``EvfQrhn?^qk@HTw)RKf8J*T$!8Y_xQ|@Gb!XEB<<Bq<`8^~K
zK8NU}<8P%QP5GN`A{Z%L{CWQWVi?izaVjpM<v()*jqR#NYAQUq-Zl*URcbb1!JS!{
zwB`!ulD(AoL&NpCVC^O4dv4P%g`c|VN0)KakcK+~Q9JYv*@K0t@_C{>Y{>l-)k8-U
z^%l|?&tr1zE59Xsd^|h=Z<L!+sL)h5AcYiqx2j%8@~*6Il7;opOJeEs!BI{9ho1n3
zwWC;Q2Q4j|C7++BM5`stb8G#Nkab^x-X5do;Hd%+KUDx*QiTMe13A}%1^VLc2@s!d
zJao__v8qixd?iDOHhPVI*59eyY<@Z{9=nQSFvz0j!xx!GH5Z&rP)~AFzt=OKxmP8r
zxF2DMv@;F!>XsAH@u8)}Z{%HvePYXl7m|&kkpNVVmxk^4!h0#|Uz{M8Iby`B?8od)
zDvpCcPm~)-3OC>vd*`AIH4hfwfE>RyUBx4Z*X&zzXl=nb`icxS=_=$?LOAH$p3YQX
z6ga7&v5MKl(;BHS8^d7A7;r?{88?%1R6G48TYci1)jrUK#Np*Fc0~||<RQ!Lhf&~P
zy$J;#3B<ygTy?+6kpqc>BLNqj&r`n?+r)43#3TmLfHNZP3e-llq(H^g2|H;HFOCz_
z74Xo`g=%M_KYk<;w#6C`y>xw%iW_Ej`nmxhFNU+-0X#l~v<44_+AnQcLI)d^sK*sg
z0E#B#8ez&~z)xG1stpK?ewSEc4J(W1L1q>iBMb2BuQ0cP>YzL8t2YSD!Vsolp;t~N
zTTQlm>~^@Rp?Z!JkJyGc=P1Z*kKG}b`W}tdGCCj41Svve$dxtxEh(uzOx#J&G**X^
z#$mjFspk#1=n|f5=~w8ve$*6Og!1>%?UGMytThde2X_$`tBR%$Z<|?gg^EAL*E0`h
z_qqQ&^Z-(M!lq&>fMJ*`VE95BGu6yF#S5l1t(oe%CSKle2A+?OuTXJ!%jjhqE2>lW
zN;a5=%7YsgzCzpWY6c|R)l+6SFO1-l=CKDBG;^qeR)kBkDKtXd&-8Js=)be}B5*c`
z+Ck@t3;0U6nomD=sT~Bi=?~yZok2SVU+}gpzlU2`i;gy8rqIVcYKtq-kCci2Ib3ku
ztNvtmyO~X8=QBJQgiAvC9Xfmfp5B4J4b>btS&15j<BWmUeigG3Vme+sE|})<(9(cf
z&Qc#j2qLyKi^7BT(orqc;r~kyeQ~&+k2+eZx8eb$5Pg6XM%#Y6y0xlZqwSU<fprAv
zFKyIG7yxRFLs{1uLzA<0T)_=p^x(d3ZKaAE*3cn)c%dm*a}P53bUU=HJP^`8L=i)R
zDc7mEe!Ago4xW%6|C&tB1&>{?{>I}QFu`RIa?|NIs7**}Xp1D+g*m?-*NZ7}dg$2>
zYCQtmZMfsRHQbn&7Iji_lfsXIJ3{(|NA<Yf>fRaSSLoTL(3Ll$|B`m4TEeFtj3)f_
z=gw*+N%I@)a`+pHJlyhl@U$MgNDq!vHr%Hcs3~ybfD%6=MU954`|$*2t5fJm4*k{E
z6vnKw*`cVLIzrm_{n=4a!EI`DMrCDpwK@H>n_5Opq<|YXdqsEfTwhfW_0Fp?<!hfo
z$Jnjz{S|jeWp}B$G_R+cMUv~V5tf})8Zxtnw~o2OAb!3uzqlgE8&iVYUXEy3eMD>o
zefy%m{N76)dbO@B{=}%^5fM(T(E!HuM}<6ei)uBuR_t`9aCPLZ)!vXG;}*B_Hnte^
zqukLe!XBi@<)dS6S4WWC5CxNx`3(=<V6ek4T*1-3)rR!$-s*$@R;hJYqf#KMF`J8a
z=WUH4t|tz){atGPs|~fRhnN`L7tiUV-gPyUbyWt6gWCJ5-~C(r?QRn7W5n0R+8^6j
zZAy`Gz5bnNUxj#vrw`-r#cnjZCS#-p>Oi=fn=TlDHt8z5mV2Agdk>AjU%l;WD0keh
zvcR4PPZ$<~<3Y8UelSpNbv4YS-UcxrZT_J8+SO2M?=(>Ss~$qJ<&#eig?k#HZ3d%t
z6GD;ESJ(<XGPrJt>iTys-4n6{cpI?+WABmZa=cG66vJ)Y_3t}W{Tclql(XkP=DQ6K
z?tvW!qJu83X5I(8=0NTblX6A1G%#9H-*9yRfyLWNT&&?31iVn*Uku3OhA$scFPH};
zBaRs!35^fW-d=uG{ncX5A9R_3KDn`b#n*s9>0|0{a|3tBO38@g$)l3T)nXATgt&b?
z&f~!i>%b?}<05?cWVqV_p%wj}LanHIk_~M50gO#*j|+z4ZuRe{aG?;fz%EZ1PaRP9
z4DyHt2+1f;jJXSVaG~``H5+4tGuMTEY!4o4d1e$YV2y+ah6j(ha!TKlEKUehbJL13
z>L8MP1-e-shHeP^z#gwh>?oF{l>7NS(ninXs-NaC4mF0qp)y%ah1W~p8pr$==Cj9!
zd~BGMBGk{kQdRZ5nnjyG&sGwKX{I3~b{=z6aQgXwEc1uwAN|HVAOg7Bl;9(N*O<Ql
zg6g!u;IBxmanI7_5bc`Zk~K7K*#GIb*^UcO77D^{`S7T2hEY9u5u|2{`V}e0Tpt^f
z%V&-|BB1pOufWtEa~2In8gh4jc@hj+jV{ov&(%VjG98Wm^sUiF;!1?eZyr>SxQQ?$
zOehd#6NF-4!Sqz^6eLs)YA1?d5lO4t9X#pw>PF$$_}#SM40Q@ly1}zBF033I&K!CC
zp(X;wsQau5icQ={;?Zw3M=Nd~yc*&NuD?h<9|o6{CqQ05Er)i04P64Bn}$7qtClR&
zhmIK7YoUP!0+^`biQ3Vn<!O+x4hQzwUuq#Bhip(d2i>b7vvH@oVz3fjWN3b<KjxV$
zoQkNZStd;{#wAMy&BgW0<LT}>Du&JN`$=?>xMbrB_>7%TM5ktl3E&#X3DA*msLzlL
zydT1u=fe0U=R^Q)$CFdIX~&n-U|uTWKj=*Ks8R8vW0=2!;piMsn8uY0k6_Zc|ELQD
zd*V#lK?MH7iZ@KI;?|FznWxUhdl2W<=rlCR+!rv71l|t~%n$^f0lMdH^+_?hv@1sE
z0s^9wn5?zIkVR?{jQ$&)F#B57GxK!}w$(0D8?Z;Iu;M>zGHkrQ{0^A#idqb(7T~6J
z{UnSx7Cmf3yoG94J_m8(;Q?u`q{DBoas%jf1?WSI)WxFDaR!6Ypb4y%v-tMdi!tgF
zoGZX2c_!?!mB&N*hlWmoy+~^aUCYZKhZbwFqbbE&DFf4>Z40e!I=bwF^%CjC8g7)l
zcqzS{QQcc!UJfZSS`J+5j|r$vZ(^om>VmR*@bGfA08W&bXTXMmT4$)7i2_!-Or2F?
z9z0-{*Ca2Q-uZk=(8KfM8F%(}Bi2L?yu94dL0Y*S%`r~7aMmQ=Y@a8(hLg-)S5|M;
zO7%^=uMw$CFzzOe9sKa(>vS6M0|4~&yXe1N!EJVb2X4FBKn`G>n4K1&Yu{5xai-Tx
z_v0+{j-bCRzVS-@tr~Mcyl9CUiwcuhsZSe{WvYRJ&t|Lqb^{-S?E=5=YIQJrBW8ro
zAnk_e-dY1j8MB#9I3`?nmuFHGt?D`g?h?ULvLz(o80|UyfjS2B&bfHL<IHKbp6bV2
ze0+#^98ftwFp^Rv=zh8ZWsw;d*fSWXwdN_M2^4NnFR<-njDpndGjQYV|5^wlUY4!e
zh&)L%lCU^9F|!yUTKO(l2OnApd+01hI<;?BCzEtE>Vj*|@C-fko>2j(F<b%qZdKzc
zO77@TY#S3{hWtQ}RVrhQ4-G?Ge!>FY*oJ0o=X+>SE4Sg+G0lvbx<wtFHz-{#8p0LG
z$0~Vgn~&A!BIn6;5AfIne7lBQ03VtPvRz#sl0l5e@_yjT1gk&bGU&ri7!QTvX^uje
z+O|Ah=tyoNGV@H^@+ENTGxbfVoJX`2QwKOFm^?hbUeG|%;_e<l5%Sj#^$m$%Qj=vH
zMYqrz?A@iV48_eQiL`wyQ1JZc+CAz+Bth0aAp(OJ@Tv5<1GL}gC?;`r7of$aB>6mU
zn!69xDiokMjinEoEfEcQ0`$z6sxCB&%S=2*Ld8g(9$1*KvB(a-&Wdi?uRa>Gr9!2R
zmT|>^LtQnt+4EsAo?9Dsj0I{s;ktf1;M8t7pxzzohB;m*zE`QcsD>KIH!i$d-_FJo
z3+tNTEF5}HaRELX3--sgA_gYIl7ng~dzJ;&pQ@Ebrj7B3=2x;)>r6Z4^94jC4qGXs
zW4^_(Ikb6Rv*d)<Jmj`iaaV|u=qIEcR%<aPZ?HzPv$dOq5TJ{|Bh+{-#|kOkO^*hR
zU?JFl!=O&p3yPl=R72;Z>O$@r#u@a`!-2h9#EjtWit_K&b&;&b+@vXeuzsu12J{Xp
z#POc4Kd9qLnrVd)mroC>^x=;<svlL_CeH38^eoS%t&XYB6TInPFWt;J;vyk515b}1
z{DgPJZx5_Gq0SMKVRATx=aGZl`#7Uet^KIhMWUhJKdTA!(obqX5?af#Lu@UFbvw8O
z`yGLqC)8}Z?4)}Cl}PXJ5=f}S-A<{qh1E>M9HlWf@r{?{P8<?rL`81In#T0bt>r0j
zvCv%U&itV^fuU#73Z~qq4S|ZY>MM--mN?Az@Im7-OLBypCALVEiT=OvD`s)HPuhGX
z&Y&Q2d-+7D*BylrC-muJysa!I#mwDBIQR!bOu@^Xg`6n;`!}@@Ni$a#WF{L73f;^f
z#2C;6Xeclj{ekwAbu%W%6<XaR-m&p@h(6NcBhREy{)sPFH0d+bVG6>cx5b>IMQHvP
zI$0>lya>&DNUjbXH*f+p`J%cxJS9$CqS(F8Z$mBOa_nWNxf(<5-KNFdcr)s1W#96Z
zV7;U+FdIPEAk;whNij;a5k7GiY;8ZG=^j?m2MCUx;nEhsFQ?TsIQ}|%D2`Kn!Skbm
zXbwGCTz>`8QiTKFk7y5)cuc$U7MM}z;uU|!sKVH?Yzn4A3sem=9F;B6OE&f}=D4wv
zr0_>V1H^UP!>*e)fj$GuMRU-(IS#N#tQKI;o`k+bQ4SDHgPqgx4JY_44W|CBR))5F
zUS>`+VEb>PJIp=^lA~g@42quEw9r(s>u-iAz(aosF5wd2Qs8&LzdT#)YWh5ihgq;q
z?pB$j7BlH}K+8XknruDhov%vJ;-PCE?mXJWYqt};El8rxy$)t{#LVD=dHe#O`T(W^
zzD&^GB1NYAZ7%x}*^eJNn{ZhO*aP(4By9*u_nL;$^s)lZ8NYC6DS#%y4*jMp#q_BZ
zZA!?jnNnf&-VN_W8~A~!_TeLV&~|Wn8l94+EhNRbBNt;fEuB|RXq*i73Qfka3~gtK
zyCFqDFA56zf)hY%!Ctfo%O5Up0%#9&U}qbg-s)lH4PZyMmIwWY;v7%T)~1_wQZ$YA
zgyJ~h<U4|CE;sF)qs_cxA%=s?xCsm3dS8*J-6Q;!B9lYr-Y+1ZgPRu`1bP6w^R@SJ
zgIQO;JG{XKDu8N_t42O<1S*TQJc<VIO_CnQHY_Dt$j{;gXPKMMjwY7CkP<CLNYvC*
zXxx%VlrM%KO0+ldHC<Ya8q%aS2^u>z6hJ3oU8%ML<%g1JhJ&^<6lH-4N!&*WppUSm
zfi{bni(0_$5i$Gk9uQ<OLNKZk4k^yC31&Owtf_bS=Bp@t(M=<*lul`)%_ZpwN7yM=
z<)l{(hppxucc#^p@)c!TPh1E?f-NfJ@u`peq7LeHbAC>e_OWRb>$u`RyuZ%Yr}8wu
zj|iZ~mWe}^8=7GYd^3hE6hZYkn-lQaMZR&a>lEOHGU%Kk+CwGw@S~Q1M=jH#rnzam
z(3lK0*ECb4j2Xk!`qE;fdLSwwRZkdW#vZymG~B1K=_oQ^{ubUkNfzx-&e=Gx3orFW
zUB?98Jk^;450AwiNtFvVi$^3v%d}6}QF1<9*YKMzjV&(|rgx-A>qFwCy#Qz2F@-S>
z?=9jxUByYwUE|6VXr&L|+6(sSN=$4WQ%yA{8CU`HMt(LQd`};iEyFl?;kHIh#_$Z5
zo33u54ZG4nMQG6lL!J;n5Y-AQZ^6@~BU@>!Fh|#s#H5N&grZ95mh7!yR>6hW2&39C
zCb8Goz>4--?#xO}M5ZX3hi6z&D$VeeLe();yVq`1$JQdML)({(&=2&zh>FH;al@Iu
zq#mqzsr*$~)=pajhwvSrc$A>|4BR%KbZU5V5YLXeqi!?_QS8Sbqy)9lkY-~?5pc=Y
z?;;;EV-fBPYOhD@7dfc`A=~8d5FWY$Cp&0oFo0uHHn(Yhbo@y(CV?(HE(9&bvDWQ3
z;<bvRx6qj%dZUKBQ)DHEUkp_<!Z6r6tXsiWA-tE$PHVBVuC!Yhe2t5#l|IvjL&IeG
z%Rps{#*f9mF|9mVYzDh@)9}y}yT-voWpSaTj{^dqi)v^bnu=;0rkn0|b#JXJAUF*2
z{Y+Eu(8?K@JX2R&TrH#+5l#<=<OXd^bJ6+Fs<hdm4J39#ECXnUwtvaYzsrt$gEwzt
zI9D-Mv-gXhq9qaJApRB&!-rMc0E&Orzrqy4omoPK&~P*pWBdD7<U8|b>55x5OcOAr
zH`j2pKmLFp{5fLAa9iLMHBa4+E-()o9-D*0hrCFH9#hNfQ!I!HPYCY!gpGAWOdhA<
zKx1LfU2pACk`Y=#%?8<)FQ$uu9KfwSpS?+av_`b@E^VpUG~l+=<d)F_BzrV`!y#Ta
z#!b%M+RG?>hKIq9SDMH$tp(S12bzVmeXlSJ=0Qx{fVXTV5Ya5G>yJxtgv=vJVb8Z-
z&#jCD1A^1;)zHFA@hsjkhPkZ+*I@^m0G`%tQ&XNVT&J4*G%raBo&Gc=9!_=A@a0~}
z8FZHiYAcP^y^ifdg^;ZAF;n^2{m#n|pjNPRBhitY{4Q<8m{5=DAPx6ln;y_C7Qq|b
zCi1xA;7Tzf)ZyuawQGbpF(3;=+KV|tHTLk+*np?8v*72q&EO&$@<M3yUy@08J*@di
z-5@Z|l+^z?*xNzF)AD!^2;UD@t>Iy3CK;i5<BPzTeYpg)`=$Z*k_8*=Txht^wA*lP
zBr*1qcvC!7Q)(lDw}A%4f$H6w6QK4-(RSCBCYJ*qyjMsQo-ZqY3>}NQD={_!?d}sC
zz?Hv+=uXW$=uvikLVFbj!OZoTJ2|}1di;LDe+<JFJ*6!QZG*5wLY!s~63h>{S3RQz
zh0LYZahMtMLxV-jsF02LF?4umIY!(IMrn7}6&A6EBQGUJq?wGsE9K}Ev2*Ouj9qX$
zHCn@X4GY<03XAiey~mTOFt#caVDE<E{}KGxF49Z*iXeVZj=~!|)R?Ajmrrgp{i;=%
zRmZDnrLgr`Z9eYWd81fUsCOL_?}hSOQmYQX$D#MUKM&T8(`qV&rq`+W{x$0P^*z-&
z@c0YpwQhM%8&x61txjcn^~&N^*4w~drd=`AU01CV!1pNL^Mbab;;LiYclA2>D#Ob0
z+QvkD<qDe)(Kq&M3v(^zyFnOq7Yuk=D@&1nmH{K@CE{lpD4C!U6(^LvJi$Po9EprZ
zDug^mBk|E*emVLYlzom6vY^awNM8%t{B;P{4MnZTUjSg>{wJ~*&d@JOP%@A8LcBu6
zKwcJ!i~?=+Vmw){;in#cqA6J(LoP;(*NR-DM_zZR`?Fb(_yzuJ;QH(lxS%f6Mitl{
zc+JsX;;8dO7#N@oAqOqTV$mX48f7(q;DOuQyYCr3(DBHK>aN3GkKHuD)xQh;z0qQW
z*VkJtDqfob=OznW3-j<M88dUUWzMxQKi({3{<GQgYVOrrk9~S1Y~F)z=(a7E)Nn73
zY_Zf_i#B{H)86@^<&A4$j@>F_(yf+-*TNjJO~zcZ%`)#=m^(j4%qbsP8uHHKd95?U
zqH|#1N0#sYrAChk<kp{9j{FO91>CdUQd+l0G6c6<@O@@*c)i6&v)5Y|D>S!#+1mt_
z&(Ghha4oqB%UGAp(JG92SxdZ@b}q3fDyWMsWAZ$Bh4U(6<qL_`ehW#A_VX80T%%!c
zSOyv0da}~jwGh6r(sSH@RpUBzW&3c(5@C68Wej!rtc47X7VnxdI@~Wd0vR{7A>{tC
z<mqVf&Y5eC&eVBIezA;I^X>Sb=Sq%AOgLeAR?Wk_?$!7jHe)};l4MZ&#g4fq#W3!P
zx@<ikIU;mxj1i3|f5lSrR~*?G?ci_BFh;dHK7s|fH4L#}O*~OS`6l++Ts%5^<-nvF
zTaTF0j(?jnZ&+@=jUA&FI5B61oT+QJa5oj|@3weKwk43qL3vplUEsuvcAl$LkSuTO
zL`qsGksG4L3v7%5KATi$fTp00C*zXvlT69D6z5sf@_6xHc<Qb&lszK#(=c>$MCxZ@
zXv<@%JHybd$5VHNp<z$Rm>r*#%Zi?o>z#W_F5CIE488SC>h>_rCq~Nksz%9}O-9S@
z{WDs|{Bn#uhQ(uL%rVc(qrGEX>Yi|W?&nfz7&`ZyjJf-H8FTRqGW7g-xn5~S8ot8)
z#ng3SQl&4Y?hZp2BcT3G5;Nhams3}V5tdGndpvHU%#+(D$z{zZ%aA%nh7LqP%csg^
z&rg#%)O)(jS%)q|mRDrX)<!_9XULdSX3Eh0AlGa2s$7=&nq2lv1hj3Ij5%kv+|OZi
z<g!k$%T!9<kjwsjLoVC>rVK5pk)hFZ<$AaNM~0fslQHYPB}3mvK<~dTmra^4L-#F^
zX|`G@mt`!Hp_7Z`Ioh&VE}OMPhK9c*L!Fn(EtD>k%l=v>b8y#k8T0KGa@kWW<$5>0
zD`S=gWnEC-lcBF8p!eRF%O<UoY2HU=sP$?YGi#09m!Bh`O>5<PuYMq74p}Et>9Af_
zw2}=nbRh!Tw^6RQbdwCduvs2^pDi-v{!pfwv{jz5@3+cj8@9>Ns~^eG@Q>y8x_lx-
z4Y$jfm$u7g`#+V-R(>Y;?8O~&**!budM$U!WtqEW=yU|MeUDr=Z?8PQCqI|VdVL{7
z&GyMq%$IWOwO`6*YyT^k>HFofAz#U59S+FjD?BKdor{2We=TFq|3=0f{jJ=>9fxGd
zbvX5tu-%QWmFpd@l`+>GkvTEts4S5KzmuW1-^=xKe~^22#)K5N9r`~KmjP`?CdI&!
zALRvP-Z7cL$m23}+X=ag_MhakxSwU{`v_>mNxAIRUu0<bDS2p}PRmfy8F^^u&dBxl
zoRy))zsmK-{3e(6{#}OLf5>A<JSQ{g`*SkphCgLYI4_qC`%8wpT#%tg7iH*j1a#nU
zndZCy$k2pKGBn__L}f;sG-(OXAu{x91hhj*ll&>}4XjqvByV7}CRe_ro{a8{mZA6<
z8S{q-Xro0gdo5Om9*L8wbd8tG8Yf85%tRUSK%!Ix!6X@)lq^F7Q{;M;sd8CfnhgCO
z0qshc>n+HTF~?@g(4AQ_<jIzy<Q$pG@tict58aq6W4@LrLyzRkP`3gZYEmfCoLM9R
zaG*#=3>M4Hy<8$g{Yz!cmi1*Qvw;kqj)1l|l&RD-l3RbWv0SfL6B%mORK|=hlgnx&
zptV*RQ@6>OL&{~SV>1~-@s-5>Vg&SM^E7F5u*9AwZ4Smc<o51z%4Kes3?;bbv47{5
z%RcbPknWW+2l?a{uJg-KK|qH7h=6vrkZI0uDMO=L$@Ok)EtfTqFaWV_Wz3@y&<B-r
zKc}~osSIi_*SqdIxh(&B8T##d8FR-C@;uD%AVXt1%24l4GUUEdhLSqV(D4XpOBcCp
zPFK105#8jnQcsgyc%XZlv~srWA){wh$>^u5WHH&=Qy%1;n`G$GUUI$eH_J4e+#;8e
zTV?3$2<ZLW<n|`qo+j<A&RP<3Vc;EU?}Zor#=Yg)`lolAv;p0FXPUGbo`08&IkJxo
z-F&w^kn+AVr1g_AzwRfO1^dgLed!*#tpB}oJ^uh1O1@8qe!MU3^YDm1ykBO{>jP!z
z@dsq4Ry`<}SqI6G_K*x6dPuHE2g_yChRD!E56hU>50%H4S1m(ls^u|!JWQrCceo5a
z{fJES=0|0y*$A0u^&XS!9ezy4T>ZEVO?yIy20bbFtnw)t%6eLE;Zy|l(KB*;H6vx{
zsZnwZy++GW`4|~9daPV_c&uEu=2^M*Y2#%1yze==pDmx4sbst$L%&2oAB~q=sCiMw
zeDWo!jP`mtEgN4gFJk3h7%?Gj5-8utjxKO`@P#mrD*{?hUpVkJDUEy$%I~ogB7?8t
z=<K(#7$lX0b9IBHQX1tC7DZzr$NwSb$Z7stWKPN|Y>sEa-%ar^M|RK*AyTqAo;B+A
zxULq7vxi4IGMx;G7B5aVqHsT@M@Hd7VLM8GPG@YHm^S*_!wH9FMHe4PAD!>=_&its
z0Jt3Q{VapDj&}3cEMF^x8y?!QbmaZN2D8I~QI0ETYEm*IM`sVyP0hqJFUn8p|1!ET
z-*{3=4&`^RLl`AY<k7~H9+~*b!cR7Sa`2OjpFI5J<EH>Wh4?ALPceQ<@KcJP`uJ&p
zpN9BpgrCNg^k_ov1?8iRNU4;hf{#}2R9&f*QgE@EOoA+#btEV(;<1?%)kx_w1HP0b
zX7VVy&wHgB;mIju;0rLpMu2Q>@)6U*IL&Lb+hOW@OLl?}|BAh<JN_T%hVuqOtmZKg
zvW&kD#^%p_x5=c4PDr`FU=x%B@iz5qq%y;U;ka@Ru`Xw%*gwaW6Cj^AiIka;MvNz4
zG@;~+rexUvkohzN*_3eN|ElESPTyEIPR+&NN2_b9JopyZQ0Tu~*>`wurUH{EO|QT2
zo(KCsjMxal@7>GF3*8kFk3G$t71aX=40Jf`HfI@qx@Q?)w0pd&Y$N`Ned_qTdzR6=
zds;UP!o=0e@2y3&<vQznf<Vp32xM=t&SpT*gZS$n&yOt2o%xg10j&>_gEM#GueRVH
zUqD%rEndMN#5$|s+XFUyY>lIdTddRT5xgnH=;4!EO~F^U&;8h1OgHYZcEO*#f?*|y
zynYA%n3R3D^>_R!NKp<?wZL;%HJ_Fx!t#AqH}w77x&n@GwdTUzpIg`CQ2}cyZS{pU
zKvYbraf*Oo9L(8Umc+V7Yxi04&E4$^@U5D6|JT}#K<sX730<<^+6&vj<47M{@i%D>
zT4P}JiLyKxvld4)^nkTi!RrQmz*ttUF^G?bV?K8hf3FXF!!cuE`LAR<RDWenh3W(N
zGbjjdfn~K;WI=$jsS&NMweC^zhV$98IQre+Tj#Mi1f6Y!<2{yP&F7Tpw?A5Y;uY{(
z<Vd&U*2f6UIb<z{js@1DRX<tr_|S^)vE==qt*hDl3VFvS{$fpI03$@#pR(c=nBhMn
zQq>u24S$Z@r^&xsPpeRI9BJX7^<dzuWl7Y2&gxg8U>zcl|I6A|#ff2EgO5j)Cqg#|
z{ua-eW;VRq|Bn?fQGa*>>+Zgc^YY{+D_$_3`7>5SxEp)%ByYPVvAs`V$S?RjS+z~&
z&lP0%Ce79ZkCU9m`W4Z(x8Twrh;cUBmV|Ge#p_QNTU!-+UBYL5<89w7u;MZze%Tp+
z9jJRx>;mWS@+8~0n6G8BL6;=k&MOMOZI4YE-I8Woix3x*LOMIs))!xh6=N#~{4*YM
zmWtVj(+JUrvu*oO;JA1c3WS<_@u&AH`<v}BG&pkyiG{>MWgeI0@S{nEwuMj`Z_>u9
z_#Qhp`y2&-<|YZAE>bpyYw<@*if!B2E7p59z&Ay-de0h5-zc%IRA6E<5}HzCi>8k@
zusx%|yfho~t+5Sn13r_9f4<Yic9RO8BE;(3%vKM|$5_*tAkS=$FGNm$j^KOiY_>g2
z1-UpOPFn`FYi6qt_0L(`u4-<36Msn8L+3hdZ52aP>1CI#4?YdhyS=st>al+9t-_bK
zR}I7aocJTxG4x_fTbm51cY`el`n`a^Rg?H6>P7W+wj1E#UP^=U2dixKU{!fRf2f{_
R93A>@`LtLlnW#PZ{{V+f^?U#T


From c564a5bc5a583472238d15bc45f25daacd1a7e0c Mon Sep 17 00:00:00 2001
From: Benjamin Piouffle <benjamin@opencollective.com>
Date: Tue, 10 Dec 2024 12:14:38 +0100
Subject: [PATCH 125/129] deps: Migrate to postgres 16 (#10536)

---
 .github/workflows/ci.yml                 |   8 ++---
 .github/workflows/e2e.yml                |   2 +-
 docs/postgres.md                         |   6 ++--
 scripts/common/confirm.sh                |  12 ++++++++
 scripts/db_migrate_opencollective_dvl.sh |  23 +++++++++++---
 scripts/db_restore.sh                    |  37 +++++++++++++++++------
 scripts/dev/run-docker.sh                |   6 ++--
 test/dbdumps/opencollective_dvl.pgsql    | Bin 2931712 -> 2933248 bytes
 8 files changed, 69 insertions(+), 25 deletions(-)
 create mode 100755 scripts/common/confirm.sh

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index a10bf7d1a34..36b12039220 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -209,7 +209,7 @@ jobs:
           - 6379:6379
         options: --entrypoint redis-server
       postgres:
-        image: postgres:15.10
+        image: postgres:16.6
         env:
           POSTGRES_USER: postgres
           POSTGRES_DB: postgres
@@ -263,7 +263,7 @@ jobs:
           - 6379:6379
         options: --entrypoint redis-server
       postgres:
-        image: postgres:15.10
+        image: postgres:16.6
         env:
           POSTGRES_USER: postgres
           POSTGRES_DB: postgres
@@ -326,7 +326,7 @@ jobs:
           - 6379:6379
         options: --entrypoint redis-server
       postgres:
-        image: postgres:15.10
+        image: postgres:16.6
         env:
           POSTGRES_USER: postgres
           POSTGRES_DB: postgres
@@ -368,7 +368,7 @@ jobs:
           - 6379:6379
         options: --entrypoint redis-server
       postgres:
-        image: postgres:15.10
+        image: postgres:16.6
         env:
           POSTGRES_USER: postgres
           POSTGRES_DB: postgres
diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml
index 71a5fe413a0..0877b5ce0c9 100644
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -48,7 +48,7 @@ jobs:
           - 6379:6379
         options: --entrypoint redis-server
       postgres:
-        image: postgres:15.10
+        image: postgres:16.6
         env:
           POSTGRES_USER: postgres
           POSTGRES_DB: postgres
diff --git a/docs/postgres.md b/docs/postgres.md
index 99095cf8909..f0cd84ca4fa 100644
--- a/docs/postgres.md
+++ b/docs/postgres.md
@@ -1,8 +1,6 @@
 # PostgreSQL Database
 
-You need to have PostgreSQL > 15.x.
-
-In production, we're currently running 16.4.
+You need to have PostgreSQL > 16.x.
 
 ## Installation
 
@@ -57,7 +55,7 @@ If you don't want to run a local instance of PostgreSQL in your computer, you ca
 Create and run the container:
 
 ```
-docker run -p 5432:5432 -e POSTGRES_HOST_AUTH_METHOD=trust -d --name opencollective-postgres --shm-size=1g --memory=4g --cpus=2  postgres:15
+docker run -p 5432:5432 -e POSTGRES_HOST_AUTH_METHOD=trust -d --name opencollective-postgres --shm-size=1g --memory=4g --cpus=2  postgres:16
 ```
 
 Set the necessary environment variables:
diff --git a/scripts/common/confirm.sh b/scripts/common/confirm.sh
new file mode 100755
index 00000000000..84213b56435
--- /dev/null
+++ b/scripts/common/confirm.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+echo -n "$@"
+read -e answer
+for response in y Y yes YES Yes Sure sure SURE OK ok Ok; do
+  if [ "$answer" == "$response" ]; then
+    exit 0
+  fi
+done
+
+# Any answer other than the list above is considered a "no" answer
+exit 1
diff --git a/scripts/db_migrate_opencollective_dvl.sh b/scripts/db_migrate_opencollective_dvl.sh
index c0ee11549b6..da819886966 100755
--- a/scripts/db_migrate_opencollective_dvl.sh
+++ b/scripts/db_migrate_opencollective_dvl.sh
@@ -4,13 +4,28 @@
 
 PG_DATABASE=opencollective_dvl
 DUMPFILE="test/dbdumps/$PG_DATABASE.pgsql"
-./scripts/db_restore.sh -d $PG_DATABASE -U opencollective -f $DUMPFILE
+
+set -e
+
+if [ "$RESTORE" != "false" ]; then
+  echo "Restoring $PG_DATABASE to latest snapshot"
+
+  # Add a confirmation before running the restore
+  ./scripts/common/confirm.sh "The next command will drop the database $PG_DATABASE in order to make a fresh dump without polluted data. You can avoid this by passing RESTORE=false. Are you sure you want to drop $PG_DATABASE? (yes/no) " || exit 1
+  ./scripts/db_restore.sh -d $PG_DATABASE -U opencollective -f $DUMPFILE
+fi
+
 echo "Migrating $PG_DATABASE"
 DEBUG=psql PG_DATABASE=$PG_DATABASE npm run db:migrate
 PG_DATABASE=$PG_DATABASE npm run db:sanitize
-pg_dump -O -F t $PG_DATABASE >$DUMPFILE
-# Uncomment the line below to use a specific version of pg_dump (using docker)
-# (sudo docker run --rm --network host postgres:14.5 pg_dump -O -F t -h localhost -p 5432 -U opencollective $PG_DATABASE) >$DUMPFILE
+
+# Run docker if $USE_DOCKER is set
+if [ "$USE_DOCKER" = "true" ]; then
+  echo "Using docker to run pg_dump"
+  (./scripts/dev/run-docker.sh run --rm --network host postgres:16 pg_dump -O -F t -h localhost -p 5432 -U opencollective $PG_DATABASE) >$DUMPFILE
+else
+  pg_dump -O -F t $PG_DATABASE >$DUMPFILE
+fi
 
 echo "$DUMPFILE migrated. Please commit it and push it."
 echo ""
diff --git a/scripts/db_restore.sh b/scripts/db_restore.sh
index c37603a0ad1..645ee09d869 100755
--- a/scripts/db_restore.sh
+++ b/scripts/db_restore.sh
@@ -36,6 +36,7 @@ done
 LOCALDBUSER=${LOCALDBUSER:-"opencollective"}
 LOCALDBNAME=${LOCALDBNAME:-"opencollective_dvl"}
 DBDUMP_FILE=${DBDUMP_FILE:-"test/dbdumps/opencollective_dvl.pgsql"}
+LOCAL_FILE=$DBDUMP_FILE
 
 echo "LOCALDBUSER=$LOCALDBUSER"
 echo "LOCALDBNAME=$LOCALDBNAME"
@@ -52,39 +53,57 @@ if [ -z "$LOCALDBNAME" ]; then usage; fi
 # where pg_stat_activity.datname = '$LOCALDBNAME'
 # EOF
 
+# Adapt commands based on docker usage
+CMD_DROP_DB="dropdb"
+CMD_CREATE_DB="createdb"
+CMD_PSQL="psql"
+CMD_PG_RESTORE="pg_restore"
+
+if [ "$USE_DOCKER" = "true" ]; then
+  echo "Using docker to run Postgres commands"
+  CMD_DOCKER="./scripts/dev/run-docker.sh run --rm --network host"
+  CMD_DROP_DB="$CMD_DOCKER postgres:16 dropdb"
+  CMD_CREATE_DB="$CMD_DOCKER postgres:16 createdb"
+  CMD_PSQL="$CMD_DOCKER postgres:16 psql"
+  CMD_PG_RESTORE="$CMD_DOCKER -v ./$(dirname "$DBDUMP_FILE"):/dbdumps postgres:16 pg_restore"
+  LOCAL_FILE="/dbdumps/$(basename "$DBDUMP_FILE")"
+fi
+
+set -e
+
 echo "Dropping '$LOCALDBNAME'"
-dropdb -U postgres -h localhost --if-exists $LOCALDBNAME
+$CMD_DROP_DB -U postgres -h localhost --if-exists $LOCALDBNAME
 
 echo "Creating '$LOCALDBNAME'"
-createdb -U postgres -h localhost $LOCALDBNAME 2>/dev/null
+$CMD_CREATE_DB -U postgres -h localhost $LOCALDBNAME 2>/dev/null
 
 # When restoring old backups, you may need to enable Postgis
 if [ "$USE_POSTGIS" = "1" ]; then
   echo "Enabling Postgis"
-  psql "${LOCALDBNAME}" -c "CREATE EXTENSION postgis;"
-  psql "${LOCALDBNAME}" -c "ALTER TABLE public.spatial_ref_sys OWNER TO ${LOCALDBUSER};"
-  psql "${LOCALDBNAME}" -c "GRANT SELECT, INSERT ON TABLE public.spatial_ref_sys TO public;"
+  $CMD_PSQL "${LOCALDBNAME}" -c "CREATE EXTENSION postgis;"
+  $CMD_PSQL "${LOCALDBNAME}" -c "ALTER TABLE public.spatial_ref_sys OWNER TO ${LOCALDBUSER};"
+  $CMD_PSQL "${LOCALDBNAME}" -c "GRANT SELECT, INSERT ON TABLE public.spatial_ref_sys TO public;"
 fi
 
 # cool trick: all stdout ignored in this block
 {
   set +e
   # We make sure the user $LOCALDBUSER has access; could fail
-  psql -U postgres -h localhost "${LOCALDBNAME}" -c "CREATE ROLE ${LOCALDBUSER} WITH login;" 2>/dev/null
+  $CMD_PSQL -U postgres -h localhost "${LOCALDBNAME}" -c "CREATE ROLE ${LOCALDBUSER} WITH login;" 2>/dev/null
   set -e
 } | tee >/dev/null
 
 # Update table permissions
 echo "Updating table permissions"
-psql -U postgres -h localhost $LOCALDBNAME -c "GRANT ALL ON SCHEMA public TO ${LOCALDBUSER};"
+$CMD_PSQL -U postgres -h localhost $LOCALDBNAME -c "GRANT ALL ON SCHEMA public TO ${LOCALDBUSER};"
 
 # The first time we run it, we will trigger FK constraints errors
 set +e
-pg_restore -U postgres -h localhost --no-acl --no-owner --role=${LOCALDBUSER} -n public -O -c -d "${LOCALDBNAME}" "${DBDUMP_FILE}" 2>/dev/null
+$CMD_PG_RESTORE -U postgres -h localhost --no-acl --no-owner --role=${LOCALDBUSER} -n public -O -c -d "${LOCALDBNAME}" "${LOCAL_FILE}" 2>/dev/null
 set -e
 
 # So we run it twice :-)
-pg_restore -U postgres -h localhost --no-acl --no-owner --role=${LOCALDBUSER} -n public -O -c -d "${LOCALDBNAME}" "${DBDUMP_FILE}"
+$CMD_PG_RESTORE -U postgres -h localhost --no-acl --no-owner --role=${LOCALDBUSER} -n public -O -c -d "${LOCALDBNAME}" "${LOCAL_FILE}"
 
 echo "DB restored to postgres://localhost/${LOCALDBNAME}"
 
diff --git a/scripts/dev/run-docker.sh b/scripts/dev/run-docker.sh
index f88ffe22297..9ccc19b8202 100755
--- a/scripts/dev/run-docker.sh
+++ b/scripts/dev/run-docker.sh
@@ -8,8 +8,8 @@ if ! command -v docker &>/dev/null; then
 fi
 
 if docker info &>/dev/null; then
-  docker $@
+  docker "$@"
 else
-  echo "Docker requires root privileges. Running with sudo..."
-  sudo docker $@
+  echo "Docker requires root privileges. Running with sudo: docker $@"
+  sudo docker "$@"
 fi
diff --git a/test/dbdumps/opencollective_dvl.pgsql b/test/dbdumps/opencollective_dvl.pgsql
index 45e292a2301dc077dabb0bf957b95e99cdf781eb..7a17ec04416c31f20b4f8ec5477c078ecb7cd93a 100644
GIT binary patch
delta 36324
zcmb8Y2bdH^^EiAxGu-XvoHO}$kGtL3+1*+4k<%SV4hA@)#3LsqiHZseI7*?S9xnnS
zN^q3{B&vug5)3bh0Z=d^!7M8NtGj2z-5l@l`*@z^c514ttE;Q4tE*~e7ya=HS#+O|
ztXz^Md+hE4hvJdlc85c8I|}S}hoZRb1$IbWE{*aL5<?OkVffEN|BI&oMQOQ0X@a}N
zUC_MK=n><pCKovHLc3kaA<eYJ-l^K7!VImfZJM@SY@p?e^R>@9(C?3Fy}CsuNl3sU
zyXCM3_(gVl?Ov@^$k1j<*R+J*Y1%yvp4J9Oq({jvk7^HVggDx@@J8Bg;s0n)Svc4o
zmdC+aJ}n}GXqzJ$+^dA8Asnjv7o}-U?D5)p%TeuE6uqa~?O|E;UgChFEOxJ?MXr_*
zwO2bGo!)@ncWd89UDX=IGHiz&mQQ<F7n83wPl(r=#+=jcj$?=p)mIohlxWxD8KzSS
zYr%MlYvDT@*NkZ4i409qw3vh&+NdOU<+A%4CUzj&Q_1Yo?e;B7$|BkqDU60k3Cp3p
z^|4rUe5aFfKw?^Y1Tv*6VFg-YS~{FewZ>@qsTZ~J>5PD?`ts9y5^YTe#q;9evKe0G
zokbDa#`K@G)GSKbYj=lbBjqQql5F2c8D&I!G@G{f%8JjCbqCR&&t;d2-S=Yl4Wj*$
z$1Xjx?_jP%w88>*sVcsN{6wPVG-Q`v#n-0b9MQ%%!Y<r)+08@+i`!W9eYZD^Big3M
z?1obfYfeWszXfTIyvJ*AG`ghy)`Z<t<giS7FL7*9CY=r6wZ`GtK{IyKrG(|uo7ct`
z<!VaPZ#8Rk26x-TQW375Y?i9^ZFWYRRD}Gv?I_GH%~9}ctqco=$y%=)Omej?Mc1|O
ziy2&%xpJ%<Bcy2%5%2rbY7sP2LTRAhYvC>a(yo=VD_QpCmV8LGAMEVXg;QxirxnSR
zj>Dz$@sdZa`I^mflVoYvOVj8bx0|b&V+yL+DEZ66E(F<S|G3J#TwLYd4v!<O8Q#!V
zDS7bMl%h!Aqt5w+oYtz|NsB;A9yu&UyY5Z*wRc5{O<j&K5s|(AzaG`NR!E?OurstR
z9g4@RUG*0FUQ!zpu#^fh+G{J*v}@iAkoOs0h;7)ARJ-rbmQjM%v>m^6`SRPO5iP4-
z3~52vFIY=aN|V~Ytexx-Lq4Un<B_)N4vRug%EnF`JsL<0lIp8!S0ZSKIx;F=r*^$V
zy7u%tNihFjlA~QKI}f|<LJTQkBqckNZ2ep|99u%N@n(`%*>RNCu3M~T>B`$HzRx@6
zi^QW9cW;P8k?jtxs#~V7O;?d<w(c=n<a258sU1zliSM$Z?I@(Oz1!VzU=EJ!LOCTN
z+hy1x2`Rp@-RDW<yde_VVfX!09zlpxYq`EqYubAs>{*U&-WbH%I2<tl9Le-Gu6#B^
zJ5<GBr~zLLIvq*ensp3g#p(8aUNu<KUY)}3D=w|i7?)HS85X7=TwByRTobmZNRz7O
zG>1d$i}In{`l4p+n>Kus@n!3zB1n9`sPM7L{=Yfe<jJuN24|lyvca|uMUBC+0b9~<
zT1B<-WnHxgS{x|K*Z!)W58K^hB2<=$5t$yQ1+r}Vs};^+JiBDy$tlev0!<QVI|~di
z5u-K70yYkp*Vk>%=M7?AA)54!Uu+&bOuk<#@J(89BSvuAwN+Env_bnbv|;-b>ia}H
z?O{yM?M@fsW`y)MVg>8X<MDN0E{WQ~HL2t~e=n-jw_t^hKsP5&N#P4=P~Z~6VVNwX
zYxy6zwaS&5TJNt?VBwoZsoL;W9bxbNs8QbsS}RcVBT4a{TXmdhKRrQLsH}Rz(osvH
zW;03GT6ax`l5wbwl`A8(n#U8h;>QnzO+gwm)5`HqAxA5HLWkxD#2D@4HH=X-uW_q=
zLZp)~G`CZ`@Dvj%+P>>+5{P#GsTkBIx=_j$A%$wS_Wk*6+6Nqe${MN7e`=)m&$BVw
z&Sw}suL}--OVWM$PlKR|HR+P<cG@A&CFJ|AJrj$2##;^Puyc{n>za3cjP~_9+RkZr
z`0{Ix5UuC)Xy)<K6_%qF)?`3|Td+XSek94~{*OSkw$I0EJCCMmx2?Yj!!MHv?c<F(
zthw7a_W9`o`I$-!CF68B!cwSY5<e<R@x^ZnC$P<fQonpE4chk=B(2p8@8Gb~w=|@^
z;U1W(wcnEA>%94MqOE?Japds8NsrLbH+)ND0&7)lyy1MBw(+HlFlPnIuWB2e0jEO^
z%b@*SeL&3cop|{%q8;APn#;0p{<eqXWG6Ri|3Cg}efH<or*#O6PVuW<h!+20Xoyqx
z_%7^ECJ=Q6nLYJo8thkvRBA!AE(ae0djxX5^9{zetTO3ng>R-nm#HMd*Z2@}o_d(w
zbUN8iiZ`=ih(MBk4c;UK?re!f|Gr2KtfUpc^%-pcnOL;j-eKZ*;wF2zp%~|pL-_jJ
z&zItWg)LD5o_;5u#5zJSS~9&_)KbV}*0M4a?OegTi?#EoVzehuGBGN$@94WPHOTZD
z`sp_Q2ClVFKWIpm%=Op@`EWIzBxze$;1W0*0rrQ4NGSQe$nw~i{k2J_rbCO?IE08B
zY~4vPv6YaC>+W?po{fUh&#>-X4xjMhss>GreaGYC-39)tA>4;)JAS46kkf7VeR$^1
zaCkKa4c5LG(SkOik#^q&M$zr@J#;RCKuok4Lt3)|_il{~>BRZX+WxN^vG%I3=0X$n
zvo6NKbdjWK-+XymJAR4Z^J<Bgl3}QT1B<?R3GTR0h=JRqNE%q$3Q5p%HX81smuA2n
zzmte?RK&0_$<G!VwRXReG+)fuO$DN84}H&c9fy(*WxtVRI2mb;phm;@(6<o;o@yt=
z!kI)Qe6}sxi4))LCJt@GuhbSeJ#OFj?|VcUCNWW4GbP^mZV_ZR>T6mQZuoTPmR-1A
zF!hbd@Z#=WkGe+q`9pJf?AP~&OvChe?OfJg<68A-Ki**7t6nYVMmF1RA1xy}P?KRz
zgU`~fec`tGB%5DeD<$o;A8y2gl!*e&y>S9Z?ER-<404Zzaq|l6RSi?4(K5+@B?%<T
z&xF_G8~zXa553FKPL^rpU?$YG7ZTa3`RL}#Sa-;TM+X|IzUBWuD8LO19vET_sA6}(
zlrmK1HeHzxLYzo4wS`^#q3&hTiy_1Ve>WwC)c#5Eh)6zyg*$OJn?(?+DT-azACkzk
z0)$5z09Ef8L39Fx6G#m7K;|i$LxHJLBuj4{NpP*lcf@J?*oM<a%^D2tAf&>wDB^>c
zZ;}W&(Nt_e68sE0T>6-3;uT<20-;t`k!93{tBFYLbS$}BfZ<jW4n1>7EL=?Doyi_>
zbQBsh{e$c~QTUS*Nxrsa%Lv$YC&{8$!{AI3ve(*<JX}d6-@_jnc&Vow1k|0$M3>-?
zOhS!|f`<rpa9Ni@()26oB#OZ0OvFF!#pYR=<O8_-NtDUp9NygN(o?dCD!{P<6m=RM
z38kVK*1bxxrs$94kZ^*s?bV(%f!(>}9eC#{BypyIlTc)Ra~^3V5EWi;NT@<7ibwyY
zfP6r3e)tl`Gob!uLvlbM4!GQm(3PjS+>p}@)oa4NBuW3h36TiYbU`KQ3W>dhO!%fV
z`gpd3+0bYKB28*W7Q#^*4rIEOckA-NqG%yqw>2lN1vp-U?B~$l&{ipKIM_wV*PcC>
zq#v-N2x6TfTGox(2&N-fZKxx5J5oJc!o}xyaPbwsiNZMdYl5EEg6yJ$Z|UGeb1Trt
zP8!k0qT5PI0|H(Lw%=He;@#9$Xvhrh3Ojib%GaZiy2_kew+pHq<ZBqH7}u&kQYJqW
zn5lAr#|_)!g>3y1g?uZLhJLxJvc5_sEeY{LS$|aRAH7KA-xq{fWWf-v>eT;kNm3-}
zT*gUxoqBOQl24$;6DZD}P}Tv(`Cxb4s;D@NXQDW3Dy*q+^P{39c&@iK88$Z~9bj5V
z(wNSRSJA7=2rgM~84hem6%K4e2XdS^0XlOTcwPF_9mx$`)V)xZf9lG*b=mFu{>}ss
z5(<1j5?SrsQ^<zWu0)3eTTl|W_cG8NdR#ZsK|*@VD@a4sHkaMQPGfMW7fA)w*<@g5
zX!{Ur+G;Q92e;41l|Zkwnp5rI;R@{3IUd>CTTV_u`~EodRznyryQ=#t$ej{#L;3*5
zt;^xjz5NLK>?$~>AYTp2(fr)AJ{unGPacHky~P+9KZx_@Q1!M0NSY8Wdjpmg+70D&
zWC!fX5i<4X2B8hncI}UaqjxZ+apAd@d5JqZNa^~$LrGT=x)0~KoGun$fOTW6d2F-S
zagnDHXfqsT`{fKA#7E^qBW+$coR}n>m|^3sG0^^fG%f9478<~{a&%zx@3PwA#xT+m
zmiI<M?igW^HqMAU##yr<N+YEqjqN_G1&$9Vr{Tm@+!p&lpFyYt?^ThrFuoFLoFByp
z?DXjGk099u^y_qYnveW!?Tx3R(kIxdXf>1<3K8(dU4(ieE~g6X@`Y4AaWwfr1nUG&
zLvic>-bI=d$eVy;x_=4MSYC-cT>b~yuxLDa7VJ|H9#KuwW08j935&qZV!)J9TG{3l
zeZ&N^L4=H{oRrH2eWs8UZVkIvlW!oeFLE36AkwVvBP269Et*1>L%TURZOf+{&D^>&
zl?)c}xX0Io%k6-6eT6Jes3H>0>b2?Q68za0M>+CQq=v>klS_RjSpyemGn3?U%lhS+
zbb2bIkY&%~h?vt)NTXiBi*Rf{Dw;RYgHw;0L++K}=mJ8Wa5P7k=VL$ALo(EN7LnlP
z#zN%k`Q#YvTY#+x!G(T8DU%FZwWpw9H;zudm!!v00uFW}9x#3MG`QLjt+%w0<cZN}
ziuoq5C@}0ku8JOy-v3_G1f9nFkk6D-9BDy6+?_t}FT}A$j_2aXRzHaM);+*Q<WV7^
zxsavT+((E&+WJSKx}oqvQmB9N0A283mZJSa_Y<}c5OUynF6!eQ50Z_m-$pK#M>rwX
zquU-LkrH@UZ~z*E%13Z{L5mgG-(ftN!`w%4f1F&52aD$xOAT<>H)h4_h6Ed~pvfyp
zFEPsFAD0J;pCHtCa@&=#EI4!kNz|;eM(C*2g-CZWTCv-x1}iY}adH68+%3hx>>&c(
zt=)E)-tP&bih|1yJ)h=e9CqAx%ccn#`tdcSh`@=9$O;W$z`C`JX^hh7&7MNNPvw57
z?C^wa5UH?Z4@pZ#;&^U}MP)6cL5fMEC(nSYji?gGJ|ekL{U0$J>}yFPEZU2gm!Bpz
zX)^b)WQR9|S_Y#=S#>z|eQQZ00u?PqOD#V=KZv8~3D1(Y1lH7$6w)*Zcj*hBBU!i)
zXzQjVlh(l-ZvCAag6un?%qb+3cELLyz4SlSg(?0=u%JC$w8@YTo=u?8C8X#Nu1EQ%
za!+4&hPvJz7!^7t4sTcnkoh=kzdTQhNvd($QtTl^>=fuzw(FG}Nizbm1cw-USm_*~
zC_BP3=wT3+971z%*+BB3_+Ip?B3~evQVlOx35`d!4U(7jyv-OaLcbe_q`;9aYy)x2
zPHup!X4#O=2P8$`{341ErdULapm<^FR<>^3vZ7zvg2ICH4UoN1r=V-F50^gRWz?Ef
z*>Jc+4^$OFG`GHWE0u1=b7-tj$BMDIQBl32Gc9}c>)Qy@cW8^hPbU4@4czH4pb(ab
z3I!M5AdU2Ub`TNIEroSh85ktv)wjJu(n%^ml%b6X5&95@MyCjaB`I)qB^u_~S4jbZ
zVGWUDs6yWspy+hycf3ZD0)umhYU=GlG+BRcCr)FeG23|3*|3L;(CO5F)A5#HJhe`w
zRY3}hUcQ_3rp~~rB;3${JHQtn`kTl0kkY`AJfTCf2b;Tf+g=h!B8~NlZt{1}7z}vy
zar@9(MJjxLWG8evWZY8q*Y{K2j8>jdA&g<flc>DBY!WI*Pn%vnxoRTp_y`RhP6jUO
zCAN4tf6%|EtGn9L;k<5*g&R9aCge3D32=Oi6@y=UNY6Bk0<#mD8mb_7v0mt`D0Eg<
zSy2~J&kF<Ws!nMB7S~#|>@0FkeNFx98^j)viW(}FNdc*#r``K4(u1TKM>$yyoxbWI
zo>PDKFx`=hd!Z(TvNtn`qv#Ef(1|csoHumE%?hHq^u_NGjHwkQND*<~(9_zSAd*}E
z>?qv=3VLIIp?1W@a1yCFJYn&u`TeI=O`cvg63BLR>Adfee+Z&nN4qtjVKTv~VR+E#
zg09rUW27lb<@1aItPtg2z_96xQoKA;PJJ&Ju@NoGg55Zi+mDgt)uXK8aNK7d3UPaI
z`VJ1WM#DiL`e7?SAw8q){21)SIPc1nq+tTma@oU@xo=W6V>AqZi{$GIPLN0v$>X9<
zyBkiN;;QCy==w<#Pa?VXblO!|{E=}>)_*%iZD93I5+3h#gj&kw0hzg+dijSaSpV=G
zq1I?c5KYlvK=mY%+yposE@*d}+i{Etq{9K+-}RXP5-XlmcZuPm6QgRg&JcPoce~sy
z%{E{<Tzj5mz+XpEE)`Ry2(a$9c7w6+Qkl%NN)UI3-09!DoVE6@Cj*n>^5CT4&YZ6A
zJVPgi>%LPCos?a0{S%UmQy54(z}qQ8K9rp$zor@*P4j+=tlCRPRm}+7!y2H$bf|WH
z<fo{ysm6*m&}4?TH;CrecYQ_;qM`Q&n!?cb2hi{Y^Y`bZKbl`yd<kvz8~!^o?)w;^
z&k<qKB@%1#ayH%!+?Hki?Jvn5fkuHM;y87$gHb;kKtkv1<x6Bb%781Rf#zXo?+4IS
zRWJXBbfE!WgA}ST!#NSaLEj03xn49_A*7skCqp~sN5ghnehnUk&*D}&?0e$FD6NHa
zhjCnn`(Y5*t+)Sy?gAK&4fM--`<Nl&`~>2$u<0^6mTIhgHV&uV%Lu;bCn&2dEdFaP
zEZNJk&M+)ohR)D{=ciZjScc(DfA<bPji32RI?;}uzDh<4G+-D&a<hKV29TVJKK3Ux
zcJYRaarQ7cQ}`RnM4fTs68z$4q6oEA3**I%&Q}3C9=ncFx?GaxHWnf$By%Bu9l*n5
z^uxcShm~q9L<5bp^=$ynYu8WxL1Psd(29V2{~?8x7q6-dH|Wk2s=rPr*RRX|#xw#o
z@GpYlZaiQ32kzw3`7wy3!lu8;hcxo!pJgX!_G$nJBTX;-LxT@^#19bSs&I`V;Vg$l
zpMJZE9LLuhn9~i{ECLlIF2~i$B;~bMLaBh(m_!N5@c1Q?g12O+TL(e-kp@5tzrmGs
z(9Z#;$8=1O{ZLz6vdX3ZiyuwF{r+gUAk-0z!UgkN08NqMj|kzr)lovMMd1SZJ$Tat
zagoCHG_}?QDqJRi1kf<V)FMh~%A!bqnJC;e+z29hbc`CM)@IwO@LB$wp`kis=|V6J
z1fRzUpVwA0g%9&)fGiL1B*TqZ;o;gk;NnC5H;AgjjyT~ItVqPMy0}FMgQ^T6na+jB
ztz#JIJdO7}m?AWzAXLn~iNZc~y+e(Ji;t{9pd}`THYN)fYOPbJi?93$hJ|~A%kE$&
zn*QUSC>5;wr4(T`Ivus>@|7Lwr%NL$FQf_2*RfG<&UkbH&7lH@PIBO#&(KKuGK4qb
zn_MB@;^wn-#6Ns27|=Il3SS6m&d}MEy<B-?0`z2uj?oqs4{uXN|7^PXm}40dPE+l`
zi<~EPV1bnYI;WW!py^a~j9<LOA{7B7KHlU262>m)6$%d_QeRx)Bbo|yfxBF8-QGxu
zBx(NboSO#^A6^D)P37x$GWiae&g8qMvG69LM}L2B9<FFvf!;h0{lTWfZR{i;K;qh!
z6GUQ%_bas(%h*Hn0$B89UL@>d2XQ|sm9M3O0Fu|O;}LuqJ5>jexL6zdk?5IvZLu)7
z&LUAc@3+(NDMkqjU|5N;nUw-Se<vQ<G0(q?=J>&*;1#CmU!@s&h;rc-rrLM2>^fYh
zmpdK8%PetDs{FxNmZ#mvQnK*62XQc)dWdCG;RO{hF*&+}=0V9Qe~a0I+YT362|YD+
zeJqS`iQ(eg))zt+jX<31Dl~=4);1f|^b$J2u*<{(<*hItY2+qTF+_uC-THB~7`WLQ
zU44p+2Nv9w8e$$YlvIf-OlE0Gau=pBti1Jis_-z&`oT|auydZb%i#>X=M^4f89X@9
z7Q4k1+}kwk2AkSpw=DLI>9IpBH3ko~M;PX;e3-9_f!mNVOi&@Ky%0R0jj#$+RWW2T
z8#d;owzE_eq<2KJm`OTR%fFw(W9Nt33A<xM9r~&M#LKo?372VpS+aCVCLPvBo-=u=
z3wG|$c<c-&J785;yn$(mMtq#H6)3@#ooy|+pnuOGv1BHrin#`34Erk)=ie8s8Bo#1
z76&z*gpMo;L1yvLbYy2?7fUIS*@4jiZWin(bAk+FtUeRYbwLJcz@E%ycQE39j0M`s
zJa&!Y@rGP*?{^a(=YjIO0|D?owIUMt@Xj`Oz>v;@9>NA1U2RCC)(3dNdR8Tl6hq8e
zl;C<6XNDnt5QYKdmwDXS+7~Y|fO~>RX2WT$@JJQO=dyXa6^^^0w=j{#T*<wRLkzF(
zWl>e0OkBc%7%x4<!=$SRAPEe0ZsQTo#RKsYr=gUpYBPB1492iZDs9n%L#C?V1CJM>
z9{2-{8ip))@o42z8gKl7g&E0%{(BZ0CVZJj2gySe=8yOtrg1*<FoH5+{-YRUXDey{
zK;iz7Sl%)khx?3$;Do(#&}Wg5O3!Rwn&@);DW<`s!NN_RM4d5-N9epx*tb~9)L$AR
zNXaY(CIqWGSRqN=|EL9tw$SLO)8mn~R?Zx4ks6NX*p2?y%1J_32`nqbIEY(;wJ84o
zqWniCS%DpHF<W?+vx&{HI#F*ojapk83>4M{`1jaV3_K=2DP}_Zi8cw+7h*iB%}gN=
z>`#kUXgfn#PYarat-J+pJsylPvLe896Kz?Wn$Hvnt4|Vk1UqxcdgUy^#_Ej(Ur0-Z
zAN%`Ewq^33{ySUv4t^BGEVyHl5J?$zxb<)52%UH-i|}WVQ7nf@gA1>VsW5(?@HZ_U
z5pD+WVgRx^3+=(mDYkU|^}Df%vetQAgdGnGG(_c*W&PiKgjWdUZzPtuTH(9~3<;;z
zBP(Hc8vHBOlNSo5tU3f<{8xyB{SOL}R0^2+D8T7~vbM!J`tn5r=HY1>2#E@kP{Zsr
z+NXc9Sm?^@Jm9xtoHYMXop!x^32jKLDj@4Uq)u;9>P|VVA*Ft$M{%D1!hHfp^k}&a
zw2r{`eiks{SwfL8_E(~(KOkV(gO*Z|ga8XpcUWU6`ATf0FJCI4feKwQ$w4eNtSMaE
zg4u_RIT%HJZW+eYVjdDC+$yoG0oEiKeNwq#YzHm&6`Y0M4-0>@(gR^na2l{Au^B8p
zhf$qn%c$6B-GSp#fu@8#ih|uF{v|en^N$FU9{Y%pZqx>x%{O|W(}PKs@<#;^(JtSJ
z!OV_-))ZBLX@!u<)9G+GR)jD)&=%<a{<u=;PHIK|yn&W3S-<l!!Oj!fq<vu6SRtuG
z@7-vt+bysa=)Y)!m#~C0W&~-klxGYiC;^-d{oyC5Uq+MC1f#l!KDku=`_&ZAvdv4M
z<fFwp%L3S6DCNWXMK(#VUV{@;i@~0OPOykK2VQO@W$Oo@#NaL-1&n$NjJX<pxE1}{
zQ-Yhoji$KG^a;Y<dhfL;ES^8cFs#A1Tg7?kvsNgCcF$s|%EaA*OhbH5dg<fH7;H6=
zJ#_7`c%A(@0gp;fs8}!1^dy>|Fqvu?jnlzB_uFy+*L$jdx<<gn8O{EZp#fGrik|f!
zY+h@S7+A$l7%4X|&y8D(RH&8Fx2zY!Nv;vFR0DsxOOCyUg$)a`h-(S@yhSo~X#*~%
z*wE--s{j^OIv2oI6=j~b3X^^>Zxnv#ncxutE-|ZoY?Gky6fYSage!XU%|aU*wOw0|
z#*nTts#~gCf8<3$Ca|mmb3D=2A!>(Vj&HUIgl1POb_g{4@4+K-!pp)WBgr{<O31>&
zeWIAg_H592CZ-gA*eb*`4?hNuR3aK(_*CJr`Z^ER^_6k~SA8Z7-7fsZGL!`4mxd(0
zxTxu*Tz%Bmm@QVg`izhZCwB;6u|y=97Z??87N5R?8FQ9QB=`8?SjVj=yh@h@O$*|X
z4NXw(bTcF4q%=UQmkCe3CS2kP!Q$O)M^o*JzG){F2TSTL2@-VcWS4-6cbb+X_Xpvs
z-fcG(H%r$=?`3O4#T}%C$M5#-LBA7^*wy<5ng&y8xf~4JCuG2kM{y$>xK}vGvuo4e
z;0!nv{f>P?B6Ia);Dt90s9RsXAE$!hVs?>^2j@e@toDHe!T{#;$H3}UA~i%R?iG1Z
zFi*<WZ#zU+WoZ2I@jzQy)>phiWyi96>oEX`YOLbEKx^6||4CcE{_UGWmeJ>OI29vO
zMOS54SPaEjbPO|zJr4`7aRReCi=2R)TlT4M3k~(&Z=+R47a$3CUl*duI7Wmrj%k#d
zBRC*`7Qm}Qn_eQ-F;!OK)H}j;tR-dPWBC0SgEKE*U|G-L0vq_AkN}O}6}~iF0t{zB
zx8InOs<`dA-$U&Sxs~;^amxWSj|snUFJ?lCNb`)UQ-)RVqi(TXYHb?>=+xI97q*fn
zJeDkD9*U&|f`3ES@$kU7FtqjXNx?xNcQ>94(SihPub*W|bbhdMAPWvGMlBRS5U#_v
z%Q#8<VexT3r#O<F4}~uok7QOr>`o8gk58?)rRwcJ!UL<33&8+&NH4R44OH%oV1rD6
zkA*As;?D`<dwEIx^5<>2(DNf9LI38z=wu{t!-c&t0pP4)<y97Z5hGIjp(=L0)fsA_
zb3P=NC{%nZC5((i{%6d@s+bBXqUu7<3Pt)SpWvQIBT=OoiL##O%8e1Cf=`8;tgd`L
z69ZK<#mUDz>{DE*+s@;Gead;{>F&>j_9W4$W_ASrLe5u4cSey^DaIin?hD~GB?~`X
zG`e!>vFC7gF<_&w`D#_%VND?Z9PTBw8y&kDQC|<szTrBAQG}>3{WPBc)}WyxjhHVD
z8kE%*aPB4BZWwq$Xaw0`V!a_7!-|VS``iH6T%~Gds5b`%;N@kwWtW5$D7YkCO%1dQ
zneP_^dV^j<yRU^-^|21$apB;z0W=E&>$cgF;oWb9<4oo+1xd(Qfh_!&NoVP7bk`m|
z&UOhEQyTlf6UGyGWG%7y)5^8-3C}S-q8i~+^x;1Um>+b(U)yl*0yJFu>C1HcRpG`=
zk#4^#dLOL1ruvGIu2)<U{wDR6p~JZQLRs<XPhAu8FeCL1)-Z2h*#IM#{-uMS%K7Vb
z^<n*cBr9Pjhk`e~dfCsyW5F(XkvqA;Fep3d(y)!E_byvwz4fnx7|7Z=L$hOl1xUIb
zdi8I@NRnt|anT)RMgo`cJvX?vxaCbze_)U_a3^H${tfo*3@fA)v-nS;P#^v$Ce8eb
z&RV(qu)tz<E4+64!VTO?4&D%c_Zw0y<avDoN}aAxHYOJzljCopv7YcZE@;0;f=}LX
zW<$+~CD?=E&y?ImGk@(nG`BmOV2$p$eYUBfR*LC>H*SwK5~a9=$G>k3*aLfR3KzNg
ziVkRnTh-tGmmU+Yynq^HBzSAp0{jw`hBwSbr7>I(UHU>I4kVdI13VFMo&$fOc%GqS
zbhPN{DYRvYBr1R{6ZAVpu@lJ%px0>*I}=4(v8Z|+@TDZ)M4deqD<+e;0N);2PY4$=
z=|WE)kn=EVqTlp+ociDh5k2+=TS@I)Y@=XvMPFwTaSxnxAqL)F9@^TaUx*a(3`y^t
z&E}h@#~r3p{#PEhsruAtv14EpbGfyt7m~4Tgl@x(W2{Pw5ihgm(aC(%@~AuG#8N`5
zsdM1*6oaObMxFYOEejrq4-67MOy#XqJG`18-Y~`vYts!dCSekBcz*c9nVcRb$Jy~X
zF9lDvFLp*54@?%Z#E5nJS(ee*sc%ma;{%N!Tw=f#{c5U+Ay|LGcQX8OpF!6ZW~XD1
z%MkIrlP=B;MY`W&An`}lU{aQt4fb=Wm23K<R$`k-xRxoN@iTik(&*0ve`JaOW#>3p
zmuC<`V@-Q1%MqLC1vw)6RkVbgSOdaUy?T#au_uA!`B-DuA^=DKcVC`}`v*O{*%=r^
z!>SkSUXb9#YB>L~Esd|1Mg`(`{tSGr>JC&fV+y^p-nvk1L~@Nf9e3bwh>>tJbgJA~
z-Ax~`gmsNXhyH#;u`@AB`{iImuHSAi^x9|`0jeur1^PA?f1{ZP4Yw%2ZScDI*4(?P
zSfp=kA|??c!>J-Mo3sh?=+>__6{ivZO7|ET9fNFnxW`y{20g~Nn<EuiyN6hKY4h1q
zJ`d=qTdZOZG4k#BJQ9RE_$J`>^7hrAVEZ{XaVWX<LrdV6nUjdmGU`b!MA!d9UF0-S
z9s1G|(G%DggO5Vtvo(wbFCGin6EAkVm;&*3@k$7rhuj7k=cX18F?0Z*dW<{hvddyt
z=&kLS*@o-IXL0D0m9Rq*v-KlRu}ghi5cHIBe(7VF>;cc*^XT9ra)Lg~CAK69#<m~e
z8#ccqP^0Cwd*EBQ_`TmRkV9)?PBCkWr4L?o+~Saj>S?2}Dh7r%7Bk>-dt5U(*a&E&
zim%q&{x$z5hY#NBg<i1*F`jcmPZ)YF3-0S)hh1OLQk?$(%~RF`WHDdwXe|y3C0jB$
zl&q}pYJ(;CA>F=H#s!Ymc0aZiA0bT)$#_hEL)K4szbbq2Xtk$37IW1)!1oH?cEQy$
z@y}p%qId8XrdB$lw!xKR$r9&JR-#a`>LrMT<r$sCUs&(~di7;`@5KY!W1YpOA!ndF
zf(^X-^)5I<nlCg0A|nGgvD_}Nn~1IqE7kTsVeA}KPq504nXif-7-~W<E<xYXUBt7L
zu`<U5X~_ByJ;XASYixgb_GY_ht%9I4{%zNbM;rRUG&ru<@c5V`Cct-}2+>a@h~ZE<
z21_DaUqP?2`X^g+ShUlI52lriGyI1%GLd!4xKqMPDU}@+VyXUnxro&=pLLTg@lK5G
z2M<G^1oS}0BGcZu=mV!jXgr9SX)i_~S&Z=1Pk4YSx?RlFv-*gsA&8>}8;Bmh$`CP|
z8(-WMf(OXVp$3{^_7SZK3>${)>z97w<Pds4+-4wpdE5~Z8^NL~T)JNj5Q~C{<ck3J
zc-Cx>>>5?pDZ}`zV=dmI!Qu?sB7;RYz*EIZW89Oum<xxBjrBW+igyKZ$c4a6;A3P>
zsSL~hur-CKKFDc@+r`2l1F&qA(UGFBy+gb$c!zuyWX+}9hlyW?bZ{})fji7eJ6JqS
zY_8)7`vxgM@;HOGM~@!KX&ZyMINrFU>YGMU*TsLZhlUf4J6=6{4Ek$<JLFr|C!Tt}
z7+K8&$2c)xe|@ajDu@ERr}M^&LoXdCt_ivG)ePf~ymJE1JP#E85E!B2)Z0!JG5SGE
z+{xu2T+#PV66Fv=pHAiCS6u8>0dOI_7$1_L!7k?64yzV_Waab_^$`m;c=1fg_F6=A
z=r2wYu^^k)^^@rVJ;$oIR#b$D(MtDB6UUGQqjCy&6S~asq>K+8XZg=RUPXnEr;C3E
zmduqPzh3xvMu@^*F5<(+y63`K;)#&c%!0t$#uAx=*&-f;ScGd~5H7>mIpR0G9{#~S
zA!ftn<f=D(9;#l=T(L1p<OPCQdBz!bxFBslH?eq#`+FX>O)TE^V352EitZ6FbMUet
z*sZsjkIMifT{{*V6g>Jp3(#?ZNoR<~@NlpM&FCpKzPTnyM%7CeiFnMUZ4v{x{x;zK
zf$x+qFL#r-CKRh|2K6TQig>p8>=R-!3R|&$4Pv7?D{i~~{1OoZ*ywaRsg3g2fK=Wu
zrs<{kQ!`7w*TPp4aNgKI3IC_XYsRDaNR3A$=(DQ&YY&JHi#Bk7W}Qb(<6Ai~IL7Aw
z|M)9oVQ(m&jL$U@Ft~N<H7n4Qg=?y4iN?91ywEHee7i=ZK}0VGzZ>(E)`{%mIGD5x
zxAdnz5Oei}$3#0GMvc;5tRiIQ-T@n)5*yKm9%q=1H;jB7GaTnvV8baOcGK|^RS8ec
z5$PCH@pl+vuh;v-hWKQnKKu#l!53sm;ZYbs=Y4o+@j7&QmPH`FYM>);KCU#{k&YdW
zCeb0}S&NJsuIs7_NH!ZL78GNuXt<Q2S3D`U=e^{q#)$m!o?4#HM#dT)9y-X)`S2DN
z7AHZ>UL4-6KgC=?x!53gt(Xjxo)-TB`=<msH-?FkM_Q!{AFb!Cd)2T)PUOXg#nJkS
zwPJt5S|k}Qy!d_tHg^s$Y~Da;#AC;bQ%wC}l2M=ktauNB_D>T_3|&`DlwLetR&6pc
zY2qU0KZx18M!eTAbN);co#YUizi7zZV@HQ4>ObPkBr1r<gr{zy!o&Njer>(Dkt7@O
zH+)RN=oz1Bdm&rGxT?o4JN1(r#6^K%MQ|+w<VtK9Sn6kkNt?wySok+?|MoqiYxOgj
zE<V3mY(zncu>C(`JRIm$JOq|KF6P6PP57+NzDF>+l{eXjcrS>311cdq7>~cd#Cdc&
z^$DBB7g4SM5F`8n6I@n)QJ&aJeQ}Q+!x9Ck@PIkgR5)oXj)vklaUQ9DgFR1b484kr
zXG6=~$YeskR7fwAAbyir7NBWV|Kjv`Kj1VmmRL+_o+>UbhJ*+y18!Df2IAmzBnDP)
zDrx|ex8Z^LyW-*$*gsb40qs{~XN6nEwRy&g3|$dElWJ%n$j2s#GOeiW{VueF40w2(
zv9|Q~+t8Rr8Et8vo34?MKBjw-$By=xIZCw6&K=@&Oc$a8IdS-WH`f@K8rF#Ah4rhi
zh<D>D!&q`oxUS-H<;~Zr-eUgSi4jPeKGyfVDlTARZjh|vF2&ZTKQe`Zn%Vm}U9=)i
zd4orHBHdc^VxXhFhN1%;9c@PeM<2FJoQR_`)+ENdSjgnKu?#(Se0I4R!-Rj8;#3{A
zXbNA)by@%6AXg16gFE*+YNmGniEzKPRMk!&uz=6r;KRfGSso|)?taucY9Zj{M4ZH$
zd00J>yI=e>8JXsm%Wp35kh$+IYE(UTd~mYz0E#8aAN2B1s9T1!@9+`g%Et{CpPr#9
z_GI0D$YkZ5DxE=mu$1SMuu=f$FxUi!y(LELsIC~g2-R{U(nh7Z;~4A9frqkoEd378
z9!9hD{;Oyp+aDH})}1$Wn%Ml|yuEmwH+49}JhZ7>Z+k?%uXaxcI_>GZFWAT(4pk>d
z#chVA!TfbS*8PlMksWvjU_ltn`sc#RcE!njxn#zoq_4Fr-U2t@6Q3)P{bWLHVTj@S
zBuGx>ZWJpb`16?fEV4^?HGg|t6RR(AKG8m$IxcP}N$C6<L-wmKoO|2AQT071#j&-=
z9HOh0Y0T6)&@mkTfjF<u9wqZVs$+&kjiv(=?wKDUM@hJHScicFwi6<<I3bLCU;9|p
zP<RuCaNGbG9!7h(F~C@BL{9@z)!#Uc9zWPmlkg<J^)+@18tu5}Rc4AD*cmfLwD19H
zy5aUc7;x_Qe}YG0s{ei~hLKLz2|iTPd#Bh44Tb|3EOXjf(_uY~eHHdL!@2q5KEVkH
zTMYKuQXajGhb?EtLJCWRDesEy+3p_YC+qP*!7fe~7dA`KAlV{)(dS|xF5X;!#F`%(
zQKdp=_)|8+REp>hB%Bk!ASsAoh{Zo@d^+osZ~3UvA7F7!tmLplLWSRHLHmeC{b!6r
zR6ZbJC1geM6zK7#xSp<_2GOeD#2_JNVm=S_imB=1uf)B$(YC_G(88^x0q(ZJ{$a{x
zzE;p9DB<-Xy)KE1gXj@a#@38|K+`J*GTr@H=|@bT;!M5uH{vo9g__DH9iLxiNvr5<
z%x1}U=g#lMwFFjXOO~L`W^7(yY@$t;ah2zBibH=8WAvNf<2jeI9Bz2tvVUK}>Dc!(
zjYNB7hjaCJV!FQdvN)XM`dRhwAG3bt9N@w(zap+9Nq!G8pvO*V^*b99&00303}B96
zU~vNcmFwU7uKg-DgX-(Je<Tc&CPB${@$qDT7zO=CuHX31qi=5*gw(JiK9UE1!q`7^
zIZJoo>~TVai<d)#3RFCt%zN^T^%S5Zhi;l*2c&}wJ(tnc|Na@ZpDi8#h8t*GYs38}
z*p|A$bguNxzv9l}mx0&I*Qir=KJg>-X=L2{nFvz#xxeEE;4dLV3rQynHlF6vL~Bs`
zr?`Q@$zqYZZXwF_nZVY#jK(1TFY$GPPa5GGHw<%d24#3j;$7m7?WTo5P2v2VehYe_
zKd#dD!-{u+^`^KX1>Z=<^r}`zFNO2=IFTM+NVI1-U*#^^6ca1Mix)rPls4rXtwZ!D
z)N#BV5EGh=Qt16C#(cLEDUti(!-+J`FvHl9e>Z^lqIl<M4w}H$6_}9A5v4gy!DFM{
zejUS8$krGGQ4Pb0*-G4f?-*6gX+w`v9A)oF$xC5#VOTY)1YRb=`>XIx7zj(Ewx}Hx
zzeX(4p`u$B$B9xy!HF)2kWzH?)s`9ZuE+a6bC=Ob4Qs_4Rg5Xd$NK28=8hRy{(xQM
zVUitd+<t$*mWzEoAStvIrJP1(j1&#MvhW1bHd-1M2)`l$ZvEj0x5QQ|#<V|<k)9_3
zkJrtf;Du8v+hFivAN`d$=`LnY!;}1;m_JsJ=Z+pJjDMP1x5MzqgnWHog0!0WEiWds
zXpg8OA(r<KKgUk=13Cmtx1im`;v{`VlC&8gfqjNVMB_a2xkU>%s0q_xe1b-wnj#%R
ziR!4q0Y5olx8aLk5_Q6H`LH+7!M4f8%>WHy2E5-EXLice;zn>RUCM&t)i}M6rb~~p
zqY;`j-k0B6%CNnH2??Jb(uZY8&yqC1+gj`FwwH|t&7Kpt|B@_eEJ;Q$j9VYSz;N^2
zyPfU-POS1jkuB|HQ)-Fw4-j?I@+UJ>PF(C*J(7*bg7*1RmX7wWhM+kz1mWN3L+fE~
z1msD5cv{d_0Fw%&1g=FZub_#GpIQ7OTq=;B%`;RWL~%oA=C8n5&`|6xl(q*f8Xu2;
zTdeiy>fgaes=lR>^b|=njvQF)#oIYnx8S05JM{%kq*n<(zHW@jFH_9mohsqFM4bd!
z)I=)OS2UCUgU(GosCJG@H-3h?+UnQ%?L|^$JyU@6FUUqCYEfw6oqmT+T2&t}4oGlu
zTwKgWyhv|<3+#cN<FJQ3n6kts1H%6DyGv|kq1*146s&4#kf26}mhJ(T?j=J_so#pB
zrI|sZu?If4#@VV%Yl$9)oVc33A<beI`GXJ@4hfGsi=IJm&aVwY3Bm48T>Vi8JJR!_
zzbr5VCNIX5Or=xWT8~6saJUO=r{Hmbxl%V57Z-73JKrVUK@yEaM{wTYrF;n^GFWYj
zufOCKeaDv+$LQ@n(q!&a<oL(Mtxheg^}Anb6q*T9rIq!0U$`o+bz{q3!DYXzr8I#+
z!T=HxSzBTQ+cJqMxZ+zw`vF*hIKQ>DH*mbes6F2&KOQF0Q!74E7S@)EhCP(Ky@Qmw
zy1m3hP&%3j41JuOfx#8yltH~K<`TugsV)*$k9ic_^jp_z5A7Z@B0ezeFI;W(@m{z#
zj5L7l4;8P0t!2_C7HUcgp6a++#HV}5kK}U416FrGQ5~7O&TTGzaYXJ3tbd)@o>^oC
z&jsf@NgtZ#5Ff*YNgcSb&=I)YMf!>4`Omk8JyL5`Vnne4(HX>Jd@Ek}c(gkf!RI}X
z-h6d;X%Ux1l3%B>V1pZTJIv|JbX!3;p$RL6)XRHH3rI4?1o@<gIC8!Eb6f-!@v_Nh
zR~5(e^J33(sb5H|pnRa+K%*7aE>>*0|1rPMJ!PoW3-EF(WUF*34v~uKW&CPQY{?Gb
z1{eOh1J7WtA!sg2IlJ#wN>9{1Te*1@Eoms1G#(3{>nlAS8vI}g_`t4lcE*R_40;ef
zK*AVdr8G*%Z-s0~%pe5UiwqT?Fbl6>9H0ds(%%D7+|;Ahw-1y?@jcBS)$^k3%A$Je
zr!0J+ph1v%vnzwq2WFwcZ`Pu^;rL^r_sZgiI^GB;{?}7FJ^r|$`*VXraJGg@GlOyu
zIRe9uR~VBnv;*yUZ;#v|HPPGOF1^eScl9}qWuuwi(TDMh@01>>Emw36Sj_0>F-)v3
zT<_P1Nssx%7`42|mE$=fT<v?Sq_uvWP#+N{OyoEi3tTl4cjY{8nL_D=>}W~;RqMi4
z&+^!9Yl^eEZ&Wi{a?>uj#Wwb8WEaw>@Gfvej~`3-YFZc=9qLaPCK(tizFkPF9V?-n
zu(`()hLck{9<Ew_Jlo5RB^ihsy5O_v1`g&~CsJDVoxka$^?%G{OTvZA)x}D40ZVh!
z;D-(V03%xJTxk1WlByq{EO|(M(cZ6T^Uko$tnC!K!qKw~51tk9fCj(M<=x<V_0osx
zZSejJhI6c!Pm^ZXnO-ACdhu?y#9X*}w_&Yx`wYX)LHamc|7HO1&F3t5oO=E&<_q`@
zOh{CE#X`;m2I5+BCTd<n=djlt=}Dd=Ni()hJT8SycMh9wbjDm5kjtAVt*>t<Lf0^)
zNp7%-y7L}M=f|fE>OcBf4#Cdz8%-B3$0n>o8D83kLH3*l(rvY(4t_PL-CKUJJ@s;E
zg)_9E&mUb`C}E5Scb*0wf6rbc*<JfR294+|TG&6Dinbfs9XEfDX;&1FxhVMBLv4ka
z9m(E2PM=5ud?Kk3-nv)Xgs*_415=#%`dI$O8=BTW97rIA(wEtbfU{ul5~&8--!EC3
z)@t;2{f%6*b`sx@JNp6jNZ+_mT2R7|q?Ef5nZ8qhV|=X(zLodw60RL}+MKJm4Ze#L
zMm!*GFX0YRoi>;1Z{u-8`=!#s7{1~2Hmedl;FI3`Ay)cw_}gLB!&39a&=<$cic-K|
z9Iun7B|&V!9%eO=AFYe*#<$JWd!ux+LL$-ODtoH+R-|42chYmxAa0cw<k;yym+1xe
zvP%w-?wPs}Umo!vDW*23AsFjv=lrD+M(11Wvg+~ETS~S`_-TNjaGh+65dLbw9@xGm
z*Fk}tu%JNLL)f=McDe&xGi3ItasW9mTef3LqMpG9CF8RkjL~m<*Yb%V$qttc=k{4_
zWwxFZC-<CNF=Ep6L3ed`&2*KP^{MJmHe||#Ib$3ndw4xlhblw5&+a&{&zwP%x^^An
zsOZygs4{WjoQYK<ZJqDxFrqt#w=MV%me(zftPXpD!`{;FZfW<FD5}S1w@2cO1(X&J
zxkc?;Dv;flEWzcZJQTN|)vfoS>TaEe_8l<LRXJeN$R2|#%SU$TIk~iJMUN@fL%Vxj
zu1>S6`;VABb;Kx7Y4@R}y*qTPnlO1>mpPrs&Z+9t`Bp4=-M3@`-(B|k>y!lr{(K$9
z;O*9ThC0jXsrEPrcn8iN)N9CuskUx&hI$>N<ZkvJbEo&~FnZ3^L4B$#I*qbb_2^RO
zbx&5tm5;5e=;<0W&eenQP*z(4Uhl2D$DM93?cT*_p|t;8Z^wS6Gp9QprGutb4DMr}
z)ywUgI>g@1F?;UR@{!Z~Pa83H@_>p7lVnHLNc)5i0|$2=ID2I84pqGdO_(#d&jhmw
zJS}BMiCcEm!-H{4HfF(X@G!Jz=dPXlO&m~N(SKH%tNWb6sxqkB)px*{k>gzbrgojs
zbNuL8GkQ;Rj+-`RXcv38NoC_4bE;=g>pH|;T{@yuFMM>Pt|st~ob}1Uf6JH#51$6x
z%vtV%v-<WgRlOam1`Ku#9pfyYIAmnM*&{kTM^tvS-_@;8$I&CEbsFrQ)5AV@grk={
zd$K%J>CwI4n6aIDj2_6ev8>3@Hr|Kgyrl>fII-7~iQA>6Nt#V{4{?;=HG1acS)<A;
z`;3`5bzX--UEuEnmS*t=J+-CcMa6c2e9!{7YH;pgJq=P1S=QdF!I4AtH2CL`Wld)N
zEJfZu9}b<A(sSw)Yk<WIZ&+$>)g!!FPmk}vX?gZm4HmyuPXqle%L}(^F!OLd4YnM%
ztiM%*_m5a?u;Oh?L2NBq!=WY78Sv5DmaqOt!=ClEY4eWd!vAPf0wa!Ea&OTv9(+eF
zFA6TzFp-1orPW=B*oT(S=x?7pVd%8k0~E)+xnsvvce71ZW)5%;F6}j`o7!_^uU<2{
zsrDIT=MAVDQ!P)P({ad@GWWDT_$IHq3xiD)o+IngOyd^ThA<Q9<tB3E81K*#6UI0O
zsCT)YQxx}@(utF2l$VWCM$NK~9ow;dPRAM5bL9b5BP#~FMmfiivX%F9^er7(HgAr-
zdc=&LBX7lmOSvTrXq%XcL>GaX$kJ+WA9>KE8FQvio<3mY(7Dq_*?ROGRDRdAS<0lI
z(`{Ab2M?SuazK|k%G{pQCl8%D#8p1Vbyts(Rb8v6_nAF%oQ;VgU?TZ2UFxm7SE-52
zfX$2J$}EcUW~9J=SJ$=hZ^1gbWLYNG-pxb&jvp<H#caDvb~@|XDT5pAX^RlsfW1lN
zRvo&6$luYeJJgpkJ3hfZm?5(_Z`_J<2)7J5)bF`wsWWc3GvE|lw+PiBeipef8v{1Z
zdOQKQD}Y-SN$v*WV&vki`aL8iD9+C#adiKi;UHa#4C1cnMOpZ6#(G2?;?!M=B=I2Z
zjlMUtULQ>fitJEy9r^wdSw{*UKk`!YXQWR4jKa5y3U5U(q#htX?`xiFcW`{WkvfRW
zlbE~cs@H=GdZPO%EB{*<LA@B4yhzN!<euU-|A><8@#8Hehog0JI0j#qA-rf=m?J9=
zeC>>x<q#*cO{`AZ#0i}nuouf1dUS7GL8h$KGu9B{EQwo6mc;91NkYl>xLS4=-}W;j
z@!h(x^qGlo*M(i4nRuiw?2TE8N9)3#nw|JgUD(t)=C)nun(^}Hnd$vD&y4r}-DcSH
z_aq*!+wYwDW_pzi%x#-3H1qe*LUY@X7n$Yq;$m~#MfaLzI%G-WvAX;z_a*x3Y(<4v
znx{bI{fT;A+!Obk+rRjL8Fv5DL|@&ug(XS&(+CeH?lRqYDDl0zu)peoRW*xEh3_9u
ze6=p}%gfB8U$Wdh6N4Tx<F$Cy3=>zFVV~3k+qTk-cmFE$><oR(JlhV<46{6Lp6&DX
zz;-=hZo6W&88!yY^xCd5<E1`n#{01z*x{$lZPz|+9`Dq(X1s3CnENPr){OW2vu3;#
z&zWJHYRs^O>&)~9{>Kb!vEJOa!SiO==k>r|+hE3fWTP22dXu@|)-RaxQZ}1mmp7aB
z>Wvr8cu#FH!=}AthV^*a%uC@`Gv1$D&2xEto4M_V?Pk1rJIwU@zG7}$<TG0(;Z-y2
z(|Ta9zGlXIWT&~`(YhJdW|z5b+HUhWey9g_aF3bZn%B*3C+#)&(Pf|6xE1U-!*0|A
z`{;m~-pdEgum=vA<$T8*W|;D(x!<_A%(`~*Ei>N!!)Dl;x6QC=N6h^7e8&uHeAL|b
z=20`=>37X|JKi&o?ZIPayb<r4>9sm;#!Ee6hFz@(cJ!nfZ~ZB={N{dO#_RW?8P?(>
zGc4j`GtcKgHskI2uNhA}ZN{5)#*EkH6SMqs&zkXms|R-CQ*+ympPAb({M^jTkT1+I
z=efkU>h9;^=gsuaoj14LeZegI6<?ay>e#Q$uyz;C^fE7*$9AnA*s7V$(%|#2&F<0q
zZ_GsJe`|&f`p!H+`}bzNs2|L*i}k?vUpC{d`OyrUcEv2PZdc8)ylZBG{dUbv@8oqe
z?8TqV^cMYW#vA&J8K(SdmP_n!=1IBuo4M`&-_32|4>R7>Kh3b7H_Wgmf0<$b)&u+G
zZ*#w|{9}eKyJ?1v`q$LQ6K#`B&Ts}X!+xp<c1%bzouZi6y-Q3odEE;oGtnUp%mn0c
zGb}p7-1bsEumct|-jk7L*z_oKAHAZ@cuiwWu+_2Vrk})`(7+dGhCLE*hK)@y(`%n-
z#>+}F!+xm;c0AckZ&Ql7?c!83?6x#B%$072#b=oN_%<WSbOJt*X>R*umKioZ+YBqu
zF~geWn)+RxX9B?|dFH0Rd^39w7nosHh32-c8k%9Ljm)sC^}vocHuq7}#LV;Dre=Em
znweoOnw#5(7n$+S*8|&QHMiAl=C+fH&9JU5%rIQ)Ce!g(J+O~UlT1OBE%qc+5M_zO
z%-`*@8BcMVVKItX&R;2Jyw_c3nC3RO9q%#o(or?Ta=d2Pul2x=w>0;=v6UINptYIa
zpf+Z_(t6BxWIJ=)FYAH5-rhXk$I8rojPGEk*Ri7+FT0Z&_H!q5+hd*0`m(W$8Mdga
z88)<=8K!hM!{U0FVc*sRd!wfrZ*4C#&oj%-c!jQJnQ&J{lF5&3)!R%UrP55`N~L*0
zyw%4n#I=3Ruo?Z#^eXzB`)xMBj7J8VVV~9mdu@=Jzh#4yOmVR5mY7T!J0xj)U5C2q
zP_u^pGc?H*syuaDk}2f6@pg0D`FEIM{qHmjr+AndCJi^Y{dBk)&sSw0^g|=ecvU0K
z^wd#iSo~-+?Ca4<$Lq@K%`xUld1kB`Hv2B~Bv+0z<5|a>VbTOM?28Fzdiq2&-l|Dv
z*o4XEww<cY^2?fHhFzOtmdlZ;=04U<GsEtlZtl1L3^T07O!K@om}RDSZkD<2uGwbT
zsySxZ__^k>wV!8(rQL1j<w`xUx9>6YS2N!Xo43HsOTUF?Sn(or+wjF^ymO1qc)Ra4
z^So+_dHs&Q&ph5%_nZ4jdB6<&u^!mlOU=C0JZNq^_aPIW-tXZge5+ZVJkQK!Ny}jS
zlTsxVESLVm#47*s4kL@SJgH7<EhNwRND}!pod24~EpwN_bmYwB|B;5Bnv8k0(8Q)W
zWg1K>Qe+UnPrh|Q7pA@ZwPK8NXkN@j*%eIZMW!Mf><2xJ0o{{aXZV=9^HZLmOeTf%
zANVk^zpslO$kFNKhh*|82$s}`Z<&gYOvO~R)8%p1m$M5NhP{^}wD~`($Z8J=#8;X<
zRJ&JKa9VuLaLA!`W(lcvhwM+L>Lf9hc*FTme%x}#g96$@^Wf|^It=8BI;8Qr0z;Zh
zN$*trq~RwWKN<MR#7`D}vhkCHpIrRp;U^zI1^6k%Pec4P!cSxTG{H|(o%C)-MuM=X
zSzS2?HG+*elr6JH_}S74L;l~1|KQXdL0N+Mc3o*JLDfCdY>AlZ!Nj{m!FQ|M9S-~@
zngYAsq2TYp1Qe@xD!z-3yw&Utcj!{}D7P++;J0qCh`hZb%7H(%gKb;XYU`43T~<MF
z!OF9d>A3d!@0Z+aZbPad=}>E>o6SND4ybccon>W04iOPU4y~T}pjjP-46Lf9<iln<
z`LH>e`hQh}23G_l|35SKA&aAX5l)xGWtuLRVh`$5dC^xS!Cm4mXx?e`h;dbu3mkZ%
z|58zu*k2R2r%02k<}`;x>x=TC+xntr?3*@xlJRBhq#{UszNqlA$^O4N+T_Wx3<hVP
zFS5b54MmN?u>o7sZ(2pQ@nv1L2U;8`DupRai!4jKZ!FTgZ?t}xiZ523T42l5TkW;(
zBZ7+0I~=j*>goHfPve!suHgRpMVYI=w>qHB7v${f<M@Mz_~k<=%CkkoGsmnA;ouRg
zMUQ>M`d9<#kb^Je+keD*Ucwg#UcYY5)At>-RtV7NEdJ0QevQ!WC#*jc`a&am7v{9Y
zO81&~i(+BhM^^kr+YhYU;oG;YnQ-R^*1hbtM;DPs%MYz>@OAD-tOd~eLu(YQJyjG(
zInvL6WW^_*DRKSI|61`amam_;=Ibw=w)P`%UBFk8RiCxuv)<noWx=97ID+a=tQY8y
zWw24=y%GtoH}Rw0cNu>G8`)rJ5wPtiaulYVu_nTlPw<xm@$wDWdfpl%;E#^c_KdcE
z{=D^+2-Ckt4o+OOV)^@<-&ynFn-ps{Bc*@-wY4wuf}QB)-&(Pj|G6tT?5;W1yq(`$
zR}*ktLxx}b!MY1&V(_*6M=QP$@#e31W8W3)OalFHBK68^)^!G<_@AuTM93w`IDTya
zW7ibL>Gt2Ost8dhu+`E(t?fmeS;pm&nZ>bC?!aHIT-3tm(Cz<N8_^fK(^-cT|Kfzq
zy=nCj0bdrugo2=Q{8fN(TfW|k*j~dMI9kb;4>#Ic<Mjg3wur2@;9&Mkw!ZYWyouqq
zL-+zsrbO4nZE^JNoor@@McZQFA1{f7Hl3}po7!7!A}o(bvUua70PB;G=Epto2R1AE
zAa6|U+v03r@X6c~Z~IdKcOIg@nPl575I0w*r&Ddi2wv<!tpL1;hK!fFD!^5|(kG|e
zK9;DW7<X$%;tyZ9ukv?5ap2kz<S8~+SkF{B2zn&f_5$>7glsXw*c9I(O|^lc;4ekS
z!QFYn!C)%}+LCX38;9Jd5x(}V^{duM{n-NBD*{)(6$Q3%eMTeOJp$ac+6wf9rndR`
ze0~dCBYk@_TW^u7MLrB~fj==)yvUkFHF|X^Uc}!=@Riaw+bJqwq@1TCPFs3`V#eiF
zV!I&VTGiJ%Z0+z1PLKm%uy=VCa!BVG;$<A>x5dIQj935Fk5K8h#S*uEr`vW{0~F%P
zN?Qh0PQ_Q|6u9vn)_=9KwN0Um<5VTS5-)ZxYWS3nw$3oQpU`OO*-D#!wz9bC1nTzn
F{(t_F(G&mx

delta 35126
zcmdUYcbpVO(CGEdaJQFp&PTYr-Q#X^AP1Eo;Xn~VqJjY=35rS<6a^%WQi761MWW~_
z11Qk|C{YY3854rQVFm<Vb@$9{?*aP0@BQ`ox$gCJb#--hRdsb$_w4vdRb>3%?~s`j
zvs`wkyTIZ0IXzyx&*gI$*zFFt+v6*+L*f*rUlk!SB%yW~{;Nm-mq7m)spd)*37&Fa
zLCG!s?|rE6-~tC0)E-g}DN++VrmEAW5pdT8B|$Cd7_P37YpJ>N7-;mA`CxWV-9(Cr
z{!{SdaC)6#weSy@!{v9X6;g)!m{LvZF=V4_y-eO!FT|%s(OP#HB}T0dudUt_enm|W
zPp6Lq_OLwuIIBvHh#>0S5&XG7EDfK-knW{vYF&H0dfc*8ooAtSZo4}yi`FIHQ<}x<
z%IoK<2~i)Y%OcZjVZFnyo{BoJ?uug24sTdK?O}0DzFLwHuhxq>rhXmG0G-aN!r1Oa
ztrg24UH-88jF!0iRXgK~i8?Bdfw}!^Ou{9#I-Zq0?y9217DNqCWJRC7YJ5@_QTrt^
z96o<o4yBF6S#zqsPR0SvOHPkKqWu1_0<|zL9mZ!{W7PcA@71Fz3_-wIm7jJyQROrW
z=fS~cGq}orr4i~I>A$K2(kW(-!ycB6m|t8-va7zxXin6ZGH82`(_iJt>PghpELL>8
ztCnY9BI@*PR`hwRw&c2r`dTh4`u$Z2`H4jRJ&zRw{;I|W$B0^3K)dj|?2J|5Xlc!_
z>QNL&)SMz#;dX|V&{37wCnZRGyt=LS59)y0yv`ezN$U~^m1fe}sH(0LPSmA!Sf$4w
zmP;$E2bJck?s})xKkKsRUUyh3K3De@r>dQc52`uElpZfK^R^OXytRZE{Z-GECKGi~
zDQo2Sa+#R$fRv^}M10jrt3^^@u~Jx{!>@+dzpS1vV<o4zD!2RqQAs%~dT<8q$JFWy
zipPf{OC<u{R;~G}&2d#dV`tBOb}m<r$55{NIZr~pK~iFZN0)D(&l6TmX`bcIgUgSV
zMpjLCjUnVKHE~B8PMpu@4NFlk1k$UTd7|Vjw?9lq;DGUsjak{_nC&T|^!i=u`9NXS
zN`DcFbrXWH{9iFR0#c^>d*Fz=ClEspQuGYoU3IZRltjKU9|WrM8>bOiUoOR{lAH#I
z%8@ODnyi9-hwzEqn2kJOuWHe>y`<J_%8NerLW^|u_8m!3{uIektD7HJvzo@J^RWGU
z71;il1=%oWBFV;@B(<_-KXq@5SaR6t6XoSd%Y2!*)wM0@DExMh+P8IPRpVANfdO_Y
zhFGcQ!!$b@f^k1*!}<FV)tc6$)Ml+?R7<P$1lq<M7KdZ4?EA!^{)1s}CdsIJtj$10
z^|hfS`W^17EA3HlY;9uH`)j4a0}d%seX@17+PUK_Xdf;`Kzsu<OeflNXb+ShBbo4V
z5{a*JRnCYYCv;-{C<8~kejQ0Xs@9be>$X=N>3g@LZtcsOx&vyb`#sXINEkmzst=nc
zD$!M2?vD?b``&jSbXr=PY8lk`@e(YQtMv!vEA$U&w5+t4{bfE<+YPGm1a>SdE#=@B
zmX#KA@WX>@K7t<0uLm1C*v8=<L+bE9HV@X(8&9Cw3WEmo(bN^CKB@10aOk7bLUqNE
zF(|ZD+MG_~TYY<Knd-Tpjoag`8b7ooqSUDS&u_KcP{u#6tLpEOM{2?OZX`xMJdz>v
zxuM``rJyQz?4_7-&Vb%+fG-Yqm$L>PHTw!S;Pn1a%OUt02?PG0A_}NqjbVfIJD}GO
zB&{lb+BqrB<I}a)Cury?L%{sLs`42&6#NUQZ{G&e)V&MBp^;Nchb;jV`_ucgXV1)3
zuboVRik+pYYQn6RaO4RDO`5@2=l4UWvm~Wz#;iSroTf<8IQavPuymX{=(LQatBqPE
z!?6cR&g_{HYUK-w>S6U`xadR_&6}h_woA%UkG-J5;HOdX&KOkTda~)oDoMRMJw<)>
zMb;Cl?c$db2po1{)59&&<}{KN_3OFoA!8Iic={y{6o6r;NP5-Yd4NWB9(@+DyJ4SO
z%Bxy5KbEL7=f$Y)TGLS;R97uP<($u9JXL!aZYOHhLb`qh?18Wxb^pQ)sCb=3z~#;)
zx$4Ko5{YvK1Qy!W<}0(*geAw+pI?np=PYK39Co;H8o{lv^^w%eOQ=Z>I6Pq~lp7P?
zKt^qT0~eO_OJdaiGt<<cmhOTM6OjBVZ}8S$Xz~j#jeov*n2_IfW(1rLnBbF&suEVz
zA<)N%d~#yf7tw%iUtUBza5}>>Xa|d*ku$2st(r~L+g34rXg%t`H6^aCA=9`v{_jN8
zltk4rH80CRcl|e3r)AfCjJ+~93pGg%e~Suez~!i#wFwu+Mc>D$8|S9M5Wkd4ZLRv}
z=I4n|9k7Xw3pI~2PTjvP1^yaJ5~{w~GMkW#x|9W6KITkdbv8sw$n^KN5rVT?q*ezM
z_3(#>q52sqR=s~4<Auv#b>gEUS@H(d4IeQg+#awukn*c;-w{vH9^*9p@oJhndgqsF
z_nk3n!VV@1Zf{ruEM9@wr+*5y>Uy~@d0qOqSr!E2iZO8>xBB+}JXn-YlGI)^a%S(0
zfXe5jNI3dWsYP9L;!ZVp|8Vu=rA3h0P|7v*ZIL>2e~j8@A0yi1se0%0S+z2`i3s?(
zDGC@1vCpYa{hW=(>#mx3uvfUl%_rD%lW)_Onl?x6agZVKIpA7DoP-X?F2m7=C}Tdl
z2%?gusN;?=gH2I#jGB9l5#@7MRi3CDy5jrcL|a_(Up{$2Ejdw}PO;CWZv8$PaJ5fT
z-~a9hcz7Bzc-x0*u)eXB1ZN&2UN!265$fRYIJ6t8|3HiN!4LH$;!wx^zy!b-;C5ta
zyp`FJs=z5+RLA^)le#kvrZz#_G4AK}5cd~qX~jml7OAE7{eyZM0l&Sf&*`>N<E|g@
z|EmW4kJ^_xYbt{<Glo)dQSy1zz-cxWXp%?&v0KXI${N7k1@pT6x*hks)h>T9z<>(|
zHI=fNC)Bh#$$`o|YZ^?;wRVP>F(jK6)qxkAp}m;3zYqpDm9m&`^o3s8NbPp1C5+FP
zV~B+^E(RGFaEC>r&b1o?h0$n8PhLur)Hg5TygPAgR+Vt2h^Vhzicz~9PlNW&bfuki
zbtXC}KmSt{L7|*siLiL4lv36C+9Oh|OHhnxK065Gfx_lep4zw-Qw-Q7kxX@5t2<C3
zvS^{(oaQJj6HcZ<Kqd#_)GU<87_+fg3n*lPL}HC64yX28IME34!me<FtZ~{MekhD0
zS=uial1#w97VW^w@6#Zng_H>mqe#`9C=vr}Erbos5zx}2NkD>2Q3RFVX?J?V(qT~|
zwx1kJMoH?-7ZrHZLgGlG(WT3wITA=a0==%1h;U?BSXfi$H7-mfr{UNOQVgUfaO^Ip
z_I47{6nHU-;CkS+;}(r=3(5N=O<R~wq6j>fgyYjLrom?!<a1b-fy6zSt~U>8A7>K3
z1d$2&bXg|H;nvrb#0J(Btw|0ECon$~H_OeTQ!Y6H_2(i1kvSZL+pBfYBef;Cl8q4Q
z#t=LX?ezlkId)#a;XH0lEh3vG7+pYOVPp|WSCCrdX+0FJoTo^V_GVq85cuY0L|$7a
zX|Sgr*$XS{A=WGdtJeXJXenJgTud6FCc}baJ|SMW*33#8AeqHDjF>2F{fZ6e_DLHS
z>sUG8y`Hc%Xu1du$&5b|wC!bN9f1rhqR*x1>CAX>FUBE`U9?ca*AADHT7<Y^Y$7Ry
zyIV;`OvIbn$#OXOA>y7|&PV4BK$3&}2!Gmn+2_<!oa8qGe>?aCza9F-OW9fzH#sFk
zgj;{=h4}$en;CJyzEH{Tw8p@i)@a1uib73$u!3ru@l37U-xQX%l4Ie$3>@Nu0QT54
zQL;dxpX5-%^!v0`4M>Utvl{RY0zU0X6OvEh92LpRT#^NWHmF#KHfO_;5gd0a<n<#-
z(6Ng(Sv}Rd#hf;Xe`^!Yvw%M=6^>y+vo$A?gxFzKJyI9Cw;-Rw>1G72tJ59`Xzf~(
zO9aN2lUNLFFeB-7*xlNYTZx;{NhpFp+e+DR{5I4hH?+Q$&6>mR(KfdtEfmE1QY-$*
z;edzRBUyA+17>yl^hT@0c)_d=EmAg+0Gy~myo1`KklfxLXR*}i7!|f(2hvL+E@<3=
zqjfs8)165KfkqvW4bKLUd28F@rm1X6HZ;AHJPTLSC0)^M1{$YRJAWrhlcLd4;KtPH
zg&lViYKI(X`IBMMZAzNfu`5|9NzMQybmdj(kf3^F6%6f76wTG0w36X+H^xtl=7iyr
ztye~C>wA(?0#}E~F<@ziL_OVJs!exta3m3#5I+=Up}M`44EqLID_})$(h@3Gqk25q
zlVfw^cAR57-j_tEZFeNYp4liwtl`i;<i}XMU?AH;-wu+Sq4&RFphu{97(K*lgSjt|
z7I3yVse^Nh5h88uy(F8&IYp<mJu^bRJL1;$*b8jyItLneM1t<Umx-Ih?bKHFBR|P7
zs~>;hv1@A{Bqap0D-o<~dmLlqN-2lCBlB?kJN_Y(fg6A%_^jBLphnGV1^*PF6Lah#
zQVU*qkfg^VF&;-)1e(AuL;I;0-b~Sw2a?xiI5dFZUKuL`Y_E)!eMj^MBH_R;4JJRq
z-T^2R9T~v|oup(oY{yVC4dzuLCF=%r`n+~HQ6wd6e-9<MO0aXN{?r52oun-0Ucglg
za&*cV>tir85|QIysc`x!(iHY|l440EHHn$9Y6RH<>)I;Rv(e?>>(%BzO411NL)X4&
zJ@#~#(x_*$99DKl3MM?N_vO<zjwDYhuy`bYfcwP-bO{Zr!1*!AHbVu55huKSAL3g$
z1|@&Y7#w8-+GQN_0zJ1V%BbP}AAv<hX#d|EOY-DsToSkdyB#oOEY}FXL#y=^sY_t+
zSk#E`AHp7xKnu*cQ;K8O0Ye<Kp?m{U`tt-%nBNIoi;*h_GfBMGXA=1pXLS-Y<BkCA
zpG=Ch8PAX+bap2pO?R>&4SYSB9D%n=FeK6b8D^qz!=fF2mP9I~slh0;ALMydPGr=x
zBXD5W>7)wsH%YPZ!!*`2F6pq<DrIW<Ge|o*%599s4acT4okPQiim-Jg>RcsQBeeHt
zlR^SVrz0JAQK8R-oUUkoa$g{up`gsr^cFe+Xu&k)MdFv^+~OuS77~{ex-6hJgr(EC
zl{WSzVkN1%ck2*iQV9$gH3tP!J2)3L2L>IHEa)>dd5JOH>F{c`UnW^3%As#}(200^
zu3qQU2ERgTlT?T9|A}gw9YpQdw$3L_NGkW$oKBH~q99m6t5}FV!L<b>1(`~RK`C?E
zwI>!4A4%0i4laja92y3}9NO{4)UVn7t!#<)2r!Kq4CM&!2~*U43sSVe62|F&aHu|b
z^G!Y*PFGk4-Qa4ky+-PjRDD|*vb}8<?9Q!`H%Kv>=BtRr0sp+JBk>@T>g5?QVjoF`
z^{<gUI66T}g$+x|4=-*;%0%C<K@go++xsT%Ro|nyM6eb?FrQYooU|ZOZhbb~eyFva
z&xX^lEnGqQ#J6Eik5k}5%OHw?7QTv_??vCs;j+_XhsRfN1TMSQdo^+}mG9r29&w&J
zG6YG;M3*Bh8MU?bkl`bm4;}h2yseR3sMw4DTXSDoB5Znvl&e3V%7A8T$cryNuSCRo
zL|a^G5`r#Zt+$EIq}MCb+c^m4()zqZ(g|!TK<<eobzv}cUS0066zX25YMZJ^fhlNS
zufTz>L5v<P?md!3V9)0yJl^T`3s83lp}bn<TAW~9<qOv$SGosleA-ftPW_<$Qbe3j
z6vv)HAis8X9qCA*I#oe7`<yUd)7c!*#%v%Jrb7C}F_oDJ+;;8o`{-SpS|bi7JqYH|
zvNodmn$rNeBXY1$5X7lHyou6V)=Z|Veb)v~h})%oxS39XuD*UzeftHQyS2QnC|A(y
zH#s8CFZR)&0nr&i*E^HCpjnXlHc0{dM<@>Yi=_-Wy^Z`Bshb|Z8+vWi`}VH=h_oe=
zKLCqc$;o73usfeN>SMa}?pa47;sPQ~!-7D5?Z79<LpXYS4V8L?!QiUmL=~YKtvesW
zRVDEwk`MLYMxu_dkQBJuibT)ZNfIIc4QnpUSZl2VE8fQCaC~=bJU;JfXh1+TBO}b-
z(K~p4CtChgo(gaVMEmOqf;qI0KBeYS*Xa<S<Ov2wS?6)0e~-RZx@O-+>KW?bvWp{s
zG6?N5d?)6ny}FyY2y`4STVTK~xQvfufaqYL_A)iq9Sq6<4V5&KL~`wR;db-r9zGc!
zkM`g`g7Kd5ThJu9>^^9|Pp|Q6OZTJb=*G}x7ghP$;7EPi)z49qBDv{tIZ)d7>lpl6
zw=ZyA(U%|0mkHYTd~jG8)PSMSkaTV1m$+C(@}&Y3M=<6~QWS&Z@!G>I%t?U7uaOK`
zxs&A18Ky))_pix^Ftl8WkTJ#z)n9Ql>~$bhab-={9yo|hg}jL<Cn86ypwnTJET(th
zwqqzHzkWmhNY!bi{kfe!PdWN%Vehd97)J5=-CD{al+aXNBXuwz1Jg{ffL(j&FdD8@
z-M;8x0S2}{2<F#T9U*rji#cOBnBT#`HX2}lT%R!=k|W25(B}8Rj3Xoyslud)Hu5Cd
zAVJ%cB-Y~hvi2XD?a^_<==X3`cCnj)lY#9p!2(Y0>W}0$oURZsj_uPRSU|&&a)5@8
zBjPy40Y5{v%YX@B25IlYY)H9`OJKrjQk7<`qzoSAo5Alf;T?7jqr?R?5Uk_GL^y-l
z7ldK4;2&wg*MxC1m`@BCKaaluk*cqtI&~cC0E438VKIz4?Ht(~GE1le4C&VloCd$m
zh^IFHJn10C>sF8t1$Tc1zpz;dxcpkiuV~n4=+vZ;Px&_ng#pyJ8NU&?L}Q8(79EER
zhW*BI_}m(X{c>qc&%&9D)63{NVWPktbHl&TSxOBd#L1=RI|ddSxVriWsRwWUO}-8h
zZkN-=5dWYLRESh*J1>$%f-xs!7*4JSKj}0es8@@)OzMORxXZ~|cgh4qV{rFB<N%E~
zS>XALq>ygDF}l?43dSht2H)tw#U<j5NlP%|wDc;Cv0zv!E`ks7tcl*`1dJr5Xun(|
z6;kNnTzqhwby$ZV*VNXMbe4wL^-i6BPVW0A436qvMLHA8S*M?)Iv?ydpgkEbNi4!-
z4uEs$f(hjI!m<eI=TO;l@g9FQp*#-QY>_Uc`E=vT1;WLr{I?*OTRR#l;Q}EV3YUuu
z*B>UB7lUxoQYwon8N!7dsKpj36IUC%8BK!eG18Gxe!2M|F9vZ1;H6k;eu$xSx%ntB
znNaB4+#4tDhik8zvf}0j<FX0kw`&+jI$lFo+?*9xf?z&vP@=T4#u(jvjA76`O-iQH
z69_=pWa$J(N}4B1#ke|POeQRrE%tEy8nJ3~QlvSdHq7PW7C<qOI56JQElqk29W24r
zxjdZma1+ew1dONTz-<}Qi9}~0WR5(3NWdI5HNRe$c2}l!R7x{edEM@CnT}xSkpDsi
z=E)qXfIw-c6l?MD0a{F`8o`+Fa-|k5-eO3am!pkg4QMz4&vC@l)scr2hQ&)I+SB>c
z6E%3?<vfTp2Z!NKTcPwEp<xFTH|Ict3FNhF7;K0{kF1kq(an|D53z+(CS|?X$5`KG
zIA?vEI?{&(H~a4uNyRu<xVhH?^`v{)j@{_O#|16j?1Jyn&(S@&3B$!K(}bZr@DgcV
z4H5Ej5z02e&@5@V>F&+;(Izg=-`pTjKx<!y?15ulO_|k~+^#$V@OypfV|q>lyc03_
zc&uD{mz}<Vjgv9tfCnnxrROIgWjdDdOvHM63<6H6Si(~ctAeK)NDnA<N(Whb7(T{x
z95lJRl_z$4>B%ITu}y%_@Q?<SxTVP~cMFf%@yy2F1-Wp}Ep?aBL}0Z0c6H@~Sm@-y
zn&>5k@MJ5g(VP}G8#MDuEor`$^kq>U^~};#3_>Ehg3eMsgouIFEo|uwjAd4#mJ3nb
zwUVQNV?JpxhBuG6q(Yi=d=K7oW5AfF3v*~MX)rn<&1Q*1c-4bVNAJvojt!(YX-<&b
zPe+&uxecYQG)o5$`y`r&u43si=;lXwIGGLAjijZR28$sNvEUXayw+fzD+aO~Ab!kR
zZ4G9uKyHZ7Ff+4}<ze77En;G&Dr8$fi1*uAM#mjT`v%L1z>>xYiy4g#ESd3W6D(o&
zp*A1JruI@jXm-1;KIKIVIQjwxYwm7}Aedob6k^h~5<%WtZOwqIx7*?%%8zhwW?<;w
z*9_s--XeX#^9V7NzZmMzg4MT5OIW-gF3@Kfz|V!5w;??=icdy>qcw7;M=NOu3%!#^
z>4Ot2{>@V)kMU3(#<w@bihIeC(7XkyfQq)#>ojH^13hm;^caxd3|@@r(-3kN<thf$
zn<C8xooxzC>ursMaqUPXENqI@?`ti!<Wc4)VR1WYn-DJ^#byBmw|iM^mW-wWr^9fr
zH_|+Y)nUB!10E*bdOLQ4@z1SrwE#n6G{{NDF&GR{zQrPwWV{(rOy#`ZU`L`d-$f2L
z9YHK|aaq9}lwdeNQjQ}NSYr&_t>Zz(HXX483=D>h=MLPcogIZkN$ARjw>gX&L*k&g
z5`m4N-zpyKi|T|@h7wBycR8^47KA{NMW#?Bm7A=YaHy%&0p6O7?GGU=4b~+>_q(K*
zdBkoV4RT&p(f?;^*uE=@dobd*4i=4&SS$*ye8k-np3S0(TR8OskMnumFl2&~srBk6
zDalZ<M+zUu&&jxan40;2JY4X<YVQsn5Hge6I-={#M#>fPx=EN}#;sO>ogskZljUsf
z-a%5a(q7-#VTg<l2i?XSe&4KDgy(B4wharLXR_1h(=H6dwIL*|GoMw{oiS#*vtYtJ
zIa8Z4Ttfek9*Dy@G@T4u?RQ}Hro~wO)d;Mn$KA-PV66*N7WvEMTzG#PDqzeSJWa50
zsayevhubn>=o%@H7GojyA2|sQJtlSL$K2jBiSv83E+g^$EIqFV1Bc6T7%i6~X+#p8
z@41glxA5~putE~60$QynC5%GS6FIQ#cPZEk*RN)yq&Doh4Y_7^6L4v7kCxscxIN-C
zWNecduLw+-!$%wNgxT5gn>8QF>9A&;q-Z<GN;V?70x)H?L=(Iih|qG!OAdCHhJ**3
z2Cyl{B(<3nq*na241E1-kTjRwp<R1QN?=D%z+SD_peVTPuCO8`1Qu47<!Rj~NhyRK
zQ$nrO>B2ZdSUHq0CmGtBr={j3R*a@$x`0!U8>+B6aQviPTWc~|%HStUFoR=O2g2&n
z10^Z2bBrw&D&MA|yk~JzLqb}KCcJ}g@5wni75-R&lbba~`i>vaSZmBbo<I&O2KzD0
zCN!QZRnTPU!;x|(OrIk~qVVAHTI_MtRk^N);*rhHPr&2TB%1ohExvZ`dC3>rxs7$s
zssmcD8B!+8`IB<<F(&I4&cykpX?o%bK6Ysdvn4yvw?kZA6c&R9%*OfWtfwo_L|cLO
zhAIWb)Oizgv`$}`o53|pQ8KhfFG_w9u6eMlfcDB9T1hkK;4cxn!k}#d3@udhwcM9*
zqIq7tmDz*K6_x|NYb)7M=N07V)Vb36kcn&?g!F_JK|!%nsC_(-%J~!XFq_ogB*Ep=
z$ScS?o)3Scg-!xxn=7F8nNPKbrpifY6QkP^RsscEF<PGRbXgMYTZoc<aRDlxo)y1E
zz=0vl#*3r}LJh`UX76r~wrjD30kP9|WI*8}i5@L*xqbZP_U37}9If>dob6ma6QQ3T
zL4_8~(>+1TP;X#i07d(~*QC}2-fV>l&r`JpwqlB}02cd|d>Dxm0lnXl{$eR>(#xdD
z<I=`1mE0sG`qVdA?a{t{Q))~?@&f&W)jqB1a>+?TJf8=G)d6kp3W@LpF&V_3Q|ZR=
zm)p$OD$uM6u1<fgq@qESwq!sM&=poj0d3l()lx|)k)NBogqy}Z=u@fW@?oMa{gtMU
zUtY=93m5JH>QE!G=mlFHjq0wRH~ruMS`sSkbo#vk?fG|5R#=7;ZvRTC@;S6^Ra8Z2
zY7(a93lr{hY1!}Lf*T@@W6bg6=AzqL${sN)J<c4R&xb3-KkG0Bw@0H32u&K23BlF@
z?b14&8vgtlvl%Wd<vbWUWCPuJ(aaz;*dWnkFfP9fj}|0u#L#w~M=-Br`9L}rLfkYH
zJuV>e8>Pfh+NTGreOhZg)<g4$9Y19D+vUfw+GeSXo&%g~g5uI~ZVTFax?PEZ-#*}G
z3RjNi+mNG(pl}nP30x%D0r-6jZ28)}52dWo&Yy*?A2CP974X90kEE}#={~ni*A5r1
z9p8Q|H6?j94`&%0TDBhbXBenf;SmdVU}wg5be#rmmwtqvJBcM$)TDi|_=JRKUlEwc
z;-UIu++%dug~vp&SuCttWNQR{UbRI)^iJs^+&b$%iWp`7)j;C5+qoX!^C@QHEuTpV
z@YPP~B>c0CSkT@kOhN@*eS!&_8yB=wpGp|frj;SOv!0>D0lV!^DBdOg&RjXNE!c~T
z?WEzMJyJeAuv^+p&tsA`!Deo)!yaih$uv$tU-vy{2~x7>Bb^eD)@UCt$woRcB%v{n
zaTBG=jYsFRVAurA1o!$JUF;9`OQ#`o8%}oQR8$mmSU${I;gFg488uX<=FN>s<N~UF
ziOXySaOHq>RnHjVnk!hf;l{+d@f<I|*0Bs%+FQSre!U_52ooN!r?8tIjhEYUDgFd)
z?pJ7?bsI`ocIFa>^!5a6O}XrFXlK911tAZ+<#6V=K;6qGdoe20^Bd__Gief%FIZsC
z60Yui5QmW0)!$0TnR5uuzhNfdjj3<W6I#7@6$)7XcSv~s!%{PntEV^d`Ve!?9b#f_
zQLqO*c178G;t0z3mLt;FyobAo3-f`=@y$n3!+F)(Z<&Q~JA7evVe3(pbff3`TF2v(
zha{Rk8a>1QLrnAC4!`!n2@}(EM|4a9#I)&zj!DBY+<PM=FCFDbFjKz%d(1}bDIN^X
z!2V-;l|#GmgVgXwtzSH$gE*nzPpHP!%Z6`GG8^M|y5Nyh(pUUp>!0+8Zf)q#(g2dH
zZ*CmscgU1dTSEmD-JCMY$$@92GCEfY+8t-4xX?9xk0}6{$9V1+x`xM3LO0=kb3V`s
zV#ntT&q?WP&q@D~|NCnWuyY`@ac)eJx2u-&@QA@09OId;`cyI^1Ke^p{|(jt*a<W)
zFMlINLv^ei4rkuCJqGQ6l^!z^nNH7~UCiLRF;G`R$A-;Hw1VHH{zN~Pe1okJjNPd>
za<KJs&L&(g&;2gR+)SYj+xjV=3QUa`{wdwZpBo1^Tw*fvZ<Ajx*U}IEl1vnr{?Jjl
zwO{^5htfzNyF_E~kI7XR9#^3BCtk({?U75;UpIum!r-Z$a(U5@KleA@gqZ#hPUN=B
zK}+DoqvuSaLb_5+JA&2h0^RW|Xuhc!z=L(=M9BKkHVk%Nk%mX=X=n^qFa2B}gdZNh
zDt*sQbcAVB(35=p8t!Cr`7RWx;vKuiU1qg8Mm%ojp<~Sd*yfod%L!U@BHu<}&0=Cn
z&|9Ma%Sne}k7Ev-+FL3V=$g7|%j2@_UMtIY@<v9tW+SoNB$G<F6JAi{tC8lZbLcoh
zUl<r}eP=a3TrPqsgX9FbSWEsH7vv#N3(JSwtwlx1nFNNcAQ2KC)^KFX^dukN2Sv|w
zQ4H>YawE}SV*Fe+9QnB=U5<c77Wp&0kBIK-^emaWEpAL;)#dQjkuu&rp%T73Qog{U
z8cfuod|`eDH77={r`3*@TjF*xQI3R$>DXxbB$@7y+<53@L5%zhYf6&M3C4swz3~aR
z@3!S>U&f-JnQM-nv)3age^bnc9{qaW-rcq=@W;znjf{B+e5%P=jE3HyAYZZ=*x_MC
zrbjy69;Y@l5xFJsd}^#rV;XJ`=FKT_`;z4>=y5AbfhAck`gaO5f)u*>Vz3|uuhTK!
zJ)a_fFLcv1fm;|%?JZ7~pCg$DZP$InLy0;?-Y`3*2q(;rC!XaeNZspzZ@{+fAW{6P
z2jpkT*_^1how)!+LP-`zHLBmj(C?N^d4oV`!xWuRKP=CZzhb*)_%w>U5_l-FE+uJ5
zj$D^xJee(Dpmz)4sTe-@m<;$QN4}jvyQXMDr)BF;9ompQ8C_k`4=-bsVv4|x_cE!K
zd3XrSI%G@Z!un;t{4?0!LHA4)3Wqt#7-~CLAlF7;_+4T#PFjSV)xmRp`U-=WP92nP
z$G0|zHm*p%mA5k1CnE?K(%Kd5$pcCq`A^nSh%4_8cHj*wr5%uZa;bKAT{(&5>ek9<
zehX_~AlT5yZO_7D84qXDweOdDatWzxw&F8<Lo7{$Sp0l(T2vzEYmb*;_fV%qP66#v
zo&5oAL#d2A=ApxsaCjM`PUIug{Nd$SwkIe!hI<05P43RY)YT)CVZrZGH2Ii;QvJb=
z*hgiurv?BN@8;`1o(>O`%ec9x-Kgb5qj~%7!LD5VQrEDPwiGTu`zz$5L8{=il@si9
zFFj_*b<d<1-YnB=aMR?J@f4t0g-5pOHiFUT)w;Rl`)d#Y(<-?5;&zX%FnfNm<-ijz
z)bSFJ+@L1(hjzUuKg{#Wr-L2AZw{HB&2?kkk=|n+@<_k_j|_*zI&uaqXoi~A!HK5z
zyia~tX!GNvf)nBAci!Q|PqsWR<xO(2UE|ZXL?~;H!N%&JQEBEiKqE3exy%CNPua>~
zUptKFWjDbEz}8%D4>RYJ$PhJp#~ePM;jlN5hyTmg1IkC@;$bXbekYgO{f*>OYF86r
z-XKoSv#_C&JU-Igx<K(B?wa84mR-v$ID<2|eFQd98_S1{qnA!my>BrU2oJ<8Y$88T
zVCDP7Vz}3MYnm;oKGD6tm9?Skk>7)N78W<bRb_KC${6YoAd?TV$P`R$!sp2Eg~iR~
zi?}M5&lT2AjN8x)+c2x8T&$gIAx9ESp6lI-d&kNkiGC=#MgE<~o(=>#8qjXJRj&6R
zo8E4wBI30pdQ~5eSKBaZM`=EAoBSose8-U9W@orv-`7fZgho>u1d%wIm7UWTjqEq2
zD5dwck)?k(DE9_&yR`Xj<>n+&_gDhvH}u%Sy{3R$OKT^WlN;}+9}Lpr39F!k+23BS
z(3Z8Ai%B}>w>cY)JU7;dg?(u%c)-gwj8w`wd=+(dluJocaOcjOV{mBITe>9D*$((H
zYS^(0Hac_<#_M-g%BeSOlzS`pZZNozP2qJd!gcLJRIm>?f4dGw_eTg;58`{vN!lBC
z$b)Z)_D~15=y@<V+`fza@C{)GSF&Z<W5<vljv4HiaXU??2hgp`gT|L_9pHBhs_K^e
z(BEou*_H&Kc9olk-ZVI5aLR)>zL+!Q=#C=ZqnjM9b-7#aMCt`cVQ|X$7S@l$K{PHN
zT0=B-w1n>RgXCW>nnJxUj4$+66ZN37r<|(oy9XD;8%@t=cj+wgXdQaW_uLRB`feS@
z3nw1LVO+b4gC5&gwrI%i_x_cVE!}iVd|@t1Np0FL8OC=(ac|!j*N}e?Go3Ir)MNK+
z8}CK>{%zRBJ@u&za4)T*znrFx=qD%Ka8&R2;-kXzW*hs<cij-?Xdk%<?|Gr4>9|`?
z(Rx21x49wQoO^X#P7OKq(tnKVM{`;+e8JY_EfHn;@YMkM0u86m>8~Th^IrqyE;TN(
zoHAL0M*#;9lAZt2*+4_jJs9YyO(i<<5!@}T8Di`f5{JlV@o=+!b<nVSFm%BjDFk(B
zJ%-A4^?>n^ATobgLmgQ|?dM^1F`n6436I7c5))+nh7Awu0|~(7;qpaMbEgjARZcs+
zJt9=8H=bqY%j0ywfk)-N#<tffZhN0J>A<7>EHO1>ByOKBJ|_Rg@3o9#0O%`tFmjRk
zxcn1;{8X@=n=919gt9u&rJS#c(b}LVa1lx5{x_ac<wJ3}VVb6MhoSUntDnRRwLD%t
zDcF@44voV75WABy`$@KRd7M7&{Ad}^t+RV2Y7p43m5-GlA$57s1dk5sotfW)A$TF!
zETA19Cl4T*CRoj85HXhX7SHidnIOM_hh7hoh$tt&$AG7%;K@`Sz@gnWQTG4)<|ohW
z8lw@POp@FEJNPQ7ct)o0IS635hZ#_M@g8zA%PiWEXXH{#OI!vR$=BWf)lH&NZ+zbX
z4yFu~a+}_u;$IQt=1*YhD@K^#gSQ46()%%BFDNU9ExVB1glm{DUh@)3)eg^)JCI~u
z5@;}oX31$jAGU9i=nmY2`Pw=xI}PIt%i<t^9ky@xIkumv$~NunEEJSHj~)^+VvQji
z+65*hZg&`_7ctQd@2jYzjFjEkO0I^e(C`>Hcf3I&&YVWM)Ke=SH|{rH!c=|z7jgZ=
zd%3leu|I=eoi!e?&EO^(4~FZV4FIt-PB%WwCCNBm=DZ1bpz$m&J)VGuy^UiX<r@RT
zqnf-!pBQI))yQCY@TTjydGdS$&F0DBNqC={p*I#o3{;+Zfm4TP4+=Re?kOpYhNIi$
z3~lZ!awFEVR(=3|TH4f58;o%ZbNiafQ6F6a+0lWD1@dT;V(2u&b3y}NAIy7+_ldq^
zF*`^A&s*^Z3uV7%T_kr4a-QErW7B{4JkADmdOuh!uOfNDI)l{$MN3VJ{DH7iep+GU
z5_u{~*5lz$)PKgg0N&|4JD(GT{3+zH^Iw<ylf;^1_QU3dI%EJR6Hhth!QQ24%b4Ws
z*(2v_c(&nIl4tCEbt8asEYP;xm>n<PdCgrWFDLBm3N(3zgyZ31gDyOqH);u6V7*8)
zQ|*TxWd&?%n80g&R-g+F<L{8dlY)(OW;o%`H+f^!B^Cx=<0{L5tkt-Etz3pGv!*Ym
z6{}Zas4Ag5CM4`{;a^yr3e%6t_rrlz@+;RP^}w;^I?@1pvlk%J`h4{E6R3hFJ`M4e
zne!;BarbP628O(7m6#XI$hzh(LkDk{>|6UbI%|gFiOnY8qtJAj*BQ{Jyd%#hNd}8C
zlFDV;Gv^y7AzqhT>+-JrB2|=#1YU^&MK;-Z6Xxi*EN11!U}ouBM8x=)$gR5*k#V8$
z!{Ngm4kLk=G<jmsrl20P4nyL?pRzfn<HBeh+aoP#U>G-)i+pI-sI0EmWP^+cIp{$p
zV~9qF)WDU$%jw6f@3Y>Q$LpHsH#T&}Ktrx|?J{Kv%|qoz`Ek5oR;EOm(PUBXcAKzh
z6{OAbSd!$^hl_6&)5in@-e(f-MT20cclKb*HtI=lm18g$DvzOD4L8~ak6C%3bR%zv
z7NCON^}}{xN+-u|bcdpSXp;^ez;_kU%YS&hW+(bI9w{Q%m@9pY<rYupea;4f>wp*E
zf9DGx%qia?bE^f&?ou^xQIytnI}ND_7zHCHsN;bkMigquACHNMxLb641pD%-nruhq
z7(ZUB3kjcMe9vB>Jk6h-+bNI8(*@9wF=UE>{R<O28W%gq-t5-06m8$9Xv@()*3?`K
z!w>n0^9DDC4%R|ju}fY+l7$`&nTJ`QFjyaMJ<2)uoV`fmsh7}}A}9I>-Dg97u!9-v
znWXvfChNod<Oi6hBpQ-$8a-IBlH*1Tk_%*_l%kb<F82!+U~>UN0iLj0ho{>^3J<5+
zmZiX|TqT3fO75JmFt}a$1qO<fFyhIzR*zQTY45>ncxyBab$D;<zC?MWD_5=L06GmJ
z4FY!9@VDLoUy#HbO!->wWi-$iEId`m8X}|NLKkLwe29x#M0&UiwtOSUX?K4k578U?
zjm6PSGvI}-u6n~jm<ty{b}9=JD$8`20beMF-p3@#MW0Q8rX@-qEyhF7Z{<Sz4Da^4
zl?HqbHtm)!-A)gz@5a%iJHn!!NLMLef!iLD@obWA;kgdE%z1)oJ2(T-<TPPN!C*@#
zY)Q?#mU|3sRsqI)OmKq@f^Z%*gwuyc4Gj>UCIdW8hOe7Dfx8vzS!rn2ku&>NlGt<u
zm)|4$8s9J+XqtU!fsUS(Kd3nYm}Q`p(+TLYhZBr(<8po~?dtdP1cUL0)227Tn{@E<
zQN00OZrQoBjdzu0YUh5$l{^pcsWX-s200{Ueb^it8l+<0_DWY{#;7!c{clXLG@F74
z60iP@k-^HJ<*RIp5{)S`5IbQlo}fdU<3o=nkK-!oRu-eJIZdOw)U`5Ke6x*cd5@aJ
zpwZ&QXnlT>`|!5rQWk6r@FUkyJehLsth|^c@muUJWHKK#D$LYVoH=M%P~Fbqn*Mi>
zG7Otgbz`f$IY6y<H3oi?5kFtu^s@s_pBL^wts|js663J{R}8i=uln0?lxq_S6!a>a
z23mU*ZhTgU7Be94H@O*{+k*QY6S)%#e_`D6qfJ7)fu{wv)xXJIuagU|(Nr!Do@GS%
z(a%BErw#7;0~f$NgI+z@h9@lr;r-rVD!$;5Gayy7{e`PqO}7o@s7)^O9{hOy>BQgi
z>)h@#;W2y+TpM8W1;%v0)2(g2B)?yCb_~vYVCZk0UNjY6c9;=n_CrI*6ff=yMv9qT
z=fbI<NT&F6|KRx1LHXdSyf5hP<D{~Q!KDMv{>gFUHm3r}bO~Q@ASv8A2DUe;AWA!u
zjHw-?i7pTxn0JXcMLSX#`pl5hwLOx89zlqJqVDMf7kGKv<R#h?553Y|tgTj*`6M6t
z!@#}9Mk8c(J7c!P>G!jCV2@CAR-pV0uQ}_8hvLIoe{rEg_j7(6d_&&y+Cc6FW<dN1
zl)Up*_)?dISyC~uihU|N+F3)&x<G<eiGnSW$_n(NLYd(8!gPtF#c@{ff$WY_o-*UM
zdjEK27kVjND7*n}a*Xm?(4{o=A5C+wa1Mia1N+4(57L#g7WBXaSJ4Q>mC5abF;O~H
zK#NXLG(!UEfo^@UFy%o`78-yS=9yBc9)>3`H@%N`wp)@i3lHn)<1tL3PZan+OlISr
zrXfY5;lWhgJ@6H><_-<7hn?BaymdcX2<DUa8G$}28qW+E*F>SqF&+pQQ8o{nr7N?U
zltdXe6+<wu9FVPO*8TXtjl>LP0f`dWGU`hv$@n@$?Rcj00D;PPWJ@$gn@yJ7^STZZ
z&?aOnYcXh6W2!>7M61})u(yB%&$#3&M<@&V)S3nl=6e-tgai0SjQaFUZ2{yLD17gw
zp__)Tj^RuM#R4Apv#AN7P7f|r)^KKBznu-qmi%o}gS(BMwUv3q+zJ_i310yIN#>YQ
zo9%U#cS$lX4x!SB^3ywC2MTC;#mdKYYZD5Ch*}jg(FoAxpC9pUT8fH8@iEmC+3Ky$
z@wo%qFIMa{2~%GT$gpE*(k*p4pHL-B;ha?|grW5neM?_ZU%?!5h`=~?6x0y^RgaT`
zO!o+9gO5)%w&(wpD<gtN0Y%OjjbKc!8FCsx9SoRgc&KNsLm9;g2sf8K!^EJ4{MgF-
zN5yGLUu%Hw?__<=*0Nm69NdMOJ@Rq;#Vj^~{Z@sZeG1^B&s?duCZj{d0t*!$r6)<$
z<3a+rddF~XA-7BTk>YXBmBrwihFXGca_0mT2jHVeVYg3FnU-8fIliy3aU7o*nv?S@
zGtu?J+%jX%jdvXqBb7=#F7X2zC<8fDOh3Y4O2|77WY&o40BUq2xNs-Q)G8V&AD~$2
z12ghSxaOU0$a#s6ngq`zYj`G^uWYrF(UIf!Nsl2@k89v9v=!bGryUq?p5iB&VM}u*
zMjO>knTGm~FOW*qCC^wHd_EX?o8CGQ)~06bYb}*bzAstXLRrdD<m&zFb`P(63v#6B
zqs7oRl_MmkKCGBk7O(BQ1>e6@QxZa7+)ztrFSZS63vN?>rM8tR3Lb}I)8coDk`r$B
zh1-vYv@aWsYJ<0m_ANo<T-Zj@x8uneF4Ae%Z9BefsQuT}*5R#rj1{+Ki>6@-Oyecm
z@eR6u;3W^Lq3nEjoAydPtel5^U1_J>!R%>dq=Cf;Kc`b6#RgPJS%d73iteHB?VxlC
z?(z&b4Bt?&E>pqNIW9X!FnU#@t>A$N1F2xm*SDpzi+};GQ)lI6l5_)@ne8|XiU=ah
zhmChC`tAoEo?Iw^vI-5K6$Xt1I!8A!4x7!vBX8>Sv8=ue8O_{Q7DQsW@L7gos0?@2
z*qNb?^Hp*|Lkr{NNIG<*cQo!+2B2GI^o&}<jbi|;ojLuu*dOnvybuHu)Dy1W!GUnK
zUww~q;U+2>axgo}6f_@he|jp<Fu@K-Lt_kHCjtIx%;yk20KAgZ6P={2C1uGx7?;ya
zX-SJuz@k3Ni+RR68eGx^wTLl$M9VR_ukwl+#zFT{@5}@FEtH}poKt=2=NFWR7r@s0
zaPpX=I{7}OyV+Fag4UCB0T=$P{t9Mx4RZAJet7g4M)zhg^sRkc@5kjm-#BJ0#4`k%
ztMwJt<-m}`+Yc&u19<#Ja$VSxE<vsOvYB<D&X=$|1W2v!B+*?>9;{hb_69sMP?>8Q
zJtNhEPD{>xdTScaW;YOeKdk660b$iQw;lqGNrnk<pb0=9A76?Bcn<+@mafnP;%q$t
z`}=rFYW!fuN4)|nUih{Y)6&Dd`#EFK7E}*Gt8tx~a){BP6thn>1(;13iDqZ)YFup5
z#NoN6N0b!J{)lp$8FC4cDVkc!eVC6I4MStzy#8Cpf{9M_bJzFp6yL^@X2=r$(1o`D
zQR>AA6Uax0z3d#q2ZaV=^GM|&f#<&=mNdg?2gGxj874*yWA1xGS#smW9=CEZeK@Bb
z4M7D|Z^3(lZAa@yMY}o*SHu*As;NdESpFz)hN@qeH|zOcS+urijDnZlg;0svm~OpZ
z8mTwJ2o7&#(J+v(Xq=*QE8{a>ZA+W6Sq))Sp7|pk1ZUjNf58A_OY8>fIt&%jnQ^=P
z;;ujcCT)aUp77{X%A4q`=&ku^YoOV}erN>IhY4NdJ2mLb_OoE{L}gJqSI`>mw%)j%
z$E%JXngONHp#MB#k}?+JCMlMBA%uT;<Cgr*^q;`kc1n0jjn2NkVH0!!A>|om4J<k@
zU)SXLjhp!GYM;}&5I<R262m<x-j#;G!E&C=DyU^KUJXQlm8A#tdsZn)6o0YB>Gc%w
zUu@CHa|)5e`Kt<a=xH^ean&}VpI1n9xR1TF;AXge4iox0MUrc=x1!t(*c(L6fZ3ZB
zbl^ob=y3X6Cg#OR2S~3d<8pjHx838s?ni0xlBEtjnXFRqQwu-g8d((~T?V;D?ARPT
z{pY!^AquS7%X~^dd*{T>==a$}f!Ui;OyIn1G#bbcM~z?1aoN3Qv$ri<VxZk8mbz*F
zhwke;w9}n!9~oFNpnq#y-@$$F=<K=^CVyfnhUYg~Vq`DAv}NNb7PuMYfbAmWqV1Mf
zZU)(ThY0!X4$DiKH|{-h)EL;hM@fguotD@j6%X&UEV>!)qEAKKcYkVG@Nc*)!_y=W
zUP;|#$zbDa@tNh#n_!-^OGND5Wm$3)Ksdk4ayuhdLhU*+G&&u6@3wq*Gw98GE#>gc
z9!qX$lZt(oc=&pc<@0}OSECnfvR?aeqvdM}HXpDwhk_}}R103jV6Q|mrJ{x|qVO8J
zxXgm`#$GISQ{bR*GGO-B6dm}mr3PkiP|A*2q}W;_@bxAk2>hjGs$9cf1a<lhrSV^N
z+7qPl8_NVa+v~M^uGcg4rOk2wWs!!|VlQ6NhjM>pjiLC02J3-HG76;oBgbdoOo0u}
z*T{E~|4D2RF$D(sWaRiP%)Gj;Q(D}ungpMTB=O<=ty4FfDQ^&(QNdmYqXS>9F+7*U
z0G>>)MQY?)6uwqfIvqJ7%kK60uA>AuIVL5WqbbpsA}3_x(Yos(odOjfBIJKeTu=lq
zGhS?p9-D*jhjgPL-Q0vtCZ9!X<g*wuGMvA$N*`p4*w8r?Epp3PjkJuDZVj3AXX6So
z@pqDL(3PPflgV>&_=(3=E1~>?VU9e|_{qdigQe6_iJt^ZKaWb>9xQDdowzetdT~tR
zj$movSP`<>II%8myx8vSc(Lxo31VsPQ;8o3aXvgzY}ay<2$}h`*x$LQMaYkz5yvoh
zvIsf&S#h+tJ(svE*k8ev#HwKF#1tJe-0Sw(a2q}@DJBg*pQ^(cPy0?wOonCC64wS>
z4tie1Q$9WMvtV7s46$@Pq|~>5Y%1)TnfPuHeC8~X`2Mp+_V`t?F7^enbTXu*y(rdA
zn<JL`g2*h-OCpn_=Zd8hb44bvn<tiLyevZYe?=@coG(HqEfDKYEfDKAFBD627KxA#
zFBa)+_NrKywnS`qc8OT`;cH^uyw}Cjus6g~>!o75yf?+t?{6aH_y_P+_C2;(EV$Tu
z;In07<5!o9r6*R1rOK6Jsd$x$_{u7=?u*r8X~kROM2%k~)^&YbES0|_mTFarJsheM
z>)v@+WaBgMiI6?kigk8PY!|UkggmlN)S~y+i>2o`h^7ATi>1aNh&WR=ils9fMaT~~
ziL}6Gu{3at*sjG^u`X?!h~?ZiQQNkED3%s|B$l4|SZvqn6R}jfT^#$hkkXesL@cX!
ziZeFxQ?ahcXJW~-ODx6h7W?}#q_k;|2nl;d$RYd0y4L$eI`cjk>;C#&Y`6D-Soh`^
zVrjycVyXLAV#)QjI6likvF=1jX~Q>So%*fV`@ln3x9@DEpiH+M76EdOh>ia^BG&Cb
zDh_hVF|lscaj|sA2@$gNq*zD36MOhJq*V2N;zvOX{PYiEyPiLa?YuvU?1(-kisi|W
z()yppcC$~5ls$MxEX^8KoCbIPlBfkq$UG}H{xziZ**THCCFe!R(bZz9%LTDi{;ODu
z_)RPw|4kg$d%ugNDSwEA?E9zKuEAeoDfw@)-KoFDx~&(*(!5LJ7#_JSvZM7sB4pte
z5%S^{vF`J$Vrj)Sq4eUUBw-2eNyL&@N)p_kI9V+H7*g7#i0z=3SQ;8GmfA#!r6P-n
z^O8lZI}j<BRz``ClcL2^j~IjuRT@vM*f=guEd3Nx+7d6KdMQDK9F{1S+9rvRMag2_
z<&e@BDPrBKRI%ODX<}Wkbg|^i5K9S}V!KnBSl4Gtv|t&wW{KeQvc=Ny9I@0cS434O
zFG+AuFXf4l2lB<z$^x<UbfH-4RV3o{))q@~bwtRY>WKYqtSgq(dLrb*#bW8!60ww5
zDwh5#6|wBLioL&X6CuZziKVXfMaYVBvCdK<mQGZNkn8POSD7SwIkO!i_&}#vy2T}y
za@}I-Pj`~AbNI}YB<vhs^@^Q7=@aWZ`NdL6KxDwxfLQls1F^KSp$Pd@Be93>jm46)
ziCBtiDwa+*6>+X_CYEM47a<>PA=Wi*DULnk77?;Kq_pE!k<JCTiC7+OCAMqdTCA(n
zMl4-!BSIc%EB3zfcCqwyJF(QOy;$;f5K9Ri#nR6qrEQgB-OHWC-iLSA>u9`aR^#Gy
zxc3fm?tOQP(D7YFOsBetkQ?t3$M`~5u{7{*vE41*M4UO@#kxO2N_*}R>z4Kq`y1Ue
ziEp)Z$}{1vUP*5U*WJ|K;#{5Soh0l{H}y#p_Q|vRijWW9E0&tvCypbvpIG{(p9s0F
zzgRc-ev#I}4~TWQJ}9=!en>1`2q|qJkhCW_q9p@GZj63dEOi+q^0fY7u`YawSUMI`
zS~pZ|H*=T>`OqU`sl{*+GHZl5zVjiaj~*3AH19DH%kYt6somou&N@$srGK6fd3NAQ
zvE9m1BIKmeVyVX%vE&{r(iu5UEFB#u_VC_#u{3Rh*kAvr#8Q)qVh?GP#L~GCXJz}-
zV%@@LL@bX_7W?b?tSFyF&xv&Y^_+-h?-a4LbgEbyH%;u}?&q=2zD`_^?b8JSEpkRu
zGN$WzfZYSunMqUUY>S?d<M7~1JFbu2;|W(Y_@*Y2L*e|T={F4n2BVzYqsPlP&pHI-
zkTmvI>t9nWLST1D@_$D4g7gka{+GZm!zAWko=UC}z_SN2O-#mD`bkeFkE3kzxo;4o
zH1jVSxsZ%(;xAOcDVu`BXLN|e-<MK@4o47pe~Q!?<XtJx-85dkI|W0~{~akFNBJnG
zdeTyB^lCR^v>HiIC4q2HXs#y|+UX7QYQ8c~hVgf%#)Qy_d464vCX+6y_({W0I({<n
zlZl@!{AA-N2S2&^$-_@RehTnYh@T?-)W%O8{M5xyJ&klJCij7qlsYA(C#R64N>0UL
z{%bnIYmlW83JmhP;+o72iZnwfa_!&J3Jh3e+K%F)^y}m7!RWS1$TfWRl=NxwHn@9>
zC04>8hQUNpRt$}0M)v4{|3!J>Qm{I}s+9l@b<R8<nK|d9;%T9*5b}*57f+Nk|0@HC
zKhGxD5|!fL2FQTLIRC-oP^l0@;NKK$<eL&Q?7y<9M(kT7`zbB|ntAaC^8y`9adb}K
zbtwUl+Zl}V-%<J<N$`~W3QBJ2fA2$m2NyW7p#6SlY2uy#fBzu81BO0dYMFd-MX7di
zh4nxx{*+o_J$&`knXT51M8Z>eopxJuwe25TU&c~^mEh@#rJ1niyww5cj*xF*%>ioy
z{p$dHQ`;6TIq~SW4PTuyc(*l5+qm62yB2-7CB=zPjw|rOc59(F<a28~2{Nx)^I*{D
z_^Wxxzp(yB=>7S{f8nDM2TBv6a$jjI^#0cBhWLZlHSp4>_yX{_gVqlyRNvFqJni&B
zYhyehwcA<%zZ|qiLA$R@;}}`m%x|rD9fBN3pt!@<3W7hJf!*J8#ELKfqJKjEaV!3=
z^7+y%uy4U(<R7!1fb)l}`5IP~<If>d`WcM-*U}_P1cQlyKEINkP;k_m2nENi;k397
zdi{vMl-cMAQc-Z+8m`U!(Yjy8AGKh78+Y1@XIA>0w&nw5S+hB&v44>TQ2i$|4gUhz
z@s$;S_nh^qT{&wVNuc&G$b-KMk$PnE9Qr#9jD7ttSl1zs^eJidn-$+6H2gdgJ?MAq
zqXb%Au;#7()4CXkh~#UV|FTxg(D8Rfg@4w92NsmZX~!>H{j%iOQTVP|n;E3S<D<%A
z;fmK93w9U2fa$not4-j<A4vJQTDAzSRI&N+HPw1ceAJ%6>dV;qnQ+^C?ETf9qHOuF
z{1z)7skGSegd?M3aFnex{+eGn^7Cl4?KOOXGaJg{7+W0v;uUQXpNQ|bYWyy~^8RdF
zYwXhMSeq=leeiaytyIfSv>lWrycvz9e3)Emi-oIqA%$#0dZ*Zq@;SaI)pk*W-;;6F
zk7U?3NN5SE7-_d>+j<i$P-y`yM8l4EbP<7tSk&@zZC~Q6<#!v^l@D1hP<_AA1BHR=
zT_g%N=SZ(|IS+aEGBmh=lYd7BzGb9cwk-+}0lq+(iVK4qy51TGWqHyTp{?<3J=K<2
ze0KvWwbh1S)>|XB4)tvBNbqBAWLDF9ws5UZscp1`zxBojv)N`FOMeIYg40%{^{H>`
zC{qsSLxKx`GT`vj)+DZxYus4eJ3xuh3LLim1e(;h6~SXG@G4KwDb`pG=QfXU9naSW
zyKN^V)N!qo&(;+GK=t<7O5hbhs;LmbW*;(OZW+E`mFc)qJUgcmQtr^=8rdGKMSs>}
zUq||K|F279VBBJy$cooVgtnr&tw{>f%jy!QSryng7JsL$ppETT`bPiSlc(Ng)27~4
IR&U_{0d!BEAOHXW


From af25ab1ef5117130444cc619ff1af224a8d093c9 Mon Sep 17 00:00:00 2001
From: Leo Kewitz <leo@opencollective.com>
Date: Tue, 10 Dec 2024 15:03:25 +0100
Subject: [PATCH 126/129] fix: automatically update pending expenses when
 vendor updates payout method (#10537)

---
 server/graphql/v2/mutation/VendorMutations.ts | 20 ++++++-
 .../v2/mutation/VendorMutations.test.ts       | 58 ++++++++++++++++++-
 2 files changed, 75 insertions(+), 3 deletions(-)

diff --git a/server/graphql/v2/mutation/VendorMutations.ts b/server/graphql/v2/mutation/VendorMutations.ts
index 63ca0bfa66d..413e43de0ed 100644
--- a/server/graphql/v2/mutation/VendorMutations.ts
+++ b/server/graphql/v2/mutation/VendorMutations.ts
@@ -8,7 +8,8 @@ import { v4 as uuid } from 'uuid';
 import ActivityTypes from '../../../constants/activities';
 import { CollectiveType } from '../../../constants/collectives';
 import { getDiffBetweenInstances } from '../../../lib/data';
-import models, { Activity, LegalDocument } from '../../../models';
+import models, { Activity, LegalDocument, Op } from '../../../models';
+import { ExpenseStatus } from '../../../models/Expense';
 import { checkRemoteUserCanUseHost } from '../../common/scope-check';
 import { BadRequest, NotFound, Unauthorized, ValidationFailed } from '../../errors';
 import { idDecode, IDENTIFIER_TYPES } from '../identifiers';
@@ -193,13 +194,14 @@ const vendorMutations = {
       }
 
       if (args.vendor.payoutMethod) {
+        let payoutMethod;
         const existingPayoutMethods = await vendor.getPayoutMethods({ where: { isSaved: true } });
         if (!args.vendor.payoutMethod.id) {
           if (!isEmpty(existingPayoutMethods)) {
             existingPayoutMethods.map(pm => pm.update({ isSaved: false }));
           }
 
-          await models.PayoutMethod.create({
+          payoutMethod = await models.PayoutMethod.create({
             ...pick(args.vendor.payoutMethod, ['name', 'data', 'type']),
             CollectiveId: vendor.id,
             CreatedByUserId: req.remoteUser.id,
@@ -207,10 +209,24 @@ const vendorMutations = {
           });
         } else {
           const payoutMethodId = idDecode(args.vendor.payoutMethod.id, IDENTIFIER_TYPES.PAYOUT_METHOD);
+          payoutMethod = await models.PayoutMethod.findByPk(payoutMethodId);
           await Promise.all(
             existingPayoutMethods.filter(pm => pm.id !== payoutMethodId).map(pm => pm.update({ isSaved: false })),
           );
         }
+
+        // Since vendors can only have a single payout method, we update all expenses to use the new one
+        await models.Expense.update(
+          { PayoutMethodId: payoutMethod.id },
+          {
+            where: {
+              FromCollectiveId: vendor.id,
+              status: {
+                [Op.in]: [ExpenseStatus.APPROVED, ExpenseStatus.DRAFT, ExpenseStatus.ERROR, ExpenseStatus.PENDING],
+              },
+            },
+          },
+        );
       }
       return vendor;
     },
diff --git a/test/server/graphql/v2/mutation/VendorMutations.test.ts b/test/server/graphql/v2/mutation/VendorMutations.test.ts
index 859ffb09bf5..0279727cb4c 100644
--- a/test/server/graphql/v2/mutation/VendorMutations.test.ts
+++ b/test/server/graphql/v2/mutation/VendorMutations.test.ts
@@ -4,7 +4,14 @@ import gql from 'fake-tag';
 import { CollectiveType } from '../../../../../server/constants/collectives';
 import models from '../../../../../server/models';
 import { LEGAL_DOCUMENT_TYPE } from '../../../../../server/models/LegalDocument';
-import { fakeCollective, fakeHost, fakeTransaction, fakeUser } from '../../../../test-helpers/fake-data';
+import {
+  fakeCollective,
+  fakeExpense,
+  fakeHost,
+  fakePayoutMethod,
+  fakeTransaction,
+  fakeUser,
+} from '../../../../test-helpers/fake-data';
 import { getMockFileUpload, graphqlQueryV2 } from '../../../../utils';
 
 describe('server/graphql/v2/mutation/VendorMutations', () => {
@@ -228,6 +235,55 @@ describe('server/graphql/v2/mutation/VendorMutations', () => {
       const location = await vendor.getLocation();
       expect(location.address).to.equal('Zorg Avenue, 1');
     });
+
+    it('invalidates existing Payout Method and updates existing Expenses', async () => {
+      const vendor = await fakeCollective({
+        type: CollectiveType.VENDOR,
+        ParentCollectiveId: host.id,
+        data: { vendorInfo: vendorData.vendorInfo },
+      });
+      const existingPayoutMethod = await fakePayoutMethod({ CollectiveId: vendor.id, isSaved: true });
+      const existingExpense = await fakeExpense({
+        FromCollectiveId: vendor.id,
+        PayoutMethodId: existingPayoutMethod.id,
+        status: 'PENDING',
+      });
+      const existingPaidExpense = await fakeExpense({
+        FromCollectiveId: vendor.id,
+        PayoutMethodId: existingPayoutMethod.id,
+        status: 'PAID',
+      });
+      const newVendorData = {
+        legacyId: vendor.id,
+        payoutMethod: {
+          type: 'PAYPAL',
+          name: 'Zorg Inc',
+          data: { email: 'zorg@zorg.com' },
+          isSaved: true,
+        },
+      };
+      const result = await graphqlQueryV2(
+        editVendorMutation,
+        {
+          vendor: newVendorData,
+        },
+        hostAdminUser,
+      );
+      result.errors && console.error(result.errors);
+      expect(result.errors).to.not.exist;
+
+      await existingPayoutMethod.reload();
+      expect(existingPayoutMethod.isSaved).to.be.false;
+
+      await existingExpense.reload();
+      expect(existingExpense.PayoutMethodId).to.not.equal(existingPayoutMethod.id);
+
+      await existingPaidExpense.reload();
+      expect(existingPaidExpense.PayoutMethodId).to.equal(existingPayoutMethod.id);
+
+      await models.PayoutMethod.destroy({ where: { CollectiveId: vendor.id }, force: true });
+      await models.Expense.destroy({ where: { FromCollectiveId: vendor.id }, force: true });
+    });
   });
 
   describe('deleteVendor', () => {

From 95ecaf3c92ffffc566a5566e428ba7a69a6f5526 Mon Sep 17 00:00:00 2001
From: Leo Kewitz <leo@opencollective.com>
Date: Wed, 11 Dec 2024 14:20:35 +0100
Subject: [PATCH 127/129] fix: allow accountants to use lastCommentBy filter
 (#10538)

---
 .../graphql/v2/query/collection/ExpensesCollectionQuery.ts  | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/server/graphql/v2/query/collection/ExpensesCollectionQuery.ts b/server/graphql/v2/query/collection/ExpensesCollectionQuery.ts
index 66b8da0369c..1ee969b1a3e 100644
--- a/server/graphql/v2/query/collection/ExpensesCollectionQuery.ts
+++ b/server/graphql/v2/query/collection/ExpensesCollectionQuery.ts
@@ -8,6 +8,7 @@ import { OrderItem, Sequelize } from 'sequelize';
 
 import { expenseStatus } from '../../../../constants';
 import { CollectiveType } from '../../../../constants/collectives';
+import MemberRoles from '../../../../constants/roles';
 import { getBalances } from '../../../../lib/budget';
 import { loadFxRatesMap } from '../../../../lib/currency';
 import { buildSearchConditions } from '../../../../lib/sql-search';
@@ -383,7 +384,10 @@ export const ExpensesCollectionQueryResolver = async (
   }
 
   if (args.lastCommentBy?.length) {
-    assert(host && req.remoteUser.isAdmin(host.id), 'You need to be an admin of the host to filter by lastCommentBy');
+    assert(
+      host && req.remoteUser.hasRole([MemberRoles.HOST, MemberRoles.ADMIN, MemberRoles.ACCOUNTANT], host.id),
+      'You need to be an admin of the host to filter by lastCommentBy',
+    );
     const conditions = [];
     const CollectiveIds = compact([
       args.lastCommentBy.includes('COLLECTIVE_ADMIN') && '"Expense"."CollectiveId"',

From 9bff20389c626858debf3f2db5094d6d827d09c4 Mon Sep 17 00:00:00 2001
From: Leo Kewitz <leo@opencollective.com>
Date: Wed, 11 Dec 2024 16:11:04 +0100
Subject: [PATCH 128/129] refact: abstract custom plugins (#10509)

---
 config/custom-environment-variables.json |  3 +-
 config/default.json                      |  3 +-
 server/lib/apollo.ts                     | 71 ++++++++++++++++++++++
 server/routes.js                         | 77 ++++++++----------------
 4 files changed, 101 insertions(+), 53 deletions(-)
 create mode 100644 server/lib/apollo.ts

diff --git a/config/custom-environment-variables.json b/config/custom-environment-variables.json
index cc072a757ff..a76feebc231 100644
--- a/config/custom-environment-variables.json
+++ b/config/custom-environment-variables.json
@@ -32,7 +32,8 @@
     },
     "error": {
       "detailed": "GRAPHQL_ERROR_DETAILED"
-    }
+    },
+    "resolverTimeDebugWarning": "GRAPHQL_RESOLVER_TIME_DEBUG"
   },
   "memcache": {
     "servers": "MEMCACHE_SERVERS",
diff --git a/config/default.json b/config/default.json
index e941e8200f7..2e720647bd2 100644
--- a/config/default.json
+++ b/config/default.json
@@ -194,7 +194,8 @@
     },
     "error": {
       "detailed": false
-    }
+    },
+    "resolverTimeDebugWarning": 200
   },
   "pdfService": {
     "fetchTransactionsReceipts": false
diff --git a/server/lib/apollo.ts b/server/lib/apollo.ts
new file mode 100644
index 00000000000..2fcda5d97f8
--- /dev/null
+++ b/server/lib/apollo.ts
@@ -0,0 +1,71 @@
+import config from 'config';
+import { orderBy, round, uniqBy } from 'lodash';
+
+import cache from './cache';
+import logger from './logger';
+import { sentryHandleSlowRequests } from './sentry';
+
+const minExecutionTimeToCache = parseInt(config.graphql.cache.minExecutionTimeToCache);
+
+const enablePluginIf = (condition, plugin) => (condition ? plugin : {});
+
+export const apolloSlowRequestCachePlugin = {
+  async requestDidStart() {
+    return {
+      async willSendResponse(requestContext) {
+        const response = requestContext.response;
+        const result = response?.body?.singleResult;
+        if (!result) {
+          return;
+        }
+
+        const req = requestContext.contextValue; // From apolloExpressMiddlewareOptions context()
+
+        req.endAt = req.endAt || new Date();
+        const executionTime = req.endAt - req.startAt;
+        req.res.set('Execution-Time', executionTime);
+
+        // Track all slow queries on Sentry performance
+        sentryHandleSlowRequests(executionTime);
+
+        // This will never happen for logged-in users as cacheKey is not set
+        if (req.cacheKey && !response?.errors && executionTime > minExecutionTimeToCache) {
+          cache.set(req.cacheKey, result, Number(config.graphql.cache.ttl));
+        }
+      },
+    };
+  },
+};
+
+const resolverTimeDebugWarning = parseInt(config.graphql?.resolverTimeDebugWarning || '200');
+
+export const apolloSlowResolverDebugPlugin = enablePluginIf(config.env === 'development', {
+  async requestDidStart() {
+    return {
+      async executionDidStart(executionRequestContext) {
+        const slow = [];
+        return {
+          willResolveField({ info }) {
+            const start = process.hrtime.bigint();
+            return () => {
+              const end = process.hrtime.bigint();
+              slow.push({
+                timeMs: round(Number(end - start) / 1e6, 2),
+                field: `${info.parentType.name}.${info.fieldName}`,
+              });
+            };
+          },
+          executionDidEnd() {
+            uniqBy(orderBy(slow, ['timeNs'], ['desc']), 'field')
+              .filter(s => s.timeMs >= resolverTimeDebugWarning)
+              .forEach(s => {
+                logger.warn(
+                  `${executionRequestContext.operation.name.value} slow fields: ${s.field} took ${Number(s.timeMs)}ms`,
+                );
+              });
+          },
+        };
+      },
+    };
+  },
+});
diff --git a/server/routes.js b/server/routes.js
index 422383683e5..5a9e4a3b0b4 100644
--- a/server/routes.js
+++ b/server/routes.js
@@ -21,6 +21,7 @@ import { paypalWebhook, plaidWebhook, stripeWebhook, transferwiseWebhook } from
 import { getGraphqlCacheProperties } from './graphql/cache';
 import graphqlSchemaV1 from './graphql/v1/schema';
 import graphqlSchemaV2 from './graphql/v2/schema';
+import { apolloSlowRequestCachePlugin, apolloSlowResolverDebugPlugin } from './lib/apollo';
 import cache from './lib/cache';
 import errors from './lib/errors';
 import expressLimiter from './lib/express-limiter';
@@ -129,29 +130,30 @@ export default async app => {
   /**
    * GraphQL caching
    */
-  app.use('/graphql', async (req, res, next) => {
-    req.startAt = req.startAt || new Date();
-    const { cacheKey, cacheSlug } = getGraphqlCacheProperties(req) || {}; // Returns null if not cacheable (e.g. if logged in)
-    const enabled = parseToBoolean(config.graphql.cache.enabled);
-    if (cacheKey && enabled) {
-      const fromCache = await cache.get(cacheKey);
-      if (fromCache) {
-        // Track all slow queries on Sentry performance
-        res.servedFromGraphqlCache = true;
-        req.endAt = req.endAt || new Date();
-        const executionTime = req.endAt - req.startAt;
-        sentryHandleSlowRequests(executionTime);
-        res.set('Execution-Time', executionTime);
-        res.set('GraphQL-Cache', 'HIT');
-        res.send(fromCache);
-        return;
+  if (parseToBoolean(config.graphql.cache.enabled)) {
+    app.use('/graphql', async (req, res, next) => {
+      req.startAt = req.startAt || new Date();
+      const { cacheKey, cacheSlug } = getGraphqlCacheProperties(req) || {}; // Returns null if not cacheable (e.g. if logged in)
+      if (cacheKey) {
+        const fromCache = await cache.get(cacheKey);
+        if (fromCache) {
+          // Track all slow queries on Sentry performance
+          res.servedFromGraphqlCache = true;
+          req.endAt = req.endAt || new Date();
+          const executionTime = req.endAt - req.startAt;
+          sentryHandleSlowRequests(executionTime);
+          res.set('Execution-Time', executionTime);
+          res.set('GraphQL-Cache', 'HIT');
+          res.send(fromCache);
+          return;
+        }
+        res.set('GraphQL-Cache', 'MISS');
+        req.cacheKey = cacheKey;
+        req.cacheSlug = cacheSlug;
       }
-      res.set('GraphQL-Cache', 'MISS');
-      req.cacheKey = cacheKey;
-      req.cacheSlug = cacheSlug;
-    }
-    next();
-  });
+      next();
+    });
+  }
 
   /**
    * GraphQL scope
@@ -229,8 +231,6 @@ export default async app => {
     graphqlPlugins.push(SentryGraphQLPlugin);
   }
 
-  const minExecutionTimeToCache = parseInt(config.graphql.cache.minExecutionTimeToCache);
-
   const httpServer = http.createServer(app);
 
   const apolloServerOptions = {
@@ -264,33 +264,8 @@ export default async app => {
     ...graphqlProtection,
     plugins: [
       ApolloServerPluginDrainHttpServer({ httpServer }),
-      {
-        async requestDidStart() {
-          return {
-            async willSendResponse(requestContext) {
-              const response = requestContext.response;
-              const result = response?.body?.singleResult;
-              if (!result) {
-                return;
-              }
-
-              const req = requestContext.contextValue; // From apolloExpressMiddlewareOptions context()
-
-              req.endAt = req.endAt || new Date();
-              const executionTime = req.endAt - req.startAt;
-              req.res.set('Execution-Time', executionTime);
-
-              // Track all slow queries on Sentry performance
-              sentryHandleSlowRequests(executionTime);
-
-              // This will never happen for logged-in users as cacheKey is not set
-              if (req.cacheKey && !response?.errors && executionTime > minExecutionTimeToCache) {
-                cache.set(req.cacheKey, result, Number(config.graphql.cache.ttl));
-              }
-            },
-          };
-        },
-      },
+      apolloSlowRequestCachePlugin,
+      apolloSlowResolverDebugPlugin,
       ...graphqlPlugins,
     ],
   };

From 33a29c131b52b4ef6ee7c70ddb28c016ebe9c47a Mon Sep 17 00:00:00 2001
From: Henrique <hdiniz@users.noreply.github.com>
Date: Wed, 11 Dec 2024 17:25:40 -0300
Subject: [PATCH 129/129] Submit expense draft with invitee payee slug (#10522)

* Submit expense draft with invitee payee slug

* fix deepscan lint issue

* Refactor variable and isDraftPayee check

* Fix isDraftPayee check when missing payee reference
---
 server/graphql/common/expenses.ts              | 16 +++++++++++++---
 server/graphql/v2/mutation/ExpenseMutations.ts |  8 +++++---
 server/models/Expense.ts                       |  1 +
 3 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/server/graphql/common/expenses.ts b/server/graphql/common/expenses.ts
index 446016dc5d1..b299619ef95 100644
--- a/server/graphql/common/expenses.ts
+++ b/server/graphql/common/expenses.ts
@@ -97,6 +97,7 @@ import {
   ValidationFailed,
 } from '../errors';
 import { CurrencyExchangeRateSourceTypeEnum } from '../v2/enum/CurrencyExchangeRateSourceType';
+import { fetchAccountWithReference } from '../v2/input/AccountReferenceInput';
 import { getValueInCentsFromAmountInput } from '../v2/input/AmountInput';
 import { GraphQLCurrencyExchangeRateInputType } from '../v2/input/CurrencyExchangeRateInput';
 
@@ -129,11 +130,20 @@ const isOwnerAccountant = async (req: express.Request, expense: Expense): Promis
 const isDraftPayee = async (req: express.Request, expense: Expense): Promise<boolean> => {
   if (!req.remoteUser) {
     return false;
-  } else if (expense.data?.payee?.['id']) {
-    return req.remoteUser.isAdmin(expense.data.payee['id']);
-  } else {
+  }
+
+  const payeeReference = pick(expense.data?.payee, ['id', 'legacyId', 'slug']);
+
+  if (isEmpty(payeeReference)) {
     return false;
   }
+
+  const payee = await fetchAccountWithReference(payeeReference);
+  if (!payee) {
+    return false;
+  }
+
+  return req.remoteUser.isAdmin(payee.id);
 };
 
 const hasCorrectDraftKey =
diff --git a/server/graphql/v2/mutation/ExpenseMutations.ts b/server/graphql/v2/mutation/ExpenseMutations.ts
index e55027e7969..d259a557b23 100644
--- a/server/graphql/v2/mutation/ExpenseMutations.ts
+++ b/server/graphql/v2/mutation/ExpenseMutations.ts
@@ -183,16 +183,18 @@ const expenseMutations = {
       // NOTE(oauth-scope): Ok for non-authenticated users, we only check scope
       enforceScope(req, 'expenses');
 
-      const getId = (reference: { id?: string | number; legacyId?: number }) => reference?.id || reference?.legacyId;
+      const isExistingAccountReference = (reference: { id?: string | number; legacyId?: number; slug?: string }) =>
+        reference?.id || reference?.legacyId || reference?.slug;
 
       // Support deprecated `attachments` field
       const items = args.expense.items || args.expense.attachments;
       const expense = args.expense;
       const existingExpense = await fetchExpenseWithReference(expense, { loaders: req.loaders, throwIfMissing: true });
       const requestedPayee =
-        getId(expense.payee) && (await fetchAccountWithReference(expense.payee, { throwIfMissing: false }));
+        isExistingAccountReference(expense.payee) &&
+        (await fetchAccountWithReference(expense.payee, { throwIfMissing: false }));
       const originalPayee =
-        getId(existingExpense.data?.payee) &&
+        isExistingAccountReference(existingExpense.data?.payee) &&
         (await fetchAccountWithReference(existingExpense.data.payee, { throwIfMissing: false }));
 
       const payoutMethod = expense.payoutMethod;
diff --git a/server/models/Expense.ts b/server/models/Expense.ts
index d456178e0f1..5dc6e36cfbb 100644
--- a/server/models/Expense.ts
+++ b/server/models/Expense.ts
@@ -104,6 +104,7 @@ class Expense extends Model<InferAttributes<Expense>, InferCreationAttributes<Ex
     recipient?: RecipientAccount;
     payee?: {
       id?: number;
+      slug?: string;
       name?: string;
       email?: string;
     };